Skip to content Skip to footer
GET A QUOTE

PRIVACY POLICY

Close
KMJ pharma®

PRIVACY POLICY

KMJ pharma® Sp. z o.o. (Ltd.) is committed to protecting your privacy. You can visit most pages on our site without giving us any information about yourself. But sometimes we do need information to provide services that you request, and this privacy statement explains data
collection and use in those situations.

The existing personal data protection regulations were amended as of 25 May 2018; the currently applicable data protection regulations are set out in the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, ‘GDPR’).

This Privacy Policy is a set of rules aiming to inform you about the process of collecting, processing and securing of your personal data.

INFORMATION ABOUT THE PERSONAL DATA CONTROLLER

Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Counsel of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as: GDPR), please be informed as follows:

Controller and inspector of personal data, contact details:

1.            The Controller of Personal Data (Administrator) is KMJ pharma Sp. z o.o. Jurczynskiego Street 26/7, 92-306 Lodz, entered into the National Court Register under KRS No 00000343073, NIP 728-273-77-77

2.            You can contact the Controller in writing – at the above address or via email: info[at]kmjpharma.com

Purpose and legal basis for the processing of personal data

1.            Your personal data will be processed for the following purposes:

1.1.        fulfilment of legal obligations incumbent on the Controller in the form of collecting Reports to prevent committing a crime and responding to illegal activities – pursuant to Art. 6(1)(c) of GDPR in conjunction from Art. 304§1 of the Code of Criminal Procedure Act of 6 June 1997, Art. 201§1 and 368§1 of the Commercial Companies Code Act of 15 September 2000 and Art. 3 of the Act on the liability of collective entities for acts prohibited under penalty Act of October 28, 2002;

1.2.        communication with you in relation to a message you submit via the contact form, pursuant to Art. 6(1)(f) of GDPR, i.e. on the basis of legitimate interest executed by the Controller consisting of communication with a person who initiated contact with the Controller;

1.3.        any arrangements, pursuance or defence of legal claims between you and the Controller – pursuant to Art. 6(1)(f) of GDPR, i.e. on the basis of legitimate interest executed by the Controller, consisting of the possibility of pursuing claims.

2.            You will not be subject to automated decision-making, including decisions based on profiling.

3.            Data provision is voluntary but required for establishing contact with the Controller (failure to provide data will equal to the impossibility of providing responses by the Controller).

Categories of personal data recipients

1.            Personal data are processed in order to conclude or execute a contract and may be disclosed to entities hosting electronic mail, accounting entities, parties to proceedings, offices, prosecutors’ offices, courts, notaries, bailiffs;

2.            Your personal data may be made available to a lawyer or a legal advisor who, under a contract with the KMJ pharma Sp. z o.o., is authorized to process such data and gives a guarantee of lawful processing of personal data and which is subject to statutory secrecy.

3.            Your personal data may be made available to entities and authorities which are authorised to process the data under applicable laws.

4.          The Controller does not intend to disclose your personal data in countries that do not belong to the European Economic Area.

Sources of data and the purpose of the processing

1. Communication with you in relation to a message you submit via the contact form.

2. E-mail and/or phone correspondence.

3. Web browser – cookies:

  • cookies are small text files saved on the user’s computer or other mobile device when the user is active online;
  • cookies are used for technical purposes and for security and parameterisation, e.g., saving website visits and user preferences for the website (e.g., website language, colour, font size, layout, presentation of content and other similar features facilitating the use of the website). We use cookies to collect, among others, statistics of user traffic, user activity and the ways that users use the portal;
  • we do not use cookies to save user preferences or personalise our portal in order to display specific content or matched advertising;
  • cookies are used to collect, among others, your IP address, the type of your operating system, the type of your browser;
  • cookies are not a risk to your computer or smartphone, do not affect their functioning, do not alter the configuration of end devices or any software on end devices;

Data storage duration

1.          Personal data processed pursuant to Art. 6(1)(c,f) of GDPR shall be processed until the Completion of the Investigation procedure, and in the case of identification an Deed incompatible with the provisions of the Anti-Corruption Code until the limitation of employee or contractual liability or until the completion of criminal proceedings or other administrative or judicial proceedings related to that responsibility.

2.          After the lapse of the above period, personal data will be stored until any possible claims become limited.

Rights of Data Subjects

In order to exercise the rights described below or to ask any questions about the scope and exercise of such rights, please contact us (the contact details of the Controller and the Data Protection Officer are presented in sections 4 and 5 of the Privacy Policy). We reserve the right to enforce such rights following successful verification of the person requesting to exercise such rights.

Information regarding actions taken following a request of the data subject is provided by the Controller within one month. If the time limit needs to be extended, the Controller informs the data subject about the reasons for the delay.

