Privacy Policy

This Privacy Policy sets out the rules for storing and accessing data on Users’ Devices who use the Website for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data voluntarily provided by them through tools available on the Website.

This Privacy Policy is an integral part of the Website’s Terms of Service, which define the rules, rights, and obligations of Users using the Website.

§1 Definitions

Website – the website “UES Sp. Z o.o” operating at https://uesmed.com
External Service – websites of partners, service providers, or clients cooperating with the Administrator
Website/Data Administrator – the administrator of the Website and of the personal data (hereinafter: Administrator) is the company “UES Sp. Z o.o”, based at: ul. Strażacka 21d/7, 35-312 Rzeszów, Poland, Tax Identification Number (NIP): 8133883729, providing electronic services via the Website
User – a natural person for whom the Administrator provides services electronically through the Website
Device – an electronic device with software through which the User accesses the Website
Cookies – text data stored in the form of files placed on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
Personal Data – means information about an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as name, ID number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity
Processing – means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction
Restriction of processing – means marking stored personal data to limit their future processing
Profiling – any form of automated processing of personal data to evaluate certain personal aspects of a natural person, especially to analyze or predict aspects regarding job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
Consent – the data subject’s freely given, specific, informed, and unambiguous indication of their wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
Personal Data Breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed
Pseudonymization – the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure non-attribution
Anonymization – an irreversible process of data operations that destroys or overwrites “personal data” to prevent identification or linking of a record with a specific user or natural person

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

In matters related to data processing, including personal data, contact the Administrator directly.

§3 Types of Cookies

• Internal Cookies – files placed and read from the User’s Device by the Website’s IT system
• External Cookies – files placed and read from the User’s Device by IT systems of external services. External scripts, knowingly included in the Website, may place cookies
• Session Cookies – stored temporarily during a single session; deleted after the session ends
• Persistent Cookies – stored on the Device until manually deleted, unless the browser is configured to delete cookies automatically after session end

§4 Data Storage Security

• Mechanisms for storing/reading cookies – rely on built-in browser functionality and cannot retrieve other data from the User’s Device
• Internal cookies – are safe, do not contain scripts or content that might endanger data or device security
• External cookies – the Administrator ensures due diligence in selecting reputable partners but cannot fully control external cookie content or usage
• Cookie Control – Users can manage cookie settings and delete stored cookies via their browser settings
• User-side threats – Users are responsible for protecting their devices from malware and ensuring safe browsing practices
• Personal Data Storage – the Administrator takes all reasonable steps to protect voluntarily provided data and limit access according to the intended purpose
• Password Storage – passwords are encrypted using current standards and cannot be decrypted

§5 Purposes of Using Cookies

• Website performance and access optimization
• Personalization for Users
• Enabling login functionality
• Marketing and remarketing on external platforms
• Affiliate services
• Analytics and statistics
• Multimedia services
• Social media features

§6 Purposes of Personal Data Processing

Voluntarily provided personal data may be processed for:

• Account registration and management
• Sharing content to social media or other platforms
• Communication regarding the Website or data protection
• Ensuring the Administrator’s legitimate interest

Automatically collected anonymous data may be processed for:

• Statistics
• Remarketing
• Affiliate programs
• Ensuring the Administrator’s legitimate interest

§7 External Services Cookies

The Website uses JavaScript and web components from partners who may place their own cookies, including:

Multimedia services:

• YouTube
• Vimeo

Social media / integrations:

• Facebook
• LinkedIn

Analytics:

• Google Analytics
• Adobe Analytics

These third-party services operate independently and may change their policies or cookie behavior without Administrator control.

§8 Types of Collected Data

Automatically collected anonymous data:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Visited subpages
• Time spent on pages
• OS type
• Referrer and referring page address
• Browser language
• Internet speed
• ISP

Data collected during registration:

• First/last name or alias
• Username
• Email
• Phone number
• IP address
• Other ordinary data

Newsletter sign-up:

• Email address

Some non-identifying data may be stored in cookies or sent to analytics providers.

