PRIVACY POLICY OF AN INTERNET STORE

The Operator of this Internet Store and the Service Provider is seated in London, address 590 Kingston Road, London, SW20 8DN, Great Britain registered in the Registration of Companies (Companies House) under No. 10225593. It is possible to contact the Operator via dedicated contact form available at a bookmark: „CONTACT” at the Operator’s Internet Website: https://healthlabspharm.com

TABLE OF CONTENT:

  1. GENERAL PROVISIONS
  2. BASICS OF DATA PROCESSING
  3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE INTERNET STORE
  4. DATA RECEIVERS IN THE INTERNET STORE
  5. PROFILING IN THE INTERNET STORE
  6. RIGHTS OF PERSONS THAT THE DATA REFER TO
  7. COOKIES IN THE INTERNET STORE, PERFORMANCE DATA AND ANALYTICS
  8. FINAL RESOLUTIONS
  1. GENERAL PROVISIONS

    1. This privacy policy of the Internet Store has an informative nature, which means that it is not a source of obligations of persons that the data refer to. The privacy policy contains mostly the rules concerning personal data processing by the Administrator in the Internet Store in the scope, in which the Administrator provides Electronic Services with the intermediation of the Store, including the basics, the purposes and scope of personal data processing and rights of persons that the data concern as well as information on the scope of application of cookie files and analytical tools in the Internet Store.
    2. The Administrator of personal data gathered via the Internet Store is the Operator assigned at the beginning of this policy (hereinafter referred to as “Administrator”). The Operator is the administrator only in the scope, in which personal data are processed by him in relation with the provision of Electronic Services. The Operator processes the personal data in relation with entering into and completion of Sales Agreements only as the processing unit. The Administrator of personal data processed in relation with concluding and completing Sales Agreements is the Sale, who processes personal data for purposes and on rules specified in the Privacy policy available at the website.
    3. The person that the data refer to may contact the Administrator in particular via the Contact Form.
    4. Personal data are processed by the Administrator in accordance with binding provisions of law, in particular in accordance with art.13 sec. 1 and 2 of the European Parliament and Council Disposition (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with processing of personal data and on quashing the Directive 95/46/EC (general disposition on data protection) (hereinafter "RODO", „GDPR” or "GDPR Disposition". The official text of the GDPR Disposition Link
    5. Using the Internet Store, including the use of a Newsletter, is voluntary. Similarly, providing personal data by the person using the Internet Store is voluntary, with a reservation of two exceptions: (1) concluding agreements with the Administrator - failure to provide, in cases and in the scope indicated in the Internet Store website and in the Internet Store Regulations and this privacy policy, personal data necessary to enter into an agreement for the provision of Electronic Service with the Administrator results with lack of possibility to enter into this agreement. Giving the personal data in such a case if a contractual requirement and if the person that the data refer to wants to conclude a given agreement with the Administrator, then he or she is obliged to provide the required data. Every time the scope of data required to enter into the agreement is indicated in advance in the Internet Store website and in the Internet Store Regulations; (2) Administrator's statutory obligations - providing personal data is the statutory requirement resulting from commonly binding provisions of law imposing on the Administrator the obligation of personal data processing and in case if they are not given it will disable the Administrator's fulfillment of his obligations.
    6. The Administrator undertakes special efforts to protect the interest of persons, that the personal data refer to, especially he is responsible and represents that the data that he gathers are: (1) processed in accordance with the law; (2) gathered for marked, legal purposes and are not subject to further processing not compliant with these purposes; (3) substantially correct and corresponding to the purposes for which they are processed; (4) stored in a form, which enables the identification of persons they refer to, not longer than it is necessary to achieve the purpose of data processing and (5) processing in a way, which ensures respective safety of personal data, including protection against forbidden or illegal processing, accidental loss, destruction or damage with respective technical or organizational means.
    7. Accounting for the nature, scope, context and purposes of processing and risk of infringement of rights or freedoms of natural persons with various probability and weight of the risk, the Administrator implements respective technical and organizational means so that the processing is in accordance with GDPR and so that it is possible to prove it. The means, when necessary, will be subject to review and updated. The Administrator applies technical means preventing obtaining and modifying the electronically sent personal data by unauthorized persons.
    8. All words, expressions and acronyms appearing in this privacy policy and starting with a capital letter (for example Seller, Operator, Internet Store, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Internet Store available in the Internet Store sites.
  2. BASICS OF DATA PROCESSING

