Instagram Facebook Tiktok Youtube Spotify

Privacy policy

I. INTRODUCTION

This Privacy Policy explains how personal data are processed and protected within the website registered at aldent.lublin.pl (hereinafter: the Website).

The Personal Data Controller (hereinafter: the Controller) is Centrum Stomatologii Kompleksowej ALDENT S.C. M. Paradowska G. Paradowski, ul. Pana Balcera 6/1A, 20-631 Lublin, Poland, NIP: 7123048373, REGON: 060209489.

Any questions or concerns—especially those related to the processing of personal data—may be addressed to the Controller:

  • by post – to the Controller’s registered address;

  • by email – to: csk@aldent.lublin.pl;

  • via the website aldent.lublin.pl.

The Controller ensures that the entrusted personal data are processed in compliance with the requirements of generally applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

The Controller’s primary objective is to provide Website Users with privacy protection at a level at least meeting the requirements of applicable law, in particular the GDPR.

Any person using the Website in any manner accepts all rules set out in this Privacy Policy.

The Controller reserves the right to introduce changes to the Privacy Policy if required by law or by changes to the Website’s functionality.

The Controller will notify all Users of relevant changes and the date they take effect, in particular by publishing an appropriate notice on the Website.

II. BASIC DEFINITIONS

User – any natural person whose personal data are processed by the Controller.

Personal data – any information relating to an identified or identifiable natural person, identifiable directly or indirectly, in particular by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person, as well as the device IP address, location data, an online identifier, and information collected via cookies and other similar technologies.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – an organised IT solution available at aldent.lublin.pl and possibly at other internet addresses, as well as in applications and other IT tools, comprising a set of interoperating computer programs, databases and accompanying elements (e.g. graphics) connected into one ICT system.

Processing of personal data – any operation performed on personal data, such as collection, recording, storage, organisation, alteration, disclosure and deletion, in particular those performed in IT systems.

Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.

III. PURPOSES, LEGAL GROUNDS, SCOPE OF DATA PROCESSING AND INFORMATION ON FORMS

  1. The Controller processes personal data only when at least one of the following conditions is met:

    • when the Website User gives consent in the forms available on the Website, for the purpose of taking actions covered by those forms (Art. 6(1)(a) GDPR);

    • when processing is necessary for the performance of a contract to which the Website User is a party (Art. 6(1)(b) GDPR);

    • for handling complaints – the legal basis is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR);

    • to comply with a legal obligation incumbent on the Controller (Art. 6(1)(c) GDPR);

    • for the possible establishment, pursuit or defence of claims – the legal basis is the Controller’s legitimate interest consisting in protecting its rights (Art. 6(1)(f) GDPR);

    • for the Controller’s marketing purposes, consisting in informing the User about the current offer and new Website functionalities – the legal basis is consent (Art. 6(1)(a) GDPR).

  2. The Controller processes the personal data of Website Users to the extent necessary for the purposes set out in item 1 above, for the period necessary to achieve these purposes or until the Website User withdraws consent. Failure to provide data may, in some situations, result in the inability to achieve the purposes for which the data are required.

  3. Data provided in forms available on the Website are processed for purposes resulting from the function of the specific form; additionally, they may also be used by the Controller for archival and statistical purposes. Consent of the data subject is expressed by ticking the appropriate checkbox in the form.

IV. DATA SECURITY

  1. The Controller continuously conducts risk analysis in order to identify threats related to secure processing and implements appropriate technical and organisational measures to protect processed personal data.

  2. The Controller ensures that personal data are accessible only to authorised persons and only to the extent necessary for the tasks performed by them.

  3. The Controller keeps a register of persons authorised to process personal data. These persons are obliged to keep personal data and methods of securing them strictly confidential.

V. RECIPIENTS OF DATA

  1. Recipients of Users’ personal data may include entities to which the Controller commissions activities requiring the processing of such data, in particular in the scope of email services, ICT services, hosting, IT services, administrative support, legal services or advisory services.

  2. A third party with access to personal data processes them solely on the basis of a data processing agreement and only on the Controller’s instructions.

