PRIVACY POLICY AND COOKIES
In accordance with the information obligation under Articles 12 and 13 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Controller hereby informs:
1. This Privacy Policy (hereinafter referred to as the ‘Policy’) is addressed to Users and Customers using the website available at the domain DOCTORzdrowie.com (hereinafter referred to as the ‘Online Pharmacy’) and specifies the type, scope and purposes of data processing. The Policy is for informational purposes and forms an integral part of the Online Pharmacy Terms and Conditions. All terms used in the Policy that are capitalised have the same meaning as assigned to them in the Online Pharmacy Terms and Conditions, unless otherwise specified in this Policy.
2. The administrator of personal data obtained from the online pharmacy is the Seller, i.e. PUH MAJ J. Maj, ul. Opatowska 10, 28-200 Staszów, NIP: 866-152-62-81, REGON 292615287, hereinafter also referred to as the ‘Administrator’.
3. By placing an Order in the Online Pharmacy without registering an Ordering Party Account, and/or by registering an Ordering Party Account, and/or by contacting the Seller (by e-mail or telephone, or via the form), and/or using other services provided by the Seller electronically (password reminder, newsletter, posting opinions about the Product, or using other services provided by the Administrator electronically, referred to in the Online Pharmacy regulations) - provides the Administrator with their personal data (name and surname, address, email address, telephone number, possibly company name, business address, tax identification number, IP address of the computer used by the User when browsing the Online Pharmacy website).
4. Purposes and activities of personal data processing:
4.1. Placing an Order without registering an Ordering Party Account – providing data (name and surname, address, contact telephone number and e-mail address, which may contain personal data) is voluntary, but necessary for the performance of the Sales Agreement and delivery of the Order to the address indicated by the Ordering Party. The data provided when placing an Order is used solely for the purpose of performing the Sales Agreement concluded with the User, and the legal basis for its processing is Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the ‘GDPR’). The data will be processed by the Administrator for the period necessary to perform the Sales Agreement, however, the Administrator will continue to store the User's data in order to defend against possible claims related to possible withdrawal from the Sales Agreement, to consider complaints, for tax settlement purposes, but no longer than 5 years from the date of obtaining the data, which constitutes the legitimate interest of the Controller referred to in Article 6(1)(f) of the GDPR;
4.2. 4. 2. Registration of the Ordering Party's Account – In order to avoid providing personal data during subsequent purchases, the User may register an Ordering Party Account. Providing data (name and surname, address, contact telephone number and email address, which may contain personal data) is voluntary, but necessary for the registration of the Ordering Party Account. The data provided during registration (name and surname, email address) is used for the purpose of maintaining the Ordering Party's Account and performing Sales Agreements concluded by the Ordering Party by the Administrator as the seller, and the legal basis for their processing is the consent given by the User during the registration of the Ordering Party's Account (in accordance with Article 6(1)(a) of the GDPR) . The data will be processed by the Administrator for the duration of the Ordering Party's Account, unless the User resigns from having an Ordering Party's Account earlier. However, resignation from the Ordering Party's Account does not lead to the deletion of data from the database. The Controller will continue to store the User's data in order to defend against any claims related to the maintenance of the Account, in particular for the purpose of demonstrating the User's consent to the registration of the Account, but for no longer than 5 years from the date of obtaining the data, which constitutes the legitimate interest of the Controller referred to in Article 6(1)(f) of the GDPR. lit. f) of the GDPR Regulation;
4.3. contact between the Online Pharmacy User and the Administrator - by contacting the Administrator via e-mail, contact form or telephone using the contact details provided in the CONTACT tab in the Online Pharmacy, the User provides the Administrator with their e-mail address as the sender's address, as well as their first and last name and contact telephone number. Providing this data is voluntary, but necessary for the Administrator to contact the Online Pharmacy User. In this case, the User's data is processed for the purpose of contact on the basis of actions requested and initiated by the User, and the legal basis for processing is Article 6(1)(b) of the GDPR. The legal basis for data processing after the end of contact is a legitimate purpose in the form of archiving correspondence for the purpose of demonstrating its course in the future (Article 6(1)(f) of the GDPR). The content of the correspondence may be archived, but for no longer than 5 years from the date of obtaining the data. The user has the right to request the history of correspondence with the Administrator (if it has been archived), as well as to request its removal, unless archiving is justified by the Administrator's overriding interest, e.g. defence against potential claims from the user of the online pharmacy.
4.4. use of the Account Password reminder service - providing data (e-mail address may contain personal data) is voluntary, but necessary for the performance of the contract for the provided electronically by the Administrator. The data provided by the User is used to remind the User of their Account Password by email, and the legal basis for its processing is the performance of the contract concluded with the User, in accordance with Article 6(1)(b) of the GDPR. The data will be processed by the Administrator for the period necessary to perform the contract for the provision of services by electronic means, but no longer than 5 years from the date of obtaining the data. After the performance of the contract, the Controller will continue to store the User's data in order to defend against possible claims regarding the services provided by the Controller electronically, to consider complaints, which constitutes the legitimate interest of the Controller referred to in Article 6(1)(f) of the GDPR.
