Privacy policy

Back

Powrót

1. Who is the Controller of my personal data?

The personal data Controller is Medapp S.A with its seat in Kraków, 31-514 Kraków, ul. Władysława Belina Prażmowskiego 60, NIP [tax ID]: 7010264750, REGON [company register ID]: 142641690, with KRS [National Court Register] number 00000365157, whose registration documents are held by the District Court for Kraków-Śródmieście in Kraków, 11th Economic Division of the National Court Register, with the share capital of PLN 25,003,220.40 paid in full, hereinafter referred to as Medapp.

2. What personal data does the Controller process?

Medapp, as a controller of personal data within the meaning of the GDPR*, processes in particular the following personal data:

  • Personal data of job candidates (data which candidates provide to the Controller in connection with their participation in recruitment processes – in particular, data contained in their CV)
  • Personal data of contractors and their representatives (data of companies** and contact persons – basic data for issuing and accounting invoices (name, NIP [tax ID], address of business activity) and for contact (name, surname, company name, position, company e-mail address, company telephone number)
  • Data of persons who have subscribed to the Newsletter (e-mail address)
  • Data of persons sending inquiries via contact forms, e-mail and telephone (basic contact data: first and last name, e-mail address or telephone number)

GDPR* – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) ** – Data of companies are treated as personal data only if they allow the identification of data subjects. Share-holding company data are not treated as personal data. In addition to the data listed above, Medapp may also obtain and process other personal data, e.g., when providing access to the Carnalife System platform. In such situations, the principles of the processing of such data are described in the relevant sections of the website www.medapp.pl/RODO and/or information clauses placed in the forms/other places where personal data are collected. In addition to the data listed above, Medapp may also obtain and process other personal data, e.g., when providing access to the Carnalife System platform. In such situations, the principles of the processing of such data are described in the relevant sections of the website www.medapp.pl/RODO and/or information clauses placed in the forms/other places where personal data are collected.

Behavioral advertising

In addition to the data described in the above paragraph, Medapp processes the data of visitors to the www.medapp.pl website for the purposes of behavioral advertising, in the meaning of displaying ads that are tailored to the users’ preferences (on the basis of Article 6(1)(f) of the GDPR – the data Controller’s legitimate interest in direct marketing – if consent to the use of cookies is given). This process is described in detail in the “Cookie Information” section below.

On what terms does the Controller process my personal data?

The principles of processing your personal data are presented below (in particular, it is explained who has access to them, how long they are stored and for what purposes and on what basis they are processed).

2.1. Personal data of job applicants

Purposes and basis of processing: Your personal data will be processed for the purposes of the recruitment process or also for the purposes of future recruitment processes in the event that you express an appropriate consent (the basis for the processing of such data is the applicable legal regulations (in particular the Labor Code) and your consent).

Data recipients: These data may be made available to entities authorized by law. Entities providing Medapp with IT services and infrastructure may also have access to the data under appropriate agreements.

Retention peroid: The personal data processed by the controller will be stored until the end of the recruitment process or until you revoke the consent you have given in the case of processing for future recruitment processes.

Automated decision making / profiling: Medapp does not make decisions based on automated processing, including profiling (in relation to the purposes of processing described above).

Data provided on a voluntary/obligatory basis: Providing personal data to the extent required by law, in particular the Labor Code, is obligatory, otherwise it is voluntary.

2.2. Personal data of contractors and their representatives

Purposes and basis of processing: Personal data of contractors and their representatives (including in particular employees and associates of contractors) will be processed for the purposes of:

  • contact, including establishing and maintaining business contact and ensuring performance of contracts concluded with Contractors (on the basis of Article 6(1)(f) of the GDPR – legitimate interest of the data controller which is to ensure contact with the Contractor and the performance of contracts concluded with the Contractors or on the basis of Article 6(1)(a) of the GDPR, consent granted by you)
  • fulfillment of obligations arising from applicable laws (in particular resulting from the Accounting Act and the VAT Act) (on the basis of Article 6(1)(c) of the GDPR – processing is necessary to fulfill a legal obligation incumbent on the controller)
  • defense against claims as well as establishing and pursuing claims (on the basis of Article 6(1)(f) of the GDPR – legitimate interest of the controller in establishing and pursuing claims and defending claims)
  • [where appropriate consent has been given] distribution of commercial information, including under the form of a Newsletter, to the indicated e-mail address/phone number (Based on Article 6(1)(a) of the GDPR* – obtained consent)
  • [where you are a party to the contract] taking steps prior to entering into and performing the contract (based on 6(1)(b) of the GDPR – processing is necessary for the performance of contracts to which you are a party)

Source of data | Data provided on a voluntary/obligatory basis: : Your personal data were obtained directly from you or from your employer/principal. In the case where data are collected directly from you, providing these data is voluntary, but necessary to conclude/execute a contract between your employer/principal and MEDAPP. Your personal data may also have been obtained from Medapp’s partners if you have given your consent.

Data recipients: These data may be made available to entities authorized by law. Medapp’s IT service providers (in particular, web hosts) and other entities supporting Medapp in connection with the purposes described in the paragraph “Purposes and basis of processing” may also have access to the data on the basis of relevant contracts (in particular couriers and external auditors).

