ul. Przy Bażantarni 11, Warsaw
Mon–Sat 09:00–21:00
+48 730 630 657
  • en
  • pl
  • ru

    • Privacy policy

    This Privacy Policy is a set of rules intended to inform about all aspects of the process regarding the collection, processing, and protection of your personal data. The Policy is addressed to all Users of the Administrator's Website and those using the Newsletter service and contact form.

    I. General Information

    This Policy sets out the rules regarding the processing of personal data by the Data Controller, which is: PaNa COMFORT Sp. z o.o., located at ul. Bażantarni 11, 02-793 Warsaw, KRS: 0001156597, NIP: 9512615643, REGON: 540938834, email address: pana@pa-na.pl (hereinafter: "Administrator"), belonging to the PaNa Medica group. The registry data of entities forming the PaNa Medica Group are available here.

    Contact with the Data Protection Officer, Ms. Daria Bartnicka, is possible via traditional mail sent to the Administrator's headquarters or via email at iod@odokancelaria.pl

    This Policy may be amended and updated in the event of changes in practices related to personal data processing (taking into account, among other things, current case law and PUODO guidelines) or changes in generally applicable law. Users will be informed of changes by posting relevant information on the Website, and for Newsletter users, this information will be sent directly to the provided email address.

    Using the Administrator's Website requires the User to read and accept this Privacy Policy.

    Providing personal data to the Administrator is voluntary. However, in the case of processing data stored in necessary cookies or communication with the Administrator via the contact form, providing data will be a necessary condition for achieving the indicated objectives and proper functioning of the Website.

    II. Definitions

    Administrator – means the entity that decides how and for what purposes Personal Data are processed. The Administrator is responsible for the compliance of processing with applicable data protection law.

    Personal Data – means any information relating to an identified or identifiable natural person.

    Process, Processing, or Processed – means any operation performed on Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, sharing via transmission, dissemination, or otherwise making available, alignment or combination, restriction, deletion, or destruction.

    Processor – means any person or entity that processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).

    Websitepanacomfort.pl

    Administrator's Social Media Pages:

    Electronic Services – services provided via the Website. Provision of Electronic Services to Users is carried out under the terms set out in this Policy.

    III. Processing of Users' Personal Data

    The Administrator may collect Users' Personal Data in particular in the following cases:

    1. Submission of Personal Data by Users (e.g., email, telephone, contact form, or any other means) based on Art. 6(1)(f) GDPR (legitimate interest of the Administrator – responding to messages or inquiries) in connection with handling the reported matter or inquiry.

    2. Asserting claims and taking actions in connection with the defense of the Administrator's rights, conducting court proceedings, and enabling the use of the Website via cookies, preventing fraud in using the Website, particularly the operation, maintenance, improvement, and provision of all its functions, as well as creating summaries, analyses, and statistics for the Administrator's internal needs, including reporting, marketing research, planning the development of the Website and Newsletter, development work, and creating statistical models based on Art. 6(1)(f) GDPR.

    3. Collection of Users' Personal Data published on social media (Administrator's Fanpage), e.g., information from Users' private profiles publicly visible, based on Art. 6(1)(f) GDPR (legitimate interest of the Administrator – promoting its activity and services, managing social media profile, building and strengthening customer relationships, conducting analyses and statistics on profile popularity and operations, and determining, pursuing, and defending against possible claims regarding profile use).

    4. User consent to the processing of personal data for marketing purposes, including sending the Newsletter, based on Art. 6(1)(a) GDPR (consent), in accordance with Art. 398 of the Electronic Communications Law.

    5. Collection or request of Users' Personal Data during visits to the Administrator's Website or use of any functions or resources available on or through the Website – cookies and third-party tools. When Users visit the Website, their devices and browsers may automatically provide certain information (device type, operating system, browser type, browser settings, IP address, language settings, dates and times of access, and other technical communication information), some of which may constitute Personal Data. During a Website visit, no Personal Data will be stored by the Administrator without a proper legal basis. For cookies, the Administrator – beyond essential cookies – will obtain consent for installing other cookies (including third-party cookies such as Google Analytics). Consent is optional and does not affect Website usability. Processing is based on Art. 6(1)(a) GDPR (consent – for non-essential cookies) and Art. 399 of the Electronic Communications Law (law – for essential cookies).

    IV. Reviews - Displaying customer reviews on the Administrator's Website is carried out in accordance with the Review Regulations available here.

    Providing personal data via the Website, social media, or reviews is voluntary and not legally required. However, in certain cases, without providing personal data, it is not possible to use the full functionality of the Website or Newsletter services.

