Cascading obligation • Medezin

Medezin Cascade Obligation

General Information

The owner of the website is Medezin Sp. z o.o., with its registered office in Łódź, ul. Zbąszyńska 3, 91-342 Łódź, entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register (KRS), KRS number: 0000397537, IN VAT (NIP): 9471979904, BDO: 000097333, e-mail address: info@medezin.pl, telephone number: +48 42 200 8118.

Respecting the fundamental right of every person to privacy, we attach great importance to ensuring the confidentiality and protection of processed personal data and make every effort to ensure that the processing of such data is carried out in accordance with the law and with respect for the fundamental rights and freedoms of data subjects. Considering the above and to ensure the proper processing of personal data, under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"), we present this information obligation clause, which contains essential information on the processing of personal data.

I Information on the processing of personal data of persons who are parties to the contract and whose data are processed in connection with the activities aimed at concluding and implementing commercial cooperation with the Controller of Personal Data.

Controller of Personal Data

The Controller of your personal data is Medezin Sp. z o.o., with its registered office in Łódź, ul. Zbąszyńska 3, 91-342 Łódź, entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register (KRS), KRS number: 0000397537, IN VAT (NIP): 9471979904, BDO: 000097333. The Controller of Personal Data can be contacted using the correspondence details or by sending an e-mail to the following e-mail address: info@medezin.pl.

Data Protection Officer

In all matters concerning the processing of personal data, including, in particular, the exercise of your rights related to the processing of personal data, the designated Data Protection Officer can be contacted via e-mail at the following e-mail address: iod@medezin.pl.

The purpose and legal basis for the processing of personal data

The Controller of Personal Data processes personal data in relation to the pursuit of concluding and implementing a contract to which you are a party. The legal basis for the processing of your personal data is the execution of activities related to the conclusion of the contract and its subsequent implementation (under Article 6 (1) (b) of the Regulation) as well as the possible determination, pursuit and defence of mutual claims regarding the contract and the demonstration of the accountability of the actions of the Controller of Personal Data referred to in Article 5 (2) of the GDPR – the personal data processing activity is carried out based on the legitimate interest exercised by the Controller of Personal Data (under Article 6 (1) (f) of the Regulation).

Personal data will also be processed in connection with the fulfilment of legal obligations imposed on the Controller of Personal Data, including tax and financial reporting regulations (pursuant to Article 6(1) letter c of the Regulation). Providing personal data is voluntary, but necessary to conclude and execute the contract. Failure to provide data will result in the impossibility of signing and executing the contract.

Source of obtaining personal dat

As a rule, the data are obtained from the data subject. If the Controller of Personal Data did not obtain the data directly from you, your personal data, including but not limited to: identification data (name and surname), contact details (e-mail address, telephone number) and other data (place of employment), may have been obtained by the Controller of Personal Data from the agreement, under which the Controller of Personal Data processes your data or made available by a person who is a party to it. Providing data is voluntary, but necessary to achieve the purpose.

Recipients of Personal Data

The recipients of personal data may be entities processing personal data on behalf of the Controller of Personal Data, such as external processors providing and supporting IT systems used for the purposes of execution of the contract, accounting services providers or other providers of services related to the ongoing activities of the Controller of Personal Data and only under relevant personal data processing entrustment agreements. These agreements must ensure that the above-mentioned providers apply adequate technical and organisational measures to guarantee data protection. Personal data may also be made available to entities authorised to receive them under applicable law. Data recipients may have their registered office in a country outside the European Economic Area (EEA). However, in this case, the Controller of Personal Data shall apply an appropriate level of security to ensure the protection of the data subject, and personal data shall be transferred to third countries based on standard contractual clauses.

Period of Storage of Personal Data

Personal data will be processed for the duration of the contract. Personal data contained in the contract will also be processed for the period resulting from applicable legal provisions, including tax and accounting regulations. Personal data may, in some cases and to an adequate extent, be retained and processed by the Controller of Personal Data to secure any claims, until they expire, for the period required by law.

Data Subject Rights

Every person whose data are processed, to the extent resulting from legal provisions, has the right to request access to personal data, their rectification and, in cases provided for by generally applicable law, also the right to request their deletion or restriction of processing. You may also object to the processing of your personal data for the purpose of pursuing the legitimate interest of the Controller of Personal Data and to the transfer of your personal data.

