Privacy Policy of the website of the Clinical Trials Center (hereinafter: “Website”) administered by the company operating as Jagiellońskie Centrum Innowacji based in Krakow (Life Science Park, ul. Bobrzyńskiego 14, 30 – 348 Kraków).

Dear Sir/Madam,

Considering the contents of the Telecommunications Law Act of 16 July 2004 (consolidated text: Journal of Laws of 2017 items 1907, 2201, of 2018 items 138, 650, 1118, hereinafter: “TL”) and the contents of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”), the Controller presents below the necessary information for Users.

 

General

The controller of the personal data of users who contact us using the telephone numbers, mailing address or e-mail addresses provided on the website is the company operating as Jagiellońskie Centrum Innowacji Sp. z o.o. (hereinafter: “JCI”) with its registered office in Krakow (postal code: 30-348), at ul. Bobrzyńskiego 14, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków-Śródmieście in Krakow, 11th Commercial Division of the National Court Register with KRS number 0000212725, using NIP (tax identification number): 676 226-66-85 and REGON (statistical number): 356845374, with a share capital of PLN 11,667,900.00. The Controller has appointed the Data Protection Officer. The Controller’s Data Protection Officer (Beata Szczygieł) can be contacted electronically at the e-mail address: iodo@jci.pl or in writing to the Controller’s registered office address.

 

Purposes and periods of personal data processing

User's personal data is used by the Controller for the following purposes and for the following periods:

Personal data associated with cookies:

  • adaptation of the content of the Website to the User's preferences and optimization of the use of the Website, in particular these files allow for the recognition of the device and appropriate display of the website, adapted to the individual needs of the User, which constitutes a legitimate purpose pursuant to Article 6(1)(f) of GDPR - no longer than until an objection is raised and no longer than the period necessary for the above purpose, and for a maximum of 5 years;
  • to ensure the security and proper functioning of the Website and to enable the Controller to provide electronic services free of charge, which constitutes a legitimate purpose under Article 6(1)(f) of GDPR - for no longer than the period necessary for the above purpose and for a maximum of 5 years;
  • the production of statistics which help us understand how the User uses the Website, which enables the Website's structure and content to be adapted to User's expectations - this constitutes a legitimate purpose under Article 6(1)(f) of GDPR - for no longer than the period necessary for the above purpose and for a maximum of 5 years;
  • maintaining the User's session thanks to which the User is recognized on the Website and does not have to re-close the cookie policy notice or other information or advertising banner on each sub-page of the Website - which constitutes a legitimate purpose under Article 6(1)(f) of GDPR - for no longer than the period necessary to fulfil the above purpose and for a maximum of 5 years.

Personal data related to the use of a contact form:

  • The handling of the contact form used by Users to contact the Controller - which constitutes a legitimate purpose under Article 6(1)(f) of GDPR - for no longer than required to fulfil the above purpose or the period of limitation of claims.
  • The protection of the Controller's economic, legal, financial interests, including, among others, in order to assert the fulfilment of obligations towards the Controller (also for the purpose of selling receivables), to conduct any kind of proceedings, which constitutes a legitimate purpose pursuant to Article 6(1)(f) of GDPR) - for no longer than required to fulfil the above purpose or the period of limitation of claims.
  • Sending commercial information via e-mail
  • Promotion and advertising of the Controller’s products - only to the extent of the consent given by the User, pursuant to Article 6(1)(a) of GDPR - no longer than until the consent is withdrawn, and for a maximum of 5 years.

 

Right to withdraw consent

Where the processing of personal data is based on the consent, the User has the right to withdraw this consent at any time by sending a message with the necessary data to iodo@jci.pl. The withdrawal of the consent will not affect the lawfulness of processing based on the consent prior to its withdrawal.

 

Recipients of personal data

The Controller may share your personal data with third parties (recipients) who provide IT, marketing, accounting, hosting, legal and financial services to the Controller. The Controller will require each entity with which it collaborates to maintain a level of protection for your data that takes into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing as well as the risks of infringement of your rights or freedoms in relation to the processing of your personal data. Your personal data will not be shared outside the European Economic Area.

 

Rights of data subjects

User's rights

The user may exercise their right to:

  • access their personal data;
  • request that personal data be rectified;
  • request that personal data be deleted (“the right to be forgotten”);
  • request that personal data processing be restricted;
  • to personal data portability (the right to receive personal data in a structured, universal format to be read on commonly used mobile or computer equipment);
  • object to processing;
  • complain to a supervisory authority in case they find that their personal data is processed by the Controller in breach of GDPR.

