 |
 |
|
|
1.1. NZOZ Wellysa Sp. z o.o. (hereinafter referred to as "NZOZ Wellysa" or "Administrator"), i.e. the Non-Public Healthcare Facility Wellysa limited liability company based in Warsaw at ul. Grójecka 22/24/32, 02-301 Warsaw, registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number 0001092700, NIP 5252996220, REGON 528027906, entered into the Register of Entities Performing Medical Activity under number 000000289562, with a share capital of PLN 5,000, treats the issue of privacy and the security of personal data with due seriousness and commitment.
1.2. NZOZ Wellysa is a subsidiary of Wellysa Spółka Akcyjna, with its registered office in Warsaw at ul. Grójecka 22/24/32, 02-301 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0000995956, NIP 7011112054, REGON 52271206, with a share capital of PLN 1,677,773.02.
1.3. We are committed to adhering to the highest standards of data protection, in full compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 (GDPR), as well as other relevant provisions of Polish law and European Union law regarding the protection of personal data.
1.4. In this document, the term "Privacy Policy and Cookie Usage for the Wellysa Mobile Application and the www.wellysa.com Website" will be referred to as the "Privacy Policy" for the sake of clarity and ease of reading. This term refers to all principles and practices we employ to protect the User's privacy and to process any personal and medical data while using our services.
2.1. The personal data controller is NZOZ Wellysa, which decides on the purposes and means of data processing. We are committed to protecting the User's privacy and ensuring the security of personal and medical data in accordance with applicable legal regulations.
2.2. Authorized entities, such as Laboratories, Collection Points, and Wellysa Medical Partners, are also the controllers of certain personal and medical data. These entities are required to maintain medical records confirming the healthcare services provided. Data Controllers are granted access to the minimum scope of data necessary to provide healthcare services to the User, at the request of NZOZ Wellysa. Data Controllers are committed to protecting the User's privacy and ensuring the security of all personal and medical data in accordance with applicable legal regulations.
2.3. If you have any questions about how your data is processed or if you wish to exercise your rights, please contact our Data Protection Officer (DPO) via e-mail: [email protected] or by mail to our registered office at ul. Grójecka 22/24/32 in Warsaw (02-301), with the note "DPO".
3.1. NZOZ Wellysa is committed to transparent and responsible management of our Users' personal and medical data. Data processing is always carried out with full respect for privacy and in accordance with applicable law, including the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 2016, p. 1, as amended).
4.1. NZOZ Wellysa undertakes to maintain medical records in connection with the healthcare services provided under the Healthcare Services Agreement concluded with the User, excluding healthcare services in the form of blood collection or testing of other biological material. The Laboratory, Blood Collection Point, and Wellysa Medical Partners will be responsible for maintaining medical records.
4.2. Medical records will be maintained, stored, and made available by NZOZ Wellysa in accordance with the principles arising from generally applicable law, in particular the provisions of the Act of November 6, 2008, on Patients' Rights and the Patient Ombudsman, the Act of April 28, 2011, on the Healthcare Information System, and the Regulation of the Minister of Health of April 6, 2020, on the types, scope, and templates of medical records and the method of their processing.
5.1. Provision of Services, Including Medical Services. Personal and medical data are necessary for the performance of contracts regarding our services, including the provision of mobile application content, the management of user accounts, the provision of medical services to the User (hereinafter referred to as "Wellysa Services"), and the provision of technical and customer support.
5.2. User Account Management. We process data to manage user accounts, including maintaining account security, handling inquiries, and completing transactions.
5.3. Marketing. After receiving the User's express consent expressed in the Wellysa Application, we use the collected personal data for marketing purposes, including sending information about new products, promotions, and special offers.
5.4. Analysis and Improvement of Services. Data is used for analysis and statistics, which allows NZOZ Wellysa to continuously improve the quality of services provided, personalize content, and develop new functionalities.
6.1. Identification and Contact Data. If the provision of such data is necessary to provide a given Service, we process basic identification data, such as: first and last name, PESEL number, mailing address, telephone number, email address, and individual NZOZ Wellysa customer number (so-called Wellysa ID or WID).
6.2. Medical Data. If, as a result of the provision of a given Service, NZOZ Wellysa is authorized by the User to provide a medical service, depending on the scope of the service provided, NZOZ Wellysa may process data such as: gender, genogram family number, history of certain diseases (e.g., family history of oncology), behavioral profile of health-related behaviors (e.g., smoking, sleep, or exercise), results of certain tests (e.g., complete blood count results, lipid profile, or element level test), identified genetic DNA mutations (e.g., BRCA1, NBN, CHEK2, or PALB2), identified diagnoses and risk markers, and assigned preventive recommendations. NZOZ Wellysa also stores the Wellysa Report, which is a holistic summary of the developed preventive profile and medical recommendations.
6.3. Transaction Data. We collect data regarding transactions conducted as part of our services, including purchase history and selected services.
6.4. Supplementary Data. We also process other personal data voluntarily provided by the user when using the mobile application or website, such as preferences, opinions, and interests.
6.5. Technical Data. We collect technical information about devices and how our services are used, including login data, time, and method of using the application or website. With additional consent from the user, we may also collect location information (GPS).
7.1. The basis for processing personal data is a key element that ensures compliance with the law. Below, we provide a precise definition of the basis on which we base the processing of user data, allowing for transparency and building trust.
7.2. Performance of a Contract (Article 6, paragraph 1, letter b of the GDPR). The most commonly used legal basis is the need to process personal data for the conclusion and performance of a contract to which the data subject is a party. This includes all activities necessary to provide the services offered through our application or website, such as account registration, fulfilling orders related to a diagnosis, or providing customer support. Data is processed only to the extent necessary to perform these activities.
7.3. Explicit Consent (Article 6, paragraph 1, letter a of the GDPR). In some cases, particularly for marketing activities or in other situations not strictly related to the performance of a contract, we base the processing of personal data on the user's explicit consent. This consent may be withdrawn at any time, which is one of the fundamental rights guaranteed by the GDPR.
7.4. Legal Obligations (Article 6, paragraph 1, letter c, GDPR). Sometimes, data processing is necessary to fulfill legal obligations to which the data controller is subject, e.g., retaining sales records for tax or accounting purposes. 7.5. Legitimate Interests (Article 6, paragraph 1, letter f, GDPR). In certain situations, we process personal data based on legitimate interests pursued by our company or by third parties, provided that these do not override the rights and freedoms of the data subject. Examples of such activities include the analysis and optimization of our services, network and information security management, and conducting market and statistical research to improve our offerings. 7.6. The processing of special categories of personal data, such as medical and genetic data, is carried out in accordance with Article 9, paragraph 2, letter f, GDPR. h GDPR, i.e., to the extent necessary for the purposes of preventive healthcare, medical diagnosis, provision of healthcare, or management of healthcare systems and services, as well as in accordance with applicable national law, including those regarding the maintenance of medical records.7.7. Whenever we rely on legitimate interests, we strive to assess and balance our business interests with the rights and freedoms of data subjects. We ensure that these interests are pursued transparently and with full respect for user privacy.
7.8. We make every effort to ensure that the processing of personal data by the Controller is carried out with the utmost care and in accordance with applicable regulations, always taking into account the rights and well-being of data subjects.
7.9. Additional obligations of the Controller arising from the provisions of the GDPR and national law:
7.9.1. Data Protection Impact Assessment (DPIA). Pursuant to Art. Pursuant to Article 35 of the GDPR, NZOZ Wellysa conducts a data protection impact assessment (DPIA) in cases where planned processing operations are likely to result in a high risk to the rights and freedoms of natural persons, in particular when processing special categories of data, such as medical and genetic data.
7.9.2. Register of Processing Activities. The Controller maintains a register of personal data processing activities in accordance with Article 30 of the GDPR, including activities related to the processing of medical and genetic data, ensuring full documentation in accordance with applicable regulations.
7.9.3. Application of national regulations regarding genetic data. The processing of genetic data as part of cooperation with laboratories providing diagnostic services is carried out in accordance with the Act of 27 July 2001 on Laboratory Diagnostics (Journal of Laws of 2023, item 1404), to the extent applicable to the conduct of medical and diagnostic activities.