Right to Lodge a Complaint with a Supervisory Authority

In case of any doubts related to the processing of personal data, any person may contact the Controller of Personal Data to request information. Regardless of the above, everyone has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.

Profiling

Personal data are not subject to automated processing, including profiling.

Information on the processing of personal data of persons who are not parties to the contract and whose data are processed in connection with the activities aimed at concluding and implementing commercial cooperation with the Controller of Personal Data

Controller of Personal Data

Data Protection Officer

The purpose and legal basis for the processing of personal data

The purpose of processing your personal data is to conduct activities related to the pursuit of concluding and executing the contract between the Controller of Personal Data and the Party to the contract, under which the Controller of Personal Data processes your personal data. The legal basis for the processing of your personal data is the legitimate interest of the Controller of Personal Data – contact regarding the conclusion and execution of the contract as well as the determination, pursuit and defence of mutual claims, if they arise (under Article 6 (1) (f) of the Regulation). Personal data will also be processed in connection with the fulfilment of legal obligations imposed on the Controller of Personal Data, including tax and financial reporting regulations (pursuant to Article 6(1) letter c of the Regulation). The processing of personal data is necessary to implement the provisions of the contract and to respond to the question sent via the contact form (legal basis: Article 6 (1) (f) of the Regulation).

Source of obtaining personal dat

If the Controller of Personal Data did not obtain the data directly from you, your personal data, including but not limited to: identification data (name and surname), contact details (e-mail address, telephone number) and other data (place of employment), may have been obtained by the Controller of Personal Data from the agreement, under which the Controller of Personal Data processes your data or made available by a person who is a party to it. Providing data is voluntary, but necessary to achieve the purpose.

Recipients of Personal Data

Period of Storage of Personal Data

Data Subject Rights

Right to Lodge a Complaint with a Supervisory Authority

Profiling

Personal data are not subject to automated processing, including profiling.

Information on the processing of personal data of persons participating in the recruitment process conducted by the Controller of Personal Data

Controller of Personal Data

Data Protection Officer

The purpose and legal basis for the processing of personal data

Personal data will be processed solely for the purpose of carrying out the recruitment process and, with appropriate consent, also for the purpose of conducting future recruitment processes. The legal basis for data processing is the right to request data necessary to take action before concluding a contract within the scope indicated in Article 22 _1 of the Labour Code or necessary to conclude a civil-law contract (Article 6 (1) letter b of the Regulation), and, in the remaining scope, the consent to the processing of personal data, which may be withdrawn at any time (Article 6 (1) (a) of the Regulation). The voluntary submission of personal data in the recruitment process constitutes an expression of consent (consent given through a clear confirmatory action). Personal data will also be processed in connection with the fulfilment of legal obligations imposed on the Controller of Personal Data (Article 6 (1) (c) of the Regulation). Data may also be processed for the purpose of determining, pursuing and securing possible claims and defending against such claims related to the execution of the recruitment process – under Article 6(1)(f) of the Regulation.

Justification for Providing Personal Data

Providing your personal data is voluntary; however, failure to provide the information indicated in Article 221 of the Act of 26 June 1974, the Labour Code, will result in the application documents received from you not being considered by the Controller of Personal Data.

Recipients of Personal Data

The recipients of personal data may be entities processing personal data on behalf of the Controller of Personal Data, such as external processors providing and supporting IT systems used for the publication of job advertisements, developers of the software used to submit applications and providers of services related to the ongoing activities of the Controller of Personal Data and only under relevant personal data processing entrustment agreements. These agreements must ensure that the above-mentioned providers apply adequate technical and organisational measures to guarantee data protection. Personal data may also be made available to entities authorised to receive them under applicable law. Data recipients may have their registered office in a country outside the European Economic Area (EEA). However, in this case, the Controller of Personal Data shall apply an appropriate level of security to ensure the protection of the data subject, and personal data shall be transferred to third countries based on standard contractual clauses.

Period of Storage of Personal Data

Personal data will be stored only as long as necessary to complete this recruitment procedure and no longer than 3 months after the submission of your recruitment documents. If you do not receive a job offer at this time, we will delete your application documents, unless you consent to the processing of your personal data for future recruitment processes. If you consent to the use of the application for future recruitment processes, your personal data will be stored for no longer than 12 months. Personal data may, in some cases and to an adequate extent, be retained and processed by the Controller of Personal Data to secure any claims, until they expire, for the period required by law.

