GDPR Information Clause

1. Glossary

Personal data – information identifying (or allowing to identify) a natural person, particularly: name and surname, address, telephone number, email address, date of birth, taxpayer identification number, personal identity number etc.;

Personal data administrator – person or entity, who (on their own or together with other administrators) specifies the purpose and way in which the personal data will be processed;

Processing of personal data – activities concerning personal data, particularly: collecting, recording, organizing, sorting out, storing, downloading, browsing, using, sharing, deleting, destroying etc.;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Personal data administrator

The administrator of personal data processed in connection with company’s business activity is MEDIGLOBAL Jakub Kościelniak Spółka komandytowa with its seat in Kraków, ul. Pod Stokiem 39/2, 30-236 Kraków, Poland (hereinafter referred to as „MEDIGLOBAL”).

In all matters concerning processing of personal data, particularly execution of your legitimate rights related to processing of personal data, you may contact MEDIGLOBAL via:

• Email address: team@medi.global;
• Telephone: +48 12 400 44 44 (Mon-Fri, 09:00 am to 05:00 pm Polish time); or
• In writing to the address of MEDIGLOBAL’s seat.

 

3. Basic rules concerning processing of personal data

MEDIGLOBAL represents and provides that:

• Personal data is processed according to current regulations, including GDPR, in a reliable and transparent way;
• Personal data is collected for specific and legally justified reasons and is processed only in the scope consistent with those reasons;
• MEDIGLOBAL shall use its best efforts to process such personal data which is correct, accurate, up to date;
• Personal data is stored in a way that enables identification of the person who the data concerns for the period not longer than necessary for the reasons for which the data is stored;
• Personal data is stored in a way providing appropriate security, including protection from unauthorized or against the law processing or its accidental loss, destruction or damage, by taking appropriate organizational, technical and technological measures.

4. Reasons and basis for processing of personal data

Due to Company’s business activity MEDIGLOBAL processes data of entities it has business relations with, along with its workers and coworkers, data of persons transferred to MEDIGLOBAL due to execution of orders and contracts, data of third parties included in documents being the subject of translation, data of persons responsible for establishing contact remotely (via telephone, email), data of persons applying for employment, and data of persons accepted in the recruitment process.

As presented in the table below, MEDIGLOBAL specifies the scope, reason and legal basis for processing of personal data in relations to Company’s business activity.

 

Scope	Reasons for processing	Legal basis for processing
Identification data (name and surname) Address data Telephone number Email address Taxpayer identification number (NIP) National business registry number (REGON) Personal identity number Work position Localization data Qualification data Previous employment data Recruitment process data Any other data necessary to provide services/ cooperate Personal data included in translated documents	Concluding and executing a contract Handling enquiries and motions Running marketing activities Debt collection Court, arbitration and mediation proceedings Performing tax and accounting duties Keeping statistical analyses Performing recruitment process Archiving (including ensuring accountability – presenting fulfilling duties resulting from the rules of law)	Necessity to process data necessary to conclude and execute a contract Fulfilling obligations resulting from legal regulations Executing, legally justified, interests of the Administrator (redress and protection from potential claims, presenting the offer of products, services, marketing) Consent (e.g. in relations to marketing in case of electronic or telephone channel of communication)

 

Providing data is voluntary, however, MEDIGLOBAL stipulates that in some cases providing such data may be necessary to conclude and execute a contract, provide a response for an enquiry, have correspondence, perform obligations resulting from rules of law.

5. Data retention period

MEDIGLOBAL processes data for the time period which is necessary to achieve the processing purpose. MEDIGLOBAL applies the rule of limiting personal data storing, which protects data from its processing for unlimited time. When the purpose has been achieved, MEDIGLOBAL removes or anonymizes the data. With the exception of the situations where storing such data is necessary due to specific rules of law.

MEDIGLOBAL removes or anonymizes data particularly when:

• There is expiration of potential claims (if MEDIGLOBAL processed data in relation to contract execution);
• There is expiration of deadlines resulting from rules of law (e.g. Accounting Law);
• The person whose data is in question revokes the authorization to process their personal data (if the consent was the basis for data processing);
• The person whose data is in question will effectively object to further processing (if the basis for the data processing was a justified interest of MEDIGLOBAL).

6. Data recipient

Personal data processed by MEDIGLOBAL in relations to business relations may be transferred to the following types of entities:

• Subcontractors, contractors and business partners within cooperation on a given project only in the scope and for the purpose necessary to execute laws and obligations resulting from the cooperation;
• Entities providing MEDIGLOBAL with accounting, legal, IT, and marketing services.

7. Rules concerning transferring data abroad

When necessary basis arises MEDIGLOBAL may transfer personal data to entities from European Economic Area (EEA).

MEDIGLOBAL may transfer personal data to a third country if it guarantees at least as good data protection as that applicable in the country of MEDIGLOBAL’s registered seat. In practice, the fact that a given country is recognized by European Commission as a country providing sufficient protection is such a guarantee.

In the case of transferring data outside the EEA MEDIGLOBAL shall take appropriate measures in order to provide data protection, particularly by using contractual clauses approved by European Commission.

8. Laws related to processing of personal data

According to current legal regulations you are entitled the:

• Right to access to your personal data and receive its copy,
• Right to rectify (correct) your personal data,
• Right to delete your data,
• Right to limit processing of your data,
• Right to object processing of your data,
• Right to transfer your data,
• Right to file a complaint to a supervisory body (The Inspector General for the Protection of Personal Data)
• Right to withdraw the consent to processing of personal data.

If the processing of personal data is performed on the basis of your consent you have every right to withdraw such consent at any time. Withdrawing your consent shall not affect the fact that processing was legitimate before withdrawal of your consent.

In order to execute your rights please address your requests using the contact data provided above.

Should you have any further questions, do not hesitate to contact us.