Privacy Policy of the www.pleso.me platform
The current version of the platform's privacy policy comes into effect on August 27, 2024.
PRIVACY POLICY
Dear user,
This Privacy Policy (hereinafter referred to as the " Privacy Policy") is designed to ensure your safety on our platform website www.pleso.me (hereinafter referred to as the " Platform"), protect your privacy, and comply with our obligations under applicable law.
This Platform privacy policy is for informational purposes only, i.e. it does not create any obligations for Platform users. The Privacy Policy primarily contains the rules for the processing of personal data by the Administrator on the Platform, including the grounds, purposes and duration of personal data processing and the rights of personal data subjects, as well as information on the use of cookies and analytical tools.
The personal data of each visitor or user of the Platform (hereinafter referred to as the " User") are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016) (hereinafter referred to as the " GDPR") and the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended), as well as other provisions of the law. In matters not regulated by this Privacy Policy, the provisions of the Civil Code and relevant acts of Polish law, as well as European Union law, in particular the GDPR, shall apply.
I. Information about the Data Controller and relevant data protection:
1 The controller of personal data is Pleso Therapy sp. z oo with its registered office in Elblag at the address: ul. 12 Lutogo 25/7, 82-300 Elblag, entered in the National Court Register by the District Court in Olsztyn, VIII Commercial Division of the National Court Register under the number KRS: 0000980227, with REGON: 522652856, NIP: 5783155594 (hereinafter referred to as the " Administrator") , which processed in connection with the activities of the Platform.
2 For questions regarding users' personal data, you can contact the data protection officers at the following email address: iod@pleso.me
II. General processing of personal data
1 The Administrator may collect personal data of Users in all or some of the areas and purposes described below:
1) browsing the website www.pleso.me;
2) contact Pleso Therapy by email, telephone, contact form available on the Platform, or other available communication channels;
3) use of mediation services in organizing therapeutic sessions with a selected specialist - data is mainly collected during the following actions: the registration process on the Platform, payment processing, registration of visits - as necessary for the conclusion and performance of the contract, and based on the provision of Article 6(1)(b) of the RODO includes the following scope: a) name, surname, b) residential address, c) email addresses, d) telephone number, e) data relating to the agreed therapeutic session.
(2) The Administrator may process data necessary for the installation, confirmation or defense of possible claims that may arise in connection with the use of the services provided by PlesoTherapy. In this case, your data will be used on the basis of the need to pursue PlesoTherapy's legitimate interest in securing claims, as well as on the basis of Article 6(1)(f) of the GDPR, for the period provided for by the statute of limitations. After this period, your data will be irretrievably deleted from the PlesoTherapy database.
(3) The controller may also process data necessary for invoicing, which is justified by Article 6(1)(c) of the GDPR. The following data are processed on this basis: a) name, surname or title, b) address of residence/residence, c) TIN, d) email address, e) data relating to the ordered goods or services, as well as data on current payments.
III. Purposes and grounds for data processing
We process personal data for the following purposes:
(1) Visitors and users of the www.pleso.me Platform:
- Ensuring the proper technical functioning of the Platform (Article 6(1)(f) GDPR);
- profiling based on the analysis of statistics on the use of the Platform (Article 6(1)(f) GDPR).
The following data is processed: IP address, data stored in cookies, which are sufficient for using the Platform.
(2) people who follow and interact with PlesoTherapy profiles on Instagram, Facebook, Tiktok, Telegram, Whatsapp, Viber, Facebook Messenger, Trustpilot:
- to inform you about the services we provide and to create a positive image of PlesoTherapy (Article 6(1)(f) DPA);
- respond to inquiries and comments received via social media (Article 6(1)(f) DPA);
The following data are processed: name or pseudonym, other information that is publicly available in the profile or voluntarily provided by these individuals. Providing personal data is necessary to monitor profiles on social networks, as well as to respond to inquiries and comments through these media.
(3) individuals who contact PlesoTherapy by email, telephone, via the contact form on our website or other available communication channel:
- respond to requests received (Article 6(1)(f) GDPR).
The following data is processed: name, email address, telephone number or other information voluntarily provided by individuals contacting PlesoTherapy.
Providing personal data is voluntary, but necessary in order to respond to their requests.
(4) Users:
- providing intermediary services for organizing therapeutic sessions for the User with a selected specialist;
- comply with legal obligations under tax law and accounting rules relating to the correct accounting and recording of payments for services provided to PlesoTherapy (Article 6(1)(c) of the DPA in relation to tax law and accounting rules);
- managing the quality of the services provided by PlesoTherapy by studying the level of User satisfaction through feedback provided by the User (Article 9(2)(h) and Article 6(1)(f) of the GDPR).
