Privacy policy
mcslaboratory.com

1. ABOUT US
2. The owner of mcslaboratory.com and the administrator of personal data collected via the Website
   is MCS LABORATORY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office at:
   ul. Ignacego Mościckiego 1, 24-110 Puławy, e-mail address: office@mcslaboratory.com.
   (“Administrator”)
3. The Service Provider runs the Website and is responsible for the proper provision of the Website’s
   Electronic Services.
4. GENERAL PROVISIONS
5. This privacy policy of the Website is a measure implemented by the Administrator, the purpose of
   which is to define the actions taken by the Administrator in the field of personal data protection
   provided to the Administrator by data subjects, and also to inform data subjects about the procedure
   for dealing with personal data in force in the company conducted by the Administrator, including, in
   particular, the purposes and legal grounds for processing and the categories of recipients to whom
   the personal data processed by the Administrator are further transferred, and the Administrator’s
   implementation of the information obligation arising from the content of art. 13 of Regulation (EU)
   2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
   natural persons with regard to the processing of personal data and on the free movement of such
   data, and repealing Directive 95/46 / EC (General data) (Journal of Laws UE L 119 of 04/05/2016, p. 1,
   hereinafter referred to as “GDPR”) in the remaining scope.
6. The Service Provider takes special care to protect the interests of the data subjects, and in
   particular ensures that the data collected by him are processed in accordance with the law; collected
   for specified, lawful purposes and not subjected to further processing incompatible with these
   purposes; factually correct and adequate in relation to the purposes for which they are processed
   and stored in a form that allows the identification of persons to whom they relate, no longer than it
   is necessary to achieve the purpose of processing.
7. This privacy policy of the Website is informative, which means that it is not a source of obligations
   for Website Users.
8. All words, expressions and acronyms appearing on this page and beginning with a capital letter (eg
   Service Provider, Website, Electronic Service) should be understood in accordance with their
   definition contained in the Regulations of the Website, available on the Website.
9. The Customer’s personal data are processed in accordance with the GDPR and the Data Protection
   Act of May 10, 2018 (hereinafter: the Personal Data Protection Act) and the Electronic Services
   Provision Act of July 18, 2002 (Journal of Laws No. 2002 No 144, item 1204 as amended).
10. PURPOSE AND SCOPE OF DATA COLLECTION
11. Each time the purpose, scope and recipients of data processed by the Service Provider result from
    the actions taken by the Service Recipient on the Website. For example, if the Service Recipient
    intends to use the Account, his personal data will be processed in order to conclude and perform the
    contract for the use of the Account.
12. The Administrator processes the personal data of the Service Recipient or his representatives for
    the following purposes:
    a. conclusion and implementation of the contract for the use of the Electronic Service,
    b. fulfillment of obligations resulting from legal regulations, including tax and accounting regulations,
    c. conducting court, arbitration, administrative, court-administrative, enforcement and mediation
    proceedings,
    d. documentation of contractual relations for evidence purposes for the period of limitation of claims
    related to them,
    e. conducting direct marketing of services or goods offered by the Administrator, including via e-mail
    correspondence such as newsletter,
    f. handling complaints and claims arising from the rights under the warranty
13. The Service Provider may process the following personal data of the Customers using the Website:
    a.name and surname of the Service Recipient,
    b. e-mail address,
    c. Name of the cooperating organization,
    d. Name of the branch of the cooperating organization,
14. Providing the personal data referred to in the point above is not obligatory, but it is necessary to
    conclude and perform the contract for the provision of Electronic Services on the Website. Each time,
    the scope of the data required to conclude a contract is previously indicated on the Website, when
    using the Website, and in its Regulations.
15. The Customer’s personal data may be transferred to public administration bodies or to other
    persons or third parties – to the extent and in cases where the obligation to disclose them is imposed
    on the Administrator by legal provisions. In addition, the Customer’s personal data may also be
    transferred to entities providing the Administrator with accounting, accounting and legal services on
    the basis of a separate agreement.
16. The administrator declares that he has implemented appropriate technical and organizational
    measures ensuring an adequate level of security corresponding to the risk related to the processing
    of personal data entrusted to him, referred to in art. 32 GDPR. The administrator regularly verifies
    and updates the technical and organizational measures used by him, so as to provide the entrusted
    personal data with an adequate level of protection.
17. The Administrator declares that in order to ensure the security of personal data processing, he has
    introduced the Personal Data Protection Policy. The Personal Data Protection Policy is a measure
    implemented by the Administrator in accordance with art. 24 sec. 1 and 2 of the GDPR, the purpose
    of which is to introduce a procedure for handling personal data in the enterprise run by the
    Administrator, based on which their processing by the Administrator will take place in accordance
    with the GDPR.
18. The processing of personal data within the framework of the purposes indicated above in point 3
    sec. 2 includes in particular their collection, modification, storage, viewing, updating, analyzing and
    archiving.
