This Privacy Policy contains the rules regarding the processing of personal data by the Administrator on the Website: www.biopoint.pl, hereinafter referred to as the "Website", including the legal basis, purposes and scope of personal data processing, rights of data subjects, information about recipients of personal data , profiling and also regarding the use of cookies on the Website.

Providing personal data by persons using the Website is voluntary, however, refusal to provide data may result in the inability to use the Website or refusal to conclude a contract and provide the Service. Providing data is justified by the performance of the contract.

The Administrator processes personal data collected on the Website in accordance with the provisions of law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: "GDPR").

The administrator of your personal data is: BioPoint with its registered office in Stawiguda, ul. Sadowa 4, 11-034 Stawiguda, entered into the Register of Entrepreneurs of the National Court Register, under KRS number: 0000268516, whose registration files are kept by the District Court in Olsztyn, 8th Commercial Division of the National Court Register, using NIP number: 7393587619 and REGON number: 28016 684 , e-mail address: biuro@biopoint.pl, hereinafter referred to as the "Administrator" and being also the service provider of the Website.

1. The definitions used in the Privacy Policy mean:

a. Privacy Policy – this document,

b. Loyalty program – a marketing program introduced by the Administrator in order to maintain lasting and effective relationships with customers,

c. Biodollars – points awarded for the purchase of goods

2. Purpose, scope and basis of personal data processing.

The website collects data of people who have registered, were registered by the Administrator or exchanged Biodollars for prizes.

2.1. Use of the contact form

The scope of data. For this purpose, the Administrator processes your data, which is necessary to complete the contact form and contact the Administrator, i.e. name and surname, telephone number, e-mail address. The basis of law. Necessity for the performance of the contract – Art. 6 section 1 letter b GDPR, art. 6 section 1 letter a GDPR.

2.2. Using the registration form in the Loyalty Program

For this purpose, the Administrator processes your personal data provided in the registration form for the Loyalty Program, i.e. name and surname, e-mail address, telephone number; additionally, in the case of sole proprietorships: NIP number, entrepreneur's company name. Legal basis. Necessity for the performance of the contract, consent of the data subject - Art. 6 section 1 letter b GDPR.

2.3. Establishing, investigating and defending against claims

For this purpose, the Administrator processes your data, i.e. name and surname, e-mail address, telephone number, data regarding the use of the Website (if claims are related to the method of using the Website; additionally, in the case of sole proprietorships: NIP number, entrepreneur's company, business address.

Legal basis. The Administrator's legitimate interest in determining and defending against claims in court and pre-trial proceedings - Art. 6 section 1 letter f GDPR.

2.4. Performance of the contract for the provision of the Service

The scope of data. For this purpose, the Administrator processes your data necessary to perform the Service before concluding the contract, i.e. name and surname, address, telephone number; additionally, in the case of sole proprietorships: NIP number, entrepreneur's company name, business address.

Legal basis. Necessity for the performance of the contract – Art. 6 section 1 letter b GDPR.

2.5. Direct marketing

The scope of data. For this purpose, the Administrator processes your personal data provided in the registration form when creating an account in the Loyalty Program, i.e. name and surname, e-mail address, telephone number, previous order history on the Website; additionally, in the case of sole proprietorships: NIP number, entrepreneur's company name, business address.

Legal basis. The Administrator's legitimate interest in marketing the Administrator's products and services - Art. 6 section 1 letter f GDPR.

2.6. social media

The scope of data. If you visit profiles run by the Administrator on social media (Facebook, Instagram, Twitter), the Administrator processes your personal data obtained using these media, i.e. name and surname, profile photo, nickname, information contained in posts. , comments.

Legal basis. The legitimate interest of the Administrator - Art. 6 section 1 letter f GDPR.

2.7. Bookkeeping

The scope of data. For this purpose, the Administrator processes your personal data such as: name and surname, residential address, bank account number (if provided); additionally, in the case of sole proprietorships: NIP number, entrepreneur's company, business address, bank account number.

Legal basis. Processing is necessary to fulfill the legal obligation imposed on the Administrator - Art. 6 section 1 letter c GDPR.