Data Subject Rights

You have the right to:

Access to the content of your data and their rectification, deletion, restriction of processing and data portability,
Object to the processing of personal data when their processing is based on legitimate interests pursued by the Controller of Personal Data (Article 6 (1) (f) of the Regulation),
Withdraw consent to the processing of data at any time if the processing is based on consent to the processing of personal data (Article 6 (1) (a) of the Regulation).

Right to Lodge a Complaint with a Supervisory Authority

Profiling

Personal data are not subject to automated processing, including profiling.

Information on data processing for the purpose of handling inquiries addressed to the Controller of Personal Data

Controller of Personal Dat

The Controller of your personal data is Medezin Sp. z o.o., with its registered office in Łódź, ul. Zbąszyńska 3, 91-342 Łódź, entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register (KRS), KRS number: 0000397537, IN VAT (NIP): 9471979904, BDO: 000097333. The Controller of Personal Data can be contacted using the correspondence details or by sending an e-mail to the following e-mail address: info@medezin.pl.

Data Protection Officer

The purpose and legal basis for the processing of personal data

The Controller of Personal Data processes personal data to respond to the submitted inquiry, in which you are a party. The legal basis for the processing of your personal data is the execution of activities related to the response to the question sent by e-mail (under Article 6 (1) (f) of the Regulation) as well as possible determination, pursuit and defence of mutual claims regarding the contract and the demonstration of the accountability of the actions of the Controller of Personal Data referred to in Article 5 (2) of the GDPR – the personal data processing activity is carried out based on the legitimate interest exercised by the Controller of Personal Data (under Article 6(1)(f) of the Regulation).

Source of obtaining personal data

As a rule, data are obtained from the data subject and made available during e-mail contact. Providing data is voluntary, but necessary to achieve the purpose.

Recipients of Personal Data

The recipients of personal data may be entities processing personal data on behalf of the Controller of Personal Data, such as external processors providing and supporting IT systems used for the purpose of responding to the submitted inquiry or other providers of services related to the ongoing activities of the Controller of Personal Data and only under relevant personal data processing entrustment agreements. These agreements must ensure that the above-mentioned providers apply adequate technical and organisational measures to guarantee data protection. Personal data may also be made available to entities authorised to receive them under applicable law. Data recipients may have their registered office in a country outside the European Economic Area (EEA). However, in this case, the Controller of Personal Data shall apply an appropriate level of security to ensure the protection of the data subject, and personal data shall be transferred to third countries based on standard contractual clauses.

Period of Storage of Personal Data

Personal data will be processed for the period necessary to respond to the question asked and for the period and to the extent required by law or to secure any claims.

Data Subject Rights

Right to Lodge a Complaint with a Supervisory Authority

Profiling

Personal data are not subject to automated processing, including profiling.

Information on Data Processing for Marketing Purposes

Controller of Personal Data

Data Protection Officer

The purpose and legal basis for the processing of personal data

The Controller of Personal Data processes personal data for the purpose of building the brand and sending commercial information via electronic means of communication. The legal basis for the processing of your personal data is the exercise of the legitimate interest of the Controller of Personal Data in the form of direct marketing (under Article 6 (1) (f) of the Regulation), sending marketing information regarding products and services offered by the Controller of Personal Data upon consent given (under Article 6 (1) (a) of the Regulation) as well as the possible determination, pursuit and defence of mutual claims regarding the contract and the demonstration of the accountability of the actions of the Controller of Personal Data referred to in Article. 5 (2) of the GDPR – the personal data processing activity is carried out based on the legitimate interest exercised by the Controller of Personal Data under Article 6 (1) (f) of the Regulation).

Source of obtaining personal data

The data were obtained from the person to whom they relate during personal or e-mail contact or by expressing written consent on the website. Providing data is voluntary, but necessary to achieve the purpose.

