Skip to main content

Privacy policy

  1. General Information
    1. This Privacy Policy is a set of rules aimed at providing information about all aspects of the process of obtaining, processing and protecting your personal data. The policy is addressed to all Users of the Controller’s Website and Users of the Newsletter services.
    2. This Policy sets out the rules for processing of personal data by the Data Controller, which is:
      Mirai Clinic Spółka z Ograniczoną Odpowiedzialnością with its registered office in Otwock, 8 Armii Krajowej Street, 05-400 Otwock, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, under KRS number 0000796790, NIP 5322084436, REGON: 383970233 (hereinafter: „the Controller”)
      You can contact the Data Protection Officer, Ms Karolina Praszek-Gołębiewska, by post at the Controller’s registered office or by e-mail: iod@odokancelaria.pl.
    3. This Policy may be amended and updated in the event of changes in the practices related to the processing of personal data (taking into account among others current case law and guidelines of the PUODO) or changes in generally applicable law. The Controller will inform Users of any changes to the Policy by placing relevant information on the Website, and in the case of Users using the Newsletter service, by sending this information directly to the User’s e-mail address.
    4. By using the Controller’s Website, the User acknowledges that they have read this Privacy Policy and, if they subscribe to the Newsletter, that they accept it.
    5. Providing personal data to the Data Controller is voluntary, but in the case of processing data stored in necessary cookies or communicating with the Controller via the contact form, providing data will be a prerequisite for achieving the indicated purposes and the proper functioning of the Website.
  2. Definitions
    1. Controller means the entity that decides how and for what purposes Personal Data is Processed. The Controller is responsible for ensuring that the processing complies with the applicable data protection laws.
    2. Personal Data means any information relating to an identified or identifiable natural person.
    3. To process, Processing or Processed means any action relating to Personal Data, whether or not carried out by automated means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, making available by transmission, disseminating or otherwise making available, arranging or combining, restricting, erasing or destroying.
    4. Processor means any person or entity that processes Personal Data on behalf of the Controller (other than an employee of the Controller).
    5. Websitehttps://miraiclinic.pl/
    6. Fanpage Data Controller on social media:
    7. Electronic Services – services provided via the Website. The provision of Electronic Services to Users on the Website is subject to the terms and conditions set out in this Policy.
  3. Processing of Users’ Personal Data
    1. The Controller may collect Users’ Personal Data in particular in the following cases:
      1. provision of Personal Data by the Users (e.g. by e-mail, telephone or any other means) pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the Controller – responding to a message or enquiry) in connection with the need to deal with the reported matter or handle the enquiry,
      2. pursuing claims and taking action in connection with the defence of the Controller’s rights, conducting court proceedings and, among others, enabling the use of the Website through cookies, preventing fraud when using the Website, in particular operation, maintenance, improvement and provision of all its functions, as well as creation of summaries, analyses and statistics for the Controller’s internal needs, including in particular: reporting, marketing research, planning the development of the Website and Newsletter, development work, creating statistical models pursuant to Article 6(1)(f) of the GDPR (the above mentioned legitimate interest of the Controller),
      3. obtaining Users’ Personal Data published on social media (the Controller’s Fanpage) (e.g. obtaining information from the Users’ private profile on social media, to the extent that this information is visible as public) pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the Controller – promotion of its own activities and services, running a social media profile (Fanpage), building and strengthening relationships with customers, conducting analyses and statistics on the popularity and functioning of the profile, as well as determining, investigating and defending against possible claims regarding the use of the profile, responding to contact),
      4. the Users’ consent to processing of the personal data provided for the purpose of sending the Newsletter,, pursuant to Article 6(1)(a) (consent) sending commercial information – Newsletter, sharing marketing content via electronic communication, in accordance with Article 398 of the Electronic Communications Law,
      5. obtaining or requesting the Users to provide their personal data during their visits to the Controller’s websites or when using any functions or resources available on or through the website – own cookies and third-party cookies. When Users visit the Website, their devices and browsers may automatically share certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to the Website, and other technical communications information), some of which may constitute Personal Data. During a visit to the Website, no Personal Data of Users will be stored by the Controller without appropriate legal grounds. With regard to cookies, the Controller will obtain the User’s consent for the installation of all cookies (including third-party cookies from Google Analytics), except for those that are necessary. Granting of the aforementioned consent is optional and does not affect the possibility of using the Website. Processing takes place pursuant to Article 6(1)(a) (consent – with regard to cookies other than necessary cookies) and Article 399 of the Polish Act on Electronic Communications (legal provision – with regard to necessary cookies).
    2. Provision of personal data is voluntary, it is not a statutory obligation. In certain cases, however, it is not possible to use the full functionality of the Website or the Newsletter services without providing personal data. Categories of Users’ Personal Data Processed by the Data Controller may include, in particular:
      1. Personal data: first name(s), surname(s),
      2. Contact details: company details, email address, telephone number.
      3. Content of messages: all messages (queries, statements, views and opinions) sent via the contact form or published on the Controller’s website or Fan Pages by the User.
      4. IP number, cookies and information about the usage of our Website and Newsletter – when using the Website or the Newsletter.
      5. Image: when publishing opinions, leaving comments, clicking the ‘Like’ button on the Controller’s social media website (Fanpage) (if the User has their image available in their private account on that website).
      6. Behavioural data (consent to Google Analytics and other Google tools): Information about the user’s activity on websites, clicks on advertisements, data about time spent on the website and interactions with content.
    3. The Controller uses fanpage profiles on social media. Public data provided by social media Users may be used for the following purposes:
      1. responding to private messages sent to us,
      2. conducting discussions in the comments section under individual posts,
      3. sharing our posts with people who follow our Fanpage,
      4. marketing consisting of informing about our services and about ourselves through posts that we place on our Fanpage, including sponsored posts that are displayed to a wider group of Users,
      5. statistical, which consists of presenting data on visibility of our posts, their reach, and the number of interactions; the data presented to us by the owners of social media websites are statistical data, but they are created on the basis of observations of behaviour on our Fanpage.
    4. Currently, the Controller’s Website uses redirects to the following social networks (Fanpage):
      • Facebook,
      • Instagram,
      • YouTube,
      • Linkedin,
      • TikTok
    5. By liking a post, leaving a comment, sending a private message or subscribing to a channel, the Controller together with:
      • Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Irlandia
      • Google Ireland Limited Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Irlandia
      • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
      • TikTok Technology Limited The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland, Irlandia.

      becomes the Controller of your personal data shared on their Fanpage for data processing for statistical and advertising purposes.

    6. Therefore, we encourage you to read their privacy policy:
  4. Sharing Personal Data with third parties
    1. The Controller may share Users’ Personal Data with:
      1. persons authorised by the Controller to process the data,
      2. entities entrusted with data processing e.g. technical service providers and consultancy service providers,
      3. other controllers, if required by law or in good faith, that such action is necessary to comply with applicable law, in particular in response to a request from a court or state authority.
    2. If we engage a third party to Process Users’ Personal Data, in accordance with the processing entrustment agreement concluded with such entity, the Processor will be obliged to:
      1. Process only the Personal Data indicated in the prior written instructions of the Controller; and
      2. apply all measures to protect confidentiality and security of the Personal Data and ensure compliance with all other requirements of generally applicable law.
    3. Due to the use of Facebook, Instagram, Linkedin, YouTube and TikTok services, data may be transferred by these entities to third countries – the United States of America (USA) or China – in connection with their internal sharing by these entities to: Meta Platforms Inc. Google LLC (USA) over which the Controller has no influence.
  5. Third-party services
    1. The website may contain functions or links that redirect to websites and services provided by third parties that are not managed by us. The information you provide on these websites or services will be subject to their own privacy policies and data processing procedures.
    2. The Controller is not responsible for processing procedures of independent website Administrators and service providers.
    3. We encourage you to review the privacy and security policies of third parties before providing them with information.
  6. Data Protection
    1. The Controller informs that it has implemented appropriate technical and organisational measures for personal data protection, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access and other unlawful and unauthorised forms of Processing, in accordance with applicable law.
    2. The Controller is not liable for the actions or omissions of Users. Users are responsible for ensuring that all personal data is sent to the Controller in a secure manner.
    3. Personal data will not be subject to automated profiling, i.e. automated decision-making towards the User, namely decisions made by technical means without human intervention, producing legal effects concerning the profiled person or otherwise significantly affecting the profiled person.
  7. Data Accuracy
    1. The Controller shall take all reasonable steps to ensure that:
      1. The Personal Data of Users that the Controller processes are accurate and, where necessary updated;
      2. all Personal Data of Users that the Controller Processes which is erroneous (considering the purpose for which it is Processed) will be deleted or corrected without undue delay.
    2. The Controller may, at any time, ask Users about the accuracy of the Personal Data being processed.
  8. Data scope minimization
    The Controller takes all appropriate measures to ensure that the scope of the Users’ Personal Data that it processes is limited to Personal Data that are adequately required for the purposes set out in this Policy.
