Privacy Policy
This Privacy Policy tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
We’ll tell you:
- why we are able to process your information;
- what purpose we are processing it for;
- whether you have to provide it to us;
- how long we store it for;
- whether there are other recipients of your personal information;
- whether we intend to transfer it to another country; and
- whether we do automated decision-making or profiling.
The first part of the notice is information we need to tell everybody. The second and the third part of the notice is information we need to tell specific group of users dependind on purpose we collect your data.
Part I General information
Controller’s contact details
Brandmed limited liability company is the controller for the personal information we process, unless otherwise stated. There are many ways you can contact us, including by email, live chat and post. More details can be seen here.
Our postal address:
Brandmed sp. z o.o.
Nieporęcka 2/10
Warsaw, Poland.
Our register number is 0000538581.
If you have any requests, questions, comments, or concerns regarding our Privacy Policy or practices, please contact us by email: hello@brandmed.com.
How do we get information?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
You have made a enquiry to us.
You have made an information request to us.
You wish to attend, or have attended, an event.
You subscribe to our newsletter.
You have applied for a job.
You are representing your organisation.
You enter into an agreement with us.
We also receive personal information indirectly, in the following scenarios:
Where you have made your contact information available on your organisation's website or on social network and online platforms for professionals such as LinkedIn and we use this to contact you and your organisation.
Where your supervisor have made your contact information available on agreement we made and we use this to contact you only in purpose to execute our agreement.
If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information.
Your data protection rights?
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms is in our legitimate interests.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Your rights to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at hello@brandmed.com and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the supervisory authority which is President of the Personal Data Protection Office (Warsaw, Poland).
Sharing your information
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Our important IT services provider is Google – we use professional GSuite features. We use Facebook and Hotjar as well (more information about it you can read on our ‘Cookies page’). Due to the use of mentioned services , your data may be transferred to the United States of America (USA) in connection with their storage on American servers. Service providers have included information on standard data protection clauses (SSC) in the terms of their services which guarantee properly safety level.
In some circumstances we are legally obliged to share information. For example under a court order. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
You can find more information about our providers in Part 3.
Links to other websites
Where we provide links to websites of other organisations, this Privacy Policy does not cover how that organisation processes personal information. We encourage you to read the Privacy Policies on the other websites you visit.
Changes to this Privacy Policy
We keep our Privacy Policy under regular review to make sure it is up to date and accurate.
February 2021
We have run our new website and prepared a new version of our Privacy Policy.
June 2021
We have updated the third part of our Privacy Policy.
How you can contact us
Social media
We use social media as everyone does it. Mostly we use LinkedIn platform to be in touch with you.
Live chat
If you use our live chat service we’ll collect the contents of your live chat session and if you choose to provide it your name and email address.
Emailing us
We use Transport Layer Security (TLS) to encrypt and protect email traffic. Most webmail such as Gmail and Hotmail use TLS by default.
We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
Purpose and lawful basis for processing
The lawful basis we rely on to process personal data for the above purposes is article 6(1)(f) of the GDPR which allows us to process personal data based on our legal legitimate interests.
Visitors to our website
Analytics
When you visit www.brandmed.com, we use a third-party service, Google Analytics and Google Tag Manager, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
If you are interested in details related to data processing as part of Google Analytics, we encourage you to read the explanations prepared by Google here.
If you are interested in details related to data processing as part of Google Tag Manager, we encourage you to read the explanations prepared by Google here.
Hotjar
We use Hotjar in order to better understand our users’ needs and to optimize this website. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Facebook Pixel
We use marketing tools provided by Facebook Ireland Limited. As part of these tools, we direct you to advertisements on Facebook.
In order to send you personalized ads in terms of your behavior on our website, we have implemented Facebook Pixel as part of our website, which automatically collects information about your use of our website in terms of pages viewed.
The information collected as part of Facebook's Pixel is anonymous, i.e. it does not allow us to identify you. We only know what actions you have taken on our site. However, we inform you that Facebook may combine this information with other information collected about you as part of your use of Facebook and use it for its own purposes, including marketing. Such Facebook activities are no longer dependent on us, and you can search for information about them directly in Facebook's privacy policy.
Cookies
We use a cookies tool on our website to gain consent for the optional cookies we use.
Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.
Purpose and lawful basis for processing
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the GDPR, for example when we require your consent for the optional cookies we use (marketing, analitycs purposes), or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests (necessary cookies). For example in order to maintain the integrity of our IT systems and the continuity of our business.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. As we are processing your personal data based on your consent, you can withdraw your consent a tany time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
Other important information
Providing personal data is voluntary, but necessary to achieve the individual purposes of their processing.
Part 2 Reason for contacting us
Make an enquiry
Purpose and lawful basis for processing
When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it.
The lawful basis we rely on to process your personal data is article 6(1)(a) of the GDPR, which is your consent.
What we need and why we need it?
If you contact us via email, contact form on our website or post, we’ll need a return address for response and your contact data (name, e-mail, post address).
What we do with it?
We’ll keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise, and to check on the level of service we provide.
How long we keep it?
No longer than 2 years. We can retain it longer only if it is necessary to protect from your claims.
What are your rights?
You have the right to withrdaw your consent at any time.
Apply for a job
Purpose and lawful basis for processing
Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.
The lawful basis we rely on for processing your personal data is article 6(1)(a), (c), (f) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
What will we do with the information you give us?
We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal requirements if necessary.
We will not share any of the information you provide with any third parties for marketing purposes.
We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process. We’ll use the other information you provide to assess your suitability for the role.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.
We will use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.
How long is the information kept for?
No longer than 3 months from the end of specific recruitment process.
How we make decisions about recruitment?
Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.
Your rights
As an individual, you have certain rights regarding your own personal data. They are specified in Part 1 of Privacy Policy.
Attend an event, seminar or workshop or complete a survey
Purpose and lawful basis for processing
Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service.
The lawful basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.
What we need?
If you wish to attend one of our events, you will be asked to provide your contact information including your organisation’s name and contact data. We may also ask for payment if there is a charge to attend.
Why we need it?
We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.
What we do with it?
We use your data only to organize our event.
How long we keep it?
We keep it only fot the time needed to organize our event.
What are your rights?
We rely on your consent to process the personal data you give us to facilitate the event. This means you have the right to withdraw your consent at any time.
Subscribing to our e-newsletter
Purpose and lawful basis for processing
Our purpose for collecting the information is so we can provide you with a service and let you know about upcoming events and news.
The lawful basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.
What we need?
Your name and email address.
Why we need it?
We use your email address to send you our E-newsletter.
What we do with it?
We only use your details to provide the service.
How long we keep it?
Unless you withdraw your consent.
What are your rights?
We rely on your consent to process the personal data you provide to us for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time.
Part 3. Communicate with us as a business
Potential business customers or partners
Purpose and lawful basis for processing
We collect information, including your personal data, so that we can contact you in business communication.
The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which is our legitimate interest. We have the right to reach out for your consent for further processing or to enter into agreement. We have the right as a business organisation to contact other professional organisations to establish cooperation.
We collect and use data publicly disclosed by you. We collect them only from your organisation's website or from social network and online platforms for professionals such as LinkedIn. We don't use non-business related data.
Contacting you is relevant to our business purposes and this contact could be beneficial to you as well. The message we send to you is logically connected to the specifics of our prospect’s business.
We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business.
In these purposes we can contact you by e-mail, phone or business social media.
What we need and why we need it?
The scope of data we use can be as follows: email address, occupation, company’s name, position, country, city, seize of an organisation, phone number, name, surname.
What we do with it?
We use the information gathered to contact you and get your consent or enter into agreement.
How long we keep it?
No longer than 3 months. We can retain it longer only if we get your consent, enter into agreement or if it is necessary to protect from your claims.
What are your rights?
You have the right to object to the processing of your personal data if it is for business or direct marketing purposes. In case you don’t want us to reach out for your consent for further processing or enter into agreement please object by sending us an email: hello@brandmed.com.
Do we use any data processors?
Yes, we use processors or sub-processors such as:
- Woodpecker
- Zerobounce
- Usebouncer
- Linkedin (Sales Navigator)
- Phantombuster
- Anyleads
- Open Rate