- General Information
This Policy was issued by Joint Controllers of Personal Data:
- MIRAI Clinic Spółka z Ograniczoną Odpowiedzialnością with its registered office in Otwock (05-400) at ul. Armii Krajowej 8, entered in the Register of Entrepreneurs of the National Court Register under number 0000796790, with tax identification number NIP 5322084436
- Mirai Instytut Rehabilitacji Spółka z Ograniczoną Odpowiedzialnością with its registered office in Warsaw (01-126) at ul. Wolskiej 96, 01-126 Warsaw
(hereinafter referred to as “Mirai Group” or “Joint Controllers”);
and is addressed to all Users (hereinafter: “Users”) of our website (hereinafter: “Website”).
Contact details are provided in Point XII below.
This Policy may be amended and updated to reflect changes in Mirai Group’s Personal Data Processing practices or changes in common law. We encourage you to read this Policy carefully and to check this Website regularly to verify any changes that the Joint Controllers may make in accordance with the provisions of this Policy.
- Processing of Users’ Personal Data
Collection of Personal Data: Mirai Group may collect Personal Data of Users, such as full name and contact information, including email address. The Joint Controllers may obtain Users’ Personal Data, in particular, in the following cases:
- Users’ provision of Personal Data (e.g. contact by email, telephone, form or any other means).
- collecting Users’ Personal Data as a result of a business relationship/entering into or execution of an agreement (e.g. purchase of Mirai Group service or product by a User).
- collection of Users’ Personal Data published in social media (e.g., obtaining information from Users’ social media profiles, to the extent that such information is visible to the public).
- obtaining Personal Data from third parties (e.g., contractors, financial intermediaries, law enforcement entities, including administrative bodies or courts, etc.).
- obtaining or asking Users to provide Personal Data thereof when they visit the Joint Controllers’ Websites or use any features or resources available on or through the Website. When Users visit the Website, Users’ devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Website and other technical information regarding the communication), some of which may constitute Personal Data. When visiting the Website, no Personal Data of the Users will be stored by the Joint Controllers, without the prior express consent of the Users. However, the temporary storage of log files and cookies files facilitates the use of our Website. For this reason, Users are requested to give their consent to this on our Website. Granting of such consent is optional and does not affect your ability to use the Website. In some cases, without such consent, your ability to use our Website may be limited to a certain extent.
Processed Personal Data:
The categories of Personal Data of Users processed by Mirai Group may, in particular, include:
- Personal Data: first name(s), last name(s), first name used, gender, date, photo.
- Contact data: delivery address, company (employer) address, telephone number, fax number, email address, social media profile details.
- Payment details: address for sending billing, bank account number, name of bank account holder, account security details.
- Communication content: all communications, queries, statements, views and opinions about us sent by Users or published on social media or through the Website.
Personal Data Processing in Social Media:
Mirai Group uses fanpage type profiles on social media. Public data shared by Users on social media may be used to:
- respond to private messages that are directed to us,
- discuss in the comments section of individual posts,
- share our posts with people who follow our Fanpage,
- for marketing purposes which involve providing information about our services and ourselves through the posts we place on our Fanpage, including sponsored posts which are displayed to a wider group of users,
- for statistical purposes, which consists of presenting data about the display of our posts, their reach, the number of interactions, the demographics of our followers; the data presented to us by the owners of social media are statistical data, but are created on the basis of observation by the company of your behaviour on our Fanpage.
We currently use redirects to the following social media on our pages:
Legal grounds for the Processing of Personal Data: When Processing Users’ Personal Data for the purposes as set out in this Policy, the Joint Controllers may refer to one or more of the following legal grounds, as appropriate:
- Processing takes place on the basis of the User’s prior voluntary, specific, informed and unambiguous consent to the Processing;
- Processing is necessary for execution of the agreement that the User has entered into or intends to enter into with the Joint Controllers;
- Processing is necessary to fulfil the legal obligation imposed on the Joint Controllers;
- Processing is necessary to protect the vital interests of any natural person;
- Processing is necessary to manage, conduct and promote activities of the Mirai Groups and does not prejudice the interests or fundamental rights and freedoms of the User.