    1. The Administrator is authorized to process personal data in cases, when - and in such a scope, in which - at least one of the following conditions is fulfilled: (1) the person, that the data concern, gave his or her consent for the processing of his or her personal data for one or more specific purposes; (2) processing is necessary to execute the agreement, where the party is the person, whom the data concern, before entering into the agreement; (3) processing is necessary to fulfill the legal obligation of the Administrator; or (4) processing is indispensable for purposes, which result from legally justified interests realized by the Administrator or by a third party, except for a situation, in which basic rights and freedoms of the concerned person have the imperative nature towards these interests, which require protection of personal data, especially, when the concerned person that the data concern, is a child.
    2. Processing of personal data by the Administrator every time needs at least one of the basic factors indicated in item 2.1 of Privacy Policy Specific basics of processing personal data of persons using the Internet Store Clients by the Administrator are indicated in the next item of the Privacy Policy - with reference to a given purpose of processing personal data by the Administrator.
  3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE INTERNET STORE

    1. Every time the purpose, the basis, the period and scope of the Recipient's personal data processed by the Administrator results from actions undertaken in the Internet Store by the person that the data refer to.
    2. The Administrator may process personal data in the Internet Store for the following purposes, on the following rules, in periods and in the following scope:
      Purpose of data processing Legal basis of processing and period of data storage Scope of data processing
      Completion of the Agreement for the provision of Electronic Services by the Administrator

      or undertaking actions on the demand of a person that the data refer to, before entering into the above mentioned agreement
      Article 6 sec. 1 letter b) of the GDPR Disposition (agreement execution)

      The data are stored for a period, which is indispensable for the execution, termination or expiration of an agreement concluded otherwise.
      The maximum scope: name and surname, electronic address; telephone number: address for delivery (street, house number, apartment number, postal code, city, country), address of residence/business/headquarters (if different than the address for delivery).

      In case of Clients, who are not consumers, the Administrator may additionally process the business dame and the tax ID number (NIP) of the Service Recipient or Client.
      The Administrator’s direct marketing Article 6 sec. 1 letter f) of the GDPR Disposition (legally reasonable interest of the Administrator)

      The data are stored for the period of existence of a legally reasonable interests realized by the Administrator, but no longer than for the period of limitation of claims in relation to the person that the data refer to, on account of a business activity ran by the Administrator. The limitation period is specified by the provisions of law, especially the civil code (the basic term of limitation for claims connected with running economic activity is three years).

      The Administrator may not process data for the purposes of direct marketing in case if an effective objection is expressed in this scope by the person that the date refer to.
      Electronic mail address, telephone number
      Marketing Article 6 sec. 1 letter a) of the GDPR Disposition (consent)

      The data are stored until the moment of withdrawal of a consent by the concerned person for a further data processing for this purpose.
      Name, electronic mail address, telephone number
      Running accountancy books by the Seller Article 6 sec. 1 letter c) of the GDPR Disposition in relation with art. 74 sec. 2 of the law on accountancy of 30 January 2018 (J. of Laws 2018 item 395)

      Thee data are stored for a period required by the provisions of law, which order the Administrator the storage of accountancy books (5 years, counting as of the beginning of the year following the turnover year that the data refer to).
      Name and surname; address of residence/enterprise/headquarters (if different than the delivery address), name of the company and the Client's tax identification number (NIP).
      Establishing, pursuing or protection of claims that the Administrator may have or which might be raised against Administrator Article 6 sec. 1 letter f) of the GDPR Disposition

      The data are stored for the period of existence of a legally reasonable interests realized by the Administrator, but no longer than for the period of limitation of claims in relation to the person that the data refer to, on account of a business activity ran by the Administrator. The limitation period is specified by the provisions of law, especially the civil code (the basic term of limitation for claims connected with running economic activity is three years, and for the sales agreement two years).
      Name and surname, electronic address; telephone number: address for delivery (street, house number, apartment number, postal code, city, country), address of residence/business/headquarters (if different than the address for delivery).

