- ABOUT US
- The owner of mcslaboratory.com and the administrator of personal data collected via the Website
is MCS LABORATORY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office at:
ul. Ignacego Mościckiego 1, 24-110 Puławy, e-mail address: firstname.lastname@example.org.
- The Service Provider runs the Website and is responsible for the proper provision of the Website’s
- GENERAL PROVISIONS
which is to define the actions taken by the Administrator in the field of personal data protection
provided to the Administrator by data subjects, and also to inform data subjects about the procedure
for dealing with personal data in force in the company conducted by the Administrator, including, in
particular, the purposes and legal grounds for processing and the categories of recipients to whom
the personal data processed by the Administrator are further transferred, and the Administrator’s
implementation of the information obligation arising from the content of art. 13 of Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
natural persons with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46 / EC (General data) (Journal of Laws UE L 119 of 04/05/2016, p. 1,
hereinafter referred to as “GDPR”) in the remaining scope.
- The Service Provider takes special care to protect the interests of the data subjects, and in
particular ensures that the data collected by him are processed in accordance with the law; collected
for specified, lawful purposes and not subjected to further processing incompatible with these
purposes; factually correct and adequate in relation to the purposes for which they are processed
and stored in a form that allows the identification of persons to whom they relate, no longer than it
is necessary to achieve the purpose of processing.
for Website Users.
- All words, expressions and acronyms appearing on this page and beginning with a capital letter (eg
Service Provider, Website, Electronic Service) should be understood in accordance with their
definition contained in the Regulations of the Website, available on the Website.
- The Customer’s personal data are processed in accordance with the GDPR and the Data Protection
Act of May 10, 2018 (hereinafter: the Personal Data Protection Act) and the Electronic Services
Provision Act of July 18, 2002 (Journal of Laws No. 2002 No 144, item 1204 as amended).
- PURPOSE AND SCOPE OF DATA COLLECTION
- Each time the purpose, scope and recipients of data processed by the Service Provider result from
the actions taken by the Service Recipient on the Website. For example, if the Service Recipient
intends to use the Account, his personal data will be processed in order to conclude and perform the
contract for the use of the Account.
- The Administrator processes the personal data of the Service Recipient or his representatives for
the following purposes:
a. conclusion and implementation of the contract for the use of the Electronic Service,
b. fulfillment of obligations resulting from legal regulations, including tax and accounting regulations,
c. conducting court, arbitration, administrative, court-administrative, enforcement and mediation
d. documentation of contractual relations for evidence purposes for the period of limitation of claims
related to them,
e. conducting direct marketing of services or goods offered by the Administrator, including via e-mail
correspondence such as newsletter,
f. handling complaints and claims arising from the rights under the warranty
- The Service Provider may process the following personal data of the Customers using the Website:
a.name and surname of the Service Recipient,
b. e-mail address,
c. Name of the cooperating organization,
d. Name of the branch of the cooperating organization,
- Providing the personal data referred to in the point above is not obligatory, but it is necessary to
conclude and perform the contract for the provision of Electronic Services on the Website. Each time,
the scope of the data required to conclude a contract is previously indicated on the Website, when
using the Website, and in its Regulations.
- The Customer’s personal data may be transferred to public administration bodies or to other
persons or third parties – to the extent and in cases where the obligation to disclose them is imposed
on the Administrator by legal provisions. In addition, the Customer’s personal data may also be
transferred to entities providing the Administrator with accounting, accounting and legal services on
the basis of a separate agreement.
- The administrator declares that he has implemented appropriate technical and organizational
measures ensuring an adequate level of security corresponding to the risk related to the processing
of personal data entrusted to him, referred to in art. 32 GDPR. The administrator regularly verifies
and updates the technical and organizational measures used by him, so as to provide the entrusted
personal data with an adequate level of protection.
- The Administrator declares that in order to ensure the security of personal data processing, he has
introduced the Personal Data Protection Policy. The Personal Data Protection Policy is a measure
implemented by the Administrator in accordance with art. 24 sec. 1 and 2 of the GDPR, the purpose
of which is to introduce a procedure for handling personal data in the enterprise run by the
Administrator, based on which their processing by the Administrator will take place in accordance
with the GDPR.
- The processing of personal data within the framework of the purposes indicated above in point 3
sec. 2 includes in particular their collection, modification, storage, viewing, updating, analyzing and
- The Service Provider also processes anonymised data related to the use of the Website (eg the
number of Customers) to generate statistics on the use of the Website. These data are aggregate and
anonymous, i.e. they do not contain features that identify persons using the Website.