The following data are processed: name and surname, email address, telephone number, date, the need to make and settle payments for the services provided. The provision of personal data is necessary for the provision of mediation services in organizing therapeutic sessions with the selected specialist, as well as data, some for the correct calculation and booking of payment and possible invoicing.
(5) subscribers to the PlesoTherapy newsletter:
- to inform you about the services we provide and to create a positive image of PlesoTherapy (Article 6(1)(f) DPA);
- Direct marketing of PlesoTherapy services (Article 6(1)(f) GDPR).
The following data is processed: first and last name, email address. The provision of personal data by newsletter subscribers is necessary to fulfill their subscription.
IV. Obligations of the personal data controller
1 The provisions of this Privacy Policy are the implementation of the obligations for RODO, in particular Article 12 RODO in conjunction with Article 13 RODO.
(2) In case of any questions or uncertainties, any User may send a request regarding the issues set out in the Terms and Conditions or in this Privacy Policy to the email address hello@pleso.me.
3 The Administrator has appointed a data protection officer. Any questions related to the protection of personal data should be directed to the data protection officer. He can be contacted by email at iod@pleso.me Please raise any concerns or questions without fear and without undue delay.
4 The above address for contacting the relevant data protection officer is only recommended, and the exercise of any rights can be added to any email address available on the website or provided during the placement with PlesoTherapy.
5 The controller declares and guarantees that the data it processes are
a. processed lawfully, fairly and transparently ("lawfulness, fairness and transparency"),
b. collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes ("purpose limitation"),
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation"),
d. correct and update as necessary ("correctness"),
e. kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed ("storage limitation"),
f. processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through appropriate technical or organizational measures ("integrity and confidentiality").
(6) The Administrator informs that a data protection system is in place to protect data, which consists of data encryption, SSL, firewalls, authorized physical access and access to information. The effectiveness of protection also depends on the User and compliance with the rules set out in the Terms of Use. The User is obliged not to disclose passwords to the service to third parties.
V. Trust and origin of personal data
1. The User independently registers an account on the Platform and provides the data necessary to create it.
(2) The controller may transfer personal data for the performance of a contract for the provision of services to the following entities:
a. Payment system operators,
b. organizations specializing in providing mass email, SMS or MMS services, after obtaining the User's consent for marketing,
c. data may be transferred for processing to entities providing IT services to the controller with which relevant contracts have been concluded,
d. authorized state administration bodies,
e. providers of public opinion polling systems,
f. accounting, legal and consulting service providers who provide accounting, legal or consulting support to the Administrator.
(3) The controller shall select the entities in such a way as to ensure, to the greatest extent possible, the application of technical and organizational measures to protect the data belonging to the data category. In each case of exchange or transfer of personal data, a contract for the entrustment of data processing or a legal obligation must be justified.
(4) Data controllers may be located in a country outside the European Economic Area (EEA), but in this case PlesoTherapy ensures an adequate level of guarantees for the protection of the data subject. The transfer of data to a country outside the EEA may be related, for example, to
a) with activities on social networks and the use of plugins and other tools from these sites (e.g. Facebook, Twitter),
b) use of analytical and anonymous user behavior tracking tools, in particular Google Analytics, Hotjar, SendPulse.
(5) User data may be transferred to third countries or organisations for which the European Commission has adopted a decision on an adequate level of data protection. A list of countries for which the European Commission has adopted a decision confirming that a third country ensures an adequate level of data protection can be found at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_pl.
(6) Upon a decision of any European Commission declaring an adequate level of protection as set out in Article 45(3) of the GDPR, the personal data of Users may be transferred to a third country on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 of the GDPR).
7 In the event of a decision of the European Commission on an adequate level of protection as established in Article 45(3) of the GDPR, or sufficient guarantees as established in Article 46 of the GDPR, including binding corporate rules, PlesoTherapy shall request the User's explicit consent for such a transfer to a third country or an international organization, while informing the User of the prior risks associated with such a transfer, on the basis of Article 49(1)(a) of the GDPR.
8 In connection with the transfer of data for the EEA border, Users may request information about the relevant safeguards in this regard, obtain a copy of these safeguards or information about where they are available by contacting PlesoTherapy at the Administrator's address.
VI. Duration of processing of personal data
The Platform User's personal data may be stored as:
a. data in the User's account - for the period of activity of the account until the expiration of the limitation period for possible claims related to the contract concluded by electronic means or other claims related to the User's functioning on the Platform;
b. marketing data until you withdraw your consent to the processing of your data or express a marketing objection, and will be processed in an archive for five years after the withdrawal of your consent to demonstrate that such consent was given in the past;
c. data relating to tax liabilities for the period provided for by law;
d. data relating to the exercise of consumer rights and rights under data protection legislation, as well as data relating to the rights of other persons, before the expiry of the limitation period for possible claims;
e. data collected to ensure the security of the Platform and Users, for five years or until the completion of a security investigation, if necessary to ensure the security of the Platform and Users.
