1. General information and definitions
|Controller/ Us||means Helfio Sp z o.o. with its registered office at ul. Grzybowska 87,00-844 Warsaw|
|Personal Data||means information concerning an identified or identifiable natural person (the “data subject”), within the meaning of the Data Protection Laws.|
|Sensitive Data||means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.|
|Helfio/ Website||means the website that we run, which is hosted under the domain: www.helfio.com, along with all of the web pages comprised thereby.|
|Terms and Conditions of Use||means the Terms and Conditions of Use of the Website available at the following address: www.helfio.com/regulamin. Whenever in this Policy one of the terms defined in the Terms and Conditions of Use is used, it should be understood in the same way as defined therein, unless the Policy defines such term otherwise for its own specific needs.|
|User/ You||means any natural person using the Website.|
- 1.4. We act as a controller for your Personal Data. You may contact us by email using for this purpose the following email address: firstname.lastname@example.org.
- 1.5. We process your Personal Data in compliance with the Data Protection Laws.
- 1.6. Website features are made available for use against payment and the terms of creating a Profile page on the Helfio website, of using the Website and making the relevant payments are set out in the Terms and Conditions of Use.
2. Purpose of the processing of your Personal Data
- 2.1. We process your Personal Data for the following purposes:
- 2.1.1. providing you with the services referred to in the Terms and Conditions of Use, including, in particular, for the purpose of enabling you to collect, arrange and manage information about your health – which refers to identification, contact and other data provided in the course of the registration procedure and on the Profile page, including information concerning health;
- 2.1.2. analysing the Website operation and optimising the same – which refers to identification, contact and other data provided in the course of the registration procedure and on the Profile page, including information concerning health;
- 2.1.3. contacting you, in the case where you use electronic forms of contact with us, without concluding an Agreement – which refers to identification and contact data;
- 2.1.4. performing services for the benefit of all of the Users and other our clients, including, in particular, with a view to enabling them to use the Content we will create in reliance upon the information you have placed on the Profile page regarding the Problems described by you, any treatment methods applied, as well as opinions about specific medicinal products or medical devices – which refers to data concerning health. We will render such information anonymous and make it available to the Users and other our clients for opinion-forming, informative, analystical and statistical purposes, in a general, collective manner in order to prevent such persons from identifying you;
- 2.1.5. direct marketing of own products – which refers to identification and contact data;
- 2.1.6. contacting medical facilities, including the electronic prescribing by physicians – which refers to identification, contact and health data required under the applicable provisions of law.
- 2.2. As regards the Messenger feature of the Website, a User seeking to contact you will only receive data rendered anonymous about the Problems or applied treatment methods you have described. He or she will receive only information rendered anonymous about the Problem you have described and will be able to communicate with you exclusively upon your consent.
- 2.3. The Forum and the Messenger features do not allow for your Personal Data to be made available automatically or manually to other Users, but only for text messages to be exchanged among the Users.
3. Basis for the processing of your Personal Data
- 3.1. We are allowed to process your ordinary Personal Data in the cases specified in Article 6(1) of Regulation No. 2016/679, if one of the following conditions has been satisfied:
- 3.1.1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- 3.1.2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- 3.1.3. processing is necessary for compliance with a legal obligation to which the controller is subject;
- 3.1.4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- 3.1.5. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child; the legitimate interest for which we process your data is marketing of own services.
- 3.2. We will process sensitive data exclusively in cases specified in Article 9(2) of Regulation No. 2016/679, if one of the following conditions has been satisfied:
- 3.2.1. the data subject has given explicit consent to the processing of such personal data for one or more specified purposes, except where Union or Member State law provides that the data subject is not allowed to consent to such processing;
- 3.2.2. processing relates to personal data which is manifestly made public by the data subject;
- 3.2.3. processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- 3.3. You are entitled to withdraw your consent to the processing of your Personal Data at any time. The withdrawal of the consent will be without prejudice to the lawfulness of the processing which has been carried out with the consent before the withdrawal thereof.
4. The collection of Personal Data
- 4.1. The Website collects the following categories of Personal Data: full name, email address, weight, height, country, sex, date of birth, personal number PESEL, insurance or medical card number, blood type, telephone number, data concerning health condition (including medical history – recent diseases, chronic diseases, medicaments, disease-related data, medical appointment).
- 4.2. It is not possible to use the Website features without creating a Profile page and concluding an Agreement with us.
