Information clause

1. The administrator of your personal data is: MNM Diagnostics sp. Z o. O. With its registered office in Poznań at ul. Maciej Rataja 64, hereinafter referred to as the Administrator; The administrator conducts the processing of your personal data.

2. The term "personal data" means all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person, including device IP number, data on location, online ID, and information collected through cookies and other similar technology. The GDPR is understood as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC. The Website is understood as the Administrator's websites published by the Administrator. The term User is understood as any natural person visiting the Website or using one or more services or functionalities made available on the Website.

3. The Data Protection Officer at the Administrator's is: Mr. Piotr Topolski, e-mail: inspektor.danych@mnm.bio.

4. In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered on the Website, as well as information about the User's activity on the Website. Personal data of all persons using the Website (including IP address or other identifiers and information collectedvia cookies or other similar technologies), are processed by the Administrator:

  • For analytical and statistical purposes - then the legal basis for processing is the Administrator's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users' activity, as well as their preferences, in order to improve the functionalities used and the services provided;

  • in order to possibly determine, investigate or defend against claims - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of their rights;

  • The User's activity on the Website, including their personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, for the purposes of ensuring the security of the IT system and its management, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the administrator (Article 6 (1) (f) GDPR).

5. The administrator provides the possibility of contacting him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the inquiry. The User may also provide other data in order to facilitate contact or handling the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle it. Providing other data is voluntary.

6. In order to identify the sender and handle his inquiry sent via the provided form - the legal basis for processing is the necessity of processing to perform the service contract, in particular to provide data under the Creative Commons license (Article 6 (1) (b) and Article 6 sec. 1 lit. f) GDPR).

7. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Administrator's legitimate interest.

8. The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after this period, only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.

9. The User has the right to: access the data and request rectification, deletion, processing restrictions, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.

10.  The user has the right to object at any time to the processing of his data for direct marketing purposes, including profiling, if the processing takes place in connection with the legitimate interest of the administrator.

11. The Administrator reserves the right to disclose information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

12.  The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:

  • cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;

  • use of standard contractual clauses issued by the European Commission;

  • application of binding corporate rules approved by the competent supervisory authority;

13. The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed by him in a safe manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. . The administrator makes sure that all operations on personal data are recorded and performed only by authorized employees and associates.

14.  The administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data at the request of the Administrator.