The administrator of the personal data described in this Privacy Policy is Labplus Spolka Akcyjna, registered office address: 41 Strzelińska Street, 55-010 Żerniki Wrocławskie, registered in the National Court Register under the number 0001018188; holding NIP number 8961622267; Regon 524450039 Contact regarding data protection is possible by mail to the address: ul. Strzelińska 41, 55-010 Żerniki Wrocławskie or by e-mail rodo@labplus.pl.
The controller shall take special care to protect the interests of the persons whose personal data it processes and, in particular, shall be responsible and ensure that the data it collects are:
I) processed in accordance with the law;
II) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes;
III) substantively correct and adequate in relation to the purposes for which they are processed;
IV) stored in a form that does not allow identification of the data subjects by third parties and kept for no longer than is necessary to achieve the purpose of the processing and;
V) processed in a manner that ensures appropriate security of personal data,
including protection against unauthorised or unlawful processing, accidental loss, destruction, damage or access by means of appropriate technical or organisational measures.
VI) Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures so that the processing is carried out in accordance with the RODO Regulation, the Act and the safety of the data subjects. These measures shall be reviewed and updated. The Controller shall apply technical measures to prevent the acquisition and modification by unauthorised persons of personal data transmitted by terminal means of electronic communication.
I) access, rectification, restriction, erasure or data portability i.e., the “right to be forgotten” or restriction of data processing, and has the right to object to processing, and has the right to data portability. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation;
II) withdraw consent at any time – a person whose data is processed by the Controller on the basis of expressed consent (on the basis of Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation), then he/she has the right to withdraw consent at any time without affecting the
lawfulness of the
processing performed on the basis of consent before its withdrawal;
III) lodge a complaint to the supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection;
IV) Objection – the data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling on the basis of these provisions. In such a case, the controller shall no longer be allowed to process these personal data unless the controller can demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or grounds for the establishment, exercise or defence of claims;
V) Objection to direct marketing – where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. In order to exercise the rights referred to in paragraph 1 above of the Privacy Policy, the Administrator may be contacted by sending an appropriate message in writing or by e-mail to the Administrator’s address indicated at the beginning of the Privacy Policy or by using the contact form available at www.labplus.pl.
3. In the event of a breach of data protection regulations, the data subject may lodge a complaint with the President of the Office for Personal Data Protection. After the investigation of the case, the President of the Office – if there has been an infringement – by means of an administrative decision, orders the restoration of the lawful state. A complaint to the President of the Office may be lodged by an individual if the incorrect data processing concerns his/her personal data. However, exercise your rights before lodging a complaint with the Office. The controller is obliged to respond to your request as soon as possible – within a maximum of one month. If, for some reason, this is not possible, he or she must inform you why he or she is extending the deadline for a response by a maximum of another two months. Also, within one month, the Administrator should inform you that the request has not been complied with and the reasons for this. If the Administrator ignores your request or the response is not satisfactory to you, you can lodge a complaint with the Authority. Read the Authority’s detailed information on the exercise of rights: https://uodo.gov.pl/pl/383/579, and remember that rights do not necessarily apply in every situation. They may, for example, be limited by Polish law.
The transfer of data of which the Administrator is the controller to third countries and international organisations may only take place if the conditions provided for in Chapter V of the RODO are met.
Transfers of data to third countries may take the form of:
– which means that, depending on the type of transfer, the rodo provisions of the data entrustment or sharing agreement must also be taken into account.
A transfer of personal data to a third country may take place if the European Commission has issued a decision that the third country, territory or specific sector(s) within that third country or the international organisation concerned ensures an adequate level of protection. Such transfers do not require a specific authorisation.
In the absence of a decision by the European Commission as referred to above, the transfer of personal data to a third country is possible when the Controller provides adequate safeguards himself and provided that enforceable data subject rights and effective legal remedies are in place. Adequate safeguards can be provided by:
or
In specific cases, it is permissible to transfer personal data to a third country despite the absence of the decision of the European Commission referred to above and without ensuring adequate safeguards as described above. These special cases include the transfer of data provided that:
As a general rule, the Administrator does not transfer your data to third parties. The server and support services’ lessor has guaranteed the support tools’ location within the EU and EEA. However, in the context of the Administrator’s use of tools to support day-to-day operations provided, for example, by Google, your Personal Data may be transferred to a country outside the European Economic Area, in
particular to the United States of America (USA) or another country in which an entity cooperating with it maintains tools for processing Personal Data in cooperation with the Administrator.
