Privacy Policy and GDPR

Privacy Policy for Business Partners
of Farmacom Sp. z o.o. sp. k.

This Data Protection Policy for Business Partners (hereinafter: “Policy”) sets forth the rules governing the processing by Wydawnictwo Farmacom Sp. z o.o. (hereinafter: “Controller”) of personal data belonging to:

• individuals who are business partners of the Controller or who intend to enter into a business relationship with the Controller as part of their business activities;
• individuals who are employees of the Controller’s contractors (regardless of their form of employment) and who have been designated by such a contractor as the persons responsible for cooperating with the Controller or for establishing such cooperation.
• hereinafter collectively referred to as “Representatives”.

1. This Policy applies to personal data collected by the Controller (or on its behalf) both from the Representative’s employer and directly from the Representative (hereinafter: “Personal Data”).
2. This Policy fulfills the obligation referred to in Articles 13 and 14 of Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR.”
3. From the moment Personal Data is collected, the Controller assumes the role of data controller for the Representatives’ personal data within the meaning of the GDPR. The Controller’s contact information is as follows: Wydawnictwo Farmacom Sp. z o.o., with its registered office in Wodzisław Śląski (44-300) at ul. św. Jana 16.
4. The administrator may process the following data regarding Representatives: first name, last name, place of work, job title, and contact information (mailing address, phone number, email address, and social media accounts).
5. The basis for processing representatives’ data is the Controller’s legitimate interest—the ability to establish and maintain a business relationship or contact with a business partner through a representative (Article 6(1)(f) of the GDPR).
6. Representatives’ Personal Data will be processed until the cooperation between the Controller and the contractor is definitively terminated. Personal Data may be deleted earlier—if the Controller receives an objection to processing from the representative, or if the Controller determines that it no longer needs the data to achieve a legitimate purpose (contact with the contractor).
7. The Controller will not delete Personal Data within the timeframe specified in the preceding paragraph if their retention is required by applicable law or is necessary for the settlement of accounts or the assertion of claims in connection with the business activities of the contractor and its Representative.
8. Personal Data may be disclosed by the Controller to entities that provide services to the Controller (including external IT, courier, HR, and accounting firms, as well as those handling contractor services). Personal Data may also be transferred to other interested parties (including those independent of the Controller) if the Representative has provided it in a form that clearly indicates that they wished for third parties to contact them regarding business matters.
9. Each Representative has the right to:
   – obtain information regarding the processing of Personal Data, including the categories of Personal Data being processed and any recipients of the data,
   – request the correction of inaccurate Personal Data or the completion of incomplete Personal Data, request the erasure or restriction of the processing of Personal Data—provided that the request will be granted if the legal requirements for such a request are met,
   
   – to have Personal Data transferred – by receiving the data from the Controller in a format that allows it to be transmitted to a third party of your choice,
   00 – 193 Warsaw – if it is determined that Personal Data is being processed unlawfully.
10. All requests, questions, and inquiries regarding the processing of Personal Data should be directed to [email protected]
11. Each of the Administrator’s business partners is required to inform the Representatives they employ of the contents of this Policy.
12. This Policy takes effect on May 25, 2018.