§9 Third-party Access to Personal Data

In general, the Administrator is the sole recipient of personal data. Data is not sold or transferred to third parties unless necessary for:

• Infrastructure and service maintenance (via Data Processing Agreements)
• Hosting services (e.g., Home.pl, with data stored in Poland)
  • Personnel may have access during maintenance tasks under contract with the Administrator

§10 Method of Personal Data Processing

Voluntarily provided personal data:

• Not transferred outside the EU unless shared publicly by the User
• Not used for automated decision-making or profiling
• Not sold to third parties

Automatically collected anonymous data:

• May be transferred outside the EU
• Not used for profiling
• Not sold to third parties

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR):
  • Art. 6(1)(a): the data subject has given consent to the processing of their personal data for one or more specific purposes
  • Art. 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Art. 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
• The Telecommunications Law of 16 July 2004 (Journal of Laws 2004, No. 171, item 1800)
• The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§11 Legal Basis for the Processing of Personal Data

The Service collects and processes Users’ data based on:

§12 Period of Personal Data Processing

Personal data voluntarily provided by Users:

As a rule, such personal data is stored only for the duration of the Service provision by the Administrator. It is deleted or anonymized within 30 days from the end of service provision (e.g., account deletion, unsubscription from the newsletter, etc.)

An exception is when further processing is required for legally justified purposes of the Administrator. In this case, the Administrator may retain the data after a User’s deletion request for no longer than 3 years if there has been a breach or suspected breach of the Terms of Service by the User.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, which does not constitute personal data, is stored by the Administrator indefinitely for the purpose of website analytics.

§13 Users’ Rights Regarding Personal Data Processing

The Service collects and processes Users’ data on the basis of:

• Right of access to personal data:
  Users have the right to access their personal data upon request submitted to the Administrator.
• Right to rectification:
  Users have the right to request the correction of inaccurate personal data or the completion of incomplete data, upon request submitted to the Administrator.
• Right to erasure (“right to be forgotten”):
  Users have the right to request the immediate deletion of their personal data. For user accounts, this involves anonymization of identifying data.
  The Administrator reserves the right to refuse deletion if required to protect its legitimate interests (e.g., breach of Terms of Service or relevant communication history).
  In the case of the Newsletter, the User may remove their personal data by clicking the unsubscribe link in each email.
• Right to restrict processing:
  Users have the right to restrict the processing of their personal data in the cases specified in Article 18 of the GDPR, such as questioning the accuracy of the data.
• Right to data portability:
  Users have the right to receive their personal data in a structured, commonly used, and machine-readable format upon request.
• Right to object to processing:
  Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR.
• Right to lodge a complaint:
  Users have the right to lodge a complaint with a supervisory authority for data protection.

§14 Contact with the Data Controller

The Administrator can be contacted via the following methods:

• Postal address: UES Sp. Z o.o., ul. Strażacka 21d/7, 35-312 Rzeszów, Poland
• Email address: office@uesmed.com
• Contact form: available at /contact

§15 Service Requirements

Restricting or disabling Cookies on the User’s device may result in improper functioning of some features of the Service.
The Administrator bears no responsibility for malfunctioning Service features if the User restricts the ability to save or read Cookies.

§16 External Links

The Service may contain links to external websites (e.g., in articles, posts, or comments), with which the Service Owner does not cooperate. These links and the resources they lead to may pose a risk to your device or your data security.
The Administrator is not responsible for any content found outside the Service.

§17 Changes to the Privacy Policy

The Administrator reserves the right to change this Privacy Policy at any time without notifying Users, in regard to the use of anonymous data or Cookies.
In the case of changes to the processing of personal data, the Administrator will notify Users who have accounts or are subscribed to the newsletter by email within 7 days of the changes.
Continued use of the Service indicates acknowledgment and acceptance of the revised Privacy Policy. If a User disagrees with the changes, they are obliged to delete their account or unsubscribe from the newsletter.
All changes will be published on this subpage of the Service and come into effect upon publication.