3. Recipients of personal data.

The Administrator may transfer your personal data to external entities with which it cooperates for the proper functioning of the Website and the performance of contracts concluded by you. The Administrator includes the following categories of recipients:

a. courier companies/carriers - the Administrator transfers your personal data to courier companies/carriers whose services are used during delivery under the contract concluded by you;

b. service providers - the Administrator transfers your personal data to service providers used to run the website. Depending on the arrangements between the Administrator and the provider of a given service, the provider may act as an entity processing personal data at the express request of the Administrator or an entity that independently determines the purposes and basis for data processing (administrator). The entities using the services used by the Administrator are: companies providing IT services (software, hosting, e-mail providers), accounting and legal services. ;

c. state authorities - the Administrator transfers your personal data at the express request of authorized state authorities, e.g. the President of the Personal Data Protection Office, the prosecutor's office, the police, the President of the Office of Competition and Consumer Protection.

4. Personal data storage period.

a. Use of the contact form (2.1., 2.4.) - Your personal data will be processed for the period necessary to answer the question you asked in the contact form, or until you withdraw your consent. If a contract is concluded, these data will be processed for the period necessary to perform the contract, no longer than until the claims arising from the concluded contract expire;

b. Use of the registration form in the loyalty program (2.2.) - The Administrator stores personal data of users registered in the Loyalty Program for the period of having an account on the Website. After deleting your account, your personal data will be stored for a period of 3 years from the date of deleting your account in order to consider complaints and claims related to the use of the Administrator's services;

c. Determination, investigation and protection against claims (2.3.) - the Administrator processes your data collected for this purpose, no longer than for the period of limitation of the last claim in relation to the data subject;

d. Direct marketing (2.5.) - the Administrator processes personal data collected for this purpose for the period of existence of the Administrator's legitimate interest, but no longer than the period of limitation of the last claim against the data subject or until the effective objection is expressed by the data subject;

e. Social media (2.6.) - the Administrator processes personal data collected for this purpose for the period of existence of the Administrator's legitimate interest, but no longer than the period of limitation of the last claim against the data subject or until the effective objection is expressed by the data subject. the data subject;

f. Keeping accounting books (2.7.) - The Administrator processes personal data collected for this purpose for the period required by law, i.e. for 5 years, counting from the beginning of the year following the financial year to which the data relates.

5. Rights of the data subject.

You have the right to:
a. access to personal data, rectification, restriction of processing, data transfer;
b. the right to delete data (“right to be forgotten”);
c. object to the processing of personal data for reasons related to your particular situation, to the processing of personal data based on the legal basis of Art. 6 section 1 letter e or f GDPR;
d. withdraw consent to the processing of personal data;
e. submit a complaint to the President of the Personal Data Protection Office, whose registered office is at: ul. Stawki 2, 00-193 Warszawa (www.uodo.gov.pl).

6. Complaints, inquiries, requests.

All complaints, requests and inquiries regarding the processing of your personal data can be sent by e-mail to the following address: biuro@biopoint.pl.

7. Automated decision-making, including profiling.

The Administrator will not make automated decisions based on personal data, including decisions resulting from profiling.

8. Transfer of personal data outside the European Economic Area.

The Administrator does not directly transfer your personal data to third countries, i.e. outside the EEA. However, the specific nature of Facebook's operation makes it possible to transfer data outside the EEA. The basis for such a transfer are standard contractual clauses used by Facebook approved by the European Commission

9. Final provisions.

a. The Administrator reserves the right to change this privacy policy. The updated Privacy Policy will be posted on the Website;
b. The website is equipped with security measures provided by the hosting company NetArt Spółka Akcyjna S.K.A., ul. Cystersów 20a, 31-553 Kraków, which administers our server. The administrator of our Website ensures full protection of data against loss, misuse or modification;
c. This Privacy Policy does not cover any information regarding services or goods of entities other than the Administrator, which were posted on the Website pages commercially, as a guest, on a reciprocal basis or not intended to achieve a commercial effect;
d. The Administrator reserves the right to introduce changes, withdraw or modify the functions or properties of the Website, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable law. For the avoidance of doubt, the User is not entitled to any claims against the Administrator in this respect.