VII. Rights of data subjects
(1) Each person processed by the Administrator has: a) the right to access their data, the right to rectification, erasure, restriction of processing, the right to object to data processing, as well as the right to data portability and transfer; b) the right not to be subject to decisions based on automated data processing; c) the right to withdraw consent to the processing of personal data at any time, however, such withdrawal shall not apply to processing effective before the withdrawal of consent; d) the right to lodge a complaint with a supervisory authority, i.e. the Head of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. Before lodging a complaint, the Administrator may contact the Data Protection Controller.
(2) Providing data when registering on the Platform is voluntary, however, failure to provide data makes it impossible to use some of the Platform's functionalities.
(3) Providing data when purchasing intermediary services on the Platform is voluntary, however, failure to provide data will result in the impossibility of providing intermediary services.
(4) Providing personal data for marketing purposes is voluntary, and failure to provide data does not allow the User to receive product and service offers, as well as bonuses, discounts and other offers offered by the Administrator with the support of marketing actions.
VIII. Cookie Policy
(1) This Privacy Policy represents the Cookie Policy, which defines the rules for storing and accessing information on the User's devices collected using cookies (hereinafter referred to as the " Cookie Policy") . Cookies are IT data, in particular small text files, with the help of which the User uses websites, which are recorded and stored on the final service.
(2) The User may restrict or disable access to cookies on his/her device. If the option is implemented, the use of the Platform will be possible, subject to this function, which by its nature requires the use of cookies.
(3) In order to best adapt the Platform website, PlesoTheraphy uses cookies, analyzes web resources and uses social network plugins, which have their basis in Art. 6, Para. 1, Para. 1 lit. f GDPR. The above guarantees the convenience and functionality of the Platform, as well as its ease of use. The above includes saving the User's settings, completed forms and adapting the content to the User's preferences.
(4) Cookies prevent PlesoTheraphy from using the following functions: saving data entered into the form when making an appointment, saving your preferences such as search results, websites and language, data for optimal display of the website on your device, saving your browser settings, recent login or registration attempts to avoid abuse, loading the website to make it for you, and protecting your login to simplify your login and recommending content you want to view by determining your available preferences. You can restrict the use of cookies or delete them at any time, which is included in the functionality of the website. The Administrator may use profiling on the Platform for direct marketing purposes, but decisions made by the Administrator on its basis do not concern the conclusion or refusal of the possibility of using services on the Platform.
(5) The Administrator also collects data for statistical and optimization purposes, such as: the number of visitors to the Platform and the time spent by Users in certain sections of the Platform.
6. The Website uses cookies that remain on the User's device while using the Platform, as well as persistent cookies that remain on the User's device as a result of the cookie's set expiration date or until it is deleted by the User.
7 The platform is hosted on pleso.me and uses the features of this website, and data protection details are available for reference https://pleso.me/en/privacy-policy
(8) The Administrator uses marketing services to provide the User with attractive offers. With this fee, the Administrator can show the User advertisements and track advertisements that the User has already seen to avoid their reappearance, track the number of visits to the website, as well as the number and type of internal search queries, send the User a newsletter with his consent.
IX. List of cookies and the possibility of improving their use
List of cookies used on the website and their level of customization:
(a) a list of cookies that cannot be disabled for the use of the website;
(b) a list of cookies used to improve and optimize the website's performance and ensure its security;
(c) a list of marketing cookies used to evaluate the effectiveness of marketing communications used by the website owner;
(d) list of cookies - for advertising personalization;
(e) list of cookies - social networks.
X. Cookies from external providers
We use analytical and advertising cookies from third-party providers that may be loaded onto the Platform. These cookies do not allow us to create content tailored to the expectations of Users.
Below you will find detailed information about the third parties that provide us with cookie-based technologies:
1) Google (Google Universal Analytics)
2) Hotjar
- Hotjar Privacy Policy (ENG)
- Hotjar Cookie Policy (ENG)
3) Facebook
4) Mixpanel
- Mixpanel Privacy Policy (ENG)
5) SendPulse
- SendPulse Privacy Policy (ENG)
- SendPulse Cookie Policy (ENG)
6) AWS
- AWS Privacy Policy (ENG)
- AWS Cookie Policy (ENG)
7) Jitsi
XI. Final provision
This Privacy Policy is effective from 14.12.2022. The Administrator has the right to make changes to it, which shall be notified to the User in advance by posting information about the new text of the Privacy Policy and posting it on the website in the form of a consolidated text. Pleso Therapy reserves the right to change the content of the Privacy Policy in the event of changes in Polish legislation or the introduction of new technologies and IT solutions.
KRS: 0000980227
REGON: 522652856