Privacy Policy
The personal data of which the Administrator is Anna Mrowinska conducting business under the name Zeme Pharm Anna Mrowinska, based in Warsaw, is processed in a manner consistent with the provisions of generally applicable law, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (hereinafter: "RODO").
The Administrator guarantees the confidentiality of any personal data it processes. It ensures that all security measures are taken. Personal data shall be collected with due diligence and adequately protected against access by unauthorized persons. All entities entrusted with the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
The services provided by Anna Mrowinska conducting business under the name Zeme Pharm Anna Mrowinska, based in Warsaw, within the framework of the online store are also conducted in compliance with the requirements of the Act of 18 July 2002 on the provision of services by electronic means (i.e. Journal of Laws of 2019, item 123).
GENERAL PROVISIONS
1. This Privacy Policy (hereinafter referred to as the "Privacy Policy") defines how personal data is collected, processed and stored:
(a) Customers and potential customers of the online store;
b) visitors to the website www.samarite.eu owned by the Administrator;
c) newsletter subscribers;
2. This Privacy Policy is for informational purposes only and does not constitute a source of obligations for data subjects.
3. The Administrator shall exercise special care to protect the interests of the data subjects and shall apply technical and organizational measures to ensure adequate and appropriate protection of the personal data processed in accordance with the risks.
CONTROLLER
The controller of personal data is: Anna Mrowinska, doing business under the name Zeme Pharm Anna Mrowinska with registered office in Warsaw, Al. J. CH. Szucha 3/2 (00-580), NIP: 9680876255, REGON: 300281484.
CONTACT WITH THE ADMINISTRATOR
1. For matters related to the processing of personal data, please contact us by email at the dedicated email address: [email protected]
2. You can also send us a message, request or demand to our mailing address: Al. J. CH. Szucha 3/2, 00-580 Warsaw.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
1. Each time, the purpose and basis of processing of personal data by the Controller is determined by the nature of the relationship between the Controller and the data subject.
2. Each of these relationships is described separately, below, to make it easier for you to find the relevant provisions for you.
3. In connection with the processing of personal data for the purposes specified below, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may be ING Bank Śląski S.A. (hereinafter: "Bank").
CUSTOMERS AND POTENTIAL CUSTOMERS OF THE ONLINE STORE
1. The Administrator may process personal data of the customer of the online store for the following purposes:
necessary for the conclusion and performance of the Sales Agreement, including the provision of services by electronic means (management, service and execution of the order, account creation, account maintenance, transactions, payments) i.e. on the basis of Article 6(1)(b) RODO (performance of the agreement, including activities aimed at concluding the agreement) and Article 6(1)(c) RODO (legal obligation),
handling of the complaint process, i.e. on the basis of Article 6(1)(b) RODO (performance of a contract) and Article 6(1)(c) RODO (legal obligation), as well as Article 9(2)(a) RODO (explicit consent) for a specific category of data;
to handle reports of product side effects, i.e., on the basis of Article 6(1)(c) RODO (legal obligation);
to inform you of the availability of a product when you choose this service, i.e. on the basis of Article 6(1)(b) of the RODO (performance of a contract, activities aimed at the performance of a contract);
to present information about our products, offerings, promotions (newsletter) - Article 6(1)(f) RODO - the Administrator's legitimate interest in marketing its own products and services. Sending commercial information by e-mail or SMS message applies only if the data subject consents to receive commercial information electronically, to the e-mail address or telephone number provided, within the meaning of the Electronic Services Act and/or Telecommunications Law;
to respond to the consultation form sent and to contact for this purpose, i.e. on the basis of Article 6(1)(f) RODO - the Administrator's legitimate interest in being able to respond to the message received, to provide a response, and also Article 9(2)(a) RODO (express consent) for a specific category of data;
responding to e-mails, questions, inquiries and contacting for this purpose, i.e. on the basis of Article 6(1)(f) RODO - the legitimate interest of the Administrator, which is the possibility of responding to a message received, providing a response in accordance with its content,
asserting claims or defending rights, as realization of the Administrator's legitimate interest i.e. on the basis of Article 6(1)(f) RODO
to fulfill obligations to tax authorities, i.e. on the basis of Article 6(1)(c) RODO,
conducting statistical research, i.e. on the basis of Article 6(1)(f) RODO- the Administrator's legitimate interest in improving the operation of the store, the company, enabling the matching of the offer to the customer's needs,
Internet marketing - on the basis of Article 6(1)(f) RODO (the Administrator's legitimate interest in being able to send personalized Internet advertisements of the Administrator's products and services,
streamlining of business operations and archiving of documents i.e. on the basis of Article 6(1)(f) RODO - the Administrator's legitimate interest in keeping records, running the business more efficiently and effectively.
