Our products

1. Definitions

1.1. Administrator – Pharmaceutical Plants “Polpharma” S.A. based in Starogard Gdański (postal code: 83-200), ul. Pelplińska 19
1.2. Personal data – information about an identified or identifiable natural person through one or several specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, internet identifier and information collected via cookies and other similar technology.
1.3. Policy – this Privacy Policy.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Service – the website operated by the Administrator at https://api.polpharma.com/
1.6. User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

2. Processing of Personal Data in connection with the use of the Service

2.1. In connection with the User’s use of the Service, the Administrator collects data to the extent necessary to provide individual offered services. Below are detailed rules and purposes of processing Personal Data collected during the User’s use of the Service.

3. Purposes and legal basis for processing Personal Data in the Service
A) Use of the Service

3.1. Personal data of all persons using the Service are processed by the Administrator:
3.1.1. in order to provide services electronically in the scope of making available to Users content collected in the Service – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
3.1.2. in order to establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights.
B) Contact form
3.2. The Administrator provides the possibility of contacting him using an electronic contact form. Using the form requires providing Personal Data necessary to establish contact with the User and respond to the inquiry. The User may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and their non-provision results in the inability to handle. Providing other data is voluntary.
3.3. Personal data are processed in order to identify the sender and handle his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the service contract (Article 6(1)(b) of the GDPR); in the scope of data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the GDPR).
C) Marketing
3.4. The User’s personal data may also be used by the Administrator to direct marketing content to him via various channels, i.e. via e-mail, MMS/SMS. Such actions are taken by the Administrator only in case the User has given his consent, which he can withdraw at any time.
3.5. Personal data are processed:
3.5.1. in order to send ordered commercial information – the legal basis for processing, including profiling, is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in connection with the expressed consent;
3.5.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyses of Users’ activity in the Service in order to improve the functionalities used.

4. Cookies

4.1. The Administrator uses cookies within the Service. The purposes and rules of using cookies are in the Cookie Policy.

5. Period of processing Personal Data

5.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data are processed for the duration of the service, until the withdrawal of the expressed consent or the submission of an effective objection to the processing of data in cases where the legal basis for data processing is the legitimate interest of the Administrator.
5.2. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent that this will be required by law. After the expiry of the processing period, the data are irreversibly deleted or anonymized.

6. User’s rights

6.1. The User has the right to access the content of the data and to request their rectification, deletion, restriction of processing, the right to data portability and the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
6.2. The User also has the right to object to the processing of data, which takes place on the basis of the legitimate interest of the Administrator.
6.3. To the extent that the User’s data are processed on the basis of consent, this consent can be withdrawn at any time by contacting the Administrator via e-mail: contactapi@polpharma.com.

7. Recipients of Personal Data

7.1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular IT service providers enabling the proper use of the Service.
7.2. In case of obtaining the User’s consent, his data may also be made available to other entities for their own purposes, including marketing purposes.
7.3. The Administrator reserves the right to disclose selected information concerning the User to the appropriate authorities or third parties who request the provision of such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

8. Transfer of Personal Data outside the EEA

8.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when it is necessary, and with the assurance of an appropriate level of protection, primarily through:
8.1.1. cooperation with entities processing Personal Data in countries in relation to which an appropriate decision of the European Commission has been issued regarding the finding of an adequate level of protection of Personal Data;
8.1.2. use of standard contractual clauses issued by the European Commission;
8.1.3. use of binding corporate rules approved by the competent supervisory authority.
8.2. The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.

9. Security of Personal Data
9.1. The Administrator continuously conducts a risk analysis to ensure that Personal Data are processed by him in a secure manner – ensuring primarily that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Administrator ensures that all operations on Personal Data are recorded and performed only by authorized employees and associates.
9.2. The Administrator takes all necessary actions to ensure that also his subcontractors and other cooperating entities guarantee the use of appropriate security measures in each case when they process Personal Data on behalf of the Administrator.

10. Contact details
10.1. Contact with the Administrator is possible via e-mail: contactapi@polpharma.com

11. Changes to the Privacy Policy
11.1. The Policy is regularly reviewed and updated as necessary.
11.2. The current version of the Policy was adopted and is effective from 10.07.2024.