- 4.3. For the Agreement to be concluded with us, it is necessary to provide the following Personal Data: full name, date of birth, email address, telephone number, country and sex – this is voluntary, but necessary for an account to be registered on the Website and for the Agreement to be concluded with us. Providing other Personal Data, including in particular any sensitive Data is voluntary and depends only on whether or not you wish to use a given Website feature. Using some of the Website features (e.g. reports, analyses or calculators regarding your health condition or the analysis of health parameters or results of your tests) will be possible only if you submit such data for analysis.
- 4.4. Personal Data of your family members which you place on your Profile page may be described under the user name including only name or nickname of such person, with the exclusion of the surname. We will store this data in a form rendered anonymous.
- 4.5. While the Website features are used, we automatically collect information about you by reading, recording and storing your IP numbers, browser type and language, as well as access time, navigation information, including information about websites you have browsed, links clicked and other activities performed in relation to the Website. We store this information as server logs. It may also be used by law enforcement authorities in case of any unlawful activities. In order to reinforce the protection of your Personal Data, we use it in a form rendered anonymous. Please note that anonymous data of server logs is recorded and stored separately from other personal data.
- 4.6. If you contact us by email, with the use of links or forms made available on the Website, any Personal Data provided in this way voluntarily will be automatically stored in accordance with the terms and conditions set out in the Policy.
5. Entities to be granted access to your Personal Data
- 5.2. The Website may make your Personal Data available to the following categories of recipients:
- 5.2.1. entities providing us with outsourcing services connected with our activity, e.g. entities rendering accounting or IT services. In such a case, they will become entities authorised by us to process the personal data and we will conclude the relevant agreements with them;
- 5.2.2. our clients and other Users for the benefit of which we render services including: developing reports, statistics and analyses regarding health care and preventive health care-related issues. In such a case, the Personal Data will be made available only once it has been rendered anonymous.
- 5.2.3. any transactional data, including personal data, will be processed by PayLane Sp. z o.o. with its registered office in Gdańsk at ul. Cypriana Kamila Norwida 4, post code: 80-280, KRS: 0000227278 in the scope necessary for the service payments to be handled.
6. Transfer of the Personal Data to third countries
- 6.1. We do not intend to transfer the Personal Data to any third countries or international organisations, within the meaning of the Data Protections Laws.
7. Duration of the processing of your Personal Data
- 7.1. We will process your Personal Data only for a period necessary for the purpose for which it has been collected to be achieved and in reliance upon a specific legal basis, which means that:
- 7.1.1. we will process your Personal Data which you have collected on your Profile page for the term of the Agreement, as well as after the termination thereof for a period and within a scope necessary to exercise or defend claims regarding failure to perform or to properly perform the Agreement, however, for not longer than 12 years from the date of the expiry of the Agreement;
- 7.1.2. your Personal Data, including sensitive Data, which has been incorporated into the Content available on the Website in a form rendered anonymous – for a period not longer than 12 years from the date of the expiry of the Agreement.
- 7.2. In the case where the purpose or the legal basis becomes invalid or irrelevant, in particular after the expiry of the period referred to above, we will erase your Personal Data.
8. Your rights
- 8.1. You have the right to gain from us information about whether or not we process your Personal Data, to access such Data and to receive the following information about:
- 8.1.1. purposes of the processing;
- 8.1.2. categories of the processed Personal Data;
- 8.1.3. recipients or categories of recipients to whom the Personal Data has been or will be made available, in particular, about recipients in third countries or international organisations, and in the case where your Personal Data is transferred to a third country or an international organisation, you are entitled to become informed about the appropriate safeguards connected with such transfer;
- 8.1.4. the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- 8.1.5. the right to request that we rectify, erase or restrict the processing of your Personal Data and to object to such processing;
- 8.1.6. the right to lodge a complaint with a supervisory authority;
- 8.1.7. if the Personal Data has not been collected from you – any and all available information about the source of such Data;
- 8.1.8. automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- 8.2. You are entitled to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- 8.3. You have the “right to be forgotten”, i.e. to obtain from us the erasure of your Personal Data without undue delay and we will have the obligation to erase the Personal Data without undue delay where one of the following grounds applies:
- 8.3.1. the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- 8.3.2. you have withdrawn the consent on which the processing is based and there is no other legal ground for the processing;
- 8.3.3. you object to the processing on grounds relating to your particular situation and there are no overriding legitimate grounds for the processing, or you object to the processing of your Personal Data for direct marketing purposes;
- 8.3.4. the Personal Data has been unlawfully processed;
- 8.3.5. the Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
- 8.3.6. the Personal Data has been collected in relation to the offer of information society services.