- Personal data concerning the Service Recipient will be kept by the Administrator for the following
a. in the case of personal data, in relation to which the legal basis for their processing by the
Administrator is the fact that it is necessary for the proper performance of the contract – until the
claims under this contract are time-barred,
b. in the case of personal data, in relation to which the basis for their processing by the Administrator
is a legitimate interest – until this basis for processing expires, in particular until the Administrator’s
claims are time-barred and the Customer’s claims resulting from the legal relationship between
them, the Administrator’s legal existence ends or legally valid or final determination or adjudication
or satisfaction or defense of a claim or other right of the Administrator or the Service User in court,
arbitration, administrative, court-administrative, enforcement or mediation proceedings,
c. in the case of personal data, in relation to which the basis for their processing is that it is necessary
to fulfill the legal obligations incumbent on the Administrator – until this basis for processing ceases.
- COOKIES AND PERFORMANCE DATA
- The Service Provider does not process the data contained in Cookies when using the Website.
- BASIS OF DATA PROCESSING
- Providing personal data by the Customer is voluntary, but failure to provide the personal data
indicated on the Website and in the Regulations of the Website, necessary for the conclusion and
implementation of the contract for the use of the Electronic Service, results in the inability to
conclude this contract.
- The legal basis for the processing of personal data for the purpose set out above in point 3 sec. 2
letter a) is that it is necessary for the performance of the contract. The legal basis for the processing
of personal data for the purpose set out above in point j3 par. 2 lit. b) it is necessary to fulfill the legal
obligations incumbent on the Administrator. The legal basis for the processing of Personal Data for
the other purposes indicated above in point is the legitimate interest pursued by the Administrator.
- RIGHTS OF THE DATA SUBJECT RELATED TO THE PROTECTION OF PERSONAL DATA
A. Right to information
1.The administrator, when collecting personal data, is obliged to provide the data subject with all the
a.his identity and contact details and, where applicable, the identity and contact details of his
b.if applicable – contact details of the data protection officer,
c. the purposes of personal data processing, and the legal basis for processing,
d. information about recipients of personal data or categories of recipients, if any,
e. if applicable – information on the intention to transfer Personal Data to a third country or an
f. the period for which personal data will be stored, and if this is not possible, the criteria for
determining this period,
g. information whether the provision of personal data is a statutory or contractual requirement or a
condition for concluding a contract and whether the data subject is obliged to provide it and what
are the possible consequences of not providing the data.
- If the Administrator plans to further process personal data for a purpose other than the purpose
for which the personal data were collected, prior to such further processing, the Administrator is
obliged to inform the data subject about this other purpose and provide him with any other relevant
B. The right to withdraw consent to the processing of personal data
- The data subject has the right to withdraw consent to the processing of personal data at any time.
Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the
basis of consent before its withdrawal.
C. Right to access personal data
1.The data subject is entitled to obtain from the Administrator confirmation whether Personal Data
concerning him or her are being processed, and if so, he is entitled to access them and the following
a.the purposes of the processing;
b. the categories of personal data concerned;
c. information on the recipients or categories of recipients to whom the personal data has been or
will be disclosed, in particular on recipients in third countries or international organizations;
d. if possible, the planned period of storage of personal data, and if this is not possible, the criteria
for determining this period;
e. information on the right to request the Administrator to rectify, delete or limit the processing of
personal data and to object to such processing;
f. information on the right to lodge a complaint with the supervisory authority;
g. if the personal data have not been collected from the data subject – any available information as to
h. information on automated decision making, including profiling referred to in art. 22 sec. 1 and 4
GDPR, and – at least in these cases – relevant information about the rules for their taking, as well as
about the significance and envisaged consequences of such processing for the data subject.
- The Administrator is obliged to provide the Data Subject with a copy of the Personal Data. For any
subsequent copies requested by the data subject, the Controller may charge a reasonable fee based
on administrative costs. If the data subject requests a copy by electronic means and unless otherwise
indicated, the information shall be provided by electronic means.
D. The right to rectify and delete personal data
- The data subject has the right to request the Administrator to immediately rectify incorrect
personal data concerning him. Taking into account the purposes of processing, the data subject has
the right to request supplementing incomplete personal data, including by providing an additional
2.The data subject is entitled to request the Administrator to immediately delete his personal data,
and the Administrator is obliged to delete personal data without undue delay, if one of the following
a.personal data are no longer necessary for the purposes for which they were collected or otherwise
b. the data subject has withdrawn consent on which the processing is based in accordance with art. 6
sec. 1 lit. a) or Art. 9 paragraph 2 lit. a) GDPR and there is no other legal basis for processing,
c. the data subject objects to the processing pursuant to Art. 21 sec. 1 GDPR against the processing
and there are no overriding legitimate grounds for the processing or the data subject objects to the
processing pursuant to Art. 21 sec. 2 GDPR against processing,
d. personal data has been processed unlawfully,
e. personal data must be removed in order to comply with the legal obligation provided for in Union
law or the law of the Member State to which the Administrator is subject
f. personal data has been collected in relation to the offering of information society services referred
to in art. 8 sec. 1 GDPR.