Adequate safeguards for processing Personal Data outside the EEA are guaranteed by using external data processing agreements based on standard contractual clauses that meet the requirements of the RODO. The description and scope of the standard contractual clauses are provided by the providers of external software and tools:
LP | TYPE OF PROCESSING ACTIVITY | DATA CARRIERS | TIME LIMIT FOR DATA PROCESSING | THE EVENT FROM WHICH THE TIME FOR ERASURE IS CALCULATED |
1 | Recruitment of staff | CV, resume, application form | For the duration of the recruitment
– if the person consents, also in future recruitments. |
After recruitment immediately, if the person consents, after future recruitment (up to 3 years from the last recruitment) |
2 | Internships/traineeships | Internship documents, contract, cv | 10 years | Since the end of the contract |
3 | Zatrudnienie | Subsidised training/courses, civil law contracts with the employee, documentation related to the handling of benefits, e.g. multisport card, course of occupational diseases/ | 10 years or 50 years | Since the end of the employment contract.
Note: With regard to employment relationships that were established before 1 January 2019, the retention period of employee records should be determined on the basis of the provisions in force before that date (Article 7(2) of the Act of 10 January 2018 amending certain acts in connection with the shortening of the retention period of employee records and their electronicisation – Journal of Laws of 2018, item 357). This means that employee records relating to this period must be kept for 50 years, counting from the date of termination of employment with the employer – for personnel records; production – for payroll records. |
CV, resume, employee documentation (personnel file). | 10 years or 50 years | |||
Other documents e.g. quarterly assessments. | 3 years | |||
4 | Civil law cooperation agreements | Contract, additional documents e.g. subsidies, fringe benefits e.g. multisport. | 10 years or 50 years | Termination of contract |
5 | Accidents at work | Description of the accident, supporting documents. | 10 years | The day of the incident – the accident |
6 | Commercial contracts with individuals | Contract, orders, e-mail correspondence, executive documentation. | 3 years | Termination of service, contract termination |
7 | Commercial contracts with traders | Contract, orders, e-mail correspondence, executive documentation. | 3 years | Termination of service, contract termination |
The Administrator’s website may contain links to other websites. The Administrator urges that when you go to other sites, you should read the privacy policy established there. This privacy policy applies only to www.labplus.pl
For:
– you leave us information that is not personal data, but under certain circumstances, this data may become personal data, e.g., your IP address, which is stored in your browser settings, is not personal data in itself, as we cannot identify you from it. An IP address will only be considered personal data if the Administrator at the same time has access to data linking the IP address to other data identifying your person (Legal basis Art. 6(1) of the Act of 29 August on the Protection of Personal Data, Directive 94/46/EC of the European Parliament). or having the characteristics of information of a personal nature, as it is possible to identify “some natural person” from it. The Administrator has recognised that, in accordance with the principle of protection of personal data and data which may become personal data, it protects your data obtained when using the Administrator’s websites.
Each user of the contact form provides personal information – e-mail address, telephone number, name, and surname. The content of the message may also contain information containing the user’s personal data.
The use of the website www.labplus.pl and other websites of the Administrator is voluntary.
With regard to making contact via the contact form, failure to provide personal data will prevent the use of the function. The provision of personal data is a requirement in this case and if the data subject wishes to use the contact form provided on the Controller’s website, he/she is obliged to provide this data.
A detailed description of the data processed by the Controller, is indicated in the table below.
Purpose of data processing | Basis for processing | Personal data processed | Data retention period |
CONTACTING THE CONTROLLER VIA THE CONTACT FORM | |||
Contact with the Administrator, contact form at www.labplus.pl and other websites of the Administrator |
Article 6(1)(a), (b) RODO: the processing is necessary for the performance of the contract or to take action at your request prior to entering into the contract,
Article 6(1)(f) RODO: the processing is necessary for purposes deriving from the legitimate interests pursued by the Administrator, e.g., marketing of its own products, keeping statistics on visits and inquiries, Article 9(2)(f) RODO: the processing is necessary for the establishment, investigation or defence of claims. |
Name, surname, name, contact details: e-mail address, telephone number. The provision of this data is necessary for the provision of the contact service to you.
You may also provide other data not required by the Administrator as part of the message sent in the contact form and these are then processed by the Administrator with your consent and do not affect the ability to carry out a contact request on your behalf. |
For the time necessary to carry out the order on your behalf, to perform the service requested in this form, to answer your questions and for the further time necessary to protect the rights and obligations of the Administrator and you.
With regard to data provided with your consent, until you withdraw your consent. |
USE AND VIEWING OF THE ADMINISTRATOR’S WEBSITE | |||
Browsing the website | Article 6(1)(a), (b) RODO: the processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract, i.e., viewing content on the website,
Article 6(1)(f) RODO: the processing is necessary for purposes deriving from the legitimate interests pursued by the Administrator, e.g. marketing of its own products, keeping statistics on visits and inquiries, Article 9(2)(f) RODO: processing is necessary for the establishment, investigation or defence of claims. |
we store information regarding the Internet browser and operating system used, the date and time of the visit as well as the IP address.