4.5. newsletter – An Online Pharmacy user who wishes to subscribe to the newsletter in order to receive commercial, advertising and marketing information about the Products from the Administrator by e-mail marketing information about the Products, must provide their e-mail address (which may contain personal data) via the newsletter subscription form or tick the appropriate check box with consent when placing an Order. Providing data is voluntary, but necessary to subscribe to the newsletter. The data provided when subscribing to the newsletter is used to send the User the newsletter, and the legal basis for its processing is the consent given by the User when subscribing to the newsletter (in accordance with Article 6(1)(a) of the GDPR). The data will be processed by the Administrator for the duration of the newsletter, unless the User unsubscribes from it earlier. However, unsubscribing from the newsletter does not result in the complete removal of data from the database. The Administrator will continue to store the User's data in the mailing system in order to defend against possible claims related to the sending of the newsletter, in particular for the purpose of demonstrating the User's consent to receive the newsletter, which constitutes a legitimate interest of the Administrator of personal data referred to in Article 6(1)(f) of the GDPR. lit. f) of the GDPR. The data retention period after unsubscribing from the newsletter is no longer than 5 years from the date of unsubscribing. The User may at any time correct their data stored in the newsletter database. The user also has the right to transfer data, referred to in Article 20 of the GDPR.
4.6. searching for a Product in the Online Pharmacy, adding a Product to the list of favourites - User data collected in the Online Pharmacy's system logs is used by the Administrator solely for the purpose of displaying relevant information to the User, in accordance with their request, which constitutes a legitimate interest of the personal data Administrator referred to in Article 6(1)(f) of the GDPR;
4.7. posting an opinion about the Product – providing data (e-mail address which may contain personal data) is voluntary, but necessary for the performance of the contract for the provision of electronic services by the Administrator. The User's personal data in the form of their name, pseudonym or nickname (which may contain the User's personal data) is presented on the Product Page when posting an opinion about the Product. The data provided by the User is used for the purpose of posting a review on the Product Page, and the legal basis for its processing is the performance of the contract concluded with the User, in accordance with Article 6(1)(b) of the GDPR. The data will be processed by the Administrator for the period of posting the User's opinion on the Product Page, but no longer than 5 years from the date of obtaining the data. After the performance of the contract, the Controller will continue to store the User's data for the purpose of defending against possible claims regarding the services provided by the Controller electronically, and for the purpose of considering complaints, which constitutes the legitimate interest of the Controller referred to in Article 6(1)(f) of the GDPR.
4.8. analysis and statistics of the Online Pharmacy data – the User's personal data collected in the Online Pharmacy's system logs, e.g. when adding Products to favourites or comparing Products, are used by the Administrator to analyse User activity in order to improve the functionality of the Online Pharmacy and the technical and administrative support of the Online Pharmacy, which constitutes a legitimate interest of the Administrator, and the legal basis for their processing is Article 6(1)(f) of the GDPR; and administrative services of the Online Pharmacy, which constitutes the legitimate interest of the Administrator, and the legal basis for their processing is Article 6(1)(f) of the GDPR;
4.9. compliance with the requirements of the GDPR Regulation – the User's personal data (name and surname, address, contact telephone number and e-mail address which may contain personal data), as well as also the User's identification data, information about purchased Products are processed by the Administrator in order to meet the requirements of Regulation (EU) 2023/988 of the European Parliament and of the Council on general product safety, amending Regulation (EU) 1025/2012 and Directive (EU) 2020/1828 and repealing Directive 2001/95/EC and Directive 87/357/EEC of 10 May 2023 (hereinafter referred to as the ‘GPSR Regulation’). The Administrator's responsibilities include activities such as identifying and reporting potential risks associated with Products, ensuring that Products comply with safety requirements, and informing the competent authorities or Users of the need to take action regarding Product safety. The GPSR Regulation also obliges the Administrator to provide notifications if required by law and details of reported Product safety issues. The legal basis for data processing by the Administrator is the necessity to fulfil the legal obligation incumbent on the Administrator in accordance with Article 6(1)(c) of the GDPR.
5. The Administrator informs that the User of the Online Pharmacy has, at any time, the right to transfer data referred to in Article 20 of the GDPR, the right to access personal data and the possibility to correct, rectify, object to the processing of data, and that the consent given for data processing may be withdrawn by the User at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The Administrator may refuse to delete the User's personal data if there are grounds for doing so under the law. The User also has the right to lodge a complaint regarding the processing of personal data with the President of the Personal Data Protection Office. User data will not be subject to automated decision-making, including profiling. Personal data is not transferred outside the European Economic Area.