      In case of Clients, who are not consumers, the Administrator may additionally process the business dame and the tax ID number (NIP) of the Client.

      Purpose of data processing

      Completion of the Agreement for the provision of Electronic Services by the Administrator or undertaking actions on the demand of a person that the data refer to, before entering into the above mentioned agreement

      Legal basis of processing and period of data storage

      Article 6 sec. 1 letter b) of the GDPR Disposition (agreement execution)

      The data are stored for a period, which is indispensable for the execution, termination or expiration of an agreement concluded otherwise.

      Scope of data processing

      The maximum scope: name and surname, electronic address; telephone number: address for delivery (street, house number, apartment number, postal code, city, country), address of residence/business/headquarters (if different than the address for delivery).

      In case of Clients, who are not consumers, the Administrator may additionally process the business dame and the tax ID number (NIP) of the Service Recipient or Client.

      Purpose of data processing

      The Administrator’s direct marketing

      Legal basis of processing and period of data storage

      Article 6 sec. 1 letter f) of the GDPR Disposition (legally reasonable interest of the Administrator)

      The data are stored for the period of existence of a legally reasonable interests realized by the Administrator, but no longer than for the period of limitation of claims in relation to the person that the data refer to, on account of a business activity ran by the Administrator. The limitation period is specified by the provisions of law, especially the civil code (the basic term of limitation for claims connected with running economic activity is three years).

      The Administrator may not process data for the purposes of direct marketing in case if an effective objection is expressed in this scope by the person that the date refer to.

      Scope of data processing

      Electronic mail address, telephone number

      Purpose of data processing

      Marketing

      Legal basis of processing and period of data storage

      Article 6 sec. 1 letter a) of the GDPR Disposition (consent)

      The data are stored until the moment of withdrawal of a consent by the concerned person for a further data processing for this purpose.

      Scope of data processing

      Name, electronic mail address, telephone number

      Purpose of data processing

      Running accountancy books by the Seller

      Legal basis of processing and period of data storage

      Article 6 sec. 1 letter c) of the GDPR Disposition in relation with art. 74 sec. 2 of the law on accountancy of 30 January 2018 (J. of Laws 2018 item 395)

      Thee data are stored for a period required by the provisions of law, which order the Administrator the storage of accountancy books (5 years, counting as of the beginning of the year following the turnover year that the data refer to).

      Scope of data processing

      Name and surname; address of residence/enterprise/headquarters (if different than the delivery address), name of the company and the Client's tax identification number (NIP).

      Purpose of data processing

      Establishing, pursuing or protection of claims that the Administrator may have or which might be raised against Administrator

      Legal basis of processing and period of data storage

      Article 6 sec. 1 letter f) of the GDPR Disposition

      The data are stored for the period of existence of a legally reasonable interests realized by the Administrator, but no longer than for the period of limitation of claims in relation to the person that the data refer to, on account of a business activity ran by the Administrator. The limitation period is specified by the provisions of law, especially the civil code (the basic term of limitation for claims connected with running economic activity is three years, and for the sales agreement two years).

      Scope of data processing

      Name and surname, electronic address; telephone number: address for delivery (street, house number, apartment number, postal code, city, country), address of residence/business/headquarters (if different than the address for delivery).

      In case of Clients, who are not consumers, the Administrator may additionally process the business dame and the tax ID number (NIP) of the Service Recipient or Client.

  4. RECIPIENTS OF DATA

    1. For the proper functioning of the Internet Store and also for the provision of Electronic Services it is necessary to use services of outsourced entities (such as the software provider). Moreover, whereas the Internet Store is carried out and managed by the Operator, who organizes the conclusion of Sales Agreements between the Seller and the Client, it is also possible to share the Seller's personal data in connection with undertaking activities connected with a conclusion of a Sales Agreement. Administrator uses only the services of such processing entities, who ensure sufficient guarantees of implementing relevant technical and organizational means, so that the processing meets the requirements of the RODO disposition and protects the rights of persons that the data concern.
    2. Providing the data by the Administrator does not occur in every case and not to all recipients indicated in the privacy policy or in the category of recipients - Administrator provides the data only when it is indispensable for a completion of a given purpose of processing personal data and only in this scope necessary to fulfill this purpose. For example if a client uses a Contact Form without entering into a Sales Agreement, his data are not passed to the Seller, unless it is required by the person that the data refer to.
    3. Personal data of Clients may be passed to the following recipients or category of recipients:
      1. providers of accountancy services, legal and advising services ensuring to the Administrator the accountancy, legal or consulting support (especially accounting office, law firm or debt collection firm) - the Administrator provides the gathered personal data of the Client to a chosen supplier acting on his behalf only in case and in the scope necessary to complete a given purpose of data processing, which is in accordance with this privacy policy.
    4. Clients’ personal data will not be delivered to other countries.
  5. PROFILING IN THE INTERNET STORE

