Privacy policy
Privacy policy for the normanrehabilitation.com website
GENERAL PROVISIONS
- The controller of the personal data collected via the normanrehabilitation.com website is Norman Łoziński, conducting a business under the name ZOZ NORMAN, registered office address: 75-393 Koszalin, ul. Pomorska 28, correspondence address: , NIP (tax identification number): 5841880692, REGON: , entered in the Central Registration and Information on Business (CEIDG), email address: kontakt@normanrehabilitacja.pl, hereinafter the “Controller”, being at the same time the Service Provider. , place of business: 75-393 Koszalin, ul. Pomorska 28, correspondence address: 75-393 Koszalin, ul. Pomorska 28, NIP: 5841880692, REGON: , email address: kontakt@normanrehabilitacja.pl, hereinafter the “Controller”.
- The personal data collected by the Controller via the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter the GDPR, and with the Personal Data Protection Act of 10 May 2018.
TYPES OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data via the normanrehabilitation.com website for the purpose of:
- the user making use of the contact form. The personal data is processed on the basis of Article 6(1)(f) GDPR as a legitimate interest of the Controller.
- the user subscribing to the Newsletter for the purpose of sending commercial information by electronic means. The personal data is processed following separate consent, on the basis of Article 6(1)(a) GDPR.
- Providing rehabilitation services;
- Keeping internal medical records;
- Sending important notifications regarding our terms of service and policies;
- Running, evaluating and improving our business (including developing new products and services; refining and enhancing our services; analysing our products);
- Surveys on the quality of our services and feedback on the service provided;
- Keeping accounts, settling financial matters and collecting payments, as well as other internal business functions;
- Carrying out data analysis and processing (including market and customer research, customer satisfaction surveys, trend analysis, financial analysis);
- Protecting against fraud and other unlawful activities, claims and other liabilities, establishing, exercising and defending rights, and conducting business in accordance with our legal and regulatory obligations under applicable law;
- Ensuring the physical security of our premises;
- Informing you about upcoming events, updates, news and the latest products, services, solutions and other offers, where this is in line with your communication preferences;
- Running and managing our websites.
TYPES OF PERSONAL DATA PROCESSED. The Controller processes the following categories of the user’s personal data:
- First and last name,
- Date of birth,
- Address,
- Email address,
- Telephone number,
- PESEL (national identification number),
- Health-related data (including medical records).
PERIOD FOR WHICH PERSONAL DATA IS RETAINED. Users’ personal data is retained by the Controller:
- In accordance with the applicable legal provisions on the retention of medical records;
- When you use the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the internet provider, the domain name, the browser type, the access time and the operating system type.
- Navigation data may also be collected from users, including information about the links and references they choose to click, or other actions taken on the website. The legal basis for this type of activity is the legitimate interest of the Controller (Article 6(1)(f) GDPR), which consists in making it easier to use the services provided by electronic means and in improving the functionality of those services.
Providing personal data is voluntary on the part of the user.
Personal data will also be processed in an automated manner in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) GDPR. The consequence of profiling will be that the person concerned is assigned a profile in order to make decisions about them, or to analyse or predict their preferences, behaviours and attitudes.
The Controller takes particular care to protect the interests of the persons to whom the data relates, and in particular ensures that the data it collects is:
- processed lawfully,
- collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,
- substantively correct and adequate in relation to the purposes for which it is processed, and retained in a form that allows the persons to whom it relates to be identified for no longer than is necessary to achieve the purpose of the processing.
DISCLOSURE OF PERSONAL DATA
- Users’ personal data is passed on to the service providers used by the Controller in running the website. Depending on the contractual arrangements and circumstances, the service providers to whom the personal data is passed on either act on the Controller’s instructions as to the purposes and means of processing this data (processors) or independently determine the purposes and means of processing it (controllers).
- Users’ personal data is stored solely within the European Economic Area (EEA).
RIGHT TO CONTROL, ACCESS AND RECTIFY YOUR OWN DATA
- The person to whom the data relates has the right to access their personal data, and the right to rectify it, erase it, restrict its processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
Legal bases for a user’s request:
- Access to data – Article 15 GDPR
- Rectification of data – Article 16 GDPR.
- Erasure of data (the “right to be forgotten”) – Article 17 GDPR.
- Restriction of processing – Article 18 GDPR.
- Data portability – Article 20 GDPR.
- Objection – Article 21 GDPR
- Withdrawal of consent – Article 7(3) GDPR.
- To exercise the rights referred to in point 2, you may send an appropriate email to: kontakt@normanrehabilitacja.pl.
- Where a user exercises a right arising from the above, the Controller either fulfils the request or refuses to fulfil it without undue delay, and in any case no later than within one month of receiving it. However, if – owing to the complexity of the request or the number of requests – the Controller is unable to fulfil the request within one month, it will fulfil it within the following two months, having informed the user in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
- If it is found that the processing of personal data infringes the provisions of the GDPR, the person to whom the data relates has the right to lodge a complaint with the President of the Personal Data Protection Office.
“COOKIES”
- The Controller’s website uses “cookies”.
- The installation of “cookies” is necessary for the proper provision of services on the website. “Cookies” contain the information required for the website to function correctly, and they also make it possible to compile general statistics on visits to the website.
- “Session” “cookies” are temporary files that are stored on the user’s device until they log out (leave the site).
- The Controller uses its own cookies in order to better understand how the user interacts with the content of the site. These files collect information about how the user uses the website, the type of page from which the user was referred, and the number of visits and the duration of the user’s visit to the website. This information does not record specific personal data about the user, but is used to compile statistics on the use of the site.
- The user has the right to decide on the access of “cookies” to their computer by selecting the relevant options in advance in their browser window. Detailed information on the options and ways of handling “cookies” is available in the settings of the software (your web browser).
FINAL PROVISIONS
- The Controller applies technical and organisational measures ensuring protection of the personal data processed that is appropriate to the risks and to the categories of data covered by that protection, and in particular safeguards the data against being disclosed to unauthorised persons, being taken by an unauthorised person, being processed in breach of the applicable provisions, and against alteration, loss, damage or destruction.
- The Controller provides appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted by electronic means.
- In matters not governed by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law apply accordingly.