Recipients of Personal Data

The recipients of personal data may be entities processing personal data on behalf of the Controller of Personal Data, such as external processors providing and supporting IT systems used for marketing purposes or other providers of services related to the ongoing activities of the Controller of Personal Data and only under relevant personal data processing entrustment agreements. These agreements must ensure that the above-mentioned providers apply adequate technical and organisational measures to guarantee data protection. Personal data may also be made available to entities authorised to receive them under applicable law. Data recipients may have their registered office in a country outside the European Economic Area (EEA). However, in this case, the Controller of Personal Data shall apply an appropriate level of security to ensure the protection of the data subject, and personal data shall be transferred to third countries based on standard contractual clauses.

Period of Storage of Personal Data

Personal data will be processed until consent is withdrawn or an objection to data processing is raised, and to the extent required by law or to secure any claims.

Data Subject Rights

Every person whose data are processed, to the extent resulting from legal provisions, has the right to request access to personal data, their rectification and, in cases provided for by generally applicable law, also the right to request their deletion, restriction of their processing or the right to withdraw consent. You may also object to the processing of your personal data for the purpose of pursuing the legitimate interest of the Controller of Personal Data and to the transfer of your personal data.

Right to Lodge a Complaint with a Supervisory Authority

Profiling

Personal data are not subject to automated processing, including profiling.

Social Networking Sites

This website incorporates plugins and other social media functionalities provided by LinkedIn and YouTube, in addition to integrations with the Medezin store (phamily.pl) and the eRecruiter.pl platforms.

In light of the ruling of the Court of Justice of the European Union of 29 July 2019 (Case C-40/17), we would like to inform you that the Joint Controllers of the personal data of individuals using the LinkedIn and YouTube plugins on the Website are: LinkedIn Corp., with its registered office in Sunnyvale, California, USA, and YouTube LLC, with its registered office at 901 Cherry Ave, San Bruno, CA 94066, USA.

We are also present on LinkedIn and YouTube with our "Medezin" profiles. In light of the ruling of the Court of Justice of the European Union (Case C-40/17), we would like to inform you that the Joint Controllers of the personal data of users of the "Medezin" fan pages and websites on social media platforms are LinkedIn and YouTube.

You can find the information on the purpose and scope of data collection and its further processing and use by LinkedIn and YouTube as well as privacy rights and settings in the privacy policies of LinkedIn, YouTube, eRecruiter and phamily: https://pl.linkedin.com/legal/privacy-policy, https://policies.google.com/privacy?gl=PLChl=pl; https://system.erecruiter.pl/; https://www.phamily.pl/strona/polityka-prywatnosci.html .

Our collaboration with LinkedIn and YouTube involves collecting personal data both directly from Website users and from their profiles on the LinkedIn and YouTube social networking platforms.

To the extent that we collect data directly from users, the provision of personal data is entirely voluntary. No adverse consequences will result from a decision not to provide such data. You may use the Website without providing any personal data and remain anonymous, provided that you do not interact with the LinkedIn or YouTube plugins.
Any user data we collect from LinkedIn profiles will be anonymised and presented solely in statistical summaries provided by LinkedIn and YouTube.

If you have any questions regarding your personal data, you may contact Medezin, LinkedIn, or YouTube. Since we, as the Website operator, jointly control your data with Facebook (Meta) and YouTube, you have the right to obtain a summary of our joint control arrangements with LinkedIn.

Social Networking Sites

We are also present on LinkedIn and YouTube with our "Medezin" profiles.

In light of the ruling of the Court of Justice of the European Union (Case C-40/17), we would like to inform you that the Joint Controllers of the personal data of users of the "Medezin" fan pages and websites on social media platforms are LinkedIn and YouTube. You can find the information on the purpose and scope of data collection and its further processing and use by LinkedIn and YouTube as well as privacy rights and settings in the privacy policies of LinkedIn, YouTube, eRecruiter and phamily: https://pl.linkedin.com/legal/privacy-policy, https://policies.google.com/privacy?gl=PLChl=pl; https://system.erecruiter.pl/; https://www.phamily.pl/strona/polityka-prywatnosci.html.

Our collaboration with LinkedIn and YouTube involves collecting personal data both directly from Website users and from their profiles on the LinkedIn and YouTube social networking platforms.

To the extent that we collect data directly from users, the provision of personal data is entirely voluntary. No adverse consequences will result from a decision not to provide such data. You may use the Website without providing any personal data and remain anonymous, provided that you do not interact with the LinkedIn or YouTube plugins.
Any user data we collect from LinkedIn profiles will be anonymised and presented solely in statistical summaries provided by LinkedIn and YouTube.