    1. The GDPR Disposition imposes on the Administrator the obligation to inform about automated decision making, also about profiling mentioned in art. 22 sec. 1 and 4 of the GDPR Disposition and - at least in these cases - relevant information about rules of undertaking them, and about the meaning and expected consequences of such processing for the person the data refer to. Considering the above the Administrator, in this point of privacy policy, provides information concerning a possible profiling.
    2. The Administrator may use the profiling in the Internet Store for direct marketing purposes, but decisions made on this basis by the Administrator do not refer to concluding or refusing the conclusion of the Sales Agreement, or the possibility to use Electronic Services in the Internet Store. The effect of using the profiling in the Internet Store may be for example giving a discount to a given person, sending him or her a discount code, reminding about unfinished purchasing, sending a Product proposal, which may correspond to interests or preferences of a given person or proposing him or her better conditions in comparison to the standard offer of the Internet Store. Despite profiling it is the particular person, who undertakes the decision freely, whether he or she wants to use the discount received in this way or better conditions and make shopping in the Internet Store.
    3. Profiling in the Internet Store consists in an automatic analysis or forecast of a given person's behaviour in the Internet Store, for example by adding a specific Product to the basket, looking through particular Product sites in the Internet Store, or by the analysis of the existing history of made purchases in the Internet Store. A condition of this profiling is the Administrator's having personal data of such a person so that he can later send him or her a discount code.
    4. The person that the data refer to, is entitled not to be subject to the decision, which is based only on automated processing, including profiling and results legal effects towards this person or influences him or her in any different way.
  6. RIGHTS OF PERSONS THAT THE DATA REFER TO

    1. Right of access, adjustment, limitation, deletion or transfer - the person that the data refer to, is entitled to claim from the Administrator access to his or her personal data, adjust them, delete them ("right to be forgotten") or limit the processing and is entitled to object against the processing, and is also entitled to transfer his or her data. Detailed terms and conditions or executing the above mentioned rights are indicated in art. 15-21 of the GDPR Disposition.
    2. Right to withdraw the consent at any moment – the person, whose data are processed by the Administrator based on a granted consent (based on art. 6 sec. 1 letter a) or art. 9 sec. 2 letter a) of the GDPR Disposition), he or she is entitled to withdraw the consent at any moment without the influence on the compliance with the processing rights, which was made based on the consent before it was withdrawn. Withdrawal of a consent is possible via a Contact Form or by clicking a relevant link in the e-mail address.
    3. Right to raise a complaint to a supervisory authority – the person, whose data are processed by the Administrator, is entitled to raise a complaint to the supervisory authority in the method and in the mode specified in the provisions of the GDPR Disposition and the Polish law, especially the law on the protection of personal rights. The Supervisory Authority in Poland is the President of the Personal Data Protection.
    4. Right of Objection - the person that the data refer to, is entitled, at any moment, to raise an objection - for reasons connected with his or her specific situation - against processing his or her personal data based on art. 6 sec. 1 letter e) (interest or public tasks) or f) (legally reasonable administrator's interest), including profiling based on these regulations. In such a case the Administrator is not allowed to process the personal data, unless he proves the existence of important, legally reasonable basis to process, overriding towards interests, rights and freedoms of the person that the data refer to, or basics to establish, pursue or protect claims.
    5. Right of objection concerning direct marketing - if given personal data are processed for the needs of direct marketing, the person that the data refer to, is entitled, at any moment, to have claims against processing his or her personal data for the needs of such a marketing, including profiling, in the scope, in which processing is connected with such direct marketing.
    6. To complete the rights mentioned in this item of privacy policy it is possible to contact the Administrator by sending a respective message in writing or electronically to the address of the Administrator indicated in the preamble of the privacy policy or with the use of the contact form available in the Internet Store website.
  7. COOKIES IN THE INTERNET STORE, PERFORMANCE DATA AND ANALYTICS