Purposes of Data Processing: The purposes for which the Joint Controllers may process Users’ Personal Data are as follows:
- Websites: to operate and manage our Website, to present its content; to publish advertising and other promotional and marketing information; to communicate and interact with customers and suppliers, as well as potential employees or collaborators, through our Websites.
- Offering Mirai Group products and services to Users: to present our Websites and other services; to provide promotional materials requested by Users; communication related to Mirai Group services.
- Marketing communications: to present by any means (including e-mail, telephone, text message, social media, postal mail and personal contact) news and other information that may be of interest to Users, including the distribution of newsletters and other commercial information, having first obtained the Users’ consent to send the information in an appropriate manner, based on generally applicable laws.
- Communication and IT operations: to manage communication systems, to operate for IT security purposes and IT security audits.
- Financial management: sales, finance, audit and sales management.
- Survey: to engage Users to obtain information on User opinions about Mirai Group products and services.
- Improving our products and services: to identify problems with existing products and services; to plan improvements to the existing products and services; and to create new products and services.
- Sharing Personal Data with third parties
Mirai Group may share Personal Data of Users with:
- Administrative or judicial authorities, at their request, in order to inform about an actual or suspected violation of the applicable law;
- Persons carrying out audits, lawyers, PR agencies taking into account the obligation of confidentiality resulting from the agreement or imposed on these entities by law;
- Third parties processing the entrusted data on behalf of the Joint Controllers, regardless of their registered office, in accordance with the requirements of this point III below;
- Any entity competent for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal measures, including the safeguarding and prevention of threats to public security;
- To any receiving party, in the event of a sale or transfer of any organised part of the Joint Controllers or of any interest in the share capital of the Joint Controllers (including in the event of any reorganisation, dissolution or liquidation).
If we engage a third party to process Users’ Personal Data in accordance with an entrustment agreement entered into with such entity, the Processor shall be obliged to: (i) Process only the Personal Data as instructed in advance by the Joint Controllers in writing; and (ii) take all measures to protect the confidentiality and security of the Personal Data and ensure compliance with all other requirements of generally applicable law.
- International transfer of Personal Data
At present, the Controller does not transfer and does not intend to transfer any Users’ Personal Data to third countries which are not members of the European Union or to international organisations. If necessary, this Policy shall be amended and the transfer of your Personal Data may take place only in accordance with the standard contractual arrangements that Mirai Group implements before the transfer of such Personal Data takes place. In such a case, Users shall be entitled to request a copy of the standard contractual provisions applied by the Joint Controllers, using the contact details indicated in Section XII below.
- Data Protection
Mirai Group hereby informs that it has implemented appropriate technical and organisational protection measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised publication, unauthorised access and other unlawful and unauthorised forms of Processing, in accordance with applicable law.
Mirai Group shall not be liable for the actions or omissions of the Users. Users are responsible for ensuring that all Personal Data is sent to the Joint Controllers in a secure manner.
- Data Accuracy
Mirai Group shall take all appropriate measures to ensure that:
- The Users’ Personal Data that it processes are accurate and, where necessary, made up to date; and
- All Users’ Personal Data which are processed by it and which are incorrect (having regard to the purpose for which they are being processed) shall be deleted or corrected without undue delay.
Joint Controllers, at any time, may ask Users about the accuracy of the Processed Personal Data.
- Personal Data Scope Minimization
Joint Controllers take all appropriate measures to ensure that the scope of the Users’ Personal Data that it processes is limited to Personal Data that are adequately required for the purposes set out in this Policy.
- Storage of Data
The criteria determining the duration of the period in which Mirai Group stores Users’ Personal Data are as follows: Joint Controllers keep a copy of Users’ Personal Data in a form that allows for its identification only as long as is necessary to achieve the purposes set out in this Policy, unless the provisions of generally applicable law require a longer retention period for Personal Data. In particular, Joint Controllers may retain Users’ Personal Data for the entire period necessary to establish, use or defend claims.