3.The rights of the data subject indicated in point 2 above do not apply to the extent that processing
is necessary to exercise the right to freedom of expression and information, to establish, assert or
defend claims, to comply with a legal obligation requiring processing under EU law or the law of the
Member State to which the Administrator is subject, or to perform a task carried out in the public
interest or as part of the exercise of public authority entrusted to the Administrator, due to reasons
of public interest in the field of public health in accordance with art. 9 paragraph 2 lit. h) and i) GDPR
and art. 9 paragraph 3 GDPR for archiving purposes in the public interest, for scientific or historical
research purposes or for statistical purposes pursuant to Art. 89 paragraph. 1 GDPR, insofar as it is
likely that this right will prevent or seriously hinder the achievement of the purposes of such
- The administrator is obliged to provide the data subject with information on rectification or
deletion of personal data, unless it proves impossible or will require a disproportionately significant
E. The right to limit the processing of personal data
1.The data subject has the right to request the Administrator to limit the processing of their personal
data in the following cases:
a. The data subject questions the accuracy of the personal data – for a period allowing the
Administrator to verify their accuracy,
b.the processing is unlawful, and the data subject opposes the deletion of personal data, demanding
instead to limit their use,
c. The administrator no longer needs personal data for the purposes of processing, but they are
needed by the data subject to establish, assert or defend claims,
d. The data subject has objected to the processing pursuant to Art. 21 sec. 1 GDPR – until it is
determined whether the legitimate grounds of the administrator override the grounds for objection
of the data subject.
- The controller is obliged to provide the data subject with information on the restriction of the
processing of personal data, unless this proves impossible or requires a disproportionate effort.
F. The right to transfer personal data
1.The data subject is entitled to receive, in a structured, commonly used, machine-readable format,
personal data relating to him provided to the Administrator, and has the right to send these personal
data to another administrator without any obstacles on the part of the Administrator, if the
processing takes place in an automated manner. and a) on the basis of the consent of the data
subject or b) necessary for the performance of the contract.
- When exercising the right specified above, the data subject has the right to request that the
personal data be sent by the Administrator directly to another administrator, if technically possible.
This right does not apply to processing which is necessary to perform a task carried out in the public
interest or as part of the exercise of public authority entrusted to the Administrator. This right may
not adversely affect the rights and freedoms of other entities.
G. Right to object and rights related to automated decision making in individual cases
- The data subject has the right to object at any time – for reasons related to his particular situation –
to the processing of his personal data based on art. 6 sec. 1 lit. e) or f) GDPR, including profiling based
on these provisions. The administrator is no longer allowed to process this personal data, unless he
demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights
and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
2.If personal data is processed by the Administrator for direct marketing purposes, the data subject
has the right to object at any time to the processing of his personal data for such marketing
purposes, including profiling, to the extent that the processing is related to such direct marketing .
- If the data subject objects to processing for direct marketing purposes, the personal data may no
longer be processed for such purposes.
- If personal data are processed for scientific or historical research purposes or for statistical
purposes pursuant to Art. 89 paragraph. 1 GDPR, the data subject has the right to object – for reasons
related to his particular situation – to the processing of his personal data, unless the processing is
necessary to perform a task carried out in the public interest.
5.The data subject has the right not to be subject to a decision which is based solely on automated
processing, including profiling, and produces legal effects or similarly significantly affects him, unless
the decision is necessary to conclude or performance of the contract between the data subject and
the Administrator; is permitted by the law of the European Union or the law of the Member State to
which the Administrator is subject and which provides for appropriate measures to protect the
rights, freedoms and legitimate interests of the data subject or is based on the express consent of
the data subject.
- FINAL PROVISIONS
- The website may contain links to other websites. The service provider urges that after switching to
- The administrator provides the following technical measures to prevent the acquisition and
modification of personal data sent electronically by unauthorized persons:
a. Securing the data set against unauthorized access;
- In all matters related to the processing of personal data, in particular in matters related to the
following contact details:
MCS LABORATORY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. Ignacego Mościckiego 1, 24-110 Puławy, e-mail address: email@example.com