8.1. We attach great importance to protecting your personal data against unauthorized access, disclosure, alteration, or destruction. Ensuring an appropriate level of security for our users' personal data is the foundation of our business and is inextricably linked to our corporate values. Awareness of the crucial role that user trust plays motivates us to implement the most advanced and effective data protection strategies. We have implemented a number of security measures, both technical and organizational, to ensure the highest level of protection.
8.2. Protective Technologies:
8.2.1. Encryption. We use strong end-to-end encryption for all data transferred between user devices and our servers, as well as data encryption at rest, ensuring its protection at every stage of processing.
8.2.2. IT Infrastructure and Network Security. Our network security constitutes a key layer of defense for our IT infrastructure, providing robust protection against a wide range of cyber threats. By implementing state-of-the-art firewalls and intrusion detection and prevention systems (IDS/IPS), we have created a complex protective barrier that effectively monitors and regulates network traffic, identifying and blocking potentially malicious activities before they can compromise our systems.
8.2.3. Firewalls. As the first line of defense, they are configured to selectively allow only secure network traffic through, in accordance with strictly defined security policies. This ensures that unauthorized access attempts are immediately detected and neutralized. IDS/IPS systems, on the other hand, act as an advanced surveillance mechanism that not only detects potential attacks in real time, but also actively intervenes to prevent them from being carried out, securing the network against complex threats such as zero-day attacks, malware, and data interception attempts.
8.2.4. Aktualizacje IDS/IPS. Nasze systemy IDS/IPS są ciągle aktualizowane o najnowsze sygnatury i heurystyki zagrożeń, co zapewnia skuteczną ochronę przed dynamicznie zmieniającym się krajobrazem cyberzagrożeń. Wdrożenie tej zaawansowanej technologii, w połączeniu z ciągłym monitorowaniem i analizą ruchu sieciowego przez nasz zespół ekspertów ds. bezpieczeństwa, pozwala na szybką identyfikację i reagowanie na potencjalne incydenty bezpieczeństwa, zanim zdążą one zagrozić integralności naszych systemów i danych użytkowników.
8.2.5. Audits. Committed to continuous improvement, we regularly audit and update our network security solutions to ensure they are always several steps ahead of potential attackers. This allows us to provide our users with safe and secure access to our services, building trust by demonstrating our professionalism and commitment to protecting their data.
8.2.6. SIEM and Advanced Monitoring. We have implemented SIEM (Security Information and Event Management) systems for central monitoring and analysis of security events. This, combined with EDR (End Device Incident Detection and Response) and NDR (Network Incident Detection and Response) technologies, enables effective threat detection and neutralization.
8.2.7. Artificial Intelligence. Artificial intelligence (AI) and machine learning algorithms are the foundation of our defense strategy, providing the essential tools for deep analysis and interpretation of massive amounts of data in real time. These advanced technologies enable our systems to identify anomalies and potential threats before they become a problem, allowing for their rapid neutralization. Machine learning continually refines itself based on newly encountered challenges, making our defenses increasingly effective as the digital threat landscape evolves. Using AI and machine learning, we not only respond to known threats but also effectively predict and prevent new ones, ensuring the highest level of security for our users.
8.2.8. Secure Patch Management. Secure Patch Management plays a key role in our strategy for protecting IT infrastructure from digital threats. To this end, we have implemented advanced, automated patch management systems that continuously monitor and analyze software for any known vulnerabilities. As soon as a security update or new patch is detected, these systems immediately apply the necessary changes, ensuring that all components of our infrastructure are up-to-date against the latest threats. Automating this process significantly reduces the window in which attackers could exploit unpatched security holes, which is especially important in the rapidly evolving cyberthreat environment. This ensures that our systems and user data are protected from exploiting known vulnerabilities, enhancing the overall security of our network and services. Our approach to patch management is part of a broader security strategy that includes regular reviews and penetration testing to ensure that all aspects of our IT ecosystem are protected against potential threats. The introduction of automated patch management systems demonstrates our commitment to providing the highest quality protection and maintaining the trust of our users.
8.3. Procedures and Training
8.3.1. Access Control. Ensuring that access to personal data is strictly limited is the foundation of our security strategy. We use multi-level authentication methods and access permissions, which are regularly reviewed and updated to meet current data protection needs. This ensures that only authorized individuals who need access to data as part of their professional duties have access to it.
