ONCO DESK
MOBILE APPLICATION PRIVACY POLICY
This Privacy Policy, developed by Commoditech sp. z o.o. with its registered office in Warsaw, entered under the number of the National Court Register KRS: 0000436044 into the Register of Entrepreneurs kept by the Regional Court for the capital city of Warsaw, 12th Commercial Division of the National Court Register; the amount of the share capital and paid-in capital: PLN 25,000. NIP (Tax Identification Number): PL701-03-57-859; REGON (National Business Registry Number): 146338214 (hereinafter referred to as the “Service Provider”), determines rules for collecting information about users (hereinafter referred to as “the Users”) of the mobile application “ONCO DESK” (hereinafter referred to as “the Application”).
- The Controller of data in the Application within the meaning of art. 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as: “GDPR”) is the Service Provider (“the Controller”).
- The Service Provider pays particular attention to the protection of the privacy of the Application Users and the security of the processing of their personal data.
- The Service Provider undertakes to adequately protect data concerning Users, in accordance with the following rules:
- the personal data of the Application Users are processed in accordance with the requirements of the GDPR;
- only personal data voluntarily provided by the Users is processed as part of the Application;
- Data concerning the Users may only be used for purposes the data has been collected.
- Personal data in the form of (i) HCP ID (Medical license number or equivalent), (ii) ZIP code, (iii) e-mail address, (iv) name and (v) surname is processed in order to authorize and grant the access to the Application functionalities (“Personal Data”).
- The processing of Personal Data takes place:
- on the basis of the consent given by the User while registering to the Application (article 6 (1) (a) of the GDPR);
- pursuant to art. 6(1)(b) of the GDPR), i.e. processing is necessary for the performance of an agreement / service to which the data subject is party, or in order to take steps at the request of the data subject, prior entering into the agreement / service (access to the Application).
- Personal data is collected and processed for purposes related to the implementation of the Agreement or related to the creation of an account in “Onco Desk” Application, i.e. the provision of services by the Company. The User is informed about the type of collected data with the use of specific forms for entering data. It is possible to delete the account from the Application at any time. After the implementation of the Agreement or the deletion of the Application, the personal data of the User is blocked due to the storage periods resulting from legal provisions, and after these deadlines personal data shall be deleted if the User does not expressly consent to the further use of his/her data or it is required by law.
- Personal data may be made available, to the extent permitted by the applicable law, to trusted third parties that the Controller has authorized or entrusted with the processing of personal data, for purposes related to the provision of Services by the Controller, including the hosting service provider OVH sp. z o.o. with its registered office: Wrocław 54-402, ul. Szkocka 5 lok. 1, Republic of Poland – to the extent necessary to achieve the goals indicated in these Regulations. Personal data may also be transferred to competent state authorities.
- In addition, if you use the Application, the Controller collects only such data that allows to analyse the traffic in the Application (“analytics”). It is data such as: (i) the number of visits to the Application, (ii) the date and access time, (iii) visited areas/sections of application, (iv) operating system. The data is processed in accordance with art. 6 (1) (f) of the GDPR, taking into account the Controller’s interest in order to improve the quality, stability and functionality of the Application. This data is not transferred or used in any other way.
- Personal data is stored for no longer than it is necessary for the proper provision of the Services by the Controller and for the period of limitation of any claims that the Controller is entitled to for the provision of Services.
- The User has the right to access his/her personal data and the right to rectify, delete, limit processing, the right to transfer data and the right to object.
- Data protection rights provide the User with numerous rights against the Controller as indicated below:
- The right of access by the data subject pursuant to art. 15 of the GDPR;
- The right to rectification data pursuant to art. 16 of the GDPR;
- The right to erasure data pursuant to art. 17 of the GDPR;
- The right to restriction of processing pursuant to art. 18 of the GDPR;
- Notification obligation regarding rectification or erasure of personal data or restriction of processing pursuant to art. 19 of the GDPR;
- The right to data portability pursuant to art. 20 of the GDPR;
- The right to withdraw his/her consent pursuant to art. 7 (3) of the GDPR;
- The right to lodge a complaint with a supervisory authority pursuant to art. 77 of the GDPR.
- Personal data shall not be transferred outside the EEA.
- The User has the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Office), if he/she considers that the processing of Personal Data violates the provisions of the GDPR;
- Providing personal data by the User is voluntary, but failure to provide the data shall prevent the Controller from providing the Services offered.
- A contact with the Controller is possible through the following e-mail: suport@commoditech.pl
- The system automatically generates the ID of the User’s device which is used for PUSH notifications. A unique ID of the User is also assigned to this ID.
- The user may at any time remove the device ID not giving a consent to PUSH notifications to be sent to his device. However, this is related to the lack of the basic functionality of the Application, i.e. notifications about content updates.
- The system supporting the Application does not store the e-mail address required to log in to the Application. It only stores the identifier (hash). The identifier cannot be related to an email address.
- The data provided while verifying the access to the Application is not related in any way to the User’s e-mail address.
- The profile is encrypted in the database and the key to decrypt it is only in the device of the authorized person.
- The profile does not contain personal data, only statistical data.
- The Service Provider reserves the right to amend the Privacy Policy.
- In matters not stipulated in the given Privacy Policy, the relevant provisions of Polish law shall apply.