1. The right of access to your personal data (Article 15 of the GDPR):

You have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to obtain:

  • access to your personal data;
  • information regarding the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipients of such data, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the rights available under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards in relation to the transfer of the data outside the European Union;
  • a copy of the personal data undergoing processing;

2. The right of rectification of your personal data (Article 16 of the GDPR):

The right includes your right to:

  • obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you;
  • have incomplete personal data completed, including by means of providing a supplementary statement (taking into account the purposes of the processing);

3. The right to erasure of your personal data (Article 17 of the GDPR):

3.1. You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR (services offered directly to children).

3.2. The right to be forgotten is not an absolute right: it is limited to the extent of Article 17(3) of the GDPR;

4. The right to restriction of processing of your personal data (Article 18 of the GDPR):

4.1. The restriction of processing of personal data means the restriction of the processing with the exception of storage. Any processing of such data with the exception of storage is allowed only where any of the following applies:

  • you have given your consent;
  • for the purposes of establishment, execution or defence of claims;
  • for the protection of rights of another natural or legal person;
  • for reasons of important public interests of the Union or of a Member State;

4.2. The Controller has the obligation to restrict the processing where any of the following applies:

  • the accuracy of the personal data is contested by the data subject in accordance with Article 16 of the GDPR – in that case, the processing is restricted automatically for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing is unlawful (there is no basis for the processing under Article 6 or Article 9 of the GDPR) and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the data subject requests the Controller to restrict the processing of data which should be erased according to the restriction of data storage but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to the processing pursuant to Article 21(1) of the GDPR – in that case, the processing is restricted automatically for a period enabling the Controller to verify whether the legitimate grounds of the Controller override those of the data subject, i.e., to verify the legitimacy of the objection;

5. The right to data portability (Article 20 of the GDPR):

5.1. You can exercise the right to data portability if both of the following apply:

  • the processing is based on consent (pursuant to point (a) of Article 6(1)or point (a) of Article 9(2) of the GDPR) or a contract (pursuant to point (b) of Article 6(1) of the GDPR); and
  • the processing is carried out by automated means.

5.2. The Controller will provide the personal data concerning you in a machine-readable format;

5.3. You may request the transmission of such data to another controller provided that such transmission is technically feasible for the Controller and such other controller. Direct transmission from controller to controller is possible provided that secure communication is feasible between their systems and the receiving system has the technical capacity to receive incoming data;

6. The right to object (Article 21 of the GDPR):

6.1. You have the right to object at any time to processing of personal data concerning you:

  • if the processing is based on legitimate interests pursued by the Controller (Article 6(1)(e) of the GDPR), including profiling, on grounds relating to your particular situation;
  • if personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing;

6.2. in the case of an objection to the processing of personal data based on legitimate interests pursued by the Controller, the Controller shall no longer process the personal data. However, the Controller may perform an assessment of the existence of compelling legitimate interests which are not overridden by the interests or rights and freedoms of the data subject or the existence of any grounds for the establishment, execution or defence of legal claims. In such cases, the Controller may further process the data subject to the objection. If you disagree with the Controller’s assessment, you have the right to lodge a complaint with a supervisory authority;

6.3. in the case of an objection to the processing of personal data for direct marketing purposes, the Controller shall no longer process the personal data. However, notwithstanding the objection, the data may be further processed for other purposes including without limitation the exercise of legal claims against the data subject;

7. The right to withdraw consent (Article 7(3) of the GDPR):

7.1. You have the right to withdraw your consent at any time;

7.2. If consent is withdrawn, the personal data may no longer be processed on that basis. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

8. The right to lodge a complaint with a supervisory authority, i.e., the President of the Personal Data Protection Office:

You have the right to lodge a complaint with a supervisory authority responsible for personal data protection.

Voluntary provision of data

1. remember that you can manage cookies used by us and/or our third-party providers by changing the settings of your internet browser. The limitation of cookies on a device will render impossible or largely hinder the proper use of our Detailed information regarding cookies settings and deactivation in a browser is available from the browser vendor on its website;

2. you can stop the saving of data collected by means of cookies and data (including the IP address) collected in connection with the use of the website by Google and prevent the processing of such data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en#_blank;

3. remember: when you are logged in a social network, the network may automatically add your visit on the www to your user profile. This also happens when you share (like, recommend, etc.) any content on our website. If you log out of the social network for the duration of your visit on the portal, the social network will be unable to add the visit to your profile.

Links to third party websites

Websites of the Controller’s partners including without limitation websites in the domains: www.kmjpharma.com/pl/eu, and other websites whose links are published on our web site, are governed by the partners’ own privacy policies (including the use of cookies). Please read the privacy conditions published on the linked websites.

KMJ PHARMA® – trademark ®

KMJ PHARMA® trademarks are a part of our Company’s intellectual property. Our trademarks are an invaluable asset to our Company and were officially registered. Any unauthorized use of our trademark is strictly prohibited.