8.3.2. Auditing and Monitoring. Our auditing activities and real-time monitoring are the foundation of continuous data protection. Using advanced network and system monitoring tools, we are able to detect any unusual activity or potential data breaches, allowing us to take immediate remedial action. Regular security audits ensure that our practices and procedures remain compliant with the latest data protection standards.
8.3.3. Incident Management. We have well-developed incident management procedures that define clear escalation and response paths for various types of security incidents. Our teams are prepared to act quickly to minimize the impact of potential data breaches and to inform stakeholders and regulators in accordance with applicable requirements.
8.3.4. Training and Awareness. Regularly conducted employee training on data security and privacy is crucial to maintaining a high level of awareness and a culture of security within our organization. Through education and constant reminders of best practices, we ensure that every member of our team understands their role in protecting personal data and is equipped with the necessary knowledge to act responsibly.
8.3.5. Commitment to Improvement. Our commitment to continuously improve our security procedures reflects our deep belief that personal data protection is a dynamic process that requires constant attention and adaptation to a rapidly evolving threat environment. To this end, we maintain close collaboration with leading cybersecurity experts and specialists, leveraging their knowledge and experience to ensure our strategies are always up-to-date and effective in the face of new challenges.
8.3.6. Development. We regularly participate in industry conferences, workshops, and training courses, which allow us to exchange experiences and best practices with other professionals in the sector. This allows us not only to continuously update our security procedures but also to anticipate potential threats and proactively develop solutions that minimize the risk to our systems and user data.
8.3.7. Research. Our commitment to cybersecurity research and development also allows us to explore new technologies and approaches, such as artificial intelligence, machine learning, and advanced cryptography, which can significantly improve our ability to protect against cyberattacks. By implementing innovative solutions, we strive not only to respond to current threats but also to shape the future of a secure digital world.
8.3.8. Process. Our commitment to improvement is not only a response to growing regulatory requirements and user expectations, but primarily stems from our responsibility to protect the valuable information of the users who have placed their trust in us. This is an ongoing process that engages all levels of our organization, from management to every employee, ensuring that data security is an integral part of our corporate culture and everything we do. At Wellysa, ensuring the security of our users' data is an expression of our professionalism and dedication. We are committed to ensuring that your data is not only safe but also protected with the highest priority and in accordance with the best industry standards.
9.1. At NZOZ Wellysa, we are committed to protecting your data and sharing it only with entities that require it to provide our services and the features offered through our mobile application and website. All data sharing is carried out in compliance with the highest security standards and applicable legal regulations.
9.2. All entities with whom we share your data are required to process the data in accordance with our instructions, applicable data protection regulations, and to implement appropriate security measures to protect your personal data.
9.3. Below are the categories of recipients to whom your personal data may be transferred:
9.3.1. Technology Providers. We work with trusted providers of IT technology and services, including hosting providers, cloud providers, and companies offering support and maintenance for our IT systems. Their access to data is limited to what is necessary to perform their tasks and provide services to us.
9.3.2. Courier and Logistics Companies. For the purposes of delivering products and services you order through our mobile application or website, your data may be transferred to courier and logistics companies. The data shared includes information necessary to deliver your order, such as your name, delivery address, and contact number.
9.3.3. Marketing Partners. If you have consented to receiving marketing communications, your data, such as your email address, may be shared with our marketing partners to send you personalized offers and promotions.
9.3.4. Legal and Regulatory Entities. In some cases, we may be required to share your personal data with government authorities or regulators in connection with applicable law, legal proceedings, law enforcement requests, or for audit purposes.
9.3.5. Payment Service Providers. To process payments you make when using our services, your data may be transferred to payment service providers, including banks and electronic payment institutions.
9.3.6. Analytics and Statistical Service Providers. To analyze how our application and website are used and to improve our services, we may share anonymous data with analytics and statistical service providers.
9.4. Below are the categories of recipients to whom your personal and medical data may be transferred:
9.4.1. Laboratories. In order to provide the Wellysa Service, laboratories providing medical services may access certain personal and medical data of the User.
9.4.2. Collection Points. In order to provide the Wellysa Service, collection points providing medical services may access certain personal and medical data of the User.
9.4.3. Wellysa Medical Partners. In order to provide the Wellysa Service, Wellysa Medical Partners providing medical services may access certain personal and medical data of the User.
