Thank you for your interest in the website (hereinafter referred to as the “Website”) of the Polish Healthcare Assets – Sector Event Conference (hereinafter referred to as “PHASE”). We inform you that while using our website, certain data about the Website users (hereinafter referred to as “Users”) may be collected, which is necessary for its proper functioning and improvement. Therefore, before browsing it, we recommend that you read the terms of this Privacy Policy.

This Privacy Policy (hereinafter referred to as the “Policy”) explains the manner and principles of collecting, processing, using, and storing personal data. Additionally, the Policy covers the rights of Users related to their personal data.

Administrator: Blume Advisory sp. z o.o. (hereinafter referred to as “Blume”) headquartered in Warsaw at Puławska Street 145, 02-715 Warsaw, entered into the register of entrepreneurs of the National Court Register under the number KRS 969925, whose registration files are kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, NIP: 5213966901, REGON: 521935581, with a share capital of 5,000 PLN – the entity providing this Policy and simultaneously the Administrator of personal data to which the Policy applies. The Administrator may transfer personal data to the other PHASE Organizers (hereinafter referred to as “Co-organizers”), i.e., the Employers’ Association “Związek Innowacyjnych Firm Biotechnologii Medycznej” BioInMed (KRS 0000922827, NIP 1133041412, REGON 520001787) and the owner of Strefa Inwestorów, JPP Group Sp. z o.o. (KRS 0000393388, NIP 1132844422, REGON 144078281).

I. Personal data collected by the Administrator are processed in accordance with the principles set out in the regulations on personal data protection, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (hereinafter referred to as “GDPR”).

II. Personal Data: means any information relating to an identified or identifiable natural person (hereinafter referred to as “Data”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

III. Data Subject: any natural person whose personal data is processed by the Administrator.

IV. Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.

V. Data Sources: personal data obtained by the Administrator: (a) directly from the person, as part of the registration and communication related to the organization of PHASE. (b) indirectly through Cookies or similar technologies left as part of browsing the PHASE website, including filling out and submitting a contact form. Data includes, among others, name, surname, address, email, represented organization, browser type (user-agent), device data, including IP address.

VI. Contact regarding personal data: any requests or questions related to the exercise of the Data Subject’s rights can be sent to the email address: rodo@blumeadvisory.com or to the correspondence address: Blume Advisory Sp. z o.o., Puławska Street 145, 02-715 Warsaw.

VII. Purposes and legal bases of processing:

Purposes:

Registration for participation in PHASE.

Marketing of PHASE, including online marketing, in particular through the presentation of promotional materials of PHASE and its achievements at various events, as well as on websites.

Statistical measurements.

Blume and Co-organizers’ newsletters.

External marketing (marketing of Co-organizers).

Legal bases:

Art. 6(1)(b) GDPR (processing for the performance of a contract)

Art. 6(1)(f) GDPR (legitimate interests of the Administrator)

Art. 6(1)(a) GDPR (consent of the Data Subject)

VIII. Retention period: The Administrator processes Data only as long as it is necessary. After the purpose is fulfilled, the Data will be deleted in accordance with the Administrator’s retention policy, unless the law requires the Administrator to retain it. Depending on the legal basis for processing, Data may be processed for the following period:

where the basis for processing Data is the legitimate interest of the Administrator – until a valid objection is raised;

where the basis for processing Data is consent – until it is withdrawn.

IX. Voluntary provision of Data: providing Data is voluntary, but its provision may be necessary to use certain functionalities of the website (e.g., registration form).

X. Recipients: The Administrator may transfer Data to Co-organizers and other trusted processors to whom it has entrusted certain tasks to provide the best possible service. In particular:

  • entities directly or indirectly related to the Administrator,
  • external service providers (e.g., IT services, postal services, couriers),
  • entities providing promotional services for Blume and Co-organizers,
  • administrative authorities and courts,
  • other entities with which the Administrator has concluded a data processing agreement.

