Privacy and Cookie policies
This document concerns the processing and protection of users' personal data while using the VM Media sp.z o.o. VM Group sp.k. websites (hereinafter the "Website").
1. General information
1. The Website operator and the administrator of personal data provided on the Website is VM Media Sp. z o. o. VM Group Sp. k. with its registered office in Gdańsk, Poland (80-180) at Świętokrzyska 73, hereinafter "Administrator" or "Operator".
2. The Administrator, in order to respect the right to privacy of Website users (hereinafter "Users"), protects their data and applies appropriate organizational and technical solutions to prevent interference with users' privacy by third parties.
3. The legal basis of the Administrator's activities indicated in point 1.2 is constituted by the following legal acts:
a) Regulation of the European Parliament and of the European Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC;
b) The Act of 18 July 2002 on the provision of electronic services;
c) The Act of 16 July 2004 Telecommunications Law.
4. Providing personal data by the User is voluntary, and when completing the forms necessary to operate the Website.
5. The Website uses personal data for the following purposes:
a. Keeping and distributing an electronic newsletter (hereinafter: Newsletter)
b. Online chat conversations
c. Handling Users' queries via the form
d. Preparation, packaging and shipping of goods
e. Implementation of ordered services
f. Debt collection
g. Presentation of an offer or information on products and services
6. The Website collects User’s data:
a) in the case of a User not registered on the Website, only personal data that is transferred to the Website server by the User's browser. While browsing the content of the Website, the following data, that is necessary for the Operator for technical reasons to display the Website and guarantee its stability and security, is collected:
- IP address;
- date and time of the request;
- the difference in the User's time zone compared to Greenwich Mean Time (GMT);
- the content of the request (specific page);
- access status / HTTP response code;
- the amount of data transmitted;
- website from which the request comes;
- browser type;
- operating system and its interface;
- language and version of the browser software.
b) in the case of a User registered on the Website, also the following additional data indicated by the User in the form:
- name and surname;
- prefessional status;
- professional license number (PWZ number);
- e-mail address;
- landline and mobile phone number;
- fax number;
- medical specialties - if the User has any;
- medical interest profiles (declared and determined based on purchases);
- transaction history (including what and when the User bought, discount codes used, methods of payment);
- information on how the Website was used (if the User has consented to cookies);
- information about the device used to visit the Website, including its settings (e.g. browser type, screen resolution);
- communication history with Website;
- additional information that the User may have included in the e-mail correspondence or which he could have given during the telephone conversation with the Operator's representative;
- consents granted by the User.
Whereas the data provided in the form by the User are processed for the purpose resulting from the function of a specific form, e.g. to process the service request or business contact, service registration, etc. Each time the context and description of the form clearly indicates what it is used for.
c) In addition to the data listed in points a and b, cookie files are saved on the User's device when using the Website.
2. Data protection methods used by the Administrator
1. The isolation of the Website's servers from the external network forces to have VPN (Virtual Private Network) connections to these servers in order to log in to them, even if the Administrator password is known. Thanks to this mechanism, the data is protected from interference by third parties.
2. The Users' passwords are not stored in the public, but hashed. The hash function works in one direction - it is not possible to reverse its operation, which is now a modern standard in the field of storing user passwords, which significantly increases their security.
3. The Administrator also periodically changes his administrative passwords, thanks to which the possibility of obtaining them by third parties is significantly limited.
4. An important element of data protection is the regular update of all software used by the Administrator to process personal data, which in particular means regular updates of programming components.
3. User rights and additional information on how to use personal data
1. In order to fulfill the obligations arising from the provisions on the protection of personal data indicated in point 1.3 and to ensure real data protection, the Administrator appointed the Data Protection Officer.
2. The Data Protection Officer is Krzysztof Bielicki, correspondence address: Świętokrzyska 73, 80-180 Gdańsk Poland, e-mail address: firstname.lastname@example.org.
3. The Administrator reserves the right to transfer personal data to other entities if it is necessary to perform the contract concluded with the User or to fulfill the obligations incumbent on the Administrator. This applies to the following groups of entities:
- companies dealing with the administration of the Operator's systems
- entities performing software for the Operator
- entities performing marketing shipments
- postal operators
- law firms and debt collection companies
- payment operators
- public authorities
- comment system operators
- online chat operators
- authorized employees and associates who use data to achieve the entity's purpose
- entities providing marketing services to the Operator
4. The Administrator processes personal data for a period not longer than is necessary for the purposes for which these data are processed.