If you have any questions regarding your personal data, you may contact Medezin, LinkedIn, or YouTube. Since we, as the Website operator, jointly control your data with Facebook (Meta) and YouTube, you have the right to obtain a summary of our joint control arrangements with LinkedIn.

Profiling

We do not use your data for automated decision-making or profiling.

Cookie Policy

Cookies are text files that are stored on your computer when you visit the Website. They can contain various information about you, including personal data like your computer's IP address and a unique device identifier. Cookies are stored on your device, not on our servers. We only access and read these files when you visit our website or use our services.

Cookies are made up of four basic components:

website name: domain or subdomain that created the cookie;
cookie name: every cookie has a name that is unique to the website that placed it;
expiration date: Some cookies expire when you close your browser (these are called session cookies), while others remain on your device until their expiration date (these are called persistent cookies);
value: this is the information in a cookie that helps the website remember your previous visits.

You can find more information about cookies at https://www.aboutcookies.org lub https://wszystkoociasteczkach.pl.

The entity that places and accesses cookies on your device is Medezin Sp. z o.o., with its registered office in Łódź, at ul. Zbąszyńska 3.

Cookies can be divided into two main categories: session cookies and persistent cookies. Session cookies are temporary files stored on your device that are deleted when you log out, leave the website, or close your application (web browser). Persistent cookies are stored on your device and stay there either until their expiration date or until you manually delete them.

What cookies do we use and what do we use them for?

Our website uses essential cookies that are necessary for it to function correctly and provide you with the services you expect. Our website uses essential cookies that are necessary for it to function correctly and provide you with the services you expect. We use cookies for the following purposes:

for marketing purposes, such as collecting information about your activity on the website to tailor content and ads to your interests and needs;
to promote the website using the LinkedIn.com social network (the external cookie administrator is LinkedIn Ireland Limited, based in Ireland);
to promote the website using the Youtube.com (the external cookie administrator is YouTube, LLC, based in the USA);
to personalise the website to your preferences and remember your settings, such as your preferred language.

Most web browsers are set to accept cookies by default. You can change your cookie settings for this website at any time. You can change these settings to block cookies automatically in your browser, or to be notified each time a cookie is placed on your device. You can find detailed information about managing cookies in your application (web browser) settings. We use your personal data from cookies for the purposes described above, in accordance with Article 6(1)(f) of the GDPR. We only keep the data from cookies for as long as we need it for the purposes explained earlier, or until you tell us to stop using your data, or until you delete the cookies yourself – whichever comes first. You have the rights described in the "Rights of the Data Subjects" section of our Privacy Policy regarding your personal data collected using cookies.

Here is a complete list of the cookies we use on our Website:

Cookie name	Type	Goal	Cookie duration
NMCMSSESSID	Necessary	A cookie that stores consent to the use of cookies on the website.	1 year
_ga	System	This cookie identifies individual users by giving each one a unique, randomly generated number. This cookie is included with every page view and helps us gather data about visitors, sessions, and campaigns for our website analytics.	2 years
_gid	Statistical	This cookie helps us count how many people visit our website and which pages they look at.	24 hours

Managing Cookies

You can block cookies on your device at any time, but you may have to re-enter some preferences each time you visit the website. This may also affect how our website works or even prevent it from working at all. You can also delete all cookies already stored on your device by clearing your browsing history. This will remove all cookies from every website you've visited. Keep in mind that this might also delete some of your saved information (for example, saved logins or website preferences). Most web browsers let you see, control, block, and delete cookies on websites. You can control your cookies, but if you delete them, you might lose your saved settings, including your cookie preferences. Here are some tips on managing cookies in popular web browsers. Medezin Sp. z.o.o. would like to advise that restricting cookies may impact certain functionalities of our website. You can find more information about cookies in the "Help" section of these web browsers:

Google Chrome
Mozilla Firefox
Microsoft Internet Explorer
Microsoft Edge
Opera
MacOS Safari i Safari

Final Provisions

We will regularly review and update this Privacy and Cookie Policy as needed to reflect changes in data protection laws, regulatory guidance, and best practices. You will find the date this Privacy and Cookie Policy went into effect (and the date of any updates) within the policy document itself. If you have any questions regarding this privacy policy, please send your questions and comments to the following address: info@medezin.pl.