Privacy policy

RENOMED PRIVACY POLICY 

 

I.  About this Privacy Policy

This Privacy Policy explains how our Company collects and processes personal data and how it applies data protection principles. It also describes the legal basis and purposes of data processing. Data processing is based on the applicable regulations, especially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, and on Poland’s Personal Data Protection Act of 10 May 2018.

This document is meant to help you understand what personal information we collect in connection with our business and how it is processed.

 

II.  Key terms

Our Company – Renomed Sp. z o.o. (limited liability company) with its registered office in Poznań, Poland. 

Personal Data – any information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including a device’s IP, location data, an online identifier or identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or similar technological solutions.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. 

Act – Polish Personal Data Protection Act of 10 May 2018 (Ustawa z dnia 10 maja 2008 r. o ochronie danych osobowych).

Online Store – our Company’s online store at: shop.renomed.eu

User – any natural person visiting our Company’s Online Store and using one or more services or features described in this Policy.  

 

III. Controller 

Renomed Sp. z o.o. is the controller of your personal data. Renomed Sp. z o.o. is a company with its registered office in Poznań at the address of Jawornicka 34, 60-161 Poznań, entered to the Register of Businesses maintained by the District Court Poznań Nowe Miasto i Wilda, 8th Business Department, KRS: 0000391008, REGON: 301803329, NIP: 779-23-96-720, share capital: PLN 1,200,000.00.

 

IV. Purposes and legal basis for personal data processing

As the Controller, we process your personal data for the following purposes related to our business:

1. When you access our Online Store

Data of all Users of our Online Store (including IPs or any other identifiers or information stored through cookies or similar technologies) who are not registered users (i.e. who do not have a customer account) are processed by our Company for one or more specific purposes:

- provision of services by electronic means including provision of access to our Online Store’s content and contact forms - the legal basis for the processing is that it is necessary for the performance of a contract (Article 6(1)(b) of the GDPR),

- purchase of our products on our Online Store without registration – the legal basis for the processing is that it is necessary for the performance of a contract (Article 6(1)(b) of the GDPR),

- complaint resolution – the legal basis for the processing is that it is necessary for the performance of a contract (Article 6(1)(b) of the GDPR),

- establishment, exercise or defence of claims – the legal basis for the processing are the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) which require protection of its rights.

A record of all Users’ activity in the Online Store (including their personal details) is held in log files (computer system designed to record the visitors’ activity while on the Online Store used by our Company to provide services). Log data are processed in relation to our Company’s provision of services. We may process your personal data for technical purposes which means that your personal data may be temporarily stored and processed to provide security and ensure that IT systems are used in an appropriate manner, e.g. to test IT system changes, detect abuses or ensure protection against attacks. 

2. When you create a customer account

Users who register are requested to provide details required for an account to be created and managed. Users may provide additional data to facilitate ordering and give their consent for the data to be processed. Additional data may be changed or deleted at any time. Users are required to complete the required fields (e-mail address and password) for the account to be created. Personal data provided to the Controller are processed in relation to: 

- provision of services in relation to customer account management – the processing is carried out because it is necessary for the performance of a contract (Article 6(1)(b) of the GDPR), 

- establishment, exercise or defence of legal claims – the processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) which require protection of its rights. 

 

3. Orders

a) Placing an order (offer to purchase goods) by the User of our Online Store involves the processing of their personal data. The User completes the required fields on a voluntary basis, but such data is necessary for an order to be executed and delivered to them and a failure to do so results in the User’s inability to place an order. Provision of the remaining data is optional and does not affect the order execution process. 

b) Personal data provided when placing an order via the Online Store are processed for one or all of the following purposes:

- order execution – the legal basis for the processing is: (i) with respect to data required to be provided (required fields) – the processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR); (ii) with respect to data provided on a voluntary basis (optional fields) – the legal basis for the processing is the data subject’s consent to the processing of their personal data (Article 6(1)(a) of the GDPR);

-  fulfilment of the Controller’s statutory obligations arising from tax and accounting regulations – the legal basis for the processing is that it is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR);

- potential establishment, exercise or defence of legal claims – the legal basis for the processing is that it is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) which require protection of its rights.