  9. International Transfer of Data
    Personal data may be shared and processed outside the European Economic Area (the European Economic Area consists of: The European Union and Iceland, Liechtenstein and Norway, jointly “EEA”). If personal data is transferred outside the EEA, the Controller requires appropriate safeguards. The Controller will fulfil its obligations under Chapter V of the GDPR to ensure the lawfulness of such processing, including on the basis of the European Commission’s decisions on the adequate level of privacy protection under the EU-US Data Privacy Framework.
  10. Personal Data Retention Period
    1. The criteria determining the length of time during which the Controller stores Users’ Personal Data are as follows: the Controller keeps a copy of Users’ Personal Data in a form that allows for its identification only as long as is necessary to achieve the purposes set out in this Policy, unless the provisions of generally applicable law require a longer retention period for Personal Data. The Controller may, in particular, store Users’ Personal Data for the entire period necessary to establish, exercise or defend claims (statute of limitations in accordance with Article 118 of the Polish Civil Code).
    2. Personal data is stored:
      1. for a period of 30 days from the moment of contact (telephone, email from the Website) personal data may be processed for a longer period if, as a result of the enquiry sent, the user decides to use the Controller’s services (Newsletter)
      2. in the case of using our services (entering into a contract) for the period of execution of a contract and the period necessary to process any complaints, until any disputes are resolved and the parties settle, taking into account the relevant limitation periods for claims
      3. for the Controller’s internal administrative purposes and other data processing purposes where the legal grounds are the Controller’s legitimate interest, personal data will be stored until the controller’s legitimate interests constituting the basis for data processing are fulfilled or until an objection to such processing is lodged earlier, after the Controller has carried out an appropriate analysis of the User’s interest and the Controller’s grounds for processing;
      4. in the case of data processed on our Fanpage, until an objection to further processing is raised by clicking ‘dislike’, withdrawing a like from a post or deleting a comment on a post, cancelling a Subscription
      5. in the case of using our Newsletter services, for the duration of the service or until consent to receive commercial information by electronic means is withdrawn.
  11. Google Analytics
    1. The Controller uses the Google Analytics tool provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Controller indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, i.e., it ensures an adequate level of security for the processing of personal data in accordance with the GDPR.
    2. Google Analytics allows for:
      1. Tracking website traffic: information about the number of users, the number of visits, the sources of traffic (e.g. advertising, search engines, social media).
      2. Monitoring user behaviour: analysis of which pages are visited most frequently, time spent on the website, bounce rate.
      3. User segmentation: demographic, geographic and technological data (e.g. device type, browser).
      4. Goal and conversion tracking: analysing how users perform specific actions such as purchases, newsletter subscriptions or file downloads.
    3. Google Analytics processes data that may include:
      1. IP addresses: used to identify the geographical location of users, which, in combination with other data, may constitute personal data.
      2. Cookies: storing unique user and session identifiers, enabling tracking of their activity, only after the User has given appropriate consent.
      3. Technical data: e.g. browser type, operating system, screen resolution, internet service provider.
    4. The Controller uses the IP address anonymisation function, which excludes the possibility of identifying Users (the last octet of the IP address is masked before storing or processing data).
    5. The Controller processes data using the indicated tool in order to provide analyses and reports on website traffic and the effectiveness of marketing activities based on the legitimate interest of the controller and the consent of the user (acceptance of Google Analytics cookies). The Controller has entered into a relevant data processing entrustment agreement with Google (Data Processing Agreement), regulating the issue of data security in a manner required by law.
    6. The Controller uses the Consent Mode, which allows for measuring traffic and conversions on the Website even if the User does not consent to the storage of cookies, while fully complying with the requirements of the GDPR, where a tracking code is implemented to enable the collection of only basic, anonymised and aggregated data regarding the time of visit on the Website, information about the referring page and allowing to measure conversions from advertising campaigns. If the User consents to specific types of data processing (Google Analytics cookies), the corresponding tags will work to their full extent. If such consent is not given, the tools will continue to function, but in a limited mode, collecting anonymous data without the possibility of any identification of the User. The Consent Mode tool facilitates fulfilment of the requirements of the GDPR and the ePrivacy Directive by respecting Users’ decisions regarding cookie consent.
    7. The storage period of the collected data if Google Analytics cookies are accepted lasts 14 months.
    8. We encourage you to read Google’s Privacy Policy at: https://policies.google.com/privacy
    9. Users can configure their browser to block cookies related to Google Analytics. Google Analytics uses such cookies as _ga, _dc_gtm_UA-#, collect.
