PRIVACY POLICY OF WWW.DIOLOSA.COM

This Privacy Policy defines:

• the rules for storing and accessing information on the User’s devices with the help of Cookie files used to provide online services at the User’s request
• the rules for processing personal data and a description of the basic rights related to personal data processing

I. Definitions.

1. The Controller – refers to AVICENNA POLSKA CLAUDE DIOLOSA with the seat in: 49-300 Brzeg, ul. Wojciecha 1 office 2, – entity entered in the Central Registration and Information on Business under Tax Number: 7543129919, Statistical Number REGON: 365671881, which provides online services and stores and gains access to information on the User’s devices.
2. Cookies – shall refer to IT data, in particular small text files saved and stored on the devices on which the User uses the diolosa.com website
3. The Controller’s cookies – shall refer to Cookies installed by the Controller, related to the online services provided by the Controller via diolosa.com
4. External Cookies – shall refer to the Cookies installed by the Controller’s partners via diolosa.com
5. Device – shall refer to an electronic device used by the User to access diolosa.com
6. User – shall refer to an entity to which online services may be provided or with which an online Service Agreement may be concluded.

II. Types of Cookies used

1. The cookies used by the Controller are safe for the User’s Device. In particular, the cookies do not make it possible for computer viruses, other undesired software or malware to reach the Users’ Devices. These files make it possible to identify the software used by the User and to adjust diolosa.com individually to each User. Cookies usually include the name of the domain they come from the period over which they will be stored on the Device and the assigned value.
2. The Controller uses two types of cookies:

• session cookies: they are stored on the User’s Device and remain there until the end of the session in a particular browser. Then the saved information is permanently deleted from the memory of Device. The mechanism of session cookies does not make it possible to collect any personal data or confidential information from the User’s Device.
• permanent cookies: they are stored on the User’s Device and remain there until they are deleted. Ending a browser session or switching off the Device does not delete them from the User’s Device. The mechanism of persistent cookies does not make it possible to collect any personal data or confidential information from the User’s Device.

3. The User has an option to limit or disable the access of cookies to their Device. Should the User exercise this option, it will still be possible to use diolosa.com, except for the functions whose nature requires cookies.

III. Purposes of using Cookies.

1. The Controller uses its own Cookies for the following purposes:

• Setup of the Internet website:

1. optimising the use of diolosa.com
2. recognising the Device of the User of diolosa.com and adjusting it to the User’s individual needs
3. remembering the settings selected by the User and customising User interface, e.g. as regards the selected language or region the User comes from
4. size of the font, layout of the website etc.

• Performing processes necessary to guarantee the complete functionality of Internet websites.
  Optimising the use of www.diolosa.com, in particular these files make it possible to recognise the basic parameters of the User’s Device and to display the website accordingly, as suited to the User’s individual needs.

• Analyses and research as well as viewing audit.
  Creating anonymous statistics which help understand how the Users use the www.diolosa.com website, which makes it possible to improve the structure and content;

• Ensuring the security and reliability of the diolosa.com website.

2. The Controller of diolosa.comuses External Cookies for the following purposes:

• collecting Internet statistics via Clicky Web Analytics: www.getclicky.com [controller of these cookies: Roxr Software Ltd with the seat in the  USA]
• collecting general and anonymous static data via analytical tools: Google Analytics [controller of these cookies: Google Inc. with the seat in the USA]
• presenting multimedia content on diolosa.com, downloaded from the external website: www.youtube.com [controller of these cookies: Google Inc. with the seat in the USA]
• presenting multimedia content on diolosa.com, downloaded from the external website: www.vimeo.com [controller of these cookies: Vimeo Inc. with the seat in the USA]

3. On diolosa.com there is a plug-in for sharing the website content on Facebook.com
   

IV. Possibility to define the conditions for storing or gaining access by Cookies.

1. The User may independently amend the Cookie settings at any time by defining the terms and conditions for storing these files as well as for the access of the Cookies to the User’s Device. The User may change the settings by amending the browser settings or the service setup. These settings may in particular be amended so as to block the automatic cookie acceptance in the Internet browser settings or to inform the User every time the cookies are saved on the User’s Device. Detailed information about the possibility and ways of supporting cookies can be found in the software settings (browser settings).
2. The User may delete the Cookies at any time by using relevant functions in the current browser.
3. Limiting the extent to which the Cookies are supported may impact some of the functionalities available on the www.diolosa.com website.
4. Personal data protection.
5. Data Controller