  3. Recipients of Users’ personal data may also include entities and authorities entitled to receive such data—only in justified cases and on the basis of generally applicable laws.

VI. RECEIVING COMMERCIAL INFORMATION

  1. The Website User, where the Website provides for this, may consent to receiving commercial information by electronic means of communication.

  2. Where the Website User has consented to receiving commercial information by electronic means of communication, the User has the right to withdraw such consent at any time.

  3. Exercising the right to withdraw consent to receive commercial information is carried out by sending an appropriate request to the Controller’s email address, including the Website User’s first and last name.

VII. USERS’ RIGHTS

  1. Each person whose data are processed has the following rights:

    • right of access to data and information about processing (Art. 15 GDPR) – the Controller provides the requesting person with their data and information on processing purposes and legal bases, the scope of data held, recipients to whom personal data are disclosed, and the planned date of deletion;

    • right to obtain a copy of data (Art. 15(3) GDPR) – the Controller provides a copy of processed data relating to the requesting person, where possible and where it does not infringe the rights of third parties;

    • right to rectification (Art. 16 GDPR) – the User may request correction of inaccuracies or errors in processed personal data and supplementation or updating if incomplete or changed;

    • right to erasure (Art. 17 GDPR) – the User may request deletion of data where processing is no longer necessary for any purpose for which they were collected;

    • right to restriction of processing (Art. 18 GDPR) – the Controller may stop operations on personal data, except operations consented to by the data subject and storage in accordance with adopted retention rules, or until the reasons for restriction cease (e.g., a supervisory authority decision permitting further processing);

    • right to data portability (Art. 20 GDPR) – where data are processed on the basis of a contract or consent, the Controller may provide the data supplied by the data subject;

    • right to object to processing for other purposes (Art. 21 GDPR) – the data subject may object at any time; such objection should include justification and is assessed by the Controller;

    • right to object to processing for marketing purposes (Art. 21(2) GDPR) – the data subject may object at any time without justification;

    • right to withdraw consent (Art. 7(3) GDPR) – where data are processed on the basis of consent, the data subject may withdraw it at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal;

    • right to lodge a complaint (Art. 77 GDPR) – if processing violates the GDPR or other personal data protection laws, the data subject may lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (PUODO): https://uodo.gov.pl/pl/p/kontakt.

  2. A request regarding the exercise of data subjects’ rights may be submitted:

  3. A response will be provided within one month of receipt. If this period must be extended, the Controller will inform the applicant of the reasons.

  4. The response will be sent to the email address from which the request was sent, and for requests sent by post—by registered mail to the address indicated by the applicant, unless the letter indicates a wish to receive a response by email (in which case an email address should be provided).

VIII. COOKIES AND SIMILAR TECHNOLOGY

  1. The Website uses cookies.

  2. Cookies (“cookies”) are IT data, in particular text files, stored on the User’s end device and intended for use of the Website’s web pages. Cookies usually contain the name of the website they originate from, the time they are stored on the end device and a unique number.

  3. The entity placing cookies on the User’s end device and obtaining access to them is the Controller.

  4. Cookies are used, among others, for the following purposes:

    • creating statistics that help understand how Users use the Website;

    • maintaining the user session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage;

    • determining the user profile in order to display tailored materials in advertising networks, in particular Google’s network.

  5. The Website uses two main types of cookies: session cookies and persistent cookies. Session cookies are temporary files stored on the User’s end device until logout, leaving the website or closing the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in cookie parameters or until they are deleted by the User.

  6. Web browsing software (a web browser) usually, by default, allows cookies to be stored on the User’s end device. Users may change these settings. The browser allows deletion of cookies. Automatic blocking of cookies is also possible. Detailed information is available in the help or documentation of the web browser.

  7. The Controller uses third-party services whose list changes over time and which may use cookies, among others, for:

    • monitoring traffic on the Controller’s websites;

    • collecting anonymous, aggregated statistics that help understand how Users use the Controller’s website;

    • controlling how often selected content is shown to users;

    • controlling how often users choose a given service;

    • analysing newsletter sign-ups;

    • using communication tools;

    • integration with social media platforms.

  8. The User may manage cookies used by the Controller or any external providers by changing browser settings. Further information is included in the COOKIES POLICY document available on the Website.

  9. Restrictions on the use of cookies may affect certain functionalities available on the Website’s pages.

  10. For statistics, the Controller may use Google Analytics. In that case, the User’s data of a Website visitor are received by Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. The User may block Google Analytics access to their data by installing the plugin available at: https://tools.google.com/dlpage/gaoptout/

  11. The Controller encourages Users to read Google’s detailed explanations regarding data processing within Google Analytics at: https://policies.google.com/privacy?hl=pl.

  12. The Controller may also use marketing tools available within Facebook (Meta Platforms). Ads may be delivered within Facebook. These activities are carried out on the basis of the Controller’s legitimate interest in marketing its own products or services (Art. 6(1)(f) GDPR).

  13. In order to deliver personalised advertising based on Users’ behaviour on the Website, the Meta Pixel may be implemented, which automatically collects information about the use of the Website. The information collected may be transferred to Facebook’s servers in the United States and stored there.

  14. Information collected via the Meta Pixel is anonymous, i.e. it does not allow identification of the User. The Controller is only informed about what actions the User took on the Controller’s website. However, Meta Platforms may combine such information with other information about the User collected within Facebook and use it for its own purposes, including marketing. Such actions by Facebook are not dependent on the Controller and are described in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. The User can also manage privacy settings from their Facebook account. Meta Platforms is headquartered in the USA and uses technical infrastructure located, among others, in the USA.

IX. SOCIAL MEDIA

  1. The Controller processes personal data of Users visiting the Controller’s profiles maintained on social media (e.g. Facebook, Instagram, YouTube).

  2. These data are processed in order to inform Users about the Controller’s activity, offer services, and communicate with Users via tools available on social media. The legal basis is the Controller’s legitimate interest (Art. 6(1)(f) GDPR) consisting in promoting its brand and services and building and maintaining a community around the brand. Further information is provided in the Facebook Fanpage Information Clause and the YouTube Information Clause.

  3. The Website contains links to the Controller’s social media profiles, which have separate privacy policies available after clicking the relevant icon.

  4. With regard to any websites linked from the Website that are not owned by or controlled by the Controller, the Controller bears no responsibility for their content or for the rules on confidentiality applicable to Users. When displaying a web page containing such links, the User’s browser establishes a direct connection to the servers of the social media administrators (service providers). The plugin content is transferred by the provider directly to the User’s browser and integrated into the page. Due to this integration, providers receive information that the User’s browser displayed the Controller’s website, even if the User does not have a profile with that provider or is not logged in. Such information (together with the IP address) is sent directly to the provider’s server (some located in the USA) and stored there.

  5. If the User is logged in to a given social network, that provider can directly associate the visit to the Controller’s website with the User’s profile on that social network. If the User uses a plugin (e.g. clicks “Like” or “Share”), the relevant information is also sent directly to the provider’s server and stored there. In addition, such information is published on the social network and displayed to the User’s contacts.

  6. The purpose and scope of data collection and further processing by providers, as well as contact possibilities, Users’ rights and privacy-setting options, are described in the privacy policies of the respective providers. The Controller encourages Users to read them.

  7. If the User does not want social networks to associate data collected during visits to the Controller’s website directly with the User’s profile, the User should log out of the given social network before visiting the Controller’s website.

  8. The User may also completely prevent plugins from loading by using appropriate browser extensions, e.g. script blocking.

X. SERVER LOGS

  1. Using the Website involves sending queries to the server on which it is hosted. Each query is recorded in server logs.

  2. Logs include, among others, the User’s IP address, server date and time, information about the web browser and operating system used. Logs are recorded and stored on the server.

  3. Data recorded in server logs are not associated with specific persons using the website and are not used by the Controller to identify the User.

  4. Server logs constitute only auxiliary material used to manage the Website, and their content is not disclosed to anyone other than persons authorised to administer the server.

XI. TRANSFER OF DATA OUTSIDE THE EEA

  1. The Controller may transfer Users’ personal data to third countries, i.e. countries outside the European Economic Area (EEA). Such data may be transferred only to third countries or entities for which the European Commission has decided that an adequate level of data protection is ensured.

  2. The list of countries for which the European Commission has issued an adequacy decision is available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#relatedlinks.

  3. In the absence of an adequacy decision pursuant to Art. 45(3) GDPR, Users’ personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Art. 46 GDPR).

  4. In the absence of an adequacy decision pursuant to Art. 45(3) GDPR or of appropriate safeguards pursuant to Art. 46 GDPR (including binding corporate rules), the Controller will request the User’s explicit consent for such transfer to a third country or an international organisation, having previously informed the User of the risks associated with such transfer pursuant to Art. 49(1)(a) GDPR.

XII. INFORMATION ON AUTOMATED DECISION-MAKING

Within the Website, the Controller may automatically tailor certain content to the User’s needs, i.e. conduct profiling, using the personal data provided by the User. Profiling primarily consists in an automated assessment of which products may be of interest to the User based on the User’s previous online activity, including on the Controller’s websites, and in displaying advertisements for products profiled in this way.

Profiling carried out by the Controller does not result in decisions producing legal effects concerning the User or similarly significantly affecting the User.

COOKIE POLICY AND USED INTERNET TECHNOLOGIES

This Cookie Policy supplements the PRIVACY POLICY with regard to the processing of personal data using cookies, pixels (pixel codes) and other internet technologies and the processing of personal data through them, used on the Controller’s official website available at www.aldent.lublin.pl (hereinafter: the Website).

GENERAL INFORMATION

Cookies (“cookies”) are IT data, in particular text files, stored on the User’s end device (e.g. computer, tablet, smartphone) and intended for the use of the Website’s web pages. Cookies are not harmful to Users or their devices and do not negatively affect their operation. They also do not cause configuration changes in end devices or installed software.

The Website uses two main types of cookies: session cookies and persistent cookies. Session cookies are temporary files stored on the User’s end device until leaving the website or closing the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in cookie parameters or until deleted by the User.

Web browsers usually, by default, allow cookies to be stored on the User’s end device. Users can change these settings, as the browser allows cookie deletion. Automatic blocking of cookies is also possible. Detailed information is available in the help or documentation of the browser used.

Within the Website, the following cookies may be used, among others:

  • “necessary” – enabling the use of services available within the Website, e.g. authentication cookies used for services requiring authentication;

  • cookies used to ensure security, e.g. used to detect authentication abuse within the Website;

  • “performance” – enabling collection of information on how web pages are used;

  • “functional” – enabling “remembering” selected settings and personalisation of the User interface, e.g. language or region, font size, page appearance, etc.;

  • “advertising” – enabling delivery of advertising content tailored to Users’ interests and visits, also for remarketing purposes using third-party cookies.

Depending on the website or mobile application used, the type and number of cookies may vary.

SCOPE OF DATA COLLECTED

Cookies identify device and browser data used to browse websites—for example, they allow determining whether a device has visited the website before. Cookies usually contain the website name they originate from, the time they are stored on the end device and a unique number.

Within the Website, the Controller may process data about how the site is used using a computer, tablet, smartphone or another device through which the User accesses the Website. Some of these data, combined with other data, may constitute personal data.

Using the applied internet technologies, the Controller may process, for example:

  • device data: device type/model, unique device identifiers, MAC address, IP address, operating system, OS version and device settings, language settings, screen resolution, web browser version and type;

  • log / event data: time of use of the Website, search data and any information stored in cookies that uniquely identifies the browser or User account;

  • location data: IP address, location data obtained using various positioning technologies (latitude/longitude, ISP e.g. Play/Orange, other location data provided by the User), such as GPS, Wi-Fi access points or other sensors that may provide data near the device (after consent to location);

  • other data regarding Website use that may be processed if the User visits or uses the Controller’s websites, e.g. UTM entry source, ad campaign through which the User entered the site, referrals, links clicked, number of clicks and views of dynamic content, which ads the User saw and where.

In connection with access to the Controller’s Website, data from the end device are processed in an automated manner in relation to triggering or performing activity on the Website, enabling the Controller to assess certain factors relating to individuals and, through analysis of behaviour, predict future behaviour—however, without making significant decisions concerning the User.