Provision by the Bank to the Online Store of the service of making available the infrastructure for handling payments over the Internet (legal basis: Article 6(1)(f) of the Regulation).
handling and settlement by the Bank of payments made by customers of the Online Store over the Internet using payment instruments (legal basis: Article 6(1)(f) of the Regulation).
in order for the Bank to verify the proper execution of agreements concluded with the Online Store, in particular to ensure the protection of the interests of payers in connection with complaints filed by them (legal basis: Article 6(1)(f) of the Regulation).
2. Each time, the purpose and basis of processing of personal data by the Administrator arises from the actions taken by the customer of the online store.
3. Your personal data may be transferred, to entities providing us with various services including: legal and advisory services in the enforcement of due claims (in particular, law firms), IT service providers (computer service, hosting and server of the website and mail, IT outsourcing) used by the Administrator, a company providing an IT system and handling orders, an accounting office, entities that are operators of electronic payment services, couriers, as well as state authorities and other entities authorized by law.
4. In terms of the purpose based on the execution of the contract, we will process the data for the duration of the exercise of the rights and obligations arising from the connecting legal relationship, and thereafter for the period of limitation of claims in accordance with the provisions of the Civil Code and the Law on Consumer Rights. In the scope of a filed complaint until it is resolved, and in the case of the assertion of claims and/or defense of rights until the dispute is resolved, taking into account the relevant statute of limitations for claims. With regard to data processed on the basis of a legitimate interest - until the indicated interest ceases to exist or until you lodge an effective objection to the processing of your personal data. If your personal data is processed on the basis of consent, we may process it until you withdraw your consent.
5. In connection with the processing of personal data, subject to the conditions set forth in the provisions of the RODO, the data subject has the following rights: access to personal data, rectification of personal data (updates), erasure of data, restriction of processing, transfer of personal data, the right to object to the processing of personal data and to lodge a complaint with a supervisory authority.
6. The obligation to provide personal data arises from the laws governing the execution of contracts (including the execution of online payments), including the Civil Code and tax law. If you refuse to provide your data, we will not be able to establish a legal relationship. Otherwise, the provision of data is voluntary but necessary for the conclusion of the contract and/or sending content of a marketing nature, responding to the content contained in the consultation form or e-mail.
7. If your inquiry was made via Facebook, the source of your personal data is Facebook Inc. with its headquarters at 1 Hacker Way, Menlo Park, California, United States of America. The data was then obtained based on your consent for Facebook to share your data with the Administrator. The categories of personal data that will be processed by the Administrator in the described case: contact data from your Facebook profile.
8. In case your inquiry was made via the WhatsApp platform, the source of the personal data is WhatsApp Ireland Limited, based at 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Dublin, Ireland. The data was then obtained based on your consent for WhatsApp to share your data with the Administrator. Categories of personal data that will be processed by the Administrator in the described case: contact data from your profile on WhatsApp.
9. In the event that your provision of personal data occurs for the purpose of entering into a contract with the Online Store, your provision of personal data is a condition for entering into this contract. The provision of personal data in this situation is voluntary, but the consequence of not providing such data will be the inability to conclude a contract with the Online Store.
10. In the case of transfer of your personal data to the Bank in connection with the processing and settlement of payments made by you to the Online Store via the Internet using payment instruments, the provision of data is required in order to process the payment and provide the Bank with a confirmation of its execution to the Online Store.
11. In the case of transfer of your personal data to the Bank for the purpose of verification by the Bank of the proper performance of the agreements concluded with the Online Store, in particular to ensure the protection of the interests of the payers in connection with the complaints submitted by them, the provision of such data is required in order to enable the execution of the agreement concluded between the Online Store and the Bank.
12. In order to transfer personal data to ING Bank Śląski S.A. ("Bank") in connection withProvision by the Bank to the Online Shop of the service of making available the infrastructure for handling payments over the Internet (legal basis: Article 6(1)(f) of the Regulation).