10.1. Right of Access. You have the right to obtain confirmation as to whether your personal data is being processed, access to this data, and information about the purposes of processing, the categories of data being processed, and the recipients or categories of recipients of the data.
10.2. Right to Rectification. If your personal data is inaccurate or incomplete, you have the right to request its immediate rectification or completion.
10.3. Right to Erasure ("Right to Be Forgotten"). You may request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected, you have withdrawn consent, you have effectively objected to it, or the data is being processed unlawfully.
10.4. Right to Restriction of Processing. You have the right to request the restriction of the processing of your personal data in certain cases, for example, when you contest the accuracy of the data or object to the processing.
10.5. Right to Data Portability. You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and the right to transmit this data to another controller without hindrance from us.
10.6. Right to Object. You may object to the processing of your personal data if the processing is based on legitimate interest, including profiling, unless we provide compelling legitimate grounds for processing that override your interests, rights, and freedoms.
10.7. Right to Withdraw Consent. If processing is based on your consent, you have the right to withdraw your consent at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.
10.8. Exercising Rights. To exercise the above rights, simply contact our Data Protection Officer (DPO) by email: [email protected] or by sending your inquiry in writing to our registered office address, with the note "DPO." We will endeavor to respond to your inquiry promptly, no later than one month from receipt of your request. We are here to help you exercise your data protection rights and ensure full transparency and control over the information processed.
11.1. At NZOZ Wellysa, we value transparency and want our users to be fully aware of the terms and conditions of use of our services. We understand that protecting privacy is a key element of trust between us and our users. Therefore, we would like to clarify under what circumstances the provision of personal data is voluntary and when it is necessary.
11.2. Voluntary Data Provision. The provision of personal data by users of our mobile application or website is generally voluntary. Users have complete freedom to decide whether to share their personal data with us. In cases where it is not legally required or directly necessary for the performance of a contract, we always clearly indicate that data provision is voluntary.
11.3. Necessity of Data Provision for the Provision of Services. In some cases, the provision of certain personal data is necessary for:
11.3.1. Concluding a contract and providing our services effectively and in line with your expectations. This includes, for example, contact information required to create an account, process orders, or provide customer support.
11.3.2. Fulfilling our legal obligations as a data controller, for example, those related to tax settlements or accounting obligations.
11.3.3. Responding to user inquiries and ensuring access to the full functionality of our services.
11.4. Consequences of Failure to Provide Data. If you fail to provide personal data that is necessary to provide our services or to fulfill our legal obligations, this may prevent us from concluding a contract, fulfilling your order, providing the full functionality of the mobile application or website, or responding to your inquiries.
12.1. Regardless of the above, you have the right at any time to access your data, rectify it, delete it, or restrict its processing, as well as the right to object to the processing of your data and the right to data portability. Detailed information on how to exercise these rights is provided in the "User Rights" section of this privacy policy.
12.2. We encourage you to contact our Data Protection Officer (DPO) directly if you have any questions or concerns regarding the processing of personal data. You can do this by email: [email protected] or in writing to our registered office address with the note "DPO".
13.1. At NZOZ Wellysa, we place great importance on the appropriateness and minimization of personal data storage. In line with our commitment to privacy, our users' personal data is stored only for the period strictly necessary to achieve the purposes for which it was collected, or until the user withdraws their consent. Below, we present the principles regarding the retention period of personal data in various contexts.
13.2. Provision of Services. Personal data processed for the purpose of concluding and performing a service contract will be stored for the duration of the contract, and then for the period required by law, such as accounting and tax regulations (usually up to 5 years after the end of the year in which the contract was fully implemented).
13.3. Consent to Marketing. Where personal data processing is based on consent to receive marketing information, such data will be stored until you withdraw your consent.
13.4. Analysis and Statistics. Data used for analyses, market research, and statistics will be stored in an anonymous form, not allowing for user identification, for the period necessary to conduct these analyses, typically up to 2 years from the end of the year in which the data was collected.
13.5. Complaints and Claims Resolution. Data processed for the purpose of complaint resolution and claims resolution will be stored for the period necessary to resolve the matter, and then for the period required by law regarding the statute of limitations for claims (typically up to 3 years from the date of resolution of the matter or the last legal action).