This data is necessary for the functioning of the sites, but we cannot attribute this data to a specific person without effort and with the current resources and functionalities of the Administrator. We do not collect any personal data via our website without your consent, including in the form of cookie consent. |
For the time necessary for the analysis of visit and traffic data on the website. With regard to data provided with consent, until you withdraw your consent. |
USER ACCOUNT | |||
User account on www.labplus.pl
– feature under development, not currently available, possible implementation from 2023. |
Article 6(1)(a), (b) RODO: the processing is necessary for the performance of the contract or to take action at your request prior to entering into the contract, Article 6(1)(f) RODO: the processing is necessary for purposes deriving from the legitimate interests pursued by the Administrator e.g. research statistics, medical history and test analysis results, Article 6(1)(c) RODO: the processing is necessary for the performance of the Administrator’s legal obligations, e.g. with regard to the activities of medical entities and the collection of medical records, Article 9(2)(f) RODO: processing is necessary for the establishment, investigation or defence of claims. |
IP address, data on the selection of a diagnostic test, user opinions, submitted descriptions of technical errors, registration data in the system: name(s) and surname, gender, date of birth, correspondence address, if the patient in question does not reside in Poland then the address of his or her place of residence in Poland, telephone number, e-mail address, medical history, test results. | For the time necessary to maintain your account on the system, perform the analysis service and for the further time necessary to protect the rights and obligations of the Administrator and you.
With regard to data provided with your consent, until you withdraw your consent. |
For the proper functioning of the tools offered on www.labplus.pl and other websites of the Administrator, it is necessary for the Administrator to use the services of external entities, e.g. software provider, server lessor, web operators, programmers. The Administrator shall only use the services of processors who provide guarantees for the implementation of technical and organisational measures to protect personal data from being compromised, to a degree no less than that of the Administrator and in accordance with the RODO.
The transfer of data by the Controller does not take place automatically, to all recipients or categories of recipients indicated
in the Privacy Policy – the Controller transfers data only when it is necessary for the fulfillment of the given purpose of personal data processing and only to the extent necessary for its fulfillment.
Personal data of users of the website www.labplus.pl and other pages of the Administrator, may be communicated to the following recipients or categories of recipients:
The Administrator indicates that logging the user into the user account on the website www.labplus.pl,when this function, not available today and to be implemented in January 2023, is activated by means of login data to social networks – Facebook, Twitter, Google mail or other plug-ins, results in the transfer of the visitor’s personal data to providers, e.g. Facebook, information about the user’s preferences and activities on the website www.labplus.pl, to the extent and in accordance with the privacy rules available at https://www.facebook.com/about/privacy/ (this data includes information about activities on the website – including information about the device, visited sites, purchases, displayed advertisements and use of services – regardless of whether the User has a Facebook account and is logged into Facebook).
The Controller is obliged to inform users about the profiling of personal data and to provide relevant information about the modalities of such profiling, as well as the significance and foreseeable consequences of such processing for the data subject. With this in mind, the Controller provides information in this section of the Privacy Policy regarding possible profiling, i.e. the presentation of content, and decisions in line with the user’s specific personal data or preferences.
A specific form of profiling is profiling leading to automated decision-making in relation to an individual, which in its entirety, i.e. at each stage, is performed without human assistance or support.
In the case of fully automated processing, the data subject does not have the possibility to influence the process, he/she cannot address the person who makes the decision, as the decision is made by artificial intelligence.
Profiling on www.labplus.pl, involves the automatic analysis or prediction of the visitor’s behaviour on www.labplus.pl and the Administrator’s other websites, e.g., by determining the audience behaviour of the website, the way the content is viewed, the user’s behaviour by individual windows, the choice of tabs.
Profiling by the Controller will not produce legal effects on the user and until the person accepts the result of the profiling. Also, at all times, the data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects on the person or similarly significantly affects the person.
Cookies are small pieces of information in the form of text files that are sent by a server and stored on the visitor’s side of the website, e.g., on the hard drive of a computer, laptop, or smartphone memory card – depending on the device used by the visitor.
For detailed information on cookies, please visit https://ec.europa.eu/info/cookies_pl.
The cookies that may be sent by www.labplus.pl and other pages of the Administrator can be divided into different types, according to the following criteria:
The Administrator may process the data contained in cookies when visitors use the website for the following specific purposes:
The location of the information in the most popular web browsers as to which cookies are currently being sent by the Administrator is possible as follows:
By default, most web browsers on the market accept the storing of cookies. You are able to determine the conditions for the use of cookies via the settings of your own browser.
Examples of Cookies used on the Administrator’s websites:
UPDATE: 09.02.2023r.