• The Data Controller is AVICENNA POLSKA CLAUDE DIOLOSA with the seat in: 49-300 Brzeg, ul. Wojciecha 1 office 2, – entity entered in the Central Registration and Information on Business under Tax Number: 7543129919, Statistical Number REGON: 365671881. It is possible to contact the Controller at the abovementioned address for service and via e-mail: diolosainfo@gmail.com.
• AVICENNA POLSKA CLAUDE DIOLOSA guarantees that the data entrusted to it shall be processed as per the requirements of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data protection Regulation “GDPR”) (Official  Journal of the European Union L 119 from 2016), hereinafter referred to as the “GDPR.”
• The Controller ensures that the data is collected only to the extent necessary for the abovementioned purpose and only for the period when it is necessary.

2. Type of personal data

• The Controller processes personal data as necessary for the purpose of the processing, in particular: the name, surname, e-mail address, address for service, phone number, address of residence, which was provided during the Controller’s business activity.
• Providing the data is necessary for the provisions of services and for the settlement of the relevant business activity. To the remaining extent, providing the data is voluntary, but depending on the circumstances, a refusal to provide the data or demanding that the data be deleted may prevent the Controller from sharing information about its business activity and from maintaining contact.
• Personal data is processed via diolosa.com as per the User’s consent expressed directly. The scope of data processing depends on the forms available on the website. As the User is visiting the website, also the information related to the User’s visit is collected, e.g. IP address, domain name, browser type, operating system type etc.

3. Scope, period and purposes of data processing

• Correspondence and contact by phone.

1. Scope and source of the data.
   The Controller shall process the following personal data: name, surname, e-mail address, address for service and phone number. The Controller obtains the personal data directly from the data subject.

1. Purposes of data processing.
   The Controller processes the data in order to:

• manage e-mail and traditional correspondence related to the Controller’s business activity (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• maintain contact by phone, related to the Controller’s business activity, including in order to provide information about the services (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• maintain ongoing contact not related to the services provided to the senders of the communication in order to settle or solve the business the correspondence refers to (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• to pursue other legitimate purposes related to starting and maintaining contact and creating a contact network (legal basis Article 6 para. 1 (a) or (f) of the GDPR).

1. Retention period.
   The Controller shall process the personal data for the period necessary to achieve the purpose of contact and in the period of maintaining the current relation, including the exchange of correspondence, and for 3 years after the relation expires. In the event of data processing as per the Controller’s legitimate interest, the data will be processes for a period that makes it possible to pursue this interest or until an effective objection against data processing is filed. The retention period may be extended within the legal limits if the data processing is necessary for an investigation or for defence against claims. After the expiry of the data processing period, the data will be deleted or anonymised.

• Service provision.
  If the data is collected for the purpose of performing a specific agreement, the Controller shall inform the data subject of the data processing (including the scope, purpose of the processing and the retention period) upon concluding the agreement.

• Cooperation with contractors and clients, including prospective clients

1. Scope and source of the data.
   The Controller shall process the following personal data: name, surname, e-mail address, address for service, phone number, address of residence, Tax Number NIP and Statistical Number REGON. The Controller obtains the personal data directly from the data subject, from the entity represented by a natural person or from public records (Business Registers such as: KRS, CEIDG).

1. Purposes of data processing.
   The Controller processes the data in order to:

• maintain ongoing contact with regard to concluding or performing the agreement, presenting the offer, sending an order, answering queries (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• manage e-mail and traditional correspondence related to the performance of the agreements, orders, presented offers and queries (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• maintain contact by phone, related to the provided services and the business activity, including the performance of agreements, providing information about services (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• provide information about events organised by the Controller or events the Controller participates in (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• perform agreements, orders, including the assertion or defence against claims (legal basis Article 6 para. 1 (a)  or (f) of the GDPR);
• perform agreements concluded by the Controller with clients, including the organisation of courses and trainings, in order to cooperate with suppliers and other entities cooperating with the Controller (legal basis Article 6 para. 1 (a) or (f) of the GDPR);
• to pursue other legitimate purposes related to starting and maintaining contact and creating a contact network, e.g. by exchanging business cards, organising/participating in meetings/conferences/events (legal basis Article 6 para. 1 (a) or (f) of the GDPR).