For the Bank's handling and settlement of payments made by customers of the Online Store over the Internet using payment instruments (legal basis: Article 6(1)(f) of the Regulation).
in order for the Bank to verify the proper execution of agreements concluded with the Online Store, in particular to ensure the protection of the interests of payers in connection with complaints filed by them (legal basis: Article 6(1)(f) of the Regulation).
13. In connection with the processing of personal data for the purposes specified in paragraph 2, your personal data may be made available by the Online Shop to other recipients or categories of recipients of personal data, which may be:
(a) ING Bank Śląski S.A.
14. In the case of transfer of your personal data to the Bank in connection with the processing and settlement of payments made by you to the Online Store via the Internet using payment instruments, the provision of data is required in order to process the payment and provide confirmation of its execution by the Bank to the Online Store.
15. In the case of transfer of your personal data to the Bank in order for the Bank to verify the proper performance of the agreements concluded with the Online Store, in particular to ensure the protection of the interests of the payers in connection with the complaints submitted by them, the provision of such data is required in order to enable the execution of the agreement concluded between the Online Store and the Bank.
EMPLOYEES AND ASSOCIATES OF OUR CUSTOMERS AND CONTRACTORS AND POTENTIAL CONTRACTORS
1. Employees and associates of our customers and contractors and potential contractors The Administrator may process personal data of employees and associates of customers and contractors or potential contractors for the purpose of proper execution of the contract to which the entity to which such person works or with which such person cooperates is a party, i.e. on the basis of Article 6(1)(f) of the RODO (legitimate interest of enabling contact between the parties to the contract for the purpose of its execution).
2. In this situation, we received the data directly from the employee or co-worker or from his/her employer/entity he/she represents.
3. The scope of the data we have is: first name, last name, business phone and email address, position.
4. Recipients of your personal data may be entities engaged in servicing computer hardware, IT outsourcing, website and mail hosting, server delivery, law firm, entities implementing warranty, guarantee, insurance of goods and also entities authorized by law.
5. We keep your personal data until the expiration of the statute of limitations for any claims for performance or improper performance of the contract.
6. In connection with the processing of personal data, subject to the conditions set forth in the provisions of the RODO, the data subject shall have the following rights: access to personal data, rectification of personal data (updates), deletion of data, restriction of processing, transfer of personal data, the right to object to the processing of personal data and to lodge a complaint with the supervisory authority.
VISITORS TO THE WEBSITE HTTPS://WWW.SAMARITE.EU
1. The Administrator may process personal data for the following purposes:
monitoring and enforcing compliance with the terms and conditions of use of the website on the basis of Article 6(1)(f) RODO - the legitimate interest of ensuring the functionality of the website;
administering and managing the website, including confirming identity and preventing unauthorized access - the legitimate interest of maintaining the stability of the website and ensuring the cyber security of visitors to the website;
Aggregating data for analysis purposes, based on Article 6(1)(f) of the RODO - legitimate interest in conducting activities to improve the website's performance;
direct marketing of own products and services - marketing is carried out in the form of the following activities:
a. use of Google Analytics and Google Ads analytics software to collect data about users. In this case, the administrator collects only the following categories of data: source and medium of acquisition of website visitors, behavior on the website, information on devices and browsers, IP address and domain and geographic data. The legal basis for the processing of personal data is Article 6(1)(a) of the RODO - consent, which is expressed through browser preference settings
b. use of the Facebook Pixel tool to target website users with personalized Facebook ads. In particular, Facebook Pixel collects a history of events (actions performed by the user on the website, e.g. adding a product to the shopping cart) to then display personalized advertising on Facebook. The legal basis for the processing of personal data is Article 6(1)(a) RODO - consent, expressed within the relevant settings of your browser preferences.to establish, investigate and defend against claims on the basis of Article 6(1)(f) RODO - legitimate interest in the form of protection of the Administrator's interests.
You can read the entire cookie policy used by the Administrator here.
2. Recipients of your personal data will be entities providing IT services to the Administrator (e.g., data processing, resource management, maintenance of electronic forms) to the extent applicable to website management activities and also a marketing company. In addition, Google Inc. and Facebook Inc. will also be the recipients of the data (if the appropriate consent is given).
3. The Administrator is not responsible for the processing of data by Google and Facebook - the owner of Google Analytics and Google Ads tools and Facebook Pixel respectively. Customers. The Administrator recommends reading the privacy policies of Google and Facebook to learn about the processing of personal data by Google and Facebook.
