Protecting the User’s privacy is very important for us. For this reason we guarantee the highest standards of privacy protection with regards to all Users of our websites. MDH sp. z o.o. which is a controller of personal data, guarantees safety of personal data provided by the Users.

 

1. PERSONAL DATA PROCESSING

 

”Personal data” constitute all information that can identify the User directly: e.g. name, surname, e-mail address, telephone number; or indirectly: login, IP address, cookies, or order details.

MDH Sp. z o.o. with its registered office in Łódź (94-007) ul. Maratońska 104, entered in the register of entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division under the KRS number 0000179592, Tax identification Number [NIP]: 72- 822- 954-92, Polish National Business Registry Number [REGON] 472253652, share capital PLN 7 940 000(the “Controller”) is the Controller of the personal data of all Users visiting www.mdh.pl, which personal data is processed in accordance with this Privacy Policy.

 

The Controller also owns the following websites:

www.memoinfo.pl

www.qmedinfo.pl

www.viteacare.com

www.meyra.pl

www.mdhnetti.pl

www.mdhortopedia.pl

www.qmedinfo.pl

www.meyramedical.pl

www.qmedplus.pl

www.mdhprofilaktyka.pl

www.mdhrehabilitacja.pl

 

Personal data of the Users visiting the above mentioned web pages (hereinafter “Websites”) shall be processed by the Controller in accordance with the requirements specified in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC(“GDPR”).

Should you have any questions with regard to processing of the Users’ personal data by the Controller, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

 

2. SCOPE OF THE PROCESSED PERSONAL DATA

When using some of the services available on the Websites, the User may be requested to provide their personal data. The scope of mandatory and optional data is determined each time accordingly to the type of service the User intends to use. The Controller collects data by means of the Websites directly from the data subjects.

If the User visits the website only with the purpose to get acquainted with the content, the Controller may collect some information concerning the User by means of cookies, of which the Users are notified each time by the Controller (Cookies Policy). Information on the cookies used on the Websites is also specified in clause VIII of this Privacy Policy.

If the User purchase goods using the functionalities made available on the Controller’s website (e.g. www.memoinfo.pl), they will be obliged to provide data necessary to accomplish an order concerning purchase of goods via the named website. Although providing the personal data is voluntary, it is indispensable to use the on-line store. If the provisions of this Privacy Policy are not accepted, functionalities available at www.memoinfo.pl website may not be used.

 

3. PURPOSE AND LEGAL BASIS FOR THE COLLECTION OF DATA

The Controller shall collect and process the Users’ personal data only as provided for in the provisions of this Privacy Policy. All data provided by the User, shall be used by the Controller exclusively:

1. for marketing purposes, if the User consents to receive from the Controller sales and marketing messages (including newsletters) - Article 6(1)(a) of the GDPR constitutes a legal basis for processing;
2. to provide customer service and to contact the User i.a. to notify them of any modification in the products or services offered via the Websites, also with regard to the User’s account created on the on-line store website - Article 6(1)(b) of the GDPR constitutes a legal basis for processing;
3. to enable purchases in the online store - Article 6(1)(b) of the GDPR constitutes a legal basis for processing;
4. to process personal data with the purpose of fulfilling legal obligations - Article 6(1)(c) of the GDPR constitutes a legal basis for processing;
5. to fulfil all contractual obligations towards the Controller’s business partners, which constitutes legitimate interests pursued by the Controller - Article 6(1)(f) of the GDPR constitutes a legal basis for processing;
6. for analytical, development and improvement purposes (also with the aim to improve users’ experience), to manage, maintain, support and secure the Websites, which constitutes legitimate interests pursued by the Controller - Article 6(1)(f) of the GDPR constitutes a legal basis for processing;
7. to establish, exercise or defend legal claims, to enforce and investigate possible infringements in the use of the Websites, or other actual or alleged actions contrary to the provisions of law, to protect rights, property or security of the Websites, Users, customers and employees of the Controller, as well as other third parties, which constitute legitimate interests pursued by the Controller - Article 6(1)(f) of the GDPR constitutes a legal basis for processing;
8. to enable the use of all contact forms made available by the Controller on the websites, to answer question and motions by means of the contact method selected by the User - Article 6(1)(f) of the GDPR constitutes a legal basis for processing.

 

4. RECIPIENTS OF PERSONAL DATA

The Users’ personal data may be transferred by the Controller to:

1. other companies within the Controller’s capital group and companies cooperating with the Controller, if providing such data is necessary for the Controller to pursue legitimate interests;
2. individuals authorised by the Controller i.e. employees and co-operators, for whom access to the personal data is necessary to perform their duties;
3. Users’ personal data may be transferred to our partners and external entities which provide services for the Controller, and which process personal data in order to provide services ordered by the Controller, including IT service providers, entities specialising in accountancy and marketing services;
4. authorities and public bodies authorised to access the data pursuant to applicable provisions of law e.g. to the courts, law enforcement authorities, government institutions, when their request to disclose data has a legal basis. In case of breach of security, some personal data may be subject to disclosure to authorities relevant to provide their protection.

 

In case of cooperation with the Controller’s partners or suppliers which are external entities - registered offices of such external entities may be situated both in the territory of EU Member States, and in the countries outside the European Economic Area (EEA).

If our partners or supplies have their registered offices outside the EEA, the Controller guarantees, that transfer of data outside the EEA shall be effected in accordance with applicable provisions of law in this regard. Level of data protection in countries outside the EEA may differ from the one guaranteed by the European law. We may transfer data to our partners outside EEA in particular on the basis of decisions or standard contractual clauses for data transfer issued by the European Commission (e.g. when data is transferred in connection with the use of Google Analytics by the Controller).

