1.1. Controller – Cortmed International Limited with its registered seat in 11-13 Dyer Street, Suite 10047, Drogheda, Co. Louth, A92 XWY, Ireland.
1.2. Personal Data – any information about a natural person, identified or identifiable by one or several factors defining his/her physical, physiological, genetic, psychic, economic, cultural or social identity, including the IP of the device, location data, online identifier and information collected through cookie files and other similar technologies.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5. Website – an online service run by the Controller at the address https://www.cortmed-international.com
1.6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. Data processing in connection with the use of the website
2.1. In connection with the User’s use of the website, the Controller collects data with the scope necessary to provide its respective services and collects information about the User’s activity on the Website. The detailed rules and purposes of processing the personal data collected during the use of the Website by the User are described below.
3. Purposes and legal basis of data processing at the website
Use of the website
3.1. Personal data of all the persons using the Website (including the IP address or other identifiers and information collected through cookie files and other similar technologies) who are not registered Users (i.e. persons with no profile on the Website) are processed by the Controller:
3.1.1. to provide services electronically to provide Users with an access to the content collected on the Website – in this case, the legal basis for the processing is that processing is necessary for the performance of a contract (Article 6(1)(b) of GDPR);
3.1.2. for analytical and statistical purposes – in this case, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR) to analyze the activity of Users and their preferences in order to improve the functionalities used and the services provided;
3.1.3. to determine and pursue possible claims or defend against claims – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to protect its rights.
3.2. Activity of a User on the Website, including his/her personal data, is recorded in system logs (a special computer program for storing a chronological record of information about events and actions concerning the IT system used for providing services by the Controller). The information collected in logs is processed mainly for purposes related to the provision of services. The Controller also processes the information for technical, administrative purposes and in order to ensure security of the IT system and to manage the system and also for analytical and statistical purposes – in this respect, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR).
3.3. The Controller ensures technical solutions for contacting it by using electronic contact forms. Using the form requires that personal data are provided, which is needed to contact the User and answer his/her inquiry. The User may also give other data to facilitate contact or inquiry handling. Provision of data marked as mandatory is required to accept and handle an inquiry, and the failure to provide them makes it impossible to handle it. Provision of other data is voluntary.
3.4. Personal data are processed:
3.4.1. to identify the sender and handle his/her inquiry sent by the provided form – the legal basis for the processing is the necessity of the processing to perform a contract for providing a service (Article 6(1)(b) GDPR);
3.4.2. for analytical and statistical purposes – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to perform analyses of the inquiries made by Users through the Website to enhance its functionalities.
4.1. The Administrator processes Users’ Personal Data in order to carry out marketing activities, which may consist in conducting activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
4.2. User’s personal data may be also used by the Controller to send the User marketing content through various channels, i.e. by e-mail, text / multimedia message or by telephone.
Such actions are taken by the Controller only when the User has given consent to them, where the consent may be withdrawn at any time.
4.3. In some cases, the administrator may also conduct direct marketing via traditional mail. The User will be informed separately about the intention to conduct this type of marketing. Regarding this kind of marketing, the User has the right to object.
5. Cookies and similar technologies
5.1. Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information to facilitate using a website, e.g. by remembering the User’s visits at the Website and actions performed by him or her.
5.2. The Controller uses the so called “service” cookies primarily to provide the User with services electronically and improve the quality of these services. Accordingly, the Controller and other entities providing analytical and statistical services on its behalf, storing information or gaining access to information already stored in the User’s terminal telecommunications equipment (a computer, telephone, tablet, etc.). Cookie files used for the above purpose include:
5.2.1. user input cookies (session identifiers) stored for the duration of a session;
5.2.2. authentication cookies used for services that require authentication for the duration of a session;
5.2.3. user-centric security cookies, e.g. used to detect abuses concerning authentication;
5.2.4. multimedia player session cookies (e.g. flash player cookies);
5.2.5. persistent user interface customization cookies for the duration of a session or slightly longer,
5.2.6. cookies used to monitor online traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to compile statistics and reports about the operation of the Website). Google does not use the data collected to identify a User and neither does it combine any information items to make such an identification possible. Detailed information on the scope and rules of collecting data in connection with the service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
6. Cookie settings
6.3.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
6.3.2. Mozilla Firefox: https://support.mozilla.org/en-US/kb/misette
6.3.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
6.3.4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
6.3.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB
6.4. The User may, at any time, verify the status of his current privacy settings within the internet browser by using tools available at the following websites:
7. Period of personal data processing
7.1. The period of data processing by the Controller depends on the type of provided service and the purpose of the processing. In principle, data are processed for the entire period of providing the service until the moment of withdrawing consent or filing an effective objection to the data processing in the cases where the legal basis for the processing is the Controller’s legitimate interest.
7.2. The data processing period may be extended if processing is necessary to determine and pursue possible claims or defend against claims and, after that time, only when and to the extent required by law. After the elapse of the processing period, the data are irreversibly deleted and anonymized.
8. User’s rights
8.1. A User has the right to: access the content of the data and demand its rectification, erasure, restriction of processing, the right to data portability and the right to object to data processing as well as the right to lodge a complaint with the supervisory authority responsible for personal data protection.
8.2. To the extent that a User’s data are processed on the basis of his/her consent, the consent may be withdrawn at any moment by contacting the Controller.
8.3. A User has the right to object to data processing for marketing purposes if the processing is done in connection with the Controller’s legitimate interest and also – for reasons connected with the User’s particular situation – in other cases when the legal basis for data processing is the Controller’s legitimate interest (e.g. in connection with carrying out analytical and statistical objectives).
9. Data recipients
9.1. The Controller reserves the right to disclose selected information items referring to the User to relevant authorities or third parties which will demand that they are provided such information pursuant to an appropriate legal basis and in compliance with prevailing laws.
10. Transfer of data otuside the EEA
10.1. The level of personal data protection outside the European Economic Area (EEA) differs from that guaranteed by the European law. For this reason, the Controller transmits personal data to places outside the EEA only when necessary and ensuring an adequate protection level, mainly by:
10.1.1. cooperating with personal data processors in the states with respect to which a relevant decision of the European Commission has been issued;
10.1.2. application of standard contractual clauses issued by the European Commission;
10.1.3. application of binding corporate principles approved by the relevant supervisory authority;
10.1.4. if data is transferred to the USA – cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.
10.2. At the data collection stage, the Controller always informs the User of the intention to transfer personal data outside the EEA.
11. Personal data security
11.1. The Controller conducts an ongoing risk analysis to ensure that personal data are processed in a secure manner, guaranteeing first of all that access to the data is provided only to authorized persons and only to the extent necessary for them to perform their tasks. The Controller makes sure that any operations on personal data are recorded and performed only by authorized employees or collaborators.
11.2. The Controller takes any necessary actions so that also its subcontractors and other cooperating entities guaranteed the application of appropriate security measures in each case when they process personal data on the Controller’s behalf.
12. Contact data
12.1. The Controller may be contacted by e-mail firstname.lastname@example.org or by letter sent to the mailing address Cortmed International Limited with its registered seat in 11-13 Dyer Street, Suite 10047, Drogheda, Co. Louth, A92 XWY, Ireland
13.1. The policy is verified on an ongoing basis and updated when needed. The present version of the Policy was approved and has been in force since 1st of August 2019.