- Users’ rights
In accordance with the provisions of the General Data Protection Regulation, with respect to the Users’ Personal Data which are Processed by Mirai Group, the Users shall have the following rights:
- the right of access personal data;
- the right to correct personal data;
- the right to delete personal data;
- the right to limit the processing of personal data;
- the right to transfer personal data;
- the right to object to the processing of personal data;
- the right not to be subject to a decision involving automated processing.
If the Processing of Personal Data is carried out on the basis of the consent granted by the Users, the Users have the right to withdraw their consent at any time without affecting the lawfulness of the Processing carried out on the basis of their consent before its withdrawal.
In the case of incorrect Processing of Personal Data, Users shall have the right to lodge a complaint to the state supervisory body for data protection, i.e. to the President of the Office for Personal Data Protection.
The above does not affect the rights of the Users resulting from the acts or other provisions of generally applicable law.
In order to exercise one or more rights or inquire about those rights or any other provisions of this Policy or about the Processing of Users’ Personal Data, please contact us using the contact details indicated in point XII below.
- Cookie files (cookies)
Mirai Group uses the following Websites:
When you use the Website, the data about the User are collected automatically. This data includes: IP address, domain name, browser type, operating system type. The data can be collected through cookies, Google Analytics and they may be saved in server logs.
Cookies are small text files that are sent to your computer or other terminal equipment while the User is browsing the Website. Cookies remember User preferences, which makes it possible to improve the quality of services provided, to improve search results and the accuracy of information displayed and to personalise the website, to create website statistics.
The User may resign from cookies (or apply an appropriate setting of preferences of their use by the web browser used) by selecting appropriate settings in the web browser used.
Mirai Group uses the types of cookies listed below:
- Technical files – files that are essential to enable users to navigate the Website and use its functions, such as accessing secure areas of the Website.
- Performance cookies – collect information about how Users use the Website, which parts of the Website are visited most frequently.
- Functional files – which record the choices made by users (such as user name, language or the region in which users are located).
Mirai Group uses Google Analytics, which is a web analytics system that provides insight into Website traffic used for marketing purposes.
Third party social media may record information about you, for example when you click on the “Add” or “Like” button in relation to a particular social network while on the Website. The Service Provider does not control third party sites or their activities. Information on social media sites is available on the pages of these media.
Data provided by the User or collected automatically Mirai Group uses for:
- proper functioning, configuration, security and reliability of the Website,
- monitoring session status,
- adapting the information displayed to the User’s preferences,
- analyses, statistics, surveys and audit of the Website views.
In the event that Users give their voluntary, specific, informed and unambiguous consent to receive Mirai Group newsletter, the Joint Controllers may send the Users an electronic newsletter with commercial information for promotional and informational purposes. The Personal Data provided to Mirai Group in connection with subscribing to the newsletter will be used solely for the purpose of sending the newsletter. Users may unsubscribe from the newsletter at any time by using the unsubscribe option included in the newsletter, by using the opt-out link in the footer of the e-mail, or by otherwise contacting Mirai Group.
The Personal Data received from Users will be stored solely for the above purpose and for the period during which Users subscribe to the newsletter and until Users withdraw their consent to subscribe to the newsletter.
The transfer of Users’ Personal Data related to the receipt of the newsletter is not required either for legal or contractual reasons, nor is it required for entering in any agreement. Therefore, providing the data or agreeing to receive the newsletter is not mandatory for Users. The legal grounds for receiving the newsletter are solely based on Users’ consent (Article 6 (1) (a) of the General Data Protection Regulation). In the absence of such consent, the newsletter will not be sent.
- Contact details
In the case of any questions, doubts or comments regarding the information contained in this Policy or other issues related to Processing of Users’ Personal Data by Mirai Group, including in order to exercise the rights referred to in point IX of this Policy, please contact the following e-mail address: firstname.lastname@example.org.
- Personal Data means any information about any identified natural person or a natural person who is identifiable. Examples of Personal Data that Mirai Group may process are listed in Point II above.
- To process, Processing or Processed means any action relating to Personal Data, whether or not carried out by automated means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, making available by transmission, disseminating or otherwise making available, arranging or combining, restricting, erasing or destroying.
- Processor means any person or entity that Processes Personal Data on behalf of the Joint Controllers (other than an employee).