PURPOSES AND LEGAL BASIS OF USED INTERNET TECHNOLOGIES

The Controller uses the applied internet technologies in particular to:

  • ensure operation, security and reliability of the Website;

  • adjust Website content to User preferences and optimise use of the Website, improve the website (proper display, adaptation to individual User needs);

  • analyse and create statistics that help understand how Users use the Website, enabling improvement of structure and content.

The use of cookies or similar technologies on the Controller’s websites takes place with the User’s consent expressed by using the website without changing browser settings for analytical/statistical purposes and adapting the site to individual User needs. In this way, the User agrees that cookies or similar technologies will be placed on their end device (computer, tablet, smartphone) and that the Controller will use information stored in cookies.

At any time, the User may withdraw consent or object to processing of personal data by changing cookie settings in the browser or using other methods enabling changes to cookie settings.

The default setting of most browsers is to accept all cookies. However, settings can be changed so that the browser requests acceptance, accepts or rejects only certain types of cookies, or rejects all cookies.

Please note that some cookies are necessary for the operation of the Controller’s websites, and their removal or disabling may reduce functionality.

Cookies or other technologies are used automatically, which does not mean that they are used for automated decision-making intended to produce legal effects or similar effects that could harm Users’ interests or privacy.

FUNCTIONALITIES OR TECHNOLOGIES OF EXTERNAL PROVIDERS

The Controller may use services and tools of external providers on the Website, in particular for providing services available through the Website (e.g. chat, callpage).

On the Controller’s websites or fanpages, social media plugins of third parties may be used, e.g. Facebook, Instagram, LinkedIn (plugins such as “Like”, “Share”), marked with commonly known icons. For this purpose, code referring to these networks is placed on relevant pages. Content from the Controller’s website may be sent to those networks or services. Depending on the User’s privacy settings, it may be visible publicly or privately. Using these plugins, Users logged into those services can share the page they are on. However, the plugin will be loaded only if Users activate it via the activation icon. The plugin content will then be transmitted by the social network directly to the User’s end device and displayed there. If the relevant option is selected, the activation will apply permanently during visits to the Controller’s Website. Users may deactivate buttons at any time by clicking “Undo”. Without activation, the plugins remain inactive and no connection is made with social networks.

The Controller’s websites may also contain external links, e.g. to its Facebook page. The Controller has no control over what data the plugin or social network provider collects and how it processes it. For information on the purpose and scope of data collection (including cookies used there), further processing and use by external providers, Users’ rights and privacy options, the User should consult the respective provider’s data protection information.

TRANSFER OF DATA OUTSIDE THE EEA

Due to the possibility of sharing data collected via cookies of external providers, the Controller informs that some data may be transferred outside the EEA. Such transfers may take place on the basis of standard contractual clauses in accordance with the European Commission decision or on the basis of the User’s explicit consent.

OBJECTION AND WITHDRAWAL OF CONSENT FOR INSTALLING COOKIES

The User may at any time withdraw consent or object to the use by the Controller or its partners of data contained in cookies or similar technologies. In such a case, the User should use the consent management tool by clicking on the cookie banner or change browser settings.

The User can change browser settings so that it requests acceptance of cookies, accepts or rejects only certain types of cookies, or rejects all cookies. Detailed information about cookie handling options is available in browser settings (help section) or by contacting the software manufacturer for instructions on disabling and deleting cookies.

Cookies may be deleted by the User after being saved by the Controller using appropriate functions of the web browser or other tools.

Please note that some cookies are necessary for the operation of websites and their removal or disabling may reduce functionality.

If, as a result of changing cookie settings, an “opt-out” cookie is placed (used only to identify the User’s objection/lack of consent), please remember that it works only in the browser in which it was saved. If all cookies are deleted or the User uses a different browser or end device, opt-out settings must be made again.

ADDITIONAL INFORMATION

More information about cookies and other tracking technologies, including how to disable them, can be found at: http://wszystkoociasteczkach.pl/

The User may opt out of individual advertisers using search history to deliver online behavioural advertising by visiting: http://www.youronlinechoices.com/pl/twojewybory

Instagram Facebook Tiktok Linkedin-in