19. The Service Provider also processes anonymised data related to the use of the Website (eg the
    number of Customers) to generate statistics on the use of the Website. These data are aggregate and
    anonymous, i.e. they do not contain features that identify persons using the Website.
20. Personal data concerning the Service Recipient will be kept by the Administrator for the following
    period:
    a. in the case of personal data, in relation to which the legal basis for their processing by the
    Administrator is the fact that it is necessary for the proper performance of the contract – until the
    claims under this contract are time-barred,
    b. in the case of personal data, in relation to which the basis for their processing by the Administrator
    is a legitimate interest – until this basis for processing expires, in particular until the Administrator’s
    claims are time-barred and the Customer’s claims resulting from the legal relationship between
    them, the Administrator’s legal existence ends or legally valid or final determination or adjudication
    or satisfaction or defense of a claim or other right of the Administrator or the Service User in court,
    arbitration, administrative, court-administrative, enforcement or mediation proceedings,
    c. in the case of personal data, in relation to which the basis for their processing is that it is necessary
    to fulfill the legal obligations incumbent on the Administrator – until this basis for processing ceases.
21. COOKIES AND PERFORMANCE DATA
22. The Service Provider does not process the data contained in Cookies when using the Website.
23. BASIS OF DATA PROCESSING
24. Providing personal data by the Customer is voluntary, but failure to provide the personal data
    indicated on the Website and in the Regulations of the Website, necessary for the conclusion and
    implementation of the contract for the use of the Electronic Service, results in the inability to
    conclude this contract.
25. The legal basis for the processing of personal data for the purpose set out above in point 3 sec. 2
    letter a) is that it is necessary for the performance of the contract. The legal basis for the processing
    of personal data for the purpose set out above in point j3 par. 2 lit. b) it is necessary to fulfill the legal
    obligations incumbent on the Administrator. The legal basis for the processing of Personal Data for
    the other purposes indicated above in point is the legitimate interest pursued by the Administrator.
26. RIGHTS OF THE DATA SUBJECT RELATED TO THE PROTECTION OF PERSONAL DATA
    A. Right to information
    1.The administrator, when collecting personal data, is obliged to provide the data subject with all the
    following information:
    a.his identity and contact details and, where applicable, the identity and contact details of his
    representative,
    b.if applicable – contact details of the data protection officer,
    c. the purposes of personal data processing, and the legal basis for processing,
    d. information about recipients of personal data or categories of recipients, if any,
    e. if applicable – information on the intention to transfer Personal Data to a third country or an
    international organization,
    f. the period for which personal data will be stored, and if this is not possible, the criteria for
    determining this period,
    g. information whether the provision of personal data is a statutory or contractual requirement or a
    condition for concluding a contract and whether the data subject is obliged to provide it and what
    are the possible consequences of not providing the data.
27. If the Administrator plans to further process personal data for a purpose other than the purpose
    for which the personal data were collected, prior to such further processing, the Administrator is
    obliged to inform the data subject about this other purpose and provide him with any other relevant
    information.
    B. The right to withdraw consent to the processing of personal data
28. The data subject has the right to withdraw consent to the processing of personal data at any time.
    Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the
    basis of consent before its withdrawal.
    C. Right to access personal data
    1.The data subject is entitled to obtain from the Administrator confirmation whether Personal Data
    concerning him or her are being processed, and if so, he is entitled to access them and the following
    information:
    a.the purposes of the processing;
    b. the categories of personal data concerned;
    c. information on the recipients or categories of recipients to whom the personal data has been or
    will be disclosed, in particular on recipients in third countries or international organizations;
    d. if possible, the planned period of storage of personal data, and if this is not possible, the criteria
    for determining this period;
    e. information on the right to request the Administrator to rectify, delete or limit the processing of
    personal data and to object to such processing;
    f. information on the right to lodge a complaint with the supervisory authority;
    g. if the personal data have not been collected from the data subject – any available information as to
    their source;
    h. information on automated decision making, including profiling referred to in art. 22 sec. 1 and 4
    GDPR, and – at least in these cases – relevant information about the rules for their taking, as well as
    about the significance and envisaged consequences of such processing for the data subject.
29. The Administrator is obliged to provide the Data Subject with a copy of the Personal Data. For any
    subsequent copies requested by the data subject, the Controller may charge a reasonable fee based
    on administrative costs. If the data subject requests a copy by electronic means and unless otherwise
    indicated, the information shall be provided by electronic means.
    D. The right to rectify and delete personal data
30. The data subject has the right to request the Administrator to immediately rectify incorrect
    personal data concerning him. Taking into account the purposes of processing, the data subject has
    the right to request supplementing incomplete personal data, including by providing an additional
    statement.