4. Personal data will be processed until the cookies are deleted, as specified in the Cookies Policy. After this period, the Administrator will retain personal data if obliged to do so by law for the period provided by such law or for the purpose of pursuing legitimate interests for the period of the statute of limitations for claims.
5. In connection with the processing of personal data, the data subject shall have the following rights: access to personal data, rectification of personal data (updates), erasure of data, restriction of processing, transfer of personal data, the right to object to the processing of personal data and to lodge a complaint with a supervisory authority.
6. The data subject also has the right to withdraw consent to the processing of personal data. Consent can be withdrawn by changing your browser settings. If, in turn, you do not wish to receive personalized advertisements from the Controller on Facebook, you must select your privacy settings on Facebook. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal
7. Provision of personal data necessary for the operation of the website is voluntary, however, without providing such data, some functions of the website may not function properly. For the rest, providing personal data is voluntary.
NEWSLETTER SUBSCRIBERS
1. The Administrator may process personal data of newsletter subscribers in order to send content about the Administrator's activities, including its products, promotions, contests, i.e. on the basis of Article 6(1)(f) - the Administrator's legitimate interest.
2. Sending of newsletters by email and/or SMS applies only if the data subject consents to receive commercial information by electronic means for marketing purposes, to the provided email address or telephone number within the meaning of the Act on Provision of Electronic Services and/or Telecommunications Law expressed by a clearly affirmative action of leaving an email address or telephone number.
3. Recipients of your personal data may be entities engaged in servicing computer equipment, IT outsourcing, mailings, marketing, as well as entities authorized by law.
4. Your personal data will be processed until you unsubscribe from the newsletter or until the newsletter is discontinued, or until you object to the processing of your personal data for marketing purposes.
5. In connection with the processing of personal data, the data subject has the following rights: access to personal data, rectification of personal data (updates), erasure of data, restriction of processing, transfer of personal data, the right to object to the processing of personal data, and to lodge a complaint with a supervisory authority.
6. Providing data is voluntary but necessary if you wish to receive the newsletter.
RECIPIENTS OF DATA
1. The Administrator uses the services of entities that provide sufficient guarantees for the security of personal data, including through the implementation of appropriate technical and organizational measures.
2. Entrustment or sharing of personal data does not always occur to all the listed recipients. The Administrator transfers data only when it is necessary to fulfill the given purpose of processing and only to the extent necessary.
3. As the Administrator uses Google Analytics, Google Ads and Facebook Pixel tools, your personal data may be transferred to a third country (i.e. a country that is not part of the European Economic Area) - the United States of America. The legal basis for the transfer of data is Article 45(1) of the RODO (the European Commission's decision finding an adequate level of protection, which is the EU-U.S. Privacy Shield).
TIME OF PROCESSING OF PERSONAL DATA
1. The length of time we will process your data depends on the purpose for which the data was collected and the legal basis on which the purpose was based.
2. You will find the exact processing time in the individual sections of the Privacy Policy. We encourage you to familiarize yourself with this information.
RIGHTS OF THE DATA SUBJECT
1. The RODO has defined a number of rights that you have in connection with the processing of your personal data. Subject to the conditions set forth in the provisions of the RODO, you have the following rights:
request access to your personal data, rectification, erasure, restriction of processing, data portability,
the right to object to the processing of your data, in case the processing is based on the premise of legitimate interest,
to lodge a complaint with a supervisory authority (the President of the Office for Personal Data Protection) in case the processing of your personal data is deemed to violate the provisions of the RODO,
withdraw your consent, with the proviso that withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. To withdraw your consent, please contact us by email at: [email protected]
In order to exercise the rights indicated above, please contact the Administrator as indicated in the section "Contacting the Administrator".
DATA SOURCE
1. As a rule, the Administrator obtains personal data processed by the Administrator directly from the data subject.
2. The obligation to provide personal data, or lack thereof, also depends on the relationship that the data subject has with the Controller, as well as the particular process within that relationship.
FINAL PROVISIONS
1. The website may contain links to other websites. The Administrator is not responsible for the privacy policies of other administrators. However, the Administrator recommends that when you go to other sites, you should familiarize yourself with the privacy policies operating on them.
2. We will regularly review and update this document. This statement was last updated on 23/06/2022.