As per the Resolution of the European Parliament and Council (EU) no. 2016/679 of April 27, 2016, on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), we hereby inform that we will process your personal data which is disclosed while using the medidesk.pl Facebook profile (hereinafter referred to as the “company profile”).

1. Categories of persons whose data is being processed

We hereby inform that Medidesk Sp. z o.o. with its registered office in Warsaw, 17/2 W. Niegolewskiego St., post code 01-570, processes personal data of persons who:

• have been redirected to the company profile on Facebook through a link,
• have subscribed to the company profile by clicking the “Like” button on the medidesk.pl site, or “Follow” directly on the company profile on Facebook,
• have published their comment under any of the posts published on the company profile on Facebook.

2. The personal data controller

The Personal Data Controller for the Site is Medidesk Sp. z o.o. with its registered office in with its registered office in Warsaw, 17/2 W. Niegolewskiego St., post code 01-570, entered into the National Court Registry maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Registry under KRS#: 0000659580, with the following identification numbers: NIP (VAT ID#): PL7010659520, and REGON: 366382110 (hereinafter referred to as the “Controller”).

The Controller has appointed a Data Protection Inspector. Contact: Paweł Meller, email: iodo@informatykamedyczna.pl, tel.: +48 22 398 70 64.

3. Purposes and legal basis for the processing

We process personal data of the persons mentioned in item I above for the following purposes:

• for the purpose of maintaining a company profile on Facebook under the name medidesk.pl, based on the terms and conditions defined by Facebook Inc. and to publish information regarding our activity, promote different events which we organize and our brand, products, and services, build and maintain a community of stakeholders in order to conduct communication with the use of the features of Facebook (comments, chat, messages) which is our legally justified interest (on the basis of Art. 6, item 6, letter f of the GDPR);
• for the purpose of conducting analyses regarding the functioning, popularity, ways of use of the company profile, which is our legally justified interest (on the basis of Art. 6, item 6, letter f of the GDPR);
• Your personal data may also be processed on the basis of a separate consent in the scope and for the purpose as defined in the content of the consent and for as long as the consent is not withdrawn (Art 6, item 1, letter a. of the GDPR);
• Your personal data may also be processed on the basis of provisions of the law (Art. 6, item 1, letter c of the GDPR) with the purpose of fulfilling legal requirements resulting from the law by the Controller.

4. Categories of the personal data which is processed

The personal data Controller will process the following types of data:

• basic identification details (first and last name) in the scope published by you on your own profile within Facebook;
• the data you publish on the Facebook profile, including your image;
• statistical data regarding the persons who visit the company profile made available through the “Facebook Insights” feature provided by Facebook with reference to Facebook terms and conditions, gathered by the use of cookie files, each of which includes a unique user ID which can be tied to the details regarding the connections made by users registered on Facebook (IP address), and which is downloaded and processed upon the opening of the company profiles.

5. Recipients of the data

The personal data Controller may disclose the personal data to:

1. 1. public authorities and entities which perform public duties or act upon the order of public authorities in the cope and for purposes resulting from the provisions of the law;
   2. other entities which based on proper data processing agreements signed with the Controller process the personal data on behalf of the Controller,
   3. owner of Facebook based on unchanged terms and conditions regarding data defined by Facebook and made available here: https://www.facebook.com/about/privacy

6. Transfer of data to third countries or international organizations.

The data controller does not transfer the data outside Poland/EU/European Economic Area with the reservation regarding the transnational nature of the data flow within Facebook as per contractual clauses approved by the European Commission and decisions of the European Commission declaring an adequate level of data protection for specific countries in accordance with the rules specified by Facebook at https://www.facebook.com/about/privacy.

7. Data retention period

The processing period is related to the purposes and grounds for processing. Therefore:

• data processed on the basis of consent will be processed until the consent is withdrawn,
• data processed on the basis of statutory requirements will be processed for the period during which the law prescribes data retention,
• data processed on the basis of the legally justified interest of the Administrator will be processed until an objection is lodged effectively or the interest ceases to exist, e.g. data processed in order to assert or defend against claims will be processed for a period equal to the period of limitations of these claims,
• the statistical data on visitors to the company profile available via the “Facebook Insights” feature will be processed for the duration of the availability of the data on Facebook, which is 2 years.

8. Your rights

You have the right to:

1. access your data and obtain a copy thereof;
2. rectify your data;
3. have your data deleted;
4. restrict the processing of your data;
5. submit an objection to the processing of your data;
6. data portability
7. lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the Chairman of the Personal Data Protection Authority, 2 Stawki St., 00-193 Warsaw, Poland; https://www.uodo.gov.pl/pl/p/kontakt; tel. +48 22 531 03 00 – when you recognize that the processing of your personal data violates the provisions of the GDPR or other legislation relating to the processing of personal data.

1. withdraw your consent for the processing of personal data.

At any time, you have the right to withdraw your consent for the processing of the personal data which is being processed on the basis of the consent. Withdrawal of the consent does not influence the legal compliance of any previous processing, which took place prior to the withdrawal.

9. Information regarding the source of data

We obtain your data from Facebook, from your public profile, and your comments on the company profile Facebook.

10. Other information.

The personal data will not be subject to automated decision-making, including profiling.

The processing of your data which is obtained by the Controller will be based on their voluntary disclosure as long as it is based on your consent. It may also be the case that the processing is based on a legal obligation, e.g. in a case when archiving of documentation including personal data is necessary as a result of the provisions of the law.