Certificate
Privacy and Cookies Policy of the Online Store
dabia.eu
This document specifies the terms and conditions for the processing of personal data (hereinafter also referred to as “data”) and cookies within the online store dabia.eu, operated via the website made available at the URL: dabia.eu (hereinafter referred to as the “Store”).
§1. HOW TO CONTACT THE DATA CONTROLLER
The controller of personal data processed within the Store is Horizon Medical Concept Sp. z o.o., with its registered office in Warsaw (00-844) at ul. Grzybowska 87, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000374166, NIP 5242725459, and REGON 142741114.
You can contact the Data Controller by phone at +48 880 687 099 or via email at kontakt@dabia.eu.
§2. ON WHAT BASIS DO WE PROCESS YOUR DATA
When collecting personal data, we always inform you of the legal basis for its processing. This basis arises from the provisions of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – General Data Protection Regulation).
When we refer to:
● Article 6(1)(a) of the GDPR – it means that we process personal data on the basis of your consent,
● Article 6(1)(b) of the GDPR – it means that we process personal data because it is necessary for the performance of a contract or to take steps at your request prior to entering into a contract,
● Article 6(1)(c) of the GDPR – it means that we process personal data because it is necessary for compliance with a legal obligation to which the Data Controller is subject,
● Article 6(1)(f) of the GDPR – it means that we process personal data in order to pursue legitimate interests.
§3. INFORMATION ON PROCESSING OF WEBSITE USERS’ DATA
1. From the moment you access our website, and in order to ensure the security of our services, we process the following information:
a. the IP address of the device from which the request originated;
b. the date and time of the request;
c. the number of bytes transmitted by the server;
d. the URL of the previously visited page, where the visit occurred via such a link; e. information on any errors encountered when fulfilling the request.
2. Where the information processed includes personal data, the following provisions apply. 3. The processing of these data is carried out pursuant to Article 6(1)(f) GDPR.
4. Our legitimate interest in this processing is maintaining server logs and protecting the Service from potential hacking attacks and other abuses.
5. We will retain these data for as long as is necessary to fulfill the specified purposes, and no longer than the limitation period for claims arising under separate legal provisions.
6. You have the right of access to your data, the right to rectification, erasure, restriction of processing, objection to processing, and the right to lodge a complaint with a supervisory authority.
7. Providing these data is a condition for using the Service. Failure to provide them will make it impossible to use the Service.
8. The recipients of these data are our hosting provider and IT service provider.
§4. INFORMATION ON PROCESSING OF DATA – CORRESPONDENCE AND COMMUNICATIONS
1. We may process your personal data for the purposes of direct marketing. This occurs, for example, when we reply to your e-mail, respond to an inquiry submitted via chat, or make a telephone call you have requested.
2. The processing of these data is carried out pursuant to Article 6(1)(f) GDPR. 3. We will retain your data for as long as is necessary for the purpose in question.
4. You have the right of access to your data, the right to rectification, erasure, restriction of processing, objection to processing, and the right to lodge a complaint with a supervisory authority.
5. Provision of these data is voluntary; however, failure to provide them will only preclude the execution of direct marketing activities.
6. The recipients of these data are our hosting provider and our email service provider. §5. INFORMATION ON PROCESSING OF DATA OF PERSONS PLACING ORDERS
1. We may process personal data necessary for the performance of the contract concluded with you. However, even prior to its conclusion, we may process personal data necessary to take steps at your request. Such processing is based on Article 6(1)(b) GDPR.
2. Additionally, we will process your data in order to fulfil accounting and tax obligations. Such processing is based on Article 6(1)(c) GDPR.
3. During and after the performance of the contract, we process the personal data of the contracting party for the purpose of handling and pursuing any claims. Our legitimate interest in this processing is, for example, the ability to respond to complaints, as required by separate provisions of civil law. Such processing is therefore based on Article 6(1)(f) GDPR.
4. We will retain these data for 6 years from the date of performance of the service.
5. You have the right of access to your data, the right to rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint with a supervisory authority. In the case of processing under point 3, you also have the right to object to processing.
6. Provision of these data is voluntary; however, failure to provide them will make it impossible to conclude or perform the contract.
7. Recipients of these data include our hosting provider, email service provider, IT service providers, carriers and logistics providers, warehousing providers, accounting and invoicing software providers, electronic payment service providers, and legal, advisory, and debt-collection service providers, as well as any other service providers engaged for the specified purpose.