    2.The data subject is entitled to request the Administrator to immediately delete his personal data,
    and the Administrator is obliged to delete personal data without undue delay, if one of the following
    circumstances occurs:
    a.personal data are no longer necessary for the purposes for which they were collected or otherwise
    processed,
    b. the data subject has withdrawn consent on which the processing is based in accordance with art. 6
    sec. 1 lit. a) or Art. 9 paragraph 2 lit. a) GDPR and there is no other legal basis for processing,
    c. the data subject objects to the processing pursuant to Art. 21 sec. 1 GDPR against the processing
    and there are no overriding legitimate grounds for the processing or the data subject objects to the
    processing pursuant to Art. 21 sec. 2 GDPR against processing,
    d. personal data has been processed unlawfully,
    e. personal data must be removed in order to comply with the legal obligation provided for in Union
    law or the law of the Member State to which the Administrator is subject
    f. personal data has been collected in relation to the offering of information society services referred
    to in art. 8 sec. 1 GDPR.
    3.The rights of the data subject indicated in point 2 above do not apply to the extent that processing
    is necessary to exercise the right to freedom of expression and information, to establish, assert or
    defend claims, to comply with a legal obligation requiring processing under EU law or the law of the
    Member State to which the Administrator is subject, or to perform a task carried out in the public
    interest or as part of the exercise of public authority entrusted to the Administrator, due to reasons
    of public interest in the field of public health in accordance with art. 9 paragraph 2 lit. h) and i) GDPR
    and art. 9 paragraph 3 GDPR for archiving purposes in the public interest, for scientific or historical
    research purposes or for statistical purposes pursuant to Art. 89 paragraph. 1 GDPR, insofar as it is
    likely that this right will prevent or seriously hinder the achievement of the purposes of such
    processing.
31. The administrator is obliged to provide the data subject with information on rectification or
    deletion of personal data, unless it proves impossible or will require a disproportionately significant
    effort.
    E. The right to limit the processing of personal data
    1.The data subject has the right to request the Administrator to limit the processing of their personal
    data in the following cases:
    a. The data subject questions the accuracy of the personal data – for a period allowing the
    Administrator to verify their accuracy,
    b.the processing is unlawful, and the data subject opposes the deletion of personal data, demanding
    instead to limit their use,
    c. The administrator no longer needs personal data for the purposes of processing, but they are
    needed by the data subject to establish, assert or defend claims,
    d. The data subject has objected to the processing pursuant to Art. 21 sec. 1 GDPR – until it is
    determined whether the legitimate grounds of the administrator override the grounds for objection
    of the data subject.
32. The controller is obliged to provide the data subject with information on the restriction of the
    processing of personal data, unless this proves impossible or requires a disproportionate effort.
    F. The right to transfer personal data
    1.The data subject is entitled to receive, in a structured, commonly used, machine-readable format,
    personal data relating to him provided to the Administrator, and has the right to send these personal
    data to another administrator without any obstacles on the part of the Administrator, if the
    processing takes place in an automated manner. and a) on the basis of the consent of the data
    subject or b) necessary for the performance of the contract.
33. When exercising the right specified above, the data subject has the right to request that the
    personal data be sent by the Administrator directly to another administrator, if technically possible.
    This right does not apply to processing which is necessary to perform a task carried out in the public
    interest or as part of the exercise of public authority entrusted to the Administrator. This right may
    not adversely affect the rights and freedoms of other entities.
    G. Right to object and rights related to automated decision making in individual cases
34. The data subject has the right to object at any time – for reasons related to his particular situation –
    to the processing of his personal data based on art. 6 sec. 1 lit. e) or f) GDPR, including profiling based
    on these provisions. The administrator is no longer allowed to process this personal data, unless he
    demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights
    and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
    2.If personal data is processed by the Administrator for direct marketing purposes, the data subject
    has the right to object at any time to the processing of his personal data for such marketing
    purposes, including profiling, to the extent that the processing is related to such direct marketing .
35. If the data subject objects to processing for direct marketing purposes, the personal data may no
    longer be processed for such purposes.
36. If personal data are processed for scientific or historical research purposes or for statistical
    purposes pursuant to Art. 89 paragraph. 1 GDPR, the data subject has the right to object – for reasons
    related to his particular situation – to the processing of his personal data, unless the processing is
    necessary to perform a task carried out in the public interest.
    5.The data subject has the right not to be subject to a decision which is based solely on automated
    processing, including profiling, and produces legal effects or similarly significantly affects him, unless
    the decision is necessary to conclude or performance of the contract between the data subject and
    the Administrator; is permitted by the law of the European Union or the law of the Member State to
    which the Administrator is subject and which provides for appropriate measures to protect the
    rights, freedoms and legitimate interests of the data subject or is based on the express consent of
    the data subject.
37. FINAL PROVISIONS
38. The website may contain links to other websites. The service provider urges that after switching to
    other websites, read the privacy policy established there. This privacy policy applies only to the
    Website.
39. The administrator provides the following technical measures to prevent the acquisition and
    modification of personal data sent electronically by unauthorized persons:
    a. Securing the data set against unauthorized access;
40. In all matters related to the processing of personal data, in particular in matters related to the
    provisions of this privacy policy, the Service Recipient should contact the Administrator using the
    following contact details:
    MCS LABORATORY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. Ignacego Mościckiego 1, 24-110 Puławy, e-mail address: office@mcslaboratory.com