5. The User has the right to:
- access the data;
- correct the data;
- delete or limit the data processing.
6. The Administrator's actions may be subject to a complaint to the President of the Office for Personal Data Protection, Stawki 2, 00-193 Warsaw Poland.
7. The Administrator reserves the right to take actions with respect to Users consisting of automated decision making, including profiling for the provision of services under a concluded contract and for the purpose of conducting direct marketing by the Administrator.
8. Personal data are not transferred to third countries within the meaning of Regulation of the European Parliament and of the European Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 /IN. Thus, the collected personal data will not be sent outside the European Economic Area (EEA).
1. Subject to consent to this, the User may subscribe to the Newsletter, with the help of which he will obtain information about interesting, current offers of the Website. The advertised goods and services are specified in the consent to the processing of personal data.
2. The Website records the IP address and the date and time of submitting the Newsletter and confirming it. The purpose of this procedure is to confirm the User's application and the possibility of clarifying any abuse of the personal data provided at the application.
3. The User confirms the subscription to the Newsletter in the double opt-in model. He receives an e-mail to the e-mail address provided during registration, after which he must confirm the willingness to subscribe and the correction of the e-mail address.
4. The User may at any time withdraw his consent to send the Newsletter and resign from receiving it. An appeal can be submitted by clicking on the link provided in each Newsletter.
5. Cookies information
2. The entity placing Cookies on the User's end device and accessing them is the Operator.
3. Cookies are used for the following purposes:
a) maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
b) achieving the objectives set out in point 6 "Google Analytics" and point 7 "Important marketing techniques".
4. The Website uses two basic types of Cookies: session cookies and persistent cookies. The "session" Cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (i.e. web browser).
The "permanent” Cookies are stored on the User's end device for the time specified in the Cookie Files parameters or until they are deleted by the User.
5. The scope of information collected automatically by Cookies depends on the User's web browser settings. It is recommended that the Users check their browser settings to determine what information is provided by the browser automatically or to change these settings. The detailed information on this subject can be found in the help or documentation menu of the web browser.
7. If the User does not want to receive Cookies, he may change the browser settings. We reserve that disabling Cookies necessary for authentication processes, security, maintaining User's preferences may make it difficult, and in extreme cases may prevent the use of the Website.
6. Google Analytics
1. The Administrator uses statistical analysis of Website traffic using the Google Analytics internet service analysis tool offered by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google Analytics analyzes the use of the Website using Cookies described in more detail in point 5.1. The information collected by this tool in connection with the use of the Website (e.g. referring URL, pages visited by the User, browser type, language settings, operating system, screen resolution) are transferred to the Google Inc. server, where they are stored and based on them the manner of using the Website by the User is analyzed, reports on Website activity are prepared and further services related to the use of the Website and the Internet are provided to the Website owner. The results of these analyzes are made available to the Administrator only in an anonymous form. The IP address provided by the User's browser as part of the Google Analytics service is not compiled by Google Inc. with other data. In addition, Google Analytics has an information security management system certificate that complies with the requirements of ISO 27001 in the area of Privacy Protection in the EU and the US, which ensures that an adequate level of data protection is maintained with respect to data processing by Google Inc. in the US.
2. It is possible to withdraw consent to the use of the Website analysis at any time by refusing to consent to the placement of a Cookie in the User's device (details in point 5.7). In addition, the User may prevent Google Inc. from downloading data obtained by the Cookie and related to its use of the Website (including the IP address), as well as the processing of this data by Google Inc if the User installs the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
3. The Website uses Google Analytics to analyze the use of the Website and its regular improvement. Thanks to the statistics obtained, the Operator can improve its offer and make it more interesting for Users.
7. Important marketing techniques
2. The Website uses the Facebook Pixel tool (offered by Facebook Inc. based in 1 Hacker Way, Menlo Park, California 94025 USA). This tool informs Facebook Inc. about the fact that a given person registered on Facebook uses the Website. In this case, it is based on data for which it is itself an administrator. The Administrator does not provide any personal data to Facebook. The service is based on the use of Cookie files on the User's end device.
3. The Website uses a solution that tests Users' behavior by creating heat maps and recording behavior on the Website. This information becomes anonymous before it is sent to the service operator so that he does not know what User they are about. Entries and other personal data are not recorded.
4. Solutions are used to automate the operation of the Website with regard to Users, e.g., which may send an email to the User after visiting a specific subpage, provided that he has agreed to receive commercial correspondence from the Administrator.