This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the services of POLFABION Spółka z oo through the Website.

  1. The controller of personal data contained in the website is POLFABION Spółka z o. O. With registered office in Poznań at Ptasia 10, postal code: 61-316, with the tax identification number NIP: 7792439180, REGON: 36365735100000. Pursuant to the Privacy Policy, the Controller will manage and administer the Website from the technical side and manage and process personal data.
  2. For the sake of security of personal data entrusted to us, we have developed internal procedures and recommendations to prevent unauthorized access to data. We control their performance and constantly check their compliance with the relevant legal acts – the Personal Data Protection Act, the Electronic Services Provision Act, as well as any type of secondary legislation and EU legislation. The data security procedures applied by the Administrator effectively protect data against any interference by third parties.
  3. Personal Data are processed on the basis of the consent expressed by the User and in cases where the law authorizes the Controller to process personal data on the basis of law or to implement the contract concluded between the parties.
  4. The website collects information about users and their behaviours in the following way:
  5. through information entered voluntarily in forms;
  6. by collecting “cookie” files [see “cookie files” policy].
  7. The User may browse the Website pages anonymously. However, the User’s use of the Website may require providing personal data in the form. The website collects information provided by the User. The User has the right not to provide personal data, which will result in the inability to use the services offered by the Website.
  8. The data provided by the User in the form are processed for the purposes specified in in the consents received by the Administrator, in order to properly provide services provided via the Website, including the purpose resulting from the function of a specific form, e.g. to process the contact information.
  9. The personal data left on the site will not be sold or made available to third parties, unless the Controller obtains the User’s consent for this purpose, or unless it is necessary to provide services to the User or unless the Controller is obliged to do so under applicable law.
  10. The Administrator provides for the User’s data to be entrusted to external entities under section 31 of the Act. Entrusting the data will take place only for the purpose of processing them for the benefit and at the request of the Controller. Data may be entrusted to the following categories of entities:
  11. providing IT services (execution of orders related to
  12. the functioning of the Website, repair of service failures, etc.),
  13. providing hosting (servers on which files and data related to the functioning of the Website will be collected),
  14. providing accounting services (issuing invoices and bills);
  15. operators of electronic payment systems
  16. providing services in delivering parcels and correspondence to Users,
  17. providing marketing and advertising services,
  18. providing legal services.
  19. By entrusting data to third parties, the Controller practises the utmost diligence to ensure that external entities apply the appropriate level of security required by relevant regulations and to this end, enters into appropriate agreements.
  20. The collected information about Users shall be retained by the Controller for as long as it is justified from the point of view of the purposes of data collection.
  21. The data contained in the form may be viewed by a natural person who submitted it. A user may request the Administrator of Personal Data to exercise their rights, including asking for information and explanations regarding their personal data being processed.
  22. The User has the right to access the data, demand its rectification, remove or limit the processing, object to their processing, transfer data to the personal data indicated by the User, as well as the right to lodge a complaint to the supervisory body.
  23. The User has the right to withdraw consent to the processing of their personal data at any time. The consent to the processing of personal data provided to the Administrator may be withdrawn via the following e-mail address: pomoc@medicalhemp.pl.
  24. Personal data processing does not involve automated decision-making, including profiling.
  25. We reserve the right to change the Privacy Policy of the Website, which may be affected by the development of Internet technology, possible changes in the law regarding the protection of personal data and the development of our Website. We will inform you about any changes in a visible and understandable way.
  26. The Website may contain links to other websites. Such websites operate independently of the Website and are not in any way supervised by the www.medicalhemp.pl website, and the Controller is not responsible for the activities and services provided by a third party, as part of the above-mentioned websites. These sites may have their own privacy policies and regulations which should be read.
  27. If in doubt about any of the provisions of this privacy policy, we are available – our data can be found in the tab – CONTACT.