§6. INFORMATION ON PROCESSING OF DATA OF NEWSLETTER SUBSCRIBERS
1. We offer the option to subscribe to our newsletter. If you use this functionality, we process your personal data for the purposes of sending it. The newsletter may contain advertising, commercial, or marketing content.
2. The processing of these data is carried out pursuant to Article 6(1)(f) GDPR. 3. You have the right to unsubscribe from the newsletter at any time.
4. We will retain your data until you unsubscribe or until we cease sending the newsletter.
5. You have the right of access to your data, the right to rectification, erasure, restriction of processing, data portability, objection to processing, and the right to lodge a complaint
with a supervisory authority.
6. Provision of these data is voluntary; however, failure to provide them will make it impossible to send the newsletter.
7. Recipients of these data are our hosting provider, IT service provider, email service provider, and newsletter dispatch service provider.
§7. INFORMATION ON PROCESSING OF DATA FOR THE PURPOSE OF SENDING NOTIFICATIONS
1. We offer the option to subscribe to our notifications, displayed through your web browser. If you have opted in to this functionality, we process your personal data for the purpose of sending such notifications. These notifications may contain advertising, commercial, or marketing content.
2. The processing of these data is carried out on the basis of your consent, pursuant to Article 6(1)(a) GDPR.
3. You have the right to withdraw your consent at any time. However, withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
4. We will retain your data until you withdraw your consent. If you never withdraw your consent, we will process your data until we cease sending notifications.
5. You can withdraw your consent for data processing in your web browser settings.
6. You have the right of access to your data, the right to rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint with a supervisory authority.
7. Provision of these data is voluntary; however, failure to provide them will make it impossible to send notifications.
8. Recipients of these data are our hosting provider and our advertising service provider.
§8. INFORMATION ON DATA RECIPIENTS
When processing personal data, we use external services. Accordingly, the recipients of your personal data may be third parties. We always inform you of these recipients when collecting personal data. For clarity, the categories of recipients are:
● Carriers / couriers: DPD Polska Sp. z o.o., ul. Mineralna 15, 02-274 Warsaw; InPost S.A., ul. Wielicka 28, 30-552 Kraków.
● Warehousing services provider: Popławska Group Sp. J., ul. Clareny 2, Wilczyce, 51- 361 Wrocław.
● IT services provider: Estima Group Sp. z o.o., ul. Brzozowa 4, 33-300 Nowy Sącz.
● Hosting provider: Net.pl Tomasz Rzepka & Arkadiusz Nowara S.C., ul. Bitwy Pod Monte Cassino 5/198, 33-100 Tarnów.
● Email services provider: Admin.Net.pl Tomasz Rzepka & Arkadiusz Nowara S.C., ul. Bitwy Pod Monte Cassino 5/198, 33-100 Tarnów.
● Advertising services provider: Estima Group Sp. z o.o., ul. Brzozowa 4, 33-300 Nowy Sącz.
● Accounting services provider: Verum Numerica Sp. z o.o., ul. Ludwiki 4A/135U, 01-226 Warsaw.
● Invoicing software provider: Fakturownia Sp. z o.o., ul. Juliana Smulikowskiego 6/8, 00- 389 Warsaw.
● Legal, advisory, and debt-collection service providers – appointed on an ad hoc basis, as needed.
● Newsletter dispatch service provider.
● Electronic payment service providers: Autopay S.A., ul. Powstańców Warszawy 6, 81- 718 Sopot; PayPo Sp. z o.o., ul. Domaniewska 37, 02-672 Warsaw; PayU S.A., ul. Grunwaldzka 182, 60-166 Poznań; Stripe Payments Sp. z o.o., ul. Waryńskiego 3A, 00- 645 Warsaw.
§9. ABSOLUTE RIGHTS OF DATA SUBJECTS
When we refer to rights related to the processing of your personal data, we mean the following rights. The ability to exercise these rights is independent of the legal basis for data processing.
Right of access
You have the right to obtain from us confirmation as to whether we are processing your personal data and, if so, to access the data and receive additional information on:
● the purposes of processing;
● the categories of personal data concerned;
● recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organisations;
● where possible, the envisaged retention period of the data or, if not possible, the criteria used to determine that period;
● the right to request rectification, erasure or restriction of processing, to object to processing, and to lodge a complaint with a supervisory authority;
● the source of the data, if not collected from you;
● the existence of automated decision-making, including profiling, and useful information about the logic involved and the significance and envisaged consequences of such processing for you.