13.6. Whenever the personal data retention period expires, the data will be deleted or anonymized so that it is no longer identifiable.
14.1. You have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal of consent, your personal data will be retained by us only to the extent and for the duration required by law or until the statute of limitations for potential claims expires.
14.2. NZOZ Wellysa undertakes to regularly review and update its data retention policy to ensure its compliance with current regulations and industry best practices.
15.1. As part of our operations at NZOZ Wellysa, we would like to emphasize our commitment to transparency and accountability in the processing of personal data. Therefore, we inform you that our mobile application and website do not use automated decision-making processes, including profiling, that would have legal consequences for individuals or significantly affect them.
15.2. Automated Decision-Making. Automated decision-making refers to processes in which decisions about individuals are made automatically, based on collected data, without significant human intervention. Our company does not use such systems in a way that would have legal consequences for users or significantly affect them.
15.3. Profiling. Profiling is a type of data processing that involves using personal data to evaluate certain personal factors, in particular to analyze or predict aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not use profiling in our business in a way that would have legal consequences for individuals or significantly affect their situation. This means that we do not analyze or predict your preferences, behavior, or location in a way that could automatically generate decisions affecting your rights or access to services.
15.4. Transparency and Control. Our commitment to transparency and respect for the privacy of our users is a priority. If we make any changes to our automated decision-making or profiling practices in the future, users will be informed immediately, and the procedures in place will be presented in a clear and understandable manner.
15.5. Your Rights. We remind you that you have the right to obtain personal intervention, to express your own position, and to challenge decisions based solely on automated processing, including profiling. To exercise this right, please contact our Data Protection Officer by email: [email protected] or in writing to our registered office address.
16.1. At NZOZ Wellysa, we are deeply committed to protecting the privacy and personal data of our users. Therefore, we adhere to strict data protection standards, as required by the General Data Protection Regulation (GDPR) and other applicable laws.
16.2. Principle of No Data Transfer Outside the EEA. We inform you that the personal data we collect is processed and stored exclusively within the European Economic Area (EEA), which provides it with a high level of protection. We do not transfer personal data outside the EEA, which means it is not transferred to third countries or international organizations that may not provide an adequate level of data protection.
16.3. Commitment to Data Protection. Our commitment to protecting your personal data reflects our mission to ensure security and privacy at every stage of using our services. All operations involving personal data are carried out in accordance with the highest standards of information security and with respect for your rights and freedoms.
16.4. Exceptions to the Principle. If a transfer of data outside the EEA becomes necessary for any reason, we will take all necessary measures to ensure that such transfer is carried out in accordance with applicable data protection laws, including by
16.4.1. Use of standard contractual clauses approved by the European Commission,
16.4.2. Ensuring that the destination country ensures an adequate level of data protection, in accordance with the European Commission's decision,
16.4.3. Implementation of appropriate safeguards, such as contracts based on binding corporate rules (BCRs).
16.5. User Rights. We want to assure you that you have full control over your personal data at all times. Therefore, we provide you with access to information about any data transfers and the right to object to such transfers.
16.6. Contact and More Information. If you have any questions regarding the processing and transfer of personal data outside the EEA, please contact our Data Protection Officer (DPO) directly by email: [email protected] or in writing to our registered office address.
17.1. At NZOZ Wellysa, we make every effort to ensure that the processing of your personal data is carried out in full compliance with the highest data protection standards, including the General Data Protection Regulation (GDPR). Despite our commitment, we understand that situations may arise in which users may feel dissatisfied with the manner in which their data is processed.
17.2. Filing a Complaint. If you believe that the processing of your personal data by Wellysa Spółka Akcyjna violates the provisions of the GDPR or other data protection regulations, you have the right to lodge a complaint with the competent supervisory authority. In Poland, this authority is the President of the Personal Data Protection Office (UODO).
17.3. Complaint Procedure. We encourage you to first contact the Controller, i.e., us directly through our Data Protection Officer (DPO) at [email protected] or by mail, which may allow for a quick resolution of any issues.