1. Retention period.
   The Controller shall process the personal data for a period necessary to perform the relevant agreement, and for the period of prescription of the claims under the agreement. In the event of data processing as per the Controller’s legitimate interest, the data will be processes for a period that makes it possible to pursue this interest or until an effective objection against data processing is filed. The retention period may be extended within the legal limits if the data processing is necessary for an investigation or for defence against claims. After the expiry of the data processing period, the data will be deleted or anonymised.

• Contact via www.diolosa.com

1. Scope and source of the data.
   The Controller shall process the following personal data: name, surname, e-mail address, phone number, address for service. The Controller obtained the data directly from the data subject, via the contact form or Newsletter found on www.diolosa.com.

1. Purposes of data processing.
   The Controller processes the data in order to:

• answer queries sent via the contact form (legal basis Article 6 para. 1 (a) of the GDPR);
• provide information about what’s new and about the Controller’s services via the Newsletter (legal basis Article 6 para. 1 (a) of the GDPR);

1. Retention period.
   The Controller shall process the personal data for the period of maintaining the current relation, including the exchange of correspondence, and for 3 years after the relation expires. The retention period may be extended within the legal limits if the data processing is necessary for an investigation or for defence against claims. After the expiry of the data processing period, the data will be deleted or anonymised.

4. Data recipients
   With regard to the Controller’s business activity, and to the necessary extent, personal data may be shared with third parties, including in particular:

• entities providing accounting services,
• entities running postal or courier business,
• banks, if it is necessary to manage and keep settlements,
• entities responsible for the management of IT systems and hardware,
• public authorities or other entities authorised by the law, in order to comply with the Controller’s obligations,
• other entities, to the extent the Controller is obliged to do it by the law.

5. Sharing the data outside the European Economic Area
   The Controller shall not share the personal data outside the European  Economic Area.

6. Automated decision-making
   The Controller does not employ automatic decision-making in individual cases, in particular, the personal data shall not be subject to profiling.

7. Right of the data subjects
   Data processing as part of the service provision is regulated in the law or in agreements with the clients. Subject to the situations defined in the law, data subjects shall have the following rights:

• right to access the content of their data,
• right to adjust any discrepancies or errors in the processed data or to complete the data,
• right to receive information on the processed data, including the purposes of and legal basis for the processing,
• right to limit the scope of data processing,
• right to withdraw the consent at any time without affecting the compliance of the processing, provided the data is processes pursuant to the consent,
• right to transfer the data,
• right to object against data processing for marketing purposes or based on the Controller’s legitimate interest,
• right to file a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Office, if they believe the data processing is against the law, including the GDPR.
  Any requests related to the wish to exercise the abovementioned rights should be filed to the Controller in writing or in electronic form.

8. Data security

• The Controller makes an effort to guarantee the security of the data entrusted to it.
• The Controller shall:

1. guarantee the transparency of data processing,
2. provide information about data processing upon collection, except for the situations when it is not obliged to do so as per separate legal provisions,
3. ensure that the data is collected only to the extent necessary for the defined purpose and processed only for the period when it is necessary,
4. ensure confidentiality by guaranteeing that only authorised people have access to the data.

• In order to guarantee the integrity and confidentiality of the data, the Controller:

1. has implemented procedures that facilitate access to personal data only by authorised people and only to the extent necessary for them to perform their job,
2. uses technical and organisational measures in order to ensure that all operations on personal data are properly secured,
3. furthermore, takes all the necessary actions in order for the entities cooperating with the Controller to guarantee they are using proper safeguards in any case when they process personal data at the Controller’s request,
4. if necessary, implements additional safeguards to increase data security.

• If there is a personal data breach despite the applied safeguards and this breach could result in a high risk to the rights and freedoms of the data subjects, the Controller shall immediately notify the data subjects thereof.

VI. References to other websites

www.diolosa.com includes references to other websites. The Controller shall not be liable for the privacy rules valid for those websites. When visiting the abovementioned websites, it is recommended to become familiar with the privacy policy or cookies policy for the specific website.

VII. Final provisions.

If the currently mandatory privacy policy is amended, relevant modifications will be introduced in its content.