Privacy policy

Information clause on the processing of personal data by Przedsiębiorstwo Zaopatrzenia Farmaceutycznego CEFARM- Łódź Sp. z o.o. with its registered office in Łódź (94-406) at ul. KINGA GILLETTE 11 running the Museum of Pharmacy named after Jan Muszyński in Łódź at 2 Plac Wolności

This clause exhausts the information obligation arising from Article 13(1) and (2) 2 and Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ Of Laws of the EU). L. 2016. 119. 1) hereinafter referred to as ‘GDPR’.

We would like to assure you that we take great care to process the personal data we obtain in accordance with the applicable legislation and to ensure its security throughout the processing period. In order to effectively implement the data protection principles, we implement appropriate technical and organisational measures, taking into account the state of the art, the nature, scope, context, purposes of the processing and the risk of infringement of the rights or freedoms of natural persons, and we give the processing the necessary safeguards.

Who is the Controller of your data?

The Controller of your personal data (hereinafter referred to as “ADO”) is Przedsiębiorstwo Zaopatrzenia Farmaceutycznego CEFARM-Łódź, with its registered office in Łódź, which operates the Pharmacy Museum named after prof. Jan Muszyński in Łódź at Plac Wolności 2, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register under KRS number: 0000207809, Tax Identification number [NIP] 7272619792, REGON 473241881 with a share capital of PLN 32 410 000,00 paid in full. The ADO can be contacted via email address: muzeumfarmacji@doz.pl or in writing to the ADO’s registered office address with the reference “Data Protection”.

Who can you contact regarding your personal data?

In order to properly protect personal data, the ADO has appointed a Data Protection Officer. In all matters relating to the processing of personal data and the exercise of your rights in relation to the processing of personal data, you may contact the Data Protection Officer at the following e-mail address:l: iod@doz.pl.

Is the provision of data mandatory and how does ADO have your personal data?

The controller obtained your data directly from you, i.e. the data subject. In the case of the processing of your data on the basis of:

– Article 6(1)(b) GDPR, the provision of data is voluntary, but failure to do so will prevent ADO from taking action and fulfilling the purposes for which the data are collected

– Article 6(1)(c) of the GDPR, the obligation to process the data obtained arises from the law. Failure to do so will prevent ADO from carrying out the activities imposed on it by law

– Article 6(1)(f) of the GDPR, the ADO processes the data previously obtained for its legitimate interest.

If ADO did not obtain the data directly from you, your personal data in terms of: inter alia: identification data (first and last name), contact data (e-mail address), other data (e.g. place of employment):

– may have been obtained by the ADO from publicly available sources (e.g. from the KRS, CEIDG, websites, etc.).

– may have been made available to the ADO in another way, i.e. by a person/entity with whom the data subject cooperates or with whom he/she has another legal relationship entitling the aforementioned entity to make your data available to the ADO.

What are the purposes and legal basis for processing your personal data?

The personal data you provide may be processed for various purposes carried out by the ADO, based on the various legal bases described below:

Purposes of processing:

Legal basis for processing

Period of data processing

Processing of your data, voluntarily provided in the contact form or Messenger Meta Platforms, in order to respond to your request.

Article 6(1)(f) GDPR, i.e. the legitimate interest of the Controller.

Personal data will be processed for the duration of the purpose for which other data in the Contact Form has been indicated or until consent is withdrawn. Notwithstanding the withdrawal of consent, the data may be processed for the duration of the applicable law or until the statute of limitations for possible claims and for the purposes of accountability of the ADO’s actions as referred to in Article 5(2) GDPR.

Processing of personal data of non-parties whose data is processed for the purposes of the Booking (e.g. employees, associates, persons entitled to representation)

Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Controller used for the purpose of contact for the execution and performance of the Contract.

 The personal data will be processed for the duration of the purpose for which other data in the Contract has been indicated or until consent is withdrawn. Notwithstanding the withdrawal of consent, the data may be processed for the duration of the applicable law or until the statute of limitations for possible claims and for the purposes of accountability of the ADO’s actions as referred to in Article 5(2) GDPR.

Taking steps to conclude the Agreement in the form of fulfilling the ordered Reservation.

Article 6(1)(b) of the GDPR, i.e. the processing is necessary in order to take steps to complete the Booking.

The personal data will be processed for the duration of the Agreement and, after this period, until the statute of limitations for claims under generally applicable law, in particular for the accountability of ADO’s actions as referred to in Article 5(2) GDPR.

Maintenance of accounting and bookkeeping documentation, records and financial reports.

Article 6(1)(c) of the GDPR in conjunction with in connection with section 74 of the Accounting Act.

Personal data will be processed until the expiry of the limitation period for the payer’s liability or the expiry of the limitation period for the tax liability.

Establishing, asserting or defending against possible claims arising from the performance of the Agreement and for the accountability of ADO’s actions as referred to in Article 5(2) of the GDPR.

Article 6(1)(f) and 5(2) GDPR, i.e. ADO’s legitimate interest in securing claims and ensuring accountability

Personal data will be processed until the statute of limitations for claims under generally applicable law. Where data are processed for the purpose of establishing, asserting or defending claims, there is no right to object (Art. 21(1), 2nd sentence). 2 GDPR).

Conducting internal audits by ADO to ensure compliance with ADO’s internal standards and procedures.

Article 6(1)(f) of the GDPR, i.e. ADO’s legitimate interest in ensuring compliance with internal standards and procedures related to ADO’s business.

Your personal data will be processed for the period necessary to pursue the legitimate interest of the ADO or until you successfully object to the processing.

Who may be the recipient of your personal data, i.e. to whom may the ADO transfer the personal data obtained?

The recipients of your personal data may be:

  1. entities that process personal data on behalf of ADO, with whom ADO has entered into personal data processing entrustment agreements required by law, i.e.:

    1. external entities providing and supporting ADO’s IT systems

    2. entities providing services related to the day-to-day operations of ADO.

The aforementioned entities have been obliged by the ADO to provide adequate technical and organisational measures to ensure the security and protection of the personal data provided to them.

  1. Entities authorised under applicable legislation, in connection with the so-called sharing of personal data. In such a case, prior to the transfer of the personal data acquired by the ADO, the ADO shall each time verify the existence of the legal basis for the access.

As a general rule, the personal data acquired by ADO of you will not be transferred to a third country or international organisation outside the European Economic Area. However, in certain situations, due to the ADO’s cooperation with service providers in fulfilling the purposes of processing personal data, there may nevertheless be transfers of personal data to countries outside the European Economic Area. In such a situation, the ADO will take care of all formalities related to the proper protection of personal data, including, inter alia, the use of standard contractual clauses adopted by the Commission (EU), and will provide the data subjects whose data it has obtained with the relevant information.

What rights do you have in relation to the processing of your data by ADO?

In connection with the processing of personal data obtained by ADO, you have the following rights:

In addition, you have the right to:

Whenever you wish to exercise the above-mentioned rights, ADO assesses and verifies the requests made and implements them in compliance with the applicable legislation.

Is the personal data obtained subject to automated processing or profiling?

No, your personal data obtained and processed by ADO is not subject to automated processing including profiling.

Cookies

We only use necessary and mandatory cookies for the proper functioning of the website and its functionality..

Unnecessary cookies, enable basic functions such as efficient navigation on the website, access to secure areas of the website.. Without these cookies, the website may not function properly.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.