Privacy Policy
This Privacy Policy describes the rules for processing information about you, including personal data, by the Service (operating at the address: www.mcsc.pl).
The Policy is addressed to individuals who use the Service independently.
The Policy specifically indicates the information referred to in Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.
Whenever the Policy refers to personal data, processing, controller, processor, recipient, consent, supervisory authority – these terms are understood according to their definitions contained in the GDPR.
In connection with the User’s (definition below) use of the Service, the Controller collects data necessary to provide the individual services offered. Below are described the detailed rules and purposes of processing personal data collected during the User’s use of the Service.
If you are not a User of the Service – we do not process your data except for data obtained in connection with the useof cookies on your terminal device. Detailed information regarding the processing of this data is specified in the Cookies Policy.
1. Definitions
1) Controller – Institute of Mother and Child with its registered office in Warsaw at ul. Kasprzaka 17A, 01-211 Warsaw, REGON 000288395, NIP 5250008471, KRS 0000050095
2) Policy – this Privacy Policy
3) Service – the internet service operated by the Controller at the address www.mcsc.pl
4) User – any natural person visiting the Service or using one or more services or functionalities described
in the Policy.
2. Contact with the Controller
You can contact the Controller in the following ways:
1) by sending a letter to the address of its registered office indicated in point 1;
2) electronically:
a) via email correspondence to the address: dyr@imid.med.pl;
b) via the ePUAP platform to the address: /IMiDWarszawa/SkrytkaESP.
Furthermore, the Institute has appointed a Data Protection Officer (“DPO”), whom you can contact regarding the processing of your personal data.
Contact with the DPO is possible via email at: iod@imid.med.pl or in writing to the address of the Institute’s registered office.
3. Purposes and legal bases for processing personal data in the Service
1) in the case of use of the Service by Users;
Personal data of all persons using the Service are processed by
the Controller:
a) for the purpose of providing services electronically regarding making content collected in the Service available to Users – then the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
b) for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights.
2) in the case of Users who have used contact forms
a) for the purpose of providing services electronically regarding enabling Users to submit inquiries using contact forms – then the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
b) if the User provides more data than necessary for the provision of services electronically – the legal basis for processing is the User’s consent given through a clear affirmative action by the User consisting in providing optional data and sending them to the Controller via the contact form (Article 6(1)(a) in conjunction with Article 4(11) GDPR);
c) for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights.
3) in the case of Users who have consented to receive marketing information
a) for the purpose of sending the requested commercial information – the legal basis for processing, including using profiling, is the User’s consent (Article 6(1)(a) GDPR);
b) for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in conducting analyses of User activity in the Service to improve the functionalities used;
c) for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights.
Personal data is obtained in the Service through:
1) voluntary entry in forms provided in the Service;
2) saving cookie files on end devices; details regarding cookie files can be found in the Cookies Policy.
Using the forms provided in the Service requires providing the Personal Data
necessary to establish contact with the User and provide a response. The User
may also provide other data to facilitate contact or handle the inquiry. Providing
data marked as mandatory is required to accept and handle the inquiry,
and failure to provide it results in the inability to handle it. Providing other data is
voluntary.
4. Personal Data processing period
The data processing period by the Controller depends on the type of service provided and the purpose of processing.
As a rule, data is processed:
1) for the duration of the service provision, or
2) until the expressed consent is withdrawn, or
3) until an effective objection to data processing is submitted in cases where the legal basis for data processing is the legitimate interest of the Controller, and subsequently for the period of limitation of claims or the period necessary to fulfill legal obligations incumbent on the Controller, and after that time only if and to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymized.
5. User Rights
The User has the right to:
1) access personal data;
2) rectify personal data;
3) erase data (“right to be forgotten”);
4) restrict processing;
5) data portability;
6) object to data processing.
The User has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(f) GDPR. The Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defense of legal claims.
To the extent that the User’s data is processed based on consent, the User may withdraw this consent at any time by contacting the Controller via iod@imid.med.pl.
If you believe that personal data is not being processed in accordance with applicable regulations, you may lodge a complaint with the competent supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
6. Recipients of Personal Data
The User’s personal data will be transferred to entities cooperating with the Controller based on an appropriate agreement and after applying appropriate organizational and technical security measures, in particular these will be:
1) entities providing services: legal advisory, audit, courier or postal, accounting-settlement;
2) entities being providers of IT services, software used for processing the User’s personal data.
If the User’s consent is obtained, their data may also be shared with other entities for their own purposes,
including marketing purposes.