    10. Users can also use a Google Analytics blocking plugin. Google offers a browser add-on to block Google Analytics, which can be downloaded from the official website: https://tools.google.com/dlpage/gaoptout. Once installed, the plugin will prevent data from being sent to Google Analytics from all visited websites.
  12. Google Ads
    1. The Controller uses Google Ads, an advertising tool provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Controller indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, i.e., it ensures an adequate level of security for the processing of personal data in accordance with the GDPR.
    2. Google Ads allows the use of tracking technologies such as cookies and remarketing tags, which enable the display of advertisements tailored to the user’s interests.
    3. Google Ads may collect and process data about the interactions of the users with our advertisements and website, including:
      1. IP addresses,
      2. device identifiers,
      3. web browser information,
      4. geolocation data, and
      5. browsing history.

      This data is processed to evaluate the effectiveness of advertising campaigns and optimise advertising content.

    4. The user can manage their advertising preferences through Google Ads settings (https://adssettings.google.com) and opt out of personalised ads through the Network Advertising Initiative website: https://www.networkadvertising.org/choices
    5. We encourage you to read Google’s Privacy Policy at: https://policies.google.com/privacy
  13. Cookie files (cookies)
    1. When you use the Website, the data about the User are collected automatically. This data may include:
      1. IP address,
      2. domain name,
      3. browser type,
      4. operating system type.
    2. This data can be collected by:
      1. cookies,
      2. Google Analytics system, Google DoubleClick, Google AdWords, Google AdSense,
      3. and can be stored in server logs.
    3. Cookies are small text files that are stored by your browser on your computer’s hard drive or on your smartphone’s memory card. During subsequent visits to the website, the information stored in the cookie file is sent back to the website. This enables the website to recognise you and to customise the content for you.
    4. We may use cookies to improve our website, deliver the most relevant content, and analyse how our Users use our Website.
    5. We may process the data contained in the cookies for the following purposes:
      1. personalising the Website: remembering information about you so that you do not have to re-enter this information during subsequent visits;
      2. providing you with customised advertisements, content and information;
      3. monitoring aggregate site usage metrics such as total number of visitors and pages viewed.
    6. We use the following types of files:
      1. session cookies, which are temporary files and are stored on the Website visitor’s device until they leave the Website;
      2. permanent cookies, which are stored on the Website visitor’s device for the time specified in the cookie parameters or until they are manually deleted;
    7. We can divide cookies into the following file categories:
      1. technical cookies, which ensure the proper functioning of the website, security and a sustained session; these are files that are installed by default, without which the Website cannot function properly;
      2. performance cookies, which are used to optimise the performance of the Website (checkbox to be selected);
      3. marketing cookies, in order to tailor the content and form of advertisements (checkbox to select).
    8. We use analytics and similar services that contain third-party cookies. When using the website, third-party cookies may be used to enable the use of the functionality of the website and the websites integrated into it or to analyse the effectiveness of advertising campaigns and to collect anonymous information about the use of the website for statistical purposes.
    9. This Privacy Policy does not regulate the use of third-party cookies. Each third party determines their own cookie usage rules in their privacy policy. We encourage you to familiarise yourself with the details related to data processing within Google Analytics, as indicated in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245,
    10. The User may manage consent for selected cookies in any way using a dedicated tool available on the Website. Please note that not consenting to, deleting, blocking or restricting the placement of cookies may cause difficulties or even prevent the use of the Website.
  14. Newsletter
    1. The Controller provides an electronic Newsletter service. The Newsletter service consists in sending information about orthopaedics, rehabilitation, modern methods of treatment and joint health care to the e-mail address provided by the User. The Controller indicates that the Newsletter will not be sent at regular intervals (e.g. monthly); sending of the Newsletter will depend on promotional activities undertaken by the Controller and will be irregular.
    2. The service is provided in accordance with the provisions of law, in particular the Act of 18 July 2002 on the provision of electronic services and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
    3. In order to use the free Newsletter service, the User must have an active e-mail address and voluntarily consent to receiving commercial information by electronic means. Subscription to the Newsletter is done by filling in the form available on the Controller’s Website (providing personal data in the form of name and surname and e-mail address). By sending a message in this way, the User makes a declaration of will to conclude the Newsletter service.
    4. The Controller shall not be liable for the provision of false data by the User or for the failure to deliver the Newsletter for reasons beyond the Controller’s control (e.g. technical problems on the part of the Internet service provider).
