Effective from May 24, 2018.
Medidesk Sp. z o.o. with its registered office in Warsaw, 17/2 Władysława Niegolewskiego St., 01-570 Warsaw, entered into the National Courty Registry under KRS#: 0000659580, with the following identification numbers: NIP (VAT ID#): PL7010659520, and REGON: 366382110 (Address for correspondence: 17/2 Władysława Niegolewskiego St., 01-570 Warsaw).
It also constitutes the means to fulfill the disclosure obligation resulting from:
Art. 13 of the Resolution of the European Parliament and Council (EU) no. 2016/679 of April 27, 2016 on the protection of natural persons with regards to the processing of personal data and on free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Offical Journal of the EU L119 of April 5, 2016, page 1) (hereinafter referred to as the “GDPR”).
1. Personal data – according to the provisions of Art. 4 point I) of the GDPR this refers to any information regarding an identified and identifiable natural person (“the person whom the data is regarding”). An identifiable person is a natural person who can be directly or indirectly identifies, in particular, based on such identifier as their first and last name, identification number, information regarding their location, internet ID number, or one or several particular factors related to the physical, physiological, genetic, psychical, economical, cultural or social identity of a natural person.
Personal Data Controller
2. The Personal Data Controller for the Site is:
Medidesk Sp. z o.o. with its registered office in Warsaw, 17/2 Władysława Niegolewskiego St., 01-570 Warsaw, entered into the National Court Registry under KRS#: 0000659580, with the following identification numbers: NIP (VAT ID#): PL7010659520, and REGON: 366382110. Address for correspondence: 17/2 Władysława Niegolewskiego St., 01-570 Warsaw. Email: email@example.com. The Controller has appointed a Personal Data Inspector, email: firstname.lastname@example.org.
Legal basis, purpose and scope of the processing
3. The Personal Data Controller hereby declares that it processes personal data in accordance with:
(Art. 6, section I, letter b) – i.e. the processing is necessary for the purpose of executing the provisions of an agreement, of which the person whom the data is regarding is a party, or to undertake action upon the request of the person whom the data is regarding before concluding such contract; or (Art. 6, section 1, letter a) i.e. on the basis of the consent of the owner of data in case of marketing uses.
4. The Personal Data Controller processes personal data with the purpose of executing an agreement (provision of a training webinar service) or with the purpose indicated in the consent. The Personal Data Controller processes the data only within the scope necessary for these purposes and for the duration of a period necessary for the agreement to be executed, or until the consent is withdrawn by the user of the Site.
5. Within the Controller’s Site found at medidesk.pl the following personal data is gathered from Site users:
- First and last name;
- Email address;
- Telephone number.
6. Recipients (entrusted processors) of the personal data include The entity which provides maintenance services for the medidesk.pl and medidesk.io sites and entities providing IT services to Medidesk Sp. z o.o.. Transfer of personal data between these entities is regulated by data processing agreements.
7. Personal data of the Users of the Site are not disclosed to any third parties with the exception of situations when such disclosure results from legislation in force that obliges the Controller to disclose personal data to authorized entities.
8. The Controller maintains Site logs, although they are not in any way tied to any personal data. Based on lof files statistics may be compiled which provide assistance in administering the Sites. Collective summaries of such statistics include no characteristics which would allow for the identification of any visitors to the Site.
Rights of the Users. Right of access to data
According to Art. 15 – 22 of GDPR each user of the Site has the following rights:
1. Right of access to data (Art. 15 of the GDPR)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. According to Art. 15 the Controller shall provide the person whom the data is regarding a copy of such data which is subject to processing.
2. The right to rectify (Art. 16 of the GDPR)
The person whom the data is regarding has the right to demand that the Controller rectifies any of their personal data that is incorrect.
3. The right to erasure (“right to be forgotten”) (Art. 17 of the GDPR)
The person whom the data is regarding has the right to demand that the Controller immediately erases their personal data, and the Controller has the duty to do so without unnecessary delay in one of the following cases:
a) the personal data is no longer necessary for the purposes for which they have been collected or are otherwise processed;
b) the person whom the data is regarding has withdrawn their consent which was the basis for the processing;
c) the person whom the data is regarding submits an objection based on Art 21 section 1 to the processing and there are no other legal bases for the processing.
4. The right to restriction of processing (Art. 18 of the GDPR)
The person whom the data is regarding has the right to demand from the administrator that the processing of their data is restricted in the following cases:
a) When the data is incorrect – until it is rectified
b) When the person whom the data is regarding has submitted an objection on the basis of Art 21 item 1 to the processing – until it is established whether there are any legally justified bases for the Controller which are superior to the objection of the person whom the data is regarding.
c) The processing is in breach of the lat, and the person whom the data is regarding is objecting to the removal of the personal data and demands instead for the processing to be restricted.
5. Right to data portability (Art. 19 of the GDPR)
6. Right to object
In case the personal data is processed for direct marketing purposes, the person whom the data is regarding has the right at any time to submit an objection to the processing of their personal data for such marketing purposes, including profiling in the scope in which the processing is related to such direct marketing.
7. The user may exercise their rights by sending a relevant demand to the following email address: email@example.com. For the purpose of correct identification, such demand should be sent from the email address from which registration to the Site has been performed. it is the execution of Art. 12, item 6 of the GDPR. The demand may also be filed by mail – by sending a registered letter including the demand to the correspondence address of the Company which is managed by the Controller.
8. According to the provisions of the law, the Controller has up to one month to respond to the person who submitted such demand, including information on the actions that have been undertaken with regard to the demand. In case the Controller does not undertake any such action they should notify the person who submitted the demand.
9. The User has the right to lodge a complaint regarding the activity of the Controller with the Supervisory Body.
The Site is equipped with security measures, the purpose of which is to protect the personal data within the control of the Controller from loss, improper use, or modification. The Controller also holds relevant documentation and has implemented procedures related to the protection of personal data within the company.
The Administrator ensures that they are protecting all disclosed information in compliance with the relevant provisions of the law and norms of data security, and in particular:
a) Access to the data gathered by the Controller is only granted to authorized employees and contractors of the Controller and persons employed to manage the Site, who have been granted relevant authorizations according to Art. 29 of the GDPR.
b) The Controller declares that by commissioning other entities to provide services, it requires from the partners, in accordance with the disposition of 28 RODO, to ensure relevant standards of protection of the entrusted personal data, to sign appropriate data processing agreements in which the partners confirm the application of the standards and the right to control the compliance of these entities with these standards.
c) In order to ensure proper protection of services provided by electronic means, the Controller of the Service applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol).
d) Due to the public nature of the Internet, the use of services provided electronically may involve risks, regardless of the Data Controller’s due diligence.
The Cookie mechanism. Links to other sites.
1. The Site uses “session” cookie files (stored until the website or the browser is closed) or “permanent” cookie files (stored on the device for a defined period of time).
2. Site users may change their cookie settings. The internet browser allows for the removal or blocking of such files. Detailed information regarding cookie settings is included in the help or the user documentation of the web browser.
3. Turning off the cookie files most often will lead to limiting or disabling of some of the features of the Site.
Third-party cookie files:
1. The medidesk.io site uses cookie files from a third party – Google Analytics – for more information visit: google.com/analytics/learn/privacy.html
2. Cookie files used on the medidesk.io Site do not gather any personal data.
2. The Personal Data Controller reserves the right to implement changes, withdraw or modify functions and features of the Sites, as well as to the cessation of activity of the Site or undertaking any legal activities allowed by the provisions of the law.