17.4. Filing a Complaint with the Personal Data Protection Office (UODO). If contacting us does not resolve the issue, or you prefer to proceed immediately, you may file a complaint directly with the President of the Personal Data Protection Office. A complaint may be filed in writing, by post, electronically, or in person at the UODO's office. It is advisable to attach any information and documents that may be relevant to the matter. Information Required When Filing a Complaint:
17.4.1. Your full contact details,
17.4.2. A detailed description of the data protection breach you have experienced,
17.4.3. An indication of the steps you have taken to resolve the issue so far,
17.4.4. Copies of any correspondence or documents related to the matter.
17.5. Support and Assistance. Remember that the President of the Personal Data Protection Office is at your disposal not only to file a complaint, but also as a source of information and support regarding personal data protection.
17.6. Our Commitment. We are committed to cooperating with supervisory authorities and users to ensure that all privacy concerns are appropriately addressed and resolved in a spirit of openness and respect for your rights.
18.1. At Wellysa Spółka Akcyjna, we use cookies and similar technologies on our website and mobile application to provide the best possible experience for our users. Cookies are small text files that are saved on your device (computer, phone, tablet, etc.) when you use our services. They enable us to recognize your device and tailor our services to your needs.
18.2. Types of Cookies and Data Storage Technologies Used 18.2.1. Essential Cookies. These cookies and their technological equivalents in the mobile app are required for the core functionality of both the website and the app, such as security, network management, and accessibility. Without them, our services may not function properly. 18.2.2. Functional Cookies. These cookies allow us to remember choices you make (e.g., username, language, region) within the app and on the website, providing more personalized features. 18.2.3. Analytical and Performance Cookies. These cookies allow us to understand how users use our website and mobile app, which helps us improve functionality and content presentation. 18.2.4. Advertising and Targeting Cookies. These cookies are used to deliver advertisements that are more relevant to your interests, both within the app and on the website, and to measure the effectiveness of advertising campaigns.
18.3. Managing Cookies and Data Storage Technologies. As a user, you have full control over cookies and similar data storage technologies used in our mobile application and website. Most web browsers and some mobile operating systems offer options for managing data storage settings. You can change your browser settings or the mobile application's system settings to reject new cookies, disable existing cookies, or be notified when new cookies or data are saved on your device. However, please note that if you choose to block or delete cookies and other data storage technologies, this may affect the availability and functionality of our services. To manage cookie and similar technology settings, visit the "Help" menu in your web browser or the privacy/data protection settings section in your mobile device's operating system.
18.4. Your Rights and Privacy. Respect for your privacy is our priority. The use of cookies and similar technologies is always in compliance with applicable data protection law, including the GDPR. We provide you with transparency regarding the information we collect and control over it.
18.5. More Information. If you have any questions or concerns about our use of cookies, please contact us by email: [email protected] or through other means available on our website.
19.1. At NZOZ Wellysa, we recognize that technology and legal regulations regarding privacy are evolving, which may require us to adapt and update our Privacy Policy. Therefore, we reserve the right to amend this Privacy Policy at any time to reflect the latest practices regarding personal data processing and ensure compliance with applicable law.
19.2. Policy Update Process
19.2.1. Regular Review. We regularly review our Privacy Policy to ensure it is up-to-date and reflects how we process personal data.
19.2.2. Making Changes. If we make material changes to this Privacy Policy that may affect how we process personal data or your rights, we will make these changes with due care and in accordance with privacy best practices.
19.2.3. Communicating Changes
19.2.3.1. Notifications. We will notify you of any changes to our Privacy Policy through a prominent notice on our website and, where possible, through other communication channels, such as email, to users who have consented to receive such information.
9.2.3.2. Date of Last Update. You will always find the date of its last update at the top of the Privacy Policy, allowing you to easily identify when the last changes were made.
19.2.3.3. Transparency of Changes. We make every effort to present all changes in a clear and understandable manner. We want you to always be aware of how we protect your personal data and what your rights are.
19.2.3.4. Your Rights and Choices. We remind you that you have full control over your personal data. You have the right to access, rectify, delete, or restrict the processing of your data at any time. Any changes to the Privacy Policy will not affect these rights without your express consent.
20.1. We encourage you to regularly review this Privacy Policy and contact us with any questions or concerns about changes to this policy or how we process your personal data. You can contact us by email: [email protected], [email protected], [email protected], or other available channels.