4. Contact Us form

a) You can contact our Company using the Contact Us form. When completing the form, you will be requested to provide your personal details required for us to be able to contact you and respond to your inquiry. You can also provide additional data to facilitate the interaction. Users are required to complete the required fields for customer submissions to be responded to by our Company. Providing of data in the non-required fields is voluntary. 

b) Personal data provided to the Controller in the Contact Us form are processed for one or more of the following purposes: 

- sender identification and response to customer inquiry sent using the Contact Us form – the legal basis for the processing is that it is necessary for the performance of a contract (Article 6(1)(b) GDPR).

 

5. Cookies policy

Cookies are little text files which are stored on the browser or hard drive of your computer or mobile device when you visit our Online Store. Cookies work to make your experience while browsing our Online Store as smooth as possible and they remember your preferences. Our Company and our service providers use cookies that enable data storage or access to data stored on Users’ end devices (computers, mobile phones, tablets, etc.). We use the following cookies:

- user input cookies that keep track of Users’ input (session ID), for the duration of a session;

- authentication cookies used to identify Users once logged in, for the duration of a session; 

- user centric security cookies used to provide higher security level and to detect authentication abuses; 

- multimedia player session cookies used to store technical data to play video or audio content, for the duration of a session; 

- user interface customisation cookies used to personalize the User’s interface, for the duration of a session (or slightly longer);

- shopping cart cookies used to store shopping cart content for the duration of a session.

 

V. Retention period 

1. In accordance with the legal requirements, your data will be retained for as long as required to achieve the purpose for which the data were collected. 

2. When we need your data for continued storage purposes only (e.g. when we retain an order for the purpose of defence of claims), we will additionally protect your data before they are permanently deleted or destructed. We will use encryption techniques which prevent people with no access to a secret cryptographic key from reading the data.

3. As the Controller, we have a statutory obligation arising from tax and accounting laws to retain a copy of your orders and invoices for the period of 5 years (legal basis for the processing is that it is necessary for compliance with a legal obligation under Article 6(1)(c) of the GDPR). 

 

VI. What are your data protection rights?

1. Users have the following rights: 

The right to be provided with information relating to data processing – when requested by you, our Company will provide you with information relating to data processing, especially about the purposes of the processing as well as the legal basis for the processing, the scope of held data, the recipients of the personal data and your data retention periods. 

The right to get a copy of data – the Controller will provide you with a copy of processed data concerning you upon your request. 

The right to rectification – you have the right to request the Controller to correct any personal data you believe is inaccurate, complete any information that is incomplete or update any information that is changed. 

The right to erasure (the so-called “right to be forgotten”) – you have the right to obtain the erasure of personal data if the personal data is no longer required for the purposes for which they were collected.

The right to restrict processing – you have the right to request the Controller to restrict the processing of your personal data, with the exception of processing with the data subject’s consent in accordance with the applicable rules or by the time the restriction of processing is lifted.

The right to data portability – where the processing is based on a contract or a consent, you have the right to request the Controller to transfer the personal data in a machine-readable format. You have the right to have the personal data transmitted directly from one controller to another, where technically feasible for the controller and the third party.

The right to object to processing for marketing purposes – you have the right to object to data processing for marketing purposes, without having to provide any reason. Our Company hereby informs you that we do not send any marketing communications, yet we have a formal requirement to notify you of this right. 

 

VII. The right to withdraw consent 

1. Where our processing is based on your consent, you have the right to withdraw your consent at any time. 

2. If you wish to withdraw your consent to data processing, you may:

-  send an e-mail directly to the Controller to the following address: 

3. Where our processing is based on your consent, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

 

VIII.  The right to lodge a complaint 

If you feel that your personal data are processed in conflict with the applicable laws, you may report a complaint to the local data protection authority (Prezes Urzędu Ochrony Danych Osobowych).

 

IX. Transfer of personal data to third countries and international organizations 

Your personal data are not transferred to third countries, i.e. outside the European Economic Area (EEA) and to any international organizations. 

 

X. Changes to our Privacy Policy

  1. The Act and the GDPR will apply to all matters not specifically covered in this Privacy Policy.

2.  This Policy enters into force on 25 May 2018. 

 

XI. How to contact us 

1. If you have any questions about our Company’s Privacy Policy, please do not hesitate to write to us at the following address: Renomed Sp. z o.o., ul. Jawornicka 34, 60-161 Poznań or to e-mail us at: sales@renomed.eu