All external entities are obliged to comply with the instructions provided by the Controller and to implement relevant technical and organisational measured aimed at protecting personal data of the Users. Data recipients may act as our processors (in that case they are fully obliged to follow our instructions concerning personal data processing) or as independent controllers (in that case we kindly ask to get acquainted with the personal data processing rules applicable in such entities).

 

5. RIGHTS OF THE DATA SUBJECT

 The User of the Website shall have the following rights with regard to personal data processed by the Controller:

1. Right of access;
2. Right of rectification, if personal data is inaccurate or incomplete;
3. Right to erasure;
4. Right to object to processing of the User’s personal data. The User shall have the right to object to processing by the Controller, if such processing is based on the Controller’s legitimate interest e.g. data profiling for marketing purposes. The Controller shall cease to process data for these purposes, unless there are some legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
5. When a consent for personal data processing has been given e.g. in the course of newsletter subscription or when the User consented to receive sales information, the User is entitled to withdraw their consent for further processing at any time. The consent may be withdrawn at any time by contacting the Controller to the e-mail address specified in clause I of this Privacy Policy. Consent withdrawal shall not affect legitimacy of data processing performed by the Controller prior to such withdrawal by the User.
6. Right to data portability.
7. Right to restriction of processing.
8. Right to lodge a complaint to supervisory authority.

 

The user may exercise the rights specified in this clause of the Privacy Policy by means of a form available at https://mdh.pl/en/information-security-system (A motion to exercise the rights of the data subject - Annex).

 

6. PERIOD OF PERSONAL DATA RETENTION

 

The Controller shall retain and process personal data of the Users for a period necessary to fulfil processing purposes specified in clause II of this Privacy Policy or in accordance with applicable provisions of law, i.e. for instance until the User withdraws their consent or until the contract for the sale of products in the online store is accomplished. When the processing purpose is achieved, the Controller shall erase the personal data or anonymise it, and if the Controller intends to process data for analytical purposes the data shall be subject to pseudonymisation in order to use such data within the scope that is adequate and necessary for certain processing purposes, in such a manner that the personal data can no longer be attributed to a specific data subject.

 

7. SECURITY MEASURES

The Controller shall use appropriate and suitable technical and organisational measures to provide adequate security level and integrity of the Users’ personal data, by implementing proven technological standards to prevent unauthorised access to the personal data of the Users.

 

8. COOKIES

Cookies are small blocks of data, that the web browser places on the User's computer or mobile device while a user is browsing a website. Usually cookie comprises domain name from where it originates, expiration date on the device and an individual, random, and unique number that identifies this file. Information gathered by means of file of this kind helps to adjust the Website to individual preferences and actual needs of the Users. They also allow to prepare general statistics concerning the Website use and maintain the User’s session.

The Controller is an entity which places cookies on the User’s device and gets access to them.

The User may limit or disable cookies on their computer, but the Controller stipulates that despite exercising due diligence, in some cases disabling cookies may decrease functionality of the Website.

Information are gathered by means of cookies exclusively in order to provide proper functioning of the Website, as well as for analytical, statistical and marketing purposes, and to adapt information to the User browsing the website.

The Website uses the following types of cookies:

1. “Session” cookies related with the session remain in the web browser only during the session i.e. until the website is exited.
2. “Persistent” cookies are left in the browser when the session is ended (unless they are deleted by the User).
3. “Strictly necessary” cookies that are essential to use services available on the Website e.g. authentication cookies used to provide services that require authentication;
4. “Performance” cookies collect information on how visitors use the site e.g. which websites were visited by the User, all data concerning errors; these cookies do not collect information that would allow to identify the User, and data are so aggregated that they become anonymous. Analytical cookies are used to improve functioning of the website.
5. “Functional” cookies save all settings made on the websites (e.g. changed font size, website adaptation) and provide services like leaving comments on the blog.

 

The Users may change cookies settings at any time. Detailed information on the cookies can be found in the web browser settings.

The Controller reserves the right to use the third party services to prepare statistics concerning the use of the website. No data identifying the Users shall be transferred to such entities.

Advertisements published on the Websites may use third party cookies, thanks to which an advertiser is able to perform analyses of the efficiency of advertising campaign. This Privacy Policy does not specify the cookies policy used by the third parties.

 

9. SOCIAL MEDIA PLUGINS

The Controller’s Websites comprise so called social media plugins that redirect the visitor to the Controller’s profiles in the social media: Facebook, Twitter, LinkedIn or YouTube. Using functionalities of these plugins, the Users can share the content in social media or visit the Controller’s Fanpage in a given social media.

We would like to pay your attention, that the use of plugins means data are exchanged between the User and a given social media or website.

The Controller does not process this data and has no knowledge what kind of the Users’ data is collected. Therefore we kindly ask to get acquainted with the regulations and privacy policy applicable in this social media prior to using a given plugin. Using certain functions provided by these suppliers may involve the use of external cookies. Your personal data is processed by a given social media the moment you click a plugin, and the social media company becomes a joint controller of your personal data, as provided for in Article 26 of the GDPR.

Your personal data voluntarily provided by you on the Fanpage will be processed by the Controller to manage a given Fanpage, contact you, answer your questions, interact, notify you about the events, provide essential information, including the one connected with the services and products offered by the Controller, or build a Fanpage community on a given platform, to which plugins redirect.

In relation to data provided on the social media websites, you have the rights provided for in clause V of this Privacy Policy.

 

10. PROFILING

Data provided by the Users on the Controller’s websites shall not be subject to a decisions based solely on automated processing, but the Controller stipulates, that the User’s data may be subject to profiling for marketing purposes.

 

11. UPDATES

This Privacy Policy is subject to modification by the Controller at any time. In such case the Controller shall publish updated version of the Privacy Policy on a given Website and notify the Users of such modifications and the effective date.