7. Transfer of Personal Data outside the EEA
7.1. The level of protection for Personal Data outside the European Economic Area
(EEA) differs from that provided by European law. For this reason, the
Controller transfers Personal Data outside the EEA only when necessary, and with
an adequate level of protection ensured, primarily through:
7.1.1. cooperation with entities processing Personal Data in countries for which
an adequacy decision has been issued by the European Commission
regarding the assurance of an adequate level of protection for Personal
Data;
7.1.2. application of standard contractual clauses issued by the European
Commission;
7.1.3. application of binding corporate rules approved by the competent supervisory
authority.
7.2. The Controller always informs about the intention to transfer Personal Data outside
the EEA at the stage of their collection.
8. Security of Personal Data
The Controller continuously conducts risk analysis to ensure that personal data is processed by it in a secure manner – ensuring primarily that only authorized persons have access to the data and only to the extent necessary due to the tasks they perform. The Controller ensures that all operations on Personal Data are recorded and performed only by authorized employees and collaborators. The Controller takes all necessary actions so that its subcontractors and other cooperating entities also provide a guarantee of applying appropriate security measures whenever they process Personal Data on behalf of the Controller.
9. Changes to the Privacy Policy
The Policy is reviewed on an ongoing basis and updated as necessary.
The current version of the Policy is effective from June 6, 2024.
Cookies Policy
This Cookies Policy defines the rules for storing and accessing information on the User’s devices using Cookies, used for the provision of electronically supplied services requested by the User, by the Institute of Mother and Child with its registered office in Warsaw.
§ 1 Definitions
1. Controller – means the Institute of Mother and Child with its registered office in Warsaw 01-211, ul. Kasprzaka 17a, which provides services electronically and stores and accesses information on User’s devices.
2. Cookies – means IT data, in particular small text files, saved and stored on the devices through which the User uses the Service’s websites.
3. Controller’s Cookies – means Cookies placed by the Controller, related to the provision of services electronically by the Controller via the Service.
4. External Cookies – means Cookies placed by the Controller’s partners, via the Service’s website.
5. Service – means the website under which the Controller operates the internet service, operating in the domain www.mcsc.pl.
6. Device – means an electronic device through which the User accesses the Service’s websites.
7. User – means an entity for whom, in accordance with the Regulations and legal provisions, services may be provided electronically or with whom an Agreement for the provision of services electronically may be concluded.
§ 2 Types of Cookies Used
1. Cookies used by the Controller are safe for the User’s Device. In particular, it is not possible for viruses or other unwanted software or malicious software to enter Users’ Devices this way. These files allow identification of the software used by the User and adaptation of the Service individually for each User. Cookies usually contain the name of the domain from which they originate, their storage time on the Device, and an assigned value.
2. The Controller uses two types of cookies:
o Session Cookies: are stored on the User’s Device and remain there until the end of the browser session. The saved
information is then permanently deleted from the Device’s memory. The mechanism of session cookies does not allow for the collection of any personal data or any confidential information from the User’s Device.
o Persistent Cookies: are stored on the User’s Device and remain there until they are deleted. Ending a browser session or turning off the Device does not delete them from the User’s Device. The mechanism of persistent cookies does not allow for the collection of any personal data or any confidential information from the User’s Device.
3. The User has the option to limit or disable access of cookies to their Device. If this option is used, the use of the Service will be possible, except for functions that by their nature require cookies.
§ 3 Purposes for which Cookies are Used
1. The Controller uses its own Cookies for the proper configuration of the service, and in particular to:
o adapt the content of the Service’s websites to the User’s preferences and optimize the use of the Service’s websites.
2. The Controller uses its own Cookies to carry out processes necessary for the full functionality of the websites, and in particular to adapt the content of the Service’s websites to the User’s preferences and optimize the use of the Service’s websites. In particular, these files allow recognition of the basic parameters of the User’s Device and appropriate display of the website, tailored to their individual needs.
3. The service Controller uses External Cookies to collect general and anonymous statistical data via Google Analytics analytical tools (administrator of external cookies: Google Inc based in the USA).
4. The service Controller uses External Cookies to present advertisements tailored to the User’s preferences using the Google AdSense internet advertising tool (administrator of external cookies: Google Inc based in the USA).
§ 4 Possibilities of Determining the Conditions for Storing or Accessing Cookies
1. The User can independently change the settings for Cookies at any time, specifying the conditions for their storage and access by Cookies to the User’s Device. The User can make changes to the settings referred to in the previous sentence using the web browser settings or service configuration. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about each placement of Cookies on the User’s device. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web browser). Below we show how you can change the settings of web browsers regarding the use of cookies: o Internet Explorer browser o Mozilla Firefox browser o Chrome browser o Safari browser o Opera browser
2. The User can delete Cookies at any time using the available functions in the web browser they use.
3. Restricting the use of Cookies may affect some functionalities available on the Service’s website.