    5. The Controller undertakes to provide services in accordance with the Policy and applicable laws, to ensure the protection of the user’s personal data in accordance with the GDPR and the Personal Data Protection Act. The User undertakes to use the service in accordance with the law and this Policy and not to provide any illegal content.
    6. The Newsletter service is provided for an indefinite period. The User has the right to unsubscribe from the Newsletter at any time by withdrawing their consent to provision of this service. A statement of withdrawal of consent may be sent at any time to the e-mail address or the registered office of the Controller indicated in Chapter I or in an e-mail with the Newsletter, indicating that you wish to unsubscribe from the Newsletter. After unsubscribing, the User’s e-mail address will be immediately removed from the subscriber database.
  15. Provision of services by electronic means
    1. It is prohibited for Users to provide illegal content.
    2. The User is obliged to use the Controller’s Website and the Services offered in a manner consistent with the law, good manners, using data consistent with the facts and in no other manner that is inconsistent with the provisions of this Policy. The Controller shall not be liable for provision of false data by the User or failure to provide the service for reasons beyond the Controller’s control (e.g. technical problems on the part of the Internet service provider).
    3. The User is obliged to maintain confidentiality and not to disclose to third parties any information obtained in connection with the provision of Services by the Controller, including commercial, organisational, technological and financial information.
    4. The technical requirements necessary to use the Services provided electronically are Internet access and a device enabling its use, such as a computer, laptop or other portable device with a web browser, access to e-mail and a configured e-mail account, any properly configured version of a web browser that supports, among other things, cookies (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).
    5. Despite the use of security measures by the Controller to prevent or significantly hinder hacking (hacker attacks), the use of Internet services may involve the risk of unwanted infection of the IT system by malicious software. In connection with the above, the Controller additionally recommends using updated anti-virus software and an appropriate firewall by the User.
    6. The User has the right to lodge a complaint regarding the provision of electronic services. Complaints should be submitted in writing, managed to the Controller’s registered office or by e-mail to the e-mail address (indicated in Chapter I). The complaint should include the User’s name and email address (email notification), a description of the problem that is the basis for the complaint, and the user’s request related to the complaint. The Controller will process the complaint within 14 days of its receipt. The User will be informed of the outcome of the complaint via the same communication channel.
  16. Users’ rights in connection with the processing of their personal data
    1. You have the following rights in relation to processing of personal data:
      1. the right to access processed personal data – on this basis, the Controller, at the request of the data subject, provides information about the processing of their personal data, including, in particular, the purposes and legal grounds for processing, the scope of the data held, the entities to which the personal data is disclosed, and the planned date of its deletion. As part of the right of access to data, the data subject may also request information about who their personal data is disclosed to and whether it is subject to profiling and automated decision-making. The data subject also has the right to obtain a copy of their data.
      2. the right to rectify data – on this basis, the Controller, at the request of the data subject, removes any discrepancies or errors concerning the processed personal data, and supplements or updates them if they are incomplete or have changed;
      3. the right to data erasure – on this basis, the Controller, at the request of the data subject, deletes data which processing is no longer necessary to achieve any of the purposes for which they were collected, the consent to their processing has been withdrawn or an objection has been made and it is not required for the establishment, exercise or defence of the Controller’s claims;
      4. the right to restrict and transfer processing – on this basis, the Controller, at the request of the data subject, shall cease to carry out operations on such personal data, to the extent permitted by law, and shall issue such personal data in a format that can be read by a computer;
      5. the right to lodge a complaint – by exercising this right, a person who believes that their personal data is being processed in violation of applicable law may lodge a complaint with the President of the Personal Data Protection Office ( 2 Stawki Street, 00-193 Warsaw);
      6. the right to object – the data subject may at any time object to the processing of personal data for the purposes for which they were collected and are being processed, objection to direct marketing – if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her in this respect;
      7. the right to withdraw consent – if we process personal data on the basis of a consent given, the data subject may withdraw this consent at any time. Withdrawal of the consent does not make the processing of personal data illegal up to that point; the withdrawal of consent does not affect the lawfulness of the processing to date, but it will result in the personal data no longer being used for those purposes from the moment the consent is withdrawn.
    2. A request to exercise the rights described above may be submitted by traditional mail to the address of the Controller’s registered office or via the email address indicated in Chapter I.
    3. The request should, as far as possible, specify the subject matter of the request, i.e. in particular the addressee of the request and which of the rights described above the person submitting the request wishes to exercise. If the Controller is unable to determine the content of the request or identify the person submitting the request on the basis of the notification made, it will ask the applicant for additional information.
Call Now Button