GDPR Information Obligation
The following information is a concise, understandable, and transparent summary of the information contained in the Privacy Policy regarding the Data Controller, the purpose and method of personal data processing, and your rights in connection with this processing, in the form required to fulfill the GDPR information obligation. Details on the processing method and entities participating in this process are available in the indicated policy.
Who is the data controller?
The Personal Data Controller (hereinafter referred to as the Controller) is the company “DE CURE MEDICAL RESEARCH SP. Z O.O.”, operating at the address: ul. JANA CZECZOTA 31/— 02-607 WARSAW, with the assigned tax identification number (NIP): 5213856957, and the assigned KRS number: 0000769463, providing services electronically through the Service
How can you contact the data controller?
You can contact the Administrator in one of the following ways
Postal address – DE CURE MEDICAL RESEARCH SP. Z O.O., ul. JANA CZECZOTA 31/— 02-607 WARSAW
Email address – kontakt@decure.com.pl
Contact form – available at: https://decure.com.pl/kontakt/
Has the Controller appointed a Data Protection Officer?
Based on Art. 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, please contact the Administrator directly.
Where do we obtain personal data from and what are their sources?
Data is obtained from the following sources:
- from the individuals to whom the data relates
- in case of registration using social media portals, with the expressed conscious consent of these individuals, from these social media portals
What is the scope of personal data we process?
The service processes ordinary personal data, provided voluntarily by the individuals to whom it relates
(E.g., name and surname, login, email address, phone number, IP address, etc.)
The detailed scope of processed data is available in the Privacy Policy.
What are our purposes for processing data?
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Provision of electronic services:
- User account registration and maintenance services in the Service and related functionalities
- Newsletter service (including sending advertising content with consent)
- Communication between the Controller and Users regarding matters related to the Service and data protection
- Ensuring the Controller’s legitimate interest
What are the legal bases for data processing?
The Service collects and processes User data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(a)
the data subject has given consent to the processing of their personal data for one or more specific purposes - Article 6(1)(b)
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - Article 6(1)(f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- Article 6(1)(a)
- Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
- Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
- Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)
What is the legitimate interest pursued by the Controller?
- For the purpose of possible establishment, investigation, or defense against claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in protecting our rights, including, among others:
- For the purpose of assessing potential customer risk
- For the purpose of evaluating planned marketing campaigns
- For the purpose of direct marketing
For how long do we process personal data?
As a rule, the indicated personal data is stored only for the period of service provision within the service operated by the Controller. It is deleted or anonymized within 30 days from the moment of service termination (e.g., deletion of a registered user account, unsubscribing from the Newsletter list, etc.)
In exceptional situations, to secure the legitimate interest pursued by the Controller, this period may be extended. In such a situation, the Controller will store the indicated data, from the time of the request for their deletion by the User, for no longer than 3 years in case of violation or suspected violation of the service regulations by the person to whom the data relates.
Who is the recipient of the data, including personal data?
As a rule, the only recipient of the data is the Controller.
However, data processing may be entrusted to other entities providing services to the Controller in order to maintain the Service’s operations.
Such entities may include, among others:
- Hosting companies providing hosting or related services to the Controller
- Companies through which the Newsletter service is provided
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union, unless they have been published as a result of individual user action (e.g., entering a comment or post), which will make the data available to anyone visiting the service.
Will personal data be the basis for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What rights do you have regarding the processing of personal data?
Right of access to personal data
Users have the right to obtain access to their personal data, implemented at the request submitted to the AdministratorRight to rectify personal data
Users have the right to request the Administrator to immediately rectify personal data that is incorrect and/or complete incomplete personal data, implemented at the request submitted to the AdministratorRight to erasure of personal data
Users have the right to request the Controller to immediately erase personal data, implemented upon request submitted to the Controller.In the case of user accounts, data deletion involves anonymizing data that enables user identification.
In the case of the Newsletter service, the User has the possibility to independently delete their personal data using the link included in each sent e-mail message.
Right to restriction of processing of personal data
Users have the right to restrict the processing of personal data in cases indicated in art. 18 GDPR, including questioning the correctness of personal data, implemented at the request submitted to the AdministratorRight to data portability
Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used and machine-readable format, implemented at the request submitted to the AdministratorRight to object to the processing of personal data
Users have the right to object to the processing of their personal data in cases specified in art. 21 GDPR, implemented at the request submitted to the AdministratorRight to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority dealing with the protection of personal data.