Upon receiving such a request, we must provide you with a copy of the personal data undergoing processing. If the request is made electronically and unless otherwise specified, the information will be provided electronically.
Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to have incomplete data completed, including by means of providing a supplementary statement.
Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we are obliged to erase the data where one of the following grounds applies:
● you have withdrawn consent on which processing is based, and there is no other legal ground for processing;
● you have objected to processing and there are no overriding legitimate grounds for processing;
● personal data have been unlawfully processed;
● personal data must be erased to comply with a legal obligation;
● personal data have been collected in relation to the offer of information society services.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
● you contest the accuracy of the personal data, pending verification;
● processing is unlawful and you oppose erasure, requesting restriction instead;
● we no longer need the personal data for processing purposes, but you need them to establish, exercise or defend legal claims;
● you have objected to processing pending verification of whether our legitimate grounds override yours.
Right not to be subject to automated decision-making, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right does not apply if the decision is:
● necessary for entering into or performance of a contract between you and us; ● authorised by Union or Member State law with appropriate safeguards; or ● based on your explicit consent.
Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. +48 22 531 03 00, fax +48 22 531 03 01, email: kancelaria@uodo.gov.pl.
§10. CONDITIONAL RIGHTS OF DATA SUBJECTS
When we refer to rights depending on the legal basis for processing, we mean the following rights, exercisable only where their conditions are met.
Right to withdraw consent
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance, where processing is based on consent or on a contract and is carried out by automated means. You also have the right to have the personal data transmitted directly from us to another controller, where technically feasible, without prejudice to the rights and freedoms of others.
Right to object
Where processing is based on our legitimate interests (Article 6(1)(f) GDPR), you have the right to object at any time to processing of personal data relating to you for reasons arising from your
particular situation. Upon objection, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. This right also extends to direct marketing: if you object, we will no longer process your data for such purposes.
§11. COOKIES
The Store’s website uses cookies. Cookies are commonly used, small text files containing character strings, which are sent to and stored on the end device (e.g., computer, laptop, tablet, smartphone) used when visiting the Store. These files are sent to the browser’s storage and are returned to the website on subsequent visits. Cookies can be categorized using three criteria:
● By purpose (five categories):
○ Essential cookies – necessary for the proper functioning of the website and its features (e.g., authentication or security cookies). Without these, use of the website would be impossible.
○ Performance cookies – used to understand and analyze key performance indicators of the website, helping to provide a better user experience.
○ Functional cookies – enable certain functions, such as sharing site content on social media platforms, collecting feedback, and other third-party functions.
○ Analytical cookies – allow monitoring of pages visited, traffic sources, and time spent on the website. Their absence does not limit site functionality.
○ Advertising cookies – enable the display of personalized advertisements on or outside the website. Their absence does not limit site functionality.
● By duration:
○ Session cookies – exist until the end of the session.
○ Persistent cookies – remain after the session ends.
● By the entity managing them:
○ Our cookies.
○ Third-party cookies.
All detailed information on cookies used on our website is provided in the cookie-management tool displayed on the Store’s website.
§12. INFORMATION ABOUT COOKIE PROVIDERS
The use of third-party cookies is subject to the privacy and cookie policies of those third parties. Below are references to the privacy policies of third-party cookie providers we use:
We use cookies from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the following services:
○ Google Ads – advertising cookies used to conduct and evaluate the effectiveness of advertising campaigns run via Google Ads;
○ Google Analytics – analytical cookies used to study user behavior and traffic and to compile statistics.
The data collected by Google Inc. are anonymous and aggregate in nature. They do not contain any personally identifying information. More information can be found here: https://policies.google.com/privacy
We use cookies from Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland. More information can be found here:
www.facebook.com/privacy/policy/
§13. CONSENT TO THE USE OF COOKIES AND COOKIE MANAGEMENT Except for essential cookies, the processing of cookies takes place on the basis of the user’s consent.
Consent to the processing of cookies is voluntary and may be withdrawn at any time. However, please note that refusal to consent to certain cookies may impair or prevent use of the Store and its functionalities.
Consent may be given:
● via settings of the software installed on your end device;
● by using a button containing a statement of consent or by confirming that you have read the terms;
● via settings available within the Store’s website interface.
§14. LINKS TO OTHER WEBSITES OR SOFTWARE
The Store may contain links to other websites or software. We are not responsible for the privacy and cookie policies in force on those websites or in that software. We recommend that you review the privacy and cookie policies of those websites or software upon accessing them or before installing them.