- 8.4. The exercise of the "right to be forgotten" will not apply to the extent that processing is necessary:
- 8.4.1. for exercising the right of freedom of expression and information;
- 8.4.2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- 8.4.3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2), as well as Article 9(3) of Regulation No. 2016/679;
- 8.4.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as such right is likely to render impossible or seriously impair the achievement of the objectives of that processing;
- 8.4.5. for the establishment, exercise or defence of legal claims.
- 8.5. You have the right to obtain from us restriction of processing of your Personal Data where one of the following applies:
- 8.5.1. the accuracy of the Personal Data is contested by you – for a period enabling us to verify the accuracy of the Personal Data;
- 8.5.2. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead;
- 8.5.3. we no longer need the Personal Data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
- 8.5.4. you have objected to processing – pending the verification whether our legitimate grounds override your grounds for the objection. Where processing has been restricted in connection with the exercise of the abovementioned rights, such Personal Data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, of which you will be notified by us.
- 8.6. You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this Data to another controller without hindrance from us, where:
- 8.6.1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of Regulation No. 2016/679 or on a contract pursuant to point (b) of Article 6(1) of Regulation No. 2016/679; and
- 8.6.2. the processing is carried out by automated means. Where technically feasible, you have the right to have such Personal Data transmitted by us directly to another controller indicated by you.
- 8.7. You have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, where:
- 8.7.1. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (point (e) of Article 6(1) of Regulation No. 2016/679); or
- 8.7.2. the processing is necessary for the purposes of the legitimate interests pursued by us (point (f) of Article 6(1) of Regulation No. 2016/679), including profiling based on those provisions. We will no longer process such Personal Data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- 8.8. Where the Personal Data is processed for direct marketing purposes, you will have the right to object at any time to processing of your Personal Data for such marketing, which includes profiling, to the extent that it is related to such direct marketing. In this case, we will no longer be allowed to process your Personal Data for such purpose.
- 8.9. Furthermore, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of the Personal Data relating to you infringes Regulation No. 2016/679.
9. Cookies, plug-ins and the creation of a User profile
- 9.2. Cookie files (“cookies”) represent IT data, in particular text files, which are stored on an end device of the Website User and help the browser navigate through the Website pages. Cookies usually contain the name of the website from which they originate, the time of their storage on an end device and a unique number.
- 9.3. Cookies are used for the following purposes:
- 9.3.1. elaborating statistics which help understand how you and other Users navigate through the Website, which allows for its structure and content to be improved;
- 9.3.2. maintaining your session (after logging in), thanks to which you do not have to enter your login and password on each and every Website page browsed;
- 9.3.3. determining User profile for the purpose of displaying suitably selected material on the Website.
- 9.4. The Website uses two major cookie types: “session cookies” and “persistent cookies”. Session cookies are temporary files which are stored on an end device of the User until the time of logging off, leaving a website or disabling the software (closing a web browser). Persistent cookies are stored on an end device of the User over a time-period set in parameters of cookie files or until the time when they are deleted by the User.
- 9.5. The software used for browsing websites (a web browser) usually allows – by default – for cookies to be stores on a end device of the User. You may change the settings in this regard. The website browser allows for cookies to be deleted. It is also possible to automatically block cookies. Detailed information about this issue is to be found in the “help” guidelines or in the documentation of the web browser.
- 9.7. Cookies stored on an end device of the Website User may also be used by partners co-operating with the Website operator within the framework of analytical operations. In this regard, our Website uses Google Analytics and HotJar.
- 9.8. If you do not wish to receive cookies, you may change the settings of the web browser. Please note that disabling cookies software necessary for authentication, security or preference maintenance processes may hamper or - in some extreme cases – prevent the Website from being used.
- 9.9. Profiling, which we may perform, does not lead to any decisions being taken by us with a legal effect in respect of you.
- 9.10. In order to block the use of your data in Google Analytics, you may install a tool blocking Google Analytics in your web browser, which is available at the following address: https://tools.google.com/dlpage/gaoptout/?hl=pl.
- 9.11. Our Website uses on its web pages links to its accounts on Facebook and Instagram. The principles of processing of personal data by these social media are available at the following addresses: