ZenMed EN / PL

Privacy Policy

Last updated: April 15, 2026

§ 1. General provisions

  1. This Privacy Policy defines the rules for processing personal data of users of the ZenMed website available at zenmed.pl (the "Service").
  2. We protect user privacy and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and applicable national laws.
  3. Using the Service implies acceptance of the rules described in this Policy.

§ 2. Data controller

The controller of your personal data is the Service operator. Contact for all matters relating to personal data protection:

E-mail: kontakt@zenmed.pl

§ 3. Scope and purposes of data processing

We process personal data for the following purposes:

  1. Handling inquiries and communication - processing contact details (name, e-mail, message content) provided by the user to respond to the inquiry. Legal basis: Art. 6(1)(b) and (f) GDPR.
  2. Provision of electronic services - processing data necessary to provide services offered in the Service, including account creation and contract performance. Legal basis: Art. 6(1)(b) GDPR.
  3. Direct marketing of own services - including newsletters and product communication. Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR), and for electronic channels - user consent.
  4. Analytics and statistics - examining user behaviour to improve the Service. Legal basis: user consent (Art. 6(1)(a) GDPR) expressed through cookie settings.
  5. Compliance with legal obligations - in particular tax and accounting. Legal basis: Art. 6(1)(c) GDPR.
  6. Establishment, exercise or defence of legal claims. Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).

§ 4. Voluntary nature of providing data

Providing personal data is voluntary but may be necessary to use certain Service features or to conclude an agreement. Failure to provide required data may prevent us from responding to your inquiry or delivering a service.

§ 5. Data recipients

Personal data may be shared with the following categories of recipients:

  • hosting and IT infrastructure providers,
  • analytics tool providers (e.g. Google Analytics),
  • communication service providers (e-mail, SMS),
  • legal, tax and accounting professionals - to the extent necessary for their services,
  • public authorities - when required by law.

With every processor we sign a data processing agreement compliant with Art. 28 GDPR.

§ 6. Transfers outside the EEA

When using providers with infrastructure outside the European Economic Area (e.g. Google), data transfers take place only on the basis of approved legal mechanisms, such as Standard Contractual Clauses adopted by the European Commission or adequacy decisions.

§ 7. Retention period

Personal data is retained no longer than necessary for the purposes for which it was collected:

  • data provided in the contact form - until the inquiry is handled and for the limitation period of claims,
  • customer data - for the duration of the contract and the period required by law (including tax law),
  • data processed on the basis of consent - until consent is withdrawn,
  • analytics data - up to 26 months (as per tool configuration).

§ 8. Rights of data subjects

In connection with personal data processing, you have the following rights:

  • Right of access to your data (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • Right to withdraw consent at any time - without affecting the lawfulness of processing based on consent before its withdrawal,
  • Right to lodge a complaint with the supervisory authority - President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

To exercise these rights, please contact: kontakt@zenmed.pl.

§ 9. Automated decision-making and profiling

The Controller does not make decisions about users based solely on automated processing (including profiling) that would produce legal effects concerning them or similarly significantly affect them.

§ 10. Cookies

The Service uses cookies for purposes described in the Cookie Policy. Users can manage cookie preferences via the consent banner or their browser settings.

§ 11. Data security

The Controller applies appropriate technical and organizational measures to protect personal data, including connection encryption (TLS), access control, regular backups and incident response procedures.

§ 12. Changes to the Privacy Policy

The Controller reserves the right to amend this Policy. Users will be informed of any changes by publishing the updated content in the Service. The date of the last update is shown at the top of the document.

We respect your privacy

We use cookies to ensure the proper functioning of the website and for traffic analysis.

Cookie settings

Necessary

Required for the site to work