6. The rules relating to the exercise of the User's rights are described in detail in Articles 15–21 of the GDPR.
7. The Administrator hereby also informs that it never transfers, sells or lends the collected personal data of Users to third parties other than those indicated in this Policy and the terms and conditions of the Online Pharmacy (e.g. banks handling payments, companies handling electronic payments, Order suppliers, accounting companies, companies providing technical support for the server on which the Online Pharmacy is located), unless with the express consent or at the request of the User, or at the request of authorities entitled by law in connection with ongoing proceedings (e.g. courts, law enforcement agencies, Trade Inspection).
8. The Administrator processes personal data provided by the User in a manner consistent with the scope of the consent granted by the User and the requirements of the law, including the provisions of the GDPR Regulation, in particular, it protects the personal data of Users against disclosure to unauthorised persons, loss or damage, and guarantees the confidentiality of all personal data provided to it. The online pharmacy has enabled connection encryption using an SSL certificate.
9. The online pharmacy uses the Google Analytics plugin – a tracking code that indicates the age, gender and location of visitors to the website and traffic on the online pharmacy's website. The data obtained in this way is used for statistical purposes only. Personal data obtained in this way is stored for a period of 3 months. You can block the Google Analytics JavaScript code at any time by clicking on the link: https://tools.google.com/dlpage/gaoptout and following the tips and instructions provided there. This data is used by the personal data controller for statistical purposes only.
10. The online pharmacy uses cookies, which are used to identify the browser when using the online pharmacy, so that it knows which page to display. Cookies do not contain any personal data. When you visit the online pharmacy, certain information may be stored on your computer in the form of a cookie. Detailed and up-to-date information on this subject can be found directly on the manufacturer's website.
http://www.google.pl/intl/pl/policies/technologies/types/
11. Cookies are small files consisting of a string of letters and characters, saved on your computer by a web server when you visit a given Online Pharmacy website. Cookies are used by the Online Pharmacy solely for the purpose of better adapting the website to your individual preferences. In addition, cookies used by the Online Pharmacy may serve the following purposes:
a) ensuring the proper functioning of the Online Pharmacy – cookies enable access to certain parts of the website, e.g. those secured by a login system;
b) improving the performance and optimising the operation of the Online Pharmacy – cookies enable the reading of information about how Users navigate the Online Pharmacy, thus helping to improve it;
c) targeting information and promotional content - cookies are used to automatically tailor the content of the Online Pharmacy to the User's needs;
d) improving the functionality of the Online Pharmacy - cookies remember information provided by the User, e.g. their login details;
e) to prevent spam being sent via the comment form available on the Online Pharmacy website – for this purpose, the Online Pharmacy uses WordPress WP-SpamFree cookies.
12. The information collected and generated by cookies in the Online Pharmacy does not allow for the personalisation and identification of the User. As a result of their use, no personal data of the Online Pharmacy User is stored.
13. The cookies used by the Online Pharmacy are safe and do not have any harmful effect on the User's computer. The User may change the way cookies are used by their browser, including blocking or deleting those that come from the Online Pharmacy. Most web browsers allow you to delete cookies from your computer's hard drive, block all cookies sent to you, or set a warning before such files are saved to your hard drive. To do this, please refer to the user manual or help topics for your web browser. The process of controlling and deleting cookies may vary depending on the browser you use.
14. Failure to consent to the use of cookies in their minimum form will result in the incorrect display of the content of the Online Pharmacy's subpages. Failure to consent to the use of other cookies may limit some of the functionalities available in the Online Pharmacy. The User may only allow the use of selected cookies.
15. The Online Pharmacy website may also contain links to other websites not administered by the Administrator (e.g. Facebook, Instagram). The User may also be redirected to the Online Pharmacy from other websites, e.g. via a tracking pixel from the Facebook social networking site, therefore the Administrator cannot be held responsible for the content of these websites or for the level of privacy protection implemented by the administrators of these websites. The Administrator also informs that this Policy applies only to the Online Pharmacy and that after moving to other websites, it is recommended that the User familiarise themselves with the privacy policy applicable to that website before providing their personal data there. By deciding to move to such websites and visit them, the User does so at their own risk.
16. The Administrator is entitled to amend this Policy for important reasons (e.g. changes in legal regulations, changes in the rules for placing Orders in the Online Pharmacy). In the event of changes, the User will be notified at least 14 days before the changes come into force - relevant information about changes to the Policy will be posted on the Online Pharmacy website, and Users who have an Account or subscribe to the newsletter will also be notified by email. If the amended Policy is not accepted, the User has the right to terminate the Policy and thus refuse to continue providing their personal data.
17. If you have any questions, comments, requests or suggestions regarding this Policy, please contact the Administrator. You are also requested to immediately notify the Administrator of any violations of security rules related to the use of the Online Pharmacy. Online Pharmacy. All contact details for the Personal Data Administrator are provided in the CONTACT tab on the Online Pharmacy website.
