Privacy Policy in IPROCURE Sp. z o.o.

Pursuant to Articles 13 and 14 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), IPROCURE spółka z ograniczoną odpowiedzialnością is obliged to perform the duty of information with regard to persons whose personal data it processes.

This information takes into account the main aspects related to the processing of personal data of Customers, Counterparties, Business Partners, Users of the website www.iprocure.pl (hereinafter also referred to as “Website”) and persons contacting us in any other matter related to the activities of IPROCURE sp. z o.o.

I. General information

  1. The controller of personal data in accordance with GDPR is:

  2. IPROCURE spółka z ograniczoną odpowiedzialnością ul. Williama Heerleina Lindleya 16 02-013 Warszawa NIP: 7010889964 REGON: 381660451 KRS: 0000754843 (hereinafter also referred to as the “Controller”).

  3. If you have any questions related to this document, as well as the processing of your personal data, you may contact the Controller at any time at the correspondence address: IPROCURE sp. z o.o., ul. Williama Heerleina Lindleya 16, 02-013 Warsaw, at the e-mail address biuro@iprocure.pl or at the telephone number 221003974

II. Main principles

    The Controller shall make every effort to ensure that your personal data remain confidential and secure, in particular properly protected against access by unauthorised persons.

    2. The Controller processes your personal data only to the extent necessary for the functioning of the Website, cooperation of the Controller with its Customers and Counterparties and other activities described in this document. The Controller processes your personal data in a manner consistent with the applicable provisions of law, including GDPR.

    3. The provision of your personal data is in most cases voluntary. However, failure to provide certain personal data specified in the Privacy Policy shall result in the inability to cooperate and contact the Controller.

    4. The Website does not use cookies.

III. What is personal data and what constitutes its processing??

    1. Under GDPR provisions, “personal data” means any information about an identified or identifiable natural person.

    2. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    3. Processing of personal data should be understood as any activity involving personal data, in an automated or non-automated manner, such as collecting, saving, organising, sorting, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise sharing, adjusting or joining, limiting, removing or destroying.

IV. Purposes of personal data processing

    1. In connection with the functioning of the Website, your personal data shall or may be processed by the Controller for the following purposes:

    1) contact via the contact form on the Website The legal basis for the processing of personal data is your consent resulting from the initiation of contact (Article 6 (1) (a) of the GDPR), as well as the legitimate interest of the Controller in providing the highest possible level of service to Customers and potential Customers (Article 6 (1) (f) of the GDPR). The Controller processes personal data in the form of name, e-mail address, telephone number and any other data voluntarily indicated in the message. Your data will also be processed after the end of the contact, for various purposes, depending on what has been the subject of the correspondence. The legal basis for such processing is a legitimate purpose in the form of archiving correspondence for the purpose of future demonstration (Article 6 (1) (f) of the GDPR). If you decide to enter into an agreement with the Controller, the basis for data processing shall be the conclusion and performance of the agreement (Article 6 (1) (b) of the GDPR). The provision of data is voluntary, but necessary to initiate contact via the contact form;

    2) analysis of data collected automatically when using the Website Your personal data are processed on the basis of Article 6 (1) (f) of GDPR, i.e. the legitimate interest of the Controller, expressed in ensuring the proper functioning of the Website and maintaining statistics on its display. As part of the analysis, your personal data concerning the IP number of the device you use to access the Website and your activity on the Website are processed. However, the personal data thus processed shall not be recorded or archived anywhere.

    2. Outside the Website, your personal data may be processed by the Controller for the following purposes:

    1) conclusion and performance of the agreement Your personal data may be processed for the purpose of undertaking activities necessary to conclude an agreement to which you are a party, and then for the purpose of its proper performance and settlement (Article 6 (1) (b) of the GDPR). If you are representatives (e.g. members of the Management Board, proxies) or employees of a party to an agreement which is to be concluded with the Controller, your personal data are processed in the legitimate interest of the Controller (Article 6 (1) (f) of GDPR). Provision of the personal data is voluntary, but necessary in order to conclude the agreement;

    2) correspondence or other forms of communication Your personal data may be processed by the Controller for the purpose of written, telephone or electronic contact, correspondence or communication. In such a situation, the basis for processing is the legitimate interest of the Data Controller, consisting in conducting current activity and contacting Customers, Counterparties, Business Partners and any other persons contacting the Controller in any matter (Article 6 (1) (f) of GDPR). If you initiated the conversation, your personal data will be processed on the basis of consent resulting from the initiation of the contact (Article 6 (1) (a) of the GDPR). Provision of your personal data is voluntary, but necessary for correspondence or communication;

    3) processing of personal data for marketing purposes An element of the Controller’s relationship with Customers, Counterparties and Business Partners is presenting them with the Controller’s commercial offer. In addition, the Controller undertakes marketing activities such as creating and maintaining customer databases, conducting other promotional activities (including participation in trade fairs and events). The processing of personal data in this regard is an expression of the legitimate interest of the Controller (Article 6 (1) (a) and (f) of GDPR) and does not require your consent;

    4) compliance with the obligations imposed by law Your data may also be processed in order to fulfil the obligations imposed on the Controller under the provisions of law, in particular to provide your data for the purposes of possible court, administrative proceedings or other proceedings before state authorities, as well as to fulfil the obligations arising from the provisions on accounting and tax law (Article 6 (1) (c) of the GDPR). In this case, the processing of personal data is an obligation under law;

    5) recruitment If you participate in the recruitment process organised by the Controller, depending on the scope of your consent, the Controller processes the data for the purposes related to the recruitment process for the position indicated in the job advertisement or for the purposes necessary to implement future recruitment processes. Your personal data are processed on the basis of a consent (in accordance with Article 6 (1) (a) of the GDPR). Failure to consent to the processing of your personal data prevents participation in the recruitment process;

    6) archival and evidence-gathering purposes Your data may be processed for archival and evidence-gathering purposes in order to secure information that may serve to demonstrate facts, which constitutes the legitimate interest of the Controller (in accordance with Article 6 (1) (f) of GDPR). The data thus archived may serve the purpose of establishing, investigating or defending against claims or allegations.

    3. Your personal data may also be processed for other purposes, in which case you will each time receive information on this subject in a manner consistent with the information obligation resulting from GDPR (Articles 13 and 14 of GDPR).

V. Period of the personal data processing

Your personal data will be processed for a reasonable period, depending on the purpose for which it was collected:

V. Period of the personal data processing

You have the following rights:

    the right to access your data and receive a copy of your data;

    the right to rectify (correct) your data;

    where justified, the right to erasure of your data,

    the right to limit the processing of your data,

    the right to data portability,

    in justified cases, the right to object to the processing of your data,

    to the extent that your data are processed on the basis of consent given under the provisions of the GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect processing that was carried out prior to its withdrawal,

VI. From which sources the Controller collects personal data?

The provision of personal data by you is voluntary, but necessary to enable us to contact you or to conclude and perform the contract.

VII. Recipients of personal data

The data provided by you will not be processed in a way that leads to an automatic decision-making process and will not be subject to profiling.

VIII. Rights in connection with data processing by the Controller

IX. Final provisions