Data may be transferred to competent state authorities only if the Administrator has a legal obligation arising from Art. 6(1)(c) GDPR, only to the extent necessary.

XI. Data Subject’s rights: persons whose Data is processed have the following rights:

  • the right to information about the processing of personal data, including the purposes and legal bases of processing, the scope of held Data, the entities to which it is disclosed, and the planned date of its deletion,
  • the right to obtain a copy of the Data,
  • the right to rectification – the Administrator is obliged to remove inconsistencies or errors in processed personal data and complete it if it is incomplete,
  • the right to restrict processing – upon request, the Administrator ceases performing operations on personal data – except for operations to which the person concerned has consented – and storing it, in accordance with the adopted retention rules or until the reasons for restricting data processing cease (e.g., a supervisory authority’s decision is issued allowing further data processing),
  • the right to data portability – to the extent that the Data is processed in connection with a concluded contract or expressed consent, the Administrator issues the Data provided by the person concerned in a format that allows for computer reading. It is also possible to request the transfer of Data to another entity – provided there are technical capabilities for this,
  • the right to object to the processing of Data for marketing purposes at any time without the need to justify such objection,
  • the right to object to other purposes of processing personal data based on the legitimate interest of the Administrator. The objection in this regard should contain justification,
  • the right to withdraw consent – if the Data is processed based on consent, the Data Subject has the right to withdraw it at any time, which does not affect the lawfulness of processing carried out before its withdrawal,
  • the right to delete Data, the processing of which is no longer necessary for any of the purposes for which it was collected,
  • the right to lodge a complaint – if it is considered that the processing of Data violates GDPR or other data protection regulations, the Data Subject can lodge a complaint with the President of the Personal Data Protection Office (www.uodo.gov.pl).

XII. Transfer of Data to third countries (outside the EEA): Blume and Co-organizers do not plan to transfer Data to third countries, i.e., those outside the EEA (European Economic Area). If this were to occur, all requirements arising from applicable law will be met. If the transfer is to an entity located in a third country that does not ensure an adequate level of protection, the Administrator applies safeguards such as standard contractual clauses approved by the European Commission.

XIII. No automated decision-making: as part of marketing activities and service improvements, the Administrator may analyze Data in IT systems using various filters and tools. The Administrator may perform such activities based on its legitimate interest (legal basis: Art. 6(1)(f) GDPR), involving searching and grouping categories of people to determine which advertising messages may be interesting, as well as improving the Administrator’s services. Based on the results of the activities described above, the Administrator does not make any decisions regarding the Data Subject in an automated manner.

XIV. Information about “Cookies”: to ensure the proper functioning of services related to PHASE, the Administrator performs functions for obtaining information about users and their behavior by saving “Cookies” files on end devices. Cookies are text files stored by the server on a computer or mobile device. Only the server that created the Cookies has access to them. The content of Cookies often contains identifiers, site names, and numbers and characters. Cookies are unique to the browsers or mobile applications used by the User and allow websites to store various data, including User preferences. Like many other internet service providers, Blume and Co-organizers use Cookies to improve the user experience (UX). Session Cookies (temporary) are deleted after each visit, and persistent Cookies remain for many visits. Cookies allow websites to remember User settings such as language, font size on your computer or mobile device, and other browser preferences. This means that the User does not have to set preferences anew each time. If the User does not use Cookies, websites will treat them as a new user each time they visit. Cookies can be managed and deleted at your discretion. You can delete all Cookies stored on your device, and most web browsers allow you to block Cookies. However, in such a case, you will need to adjust user settings each time you visit the website or application of the Administrator. You can learn how to manage Cookies in your browser settings or on its dedicated website.

XV. Changes/Updating information: as the Privacy Policy constitutes current information on Data processing, its content may change to be in line with the actual principles of Data processing. The current Privacy Policy along with information on the date of the last update is available on the website www.pha-se.pl.