3 October 2016

The Privacy Policy

Having regard to the obligation under the Regulation (EU 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), we hereby inform you about the rules of processing your personal data as well as your rights, which are attributed to you:

1. The controller of your personal data is Mateusz Golab, sole proprietor doing business as Pharmalogics Mateusz Golab, address: 35c/217 Domaniewska St., 02-672 Warsaw, Poland,
holding tax identification No. (NIP): 9521957030 and the statistical identification No. (REGON): 365392649 (hereinafter „Pharmalogics”);

2. In case of any questions relating to the processing of your personal data in the context of the economic activity of Pharmalogics and/or your rights in this respect, please contact the controller
via e-mail: rodo@pharmalogics.pl;

3. We process your personal data lawfully, especially in accordance with the GDPR. The processing is performed on the basis of legal provisions, concluded agreements, and your consent;

4. We preserve the confidentiality of your personal data and ensure appropriate security against thirdparty unauthorized access in accordance with the existing rules;

5. Your personal data are processed only to the extent and purpose necessary for the proper performance of the services provided by Pharmalogics, especially when the processing is necessary for:
a) the purposes of the legitimate interests pursued by the controller, and for the compliance with
a legal obligation to which the controller is subject;
b) the performance of contracts;
c) the ensuring you the access to the services, to the conclusion and performance of a contract,
taking steps at your request and – in this regard – providing you with all necessary support;

6. Your personal data shall be retained for no longer than necessary to achieve the purposes for which they have been collected, which means it shall be retained throughout the period of communication with you, implementation of services for you, as well as additional period after the completion of the contract or implementation of services, until the end of the limitation period;

7. We may process the following categories of your data:
a) ordinary data, i.e., basic and electronic identification data like name, last name, mailing
address, e-mail address, phone number, occupation, data of the represented entity;
8. your personal data may be processed automatically, including by profiling;
9. the recipients of your personal data are the entities directly or indirectly related to the Pharmalogics, i.e.,
a) the external services providers;
b) Pharmalogics’ subcontractors, i.e., entities whose services are placed at the disposal of Pharmalogics when processing your personal data, e.g., accounting firm, law firm, ICT services providers or equipment suppliers;
c) employees and/or associates, i.e., persons that Pharmalogics does business with for the purpose of professional obligations’ fulfillment;
d) other, independent recipients, i.e., entities processing personal data on behalf of the controller under the data processing agreement, institutions authorized to control the controller’s
activities and/or entities authorized to obtain the personal data pursuant to separate legal regulations;

10. Your personal data may be transferred outside the European Economic Area or Switzerland based on the standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/datatransfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en) or certification Privacy Shield (https://www.privacyshield.gov/EU-US-Framework);

11. You have the following rights related to the processing of personal data:
a) right to the access to your personal data, to the rectification of any information you believe is inaccurate (correction), to the completion the information you believe is incomplete, to the
erasure and the restriction of processing of your personal data, to data portability, as well as right to obtain a copy of your data form the controller;
b) right to object to the processing of your personal data;
c) right to lodge a complaint with if you consider that processing of your data infringes your rights;
d) where the processing is based on your consent, the right to withdraw consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before
its withdrawal);

12. Where the processing is based on your consent the provision of your personal data is voluntary. However, the refusal of the provision of personal data may result in the refusal to perform the
service or to take other action on your request. Providing your personal data is mandatory when the processing is based on the legal provision or the agreement.