Protecting the privacy of Users is of particular importance to BONOPHARM SPÓŁKA Z OGRONICZONĄ ODPOWIEDZIALNOŚCIĄ. Therefore, Users of www.bonopharm.com are guaranteed high standards of privacy protection. BONOPHARM SPÓŁKA Z OGRONICZONĄ ODPOWIEDZIALNOŚCIĄ, as the Data Controller, cares about the security of the data provided by Users.
It is also the Data Controller's goal to duly inform Users of their rights and obligations related to the processing of personal data, especially in view of the content of the data protection regulations set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (hereinafter “GDPR”). Therefore, in order to protect the privacy of the Users of the Website, in this document the Data Controller informs about the legal basis for the processing of personal data provided by the Users in connection with their use of the www.bonopharm.com Website (hereinafter the “Website”), the methods of collection, processing and protection of personal data, as well as the rights of the Users.
A User is any natural person becoming a data subject through using the www.bonopharm.com website or electronic services available through the Website.
The Controller of the personal data provided by the User on the Website (www.bonopharm.com) is BONOPHARM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, Żurawia 55, 25-653 Kielce, Taxpayer Identification No. (NIP) 9592057552, (hereinafter referred to as the “Data Controller”).
The User's personal data is processed by the Data Controller based on the User's consent, and in certain cases described herein, as part of the Data Controller's legitimate interest. The User has the right to withdraw the previously given consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
PERSONAL DATA PROCESSED BY THE DATA CONTROLLER
Method of obtaining personal data
The Data Controller obtains personal data directly from the User through the Website, through the functionalities and communication tools available on the Website and sending messages to the Data Controller through them.
Providing personal data is voluntary.
Type of personal data processing
The Data Controller collects the following personal information about the User through the Website:
PURPOSES OF PERSONAL DATA PROCESSING
The manner in which the Data Controller processes the User's data depends on the User's use of the Website and the functionalities available therein. The Data Controller processes the User's personal data for the following purposes:
Communication with the User.
The Data Controller uses your personal information to communicate with the User in a personalized manner. The information communicated to the User relates to products or services offered, personal data security, network updates, reminders, but also suggested offers from the Data Controller or its partners. Communication with the User also applies to User service. Personal information is used to assist the User, solve technical problems and respond to User complaints or warranty claims.
To present commercial offers to the User electronically.
The purpose of using the User's personal data provided by the User through the functionalities and communication tools available on the Website is for marketing communications conducted by the Data Controller in the course of conducting business activities, in particular to present commercial offers to the User electronically.
Presenting commercial offers to the User via telephone.
The purpose of using the User's personal data provided by the User through the functionalities and communication tools available in the Website is marketing communication conducted by the Data Controller in the course of conducting business activities, in particular by presenting commercial offers to the User via telephone.
Enabling the User to send comments or opinions.
The Data Controller uses the User's personal data in order to enable the User to comment/opine on the Data Controller's or its affiliates' activities, services or products.
The Data Controller may also process the User's personal data obtained through the Website for the following purposes:
for the purpose of entering into and fulfilling a possible contract between the User and the Data Controller and servicing the User as a customer of the Data Controller in accordance with Article 6(1)(b) of the GDPR;
for the purpose of financial settlements with Users being customers of the Data Controller for the performance of possible contracts concluded between the parties, as well as for the possible assertion of claims from Users being customers under the Data Controller's legitimate interest in accordance with Article 6(1)(f) of the GDPR and for the fulfillment of the Data Controller's legal obligations to tax authorities on the basis of separate regulations in accordance with Article 6(1)(c) of the GDPR;
for the purpose of carrying out the Data Controller's marketing activities under the Data Controller's legitimate interests within the meaning of Article 6(1)(f) of the GDPR, and in accordance with statements of intent regarding marketing communications made to the Data Controller. Consents granted for marketing communications (e.g., for the sending of commercial information by e-mail or telephone contact for direct marketing purposes) may be withdrawn at any time, without affecting the legality of the processing carried out on the basis of consent before its withdrawal;
in order to comply with the Data Controller's legal obligations to the User set forth in the GDPR, as defined in Article 6(1)(c) of the GDPR.
SHARING PERSONAL DATA
The User's personal information is not transferred by the Data Controller to third parties.
The User at each stage of the processing of their data is provided with a number of rights that allow them to access their data, verify the correctness of the data processing, correct the data, as well as the right to object to the data processing, may request deletion of the data, limitation of the processing or transfer of the data.
The right to lodge a complaint with a supervisory authority.
Any User whose personal data is processed by the Data Controller has the right to lodge a complaint with the supervisory authority competent in matters of personal data protection (President of the Office for Personal Data Protection).
The Data Controller informs that during the use of the Website, fragments of code called “cookies” are saved in the User's end device, which are text files corresponding to HTTP requests directed to the Data Controller's server. Cookies are installed by each browser from which the User visits the Website. Cookies are used on the Website for the purpose of:
maintaining technical correctness and continuity of the session between the Website server and the User's end device;
optimization of the User's use of the Website's pages and adjusting the way they are displayed on the User's terminal device;
ensuring security of the use of the Website;
collecting statistics on visits to the Website's pages supporting the improvement of their structure and content;
displaying on the User's end device content customized to the User's preferences.
Detailed information regarding the cookies used by the Data Controller and their management is available in the Cookies Policy.
OTHER IMPORTANT INFORMATION
Personal data protection
The Data Controller implements appropriate measures to ensure the security of the User's personal data. Secure use of the Website is ensured by the systems and procedures in place to protect against access and disclosure of data to unauthorized persons. In addition, the systems and processes used by the Data Controller are regularly monitored to detect possible threats. Personal data acquired by the Data Controller is stored in computer systems, access to which is strictly limited.
Personal data retention
The retention period of Users' personal data depends on the purposes of processing by the Data Controller.
The Data Controller shall store personal data for such period as is necessary to achieve the specified purposes, i.e.:
for the duration of the Data Controller's business operations.
In any of the above cases, after the necessary processing period, the data may be processed only for the purpose of asserting claims against the background of the relationship between the parties until the final resolution of these claims through legal means.
In addition, it is also possible to contact by traditional mail by sending a letter to: ul. Żurawia 55, 25-653 Kielce.
This document was last updated on 7 July 2023.