Automated decision making / profiling: Medapp does not make decisions based on automated processing, including profiling (in relation to the purposes of processing described above).

Retention period: Personal data of contractor representatives will be stored until the purposes specified in the paragraph “Purposes and basis of data processing” are fulfilled and then for the period required by law/until the claims expire.

2.3. Data of persons who have subscribed to the Newsletter

Purposes and basis of processing: Your personal data will be processed for the following purposes:

  • sending cyclical messages to the indicated e-mail address concerning MEDAPP S.A. and products in the company’s offer as part of the MEDAPP S.A. newsletter. (on the basis of Article 6(1)(f) of the GDPR* – legitimate interest of the data controller in direct marketing, in connection with the consent to receiving the Newsletter / commercial information)
  • demonstrating compliance with applicable laws, which is a legitimate interest of the controller of personal data (Article 6(1)(f) of the GDPR*)
  • pursuing and defense against claims (on the basis of Article 6(1)(f) of the GDPR – legitimate interest of the controller in pursuing and defending claims)

Data recipients: The data may be shared with:

  • entities authorized by law;
  • Infrastructure and IT service providers (including hosting companies and companies providing e-mail marketing solutions) processing data on behalf of Medapp may also have access to the data under relevant contracts.

Retention period: Your personal data will be stored until you revoke your consent and then for the time necessary to demonstrate compliance with applicable laws / pursue or defend claims.

Automated decision making / profiling: Medapp does not make decisions based on automated processing, including profiling (in relation to the purposes of processing described above).

Data provided on a voluntary/obligatory basis: Providing personal data is voluntary, however it is necessary to subscribe to the Newsletter.

2.4. Data obtained through contact via contact forms, e-mail and telephone

Purposes and basis of processing: Personal data will be processed for the following purposes:

  • maintaining ongoing electronic correspondence and following up on your requests for information on particular products offered by the Company, sent through the contact form (The basis of data processing is the legitimate interest of the data controller which is to conduct electronic correspondence and take actions at the request of data subjects).
  • [where appropriate consent has been given] distribution of commercial information to the indicated e-mail address/phone number (Based on Article 6(1)(a) of the GDPR* – consent given by you)

Data recipients: These data may be made available to entities authorized by law. Infrastructure and IT service providers who process data on behalf of Medapp may also have access to the data under appropriate contracts.

Retention period: The personal data processed by the controller will be kept for the period of conducting electronic correspondence and then, for archival purposes, for the period specified in the controller’s office instructions. If you have given your consent to receiving commercial information, we will retain your personal information until you revoke that consent.

Automated decision making / profiling: Medapp does not make decisions based on automated processing, including profiling (in relation to the purposes of processing described above).

Data provided on a voluntary/obligatory basis: : Providing personal data is voluntary, but necessary in order to exchange electronic correspondence or to take actions upon your request. Granting consent to be contacted for commercial information is voluntary.

3. What rights do I have in relation to Medapp’s processing of my personal data?

You have the right, as applicable, to:

  • request access to your personal data, rectification, erasure and restriction of processing, as well as to portability of your personal data;
  • withdraw your consent at any time (if given). Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal.
  • object to the processing of personal data
  • lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data

4. How can I contact you with questions regarding the processing of my personal data and the exercise of my rights?

All inquiries and statements regarding the above rights should be directed to the contact information below:

Data controller contact information: Medapp Spółka Akcyjna with its registered office in Kraków, 31-514 Kraków, ul. Władysława Beliny Prażmowskiego 60, E-mail address: biuro@medapp.pl

Data protection officer contact information: E-mail address: iodo@medapp.pl

5. Cookie information

Cookies: The www.medapp.pl website uses cookies. Cookies are small files stored in your web browser used for the following purposes:

  • Optimization – to make the use of the website easier (e.g. remembering to close messages displayed on the website)
  • Analytics – to create statistics on the basis of which the Website is able to better adapt its content to the preferences of Users
  • Marketing – to display ads that are tailored to the users’ preferences (on the basis of Article 6(1)(f) of the GDPR – the data Controller’s legitimate interest in direct marketing – if consent to the use of cookies is given)

If you do not consent to cookies being stored on your device, please change the setting of your web browser and/or block external cookies as described in the “External Cookies” paragraph below. Restricting the use of Cookies may affect some functionalities available at www.medapp.pl External Cookies: Medapp uses cookies/analogous technological solutions from the following third parties:

  • Google Ireland Limited – Google Adwords, Google Analytics – for analytical and advertising purposes (displaying Medapp ads in the Google advertising network). You can block the use of your data in Google Analytics at any time here
  • Facebook Inc. – Facebook Pixel – for analytical and advertising purposes (displaying Medapp ads in the Facebook advertising network). You can at any time review the terms of processing of your data, including blocking the use of your data by Facebook here.
  • Hotjar Ltd – HotJar – a solution used for analytical purposes (anonymous analysis of user behavior on the Website). You can block the use of your data by HotJar here.

The solutions mentioned above are used to tailor advertising to users’ preferences and for analytical purposes. These solutions allow us to track Users’ actions within the website (e.g., viewing a particular subpage within the website). On this basis, the User may be shown Medapp advertisements within the Google / Facebook advertising network. You can find more information about cookies in the “Help” section of your web browser menu.