    1. Cookie Files are small pieces of text messages in the form of text files, sent by a server and sent on the part of the person visiting the Internet Store (for example on a hard disk of a computer, laptop or smart phone flash card - depending on the device used by the visitor of the Internet Store). Detailed information concerning Cookies and their history may be found here: Link
    2. The Operator may process the data contained in the Cookie files while the visitors use the Internet Store for the following purposes:
      1. identification of Clients as logged in the Internet Store and showing that they are logged in;
      2. memorizing Products added to the basket to make an Order;
      3. memorizing data from the fulfilled Order Forms, questionnaires or logging data to the Internet Store;
      4. adjusting the content of the Internet Store to individual preferences of the Service Provider (for example concerning colors, size of characters, site layout) and optimization of the use of the Internet Store;
      5. running anonymous statistics presenting the way of using the Internet Store;
      6. remarketing, namely analyzing the features of the Internet Store visitors by anonymous analysis of their actions (such as repeating visits at particular sites, key words etc.) to create their profile and provide them adverts adjusted to expected interests, also when they visit other Internet websites in the advertising network of Google Inc. and Facebook Ireland Ltd.;
    3. 3. As a standard, most Internet browsers available in the market accepts by default the saving of Cookie files. Everybody has the possibility of specifying the terms of using the Cookie files with the support of setting of his or her own Internet browser. It means that it is possible to restrict partially (for example temporarily) or completely switch off the option to save Cookies - in the last case however it may influence certain functionalities of the Internet Store (for example it may appear to be impossible to go through the Order path by the Order Form due to the fact that the Products in the basket are not remembered during the next steps of making the Order).
    4. 4. The settings of the Internet Browser in the scope of Cookie files are relevant form the point of view of a consent for the use of Cookie files by our Internet Store - in accordance with legal provisions such a consent may also be expressed by settings of the Internet browser. In case if no such consent is granted the Internet browser settings in the scope of Cookie files should be changed accordingly.
    5. 5. Detailed information on the change of settings concerning Cookie files and their individual deletion in the most popular Internet browsers are available in the section of the Internet Browser help and in the following websites (it is enough to click a given link):
      in the Chrome browser
      in Firefox browser
      in Internet Explorer browser
      in the Opera browser
      in Safari browser
      in the Microsoft Edge browser
    6. The Administrator may use the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The services help the Administrator analyze traffic in the Internet Store. The gathered data are processed in the framework of the above services in an anonymous manner (they are so called operational data, which disable a person's identification) to generate statistics helpful to the Administrator in the Internet Store. The data have a collective and anonymous nature, namely they do not contain any identifying features (personal data) of the persons visiting the Internet Store website. The Administrator, when using the above services in the Internet Store gathers such data as sources and medium of soliciting the visitors of the Internet Store and the method of their behaviour in the website in the Internet Store, information on the devices and browsers from which they enter the website, IP and domain, geographical data and demographical data (age, gender) and interests.
    7. It is possible that a given person easily blocks sharing information about him or her with Google Analytics, as well as his or her activity in the Internet Store - for this purpose it is possible to install an addition to the browser provided by Google Inc., available here: Link.
    8. The Administrator may use the service of Facebook's Pixel in the Internet Store provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The service helps the Administrator measure the effectiveness of adverts and find out what actions the visitors of the Internet Store do and display profiled adverts to these visitors. Detailed information about Facebook's Pixel activity may be found under the following Internet address: Link.
    9. It is possible to manage the Facebook's Pixel by advertising set-ups at one's account at Facebook.com: Link
  8. FINAL RESOLUTIONS

    1. 1. The Internet Store may contain links to other Internet websites. The Operator encourages to get acquainted with privacy policy established for such other Internet websites. This privacy policy concerns only the Operator's Internet Store.