 The Controller provides additional information regarding the exercise of the above rights in response to enquiries sent to the e-mail address: iodo@jci.pl

 

Voluntary provision of personal data

You give your personal data voluntarily but refusal to give your personal data may make it impossible to provide or may hinder the provision of certain services by the Controller, including correct Website functioning, comfortable access to Website content, reply to queries sent via a contact form, sending of commercial information.

 

Amendments to the Privacy Policy

Any and all amendments to the Privacy Policy caused by amendments to legal provisions or related to changes in the offer of services available in the Website or development of Website functionality will be promptly communicated to you through an announcement posted on the Website.

Amendments specified above will enter into force within 14 days of the posting of information unless a different time limit arises out of generally applicable provisions of law.

 

Cookies

1. The use of the Website means that the User has consented to the use of cookies by the Controller in accordance with Article 173(1)(2) of TL. Below is given information on the storage of information or obtaining access to information already saved on the telecommunications end device of the User of the Website.

2. Cookies are IT data, in particular small text files stored on an end device of the Website User (e.g. smartphone, computer, tablet) and they are intended for better use of Website potential.

3. The Controller automatically collects and processes information in cookies. By using cookies, the Controller does not collect such personal data as the first and last name, e-mail address or telephone number.

4. Cookies usually contain the following information:

  • public IP address of the computer from which the query has been sent (it may be the User's computer directly);
  • the name of the User station - identification via HTTP if possible,
  • User's name given during authentication,
  • time of query receipt,
  • the first line of HTTP request,
  • code of HTTP response,
  • number of bytes sent by the server,
  • the URL of a website previously visited by the User (referer link), in the event that the JCI website was accessed via a link,
  • information about the User's browser, information on errors that occurred during the http transaction.

5. The Website uses the following types of cookies:

  • "persistent" or "functional" cookies - these cookies enable "remembering" the User's preferred settings and personalizing the User's interface, e.g. with regard to the User's chosen language or region of origin, font size, website design, etc.,
  • “session” or “temporary” cookies associated with the session are saved in the browser only for the duration of the session, i.e. until the website is exited,
  • User input cookies containing data entered by the User,
  • "performance" cookies which enable the Controller to collect information on how the Website's pages are used,
  • user centric security cookies, e.g. used by the Controller to detect authentication abuses in the Website,
  • "essential" cookies which enable the use of services available on the Website, including cookies necessary for services that require authentication on the Website,
  • cookies used to monitor website traffic, i.e. data analytics, including:
    • used by app.albacross.com - i.e. the entity to which we have entrusted the processing of personal data - to test Website traffic and to analyze how Users use the Website, including the creation of statistics and reports on the functioning of the Website;

Google Analytics (these are files used by Google - i.e. the entity to whom the Data Controller has entrusted the processing of personal data - to analyze user’s use of the Website, including the creation of statistics and reports on the functioning of the Website).

  • "marketing" cookies - enabling:
  • displaying marketing content independently of User preferences (including standard advertising);

6. Cookies may also be posted and used by advertisers, IT service providers, business parties or partners collaborating with the Controller (this applies, for example, to entities which render Analytics statistics services, AdWords advertising and remarketing services).

7. Usually, software used to browse websites (Web browser) allows for saving cookies on User's end device by default. However, the user may change cookies settings at any time. The settings may be changed, in particular, in such a way as to disable cookies automatically in Web browser settings or inform the User each time cookies are saved on the User's device. Detailed information on the possibilities and ways of using cookies is available in software (Web browser) settings of the User's end device.

8. End device software (browser) often allows for:

  • disabling the option of downloading and saving cookies in the memory of end device permanently;
  • temporary use of private browsing mode (browsing in Incognito mode) where the browser does not save cookies or information on the visited websites, website settings, login status or data used by plug-ins (e.g. Adobe Flash).

Details on the selection of the options described above are available in the instruction manual of software; depending on the browser kind and version, this information may be posted elsewhere. The choice of one of the options described above may have an adverse impact on Website functioning or may disable its use for which the Controller bears no liability.

9. The Controller is not accountable for the privacy policy and for ways of securing personal data on websites to which links are posted on Website pages.