    V. Categories of Users' Personal Data

    The Personal Data processed by the Administrator may include, in particular:

    • Personal data: first name(s), last name(s)
    • Contact data: email address, phone number
    • Message content: all messages (inquiries, statements, opinions) sent via the contact form or published on the Administrator's Website or Fanpages by the User
    • IP address, cookies, and information about using our Website and Newsletter – during use of the Website or Newsletter
    • Image: in case of publishing a review, leaving a comment, or clicking the "Like" button on the Administrator's social media page (Fanpage) if the User has made their image publicly visible on the social media account
    • Behavioral data (consent to Google Ads): information about user activity on websites, ad clicks, time spent on the site, and interactions with content

    VI. Use of Social Media Fanpages

    The Administrator uses social media fanpage profiles. Public data shared by Users on social media may be used for:

    • Responding to private messages directed to us
    • Participating in discussions in comments under posts
    • Sharing our posts with people following our Fanpage
    • Marketing purposes – informing about our services and ourselves through posts, including sponsored posts displayed to a wider audience
    • Statistical purposes – presenting data on post views, reach, and interactions; data provided by social media platform owners are statistical but based on observed behaviors on our Fanpage

    Currently, the Administrator's Website redirects to the following social media platforms (Fanpages):

    • Facebook
    • Instagram
    • YouTube
    • Telegram

    By liking an Administrator's post, leaving a comment, sending a private message, or subscribing to a channel, the following entities become Controllers of your personal data shared on their Fanpage for statistical and advertising purposes:

    • Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland
    • Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland
    • Telegram Messenger Inc.

    For this reason, we encourage you to read the privacy policies of these platforms:

    VII. Sharing Personal Data with Third Parties

    The Administrator may share Users' Personal Data with:

    • Persons authorized by the Administrator to process data
    • Entities entrusted with data processing, e.g., technical service providers or advisory service providers
    • Other administrators if required by law or in good faith believing that such action is necessary to comply with applicable legal regulations, in particular in response to court or government authority requests

    When a third party is engaged in processing Users' Personal Data under a data processing agreement, the Processor is required to:

    • Process only the Personal Data indicated in prior written instructions from the Administrator
    • Apply all measures to protect confidentiality and security of Personal Data and ensure compliance with all other legal requirements

    Due to the use of Facebook and Instagram services, data may be transferred by these entities to third countries – the United States of America (USA) or China – in connection with internal sharing by these entities to Meta Platforms Inc., Google LLC (USA), or Beijing ByteDance Technology Co Ltd. (China), over which the Administrator has no influence.

    VIII. Third-Party Services

    The Website may contain functions or links redirecting to websites and services provided by third parties, which are not managed by us. Information you provide on these sites or services will be subject to their own privacy policy and data processing procedures.

    The Administrator is not responsible for procedures related to processing by independent website administrators or service providers. We encourage users to review the privacy and security policies of third-party sites before providing them with information.

    IX. Data Protection

    The Administrator informs that it has implemented appropriate technical and organizational measures to protect Personal Data, particularly against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law.

    The Administrator is not responsible for actions or omissions of Users. Users are responsible for ensuring that all Personal Data are transmitted to the Administrator securely.

    Personal data will not be subject to automated profiling, i.e., automated decision-making concerning the User that produces legal effects regarding the person or otherwise significantly affects them.

    X. Accuracy of Data

    The Administrator undertakes all appropriate measures to ensure that:

    • Users' Personal Data processed by the Administrator are accurate and, if necessary, updated;
    • All inaccurate Users' Personal Data processed by the Administrator (taking into account the purpose for which they are processed) will be deleted or corrected without undue delay.

    The Administrator may at any time ask Users to verify the accuracy of the processed Personal Data.

    XI. Data Minimization

    The Administrator undertakes all appropriate measures to ensure that the scope of Users' Personal Data processed is limited to Personal Data adequately required for the purposes indicated in this Policy.

    XII. International Data Transfer

    Personal data may be shared and processed outside the European Economic Area (EEA) (EEA comprises the European Union, Iceland, Liechtenstein, and Norway). If personal data are transferred outside the EEA, the Administrator requires appropriate safeguards. The Administrator will fulfill its obligations under Chapter V of the GDPR to ensure the correctness of such processing, including on the basis of the European Commission decisions on adequate privacy protection – EU-US Data Privacy Framework.

    XIII. Personal Data Retention Period

    The criteria determining the length of time the Administrator stores Users' Personal Data are as follows: The Administrator stores copies of Users' Personal Data in a form allowing identification only as long as necessary to achieve the purposes indicated in this Policy, unless mandatory law requires a longer storage period. In particular, the Administrator may store Users' Personal Data for the entire period necessary to establish, exercise, or defend claims (statute of limitations according to Art. 118 of the Civil Code).

    Personal data are stored:

    • For 30 days from the moment of contact (phone, email from the Website). Personal data may be processed for a longer period if, due to the submitted inquiry, the User decides to use the Administrator's services (Newsletter).
    • In case of using our services (contract concluded) – for the duration of the contract and the period necessary to resolve complaints, until potential disputes are settled and accounts closed, taking into account applicable limitation periods.
    • For internal administrative purposes of the Administrator and other data processing purposes where the legal basis is the legitimate interest of the Administrator – Personal Data will be stored until the legally justified interest of the Administrator, which forms the basis of processing, is fulfilled or until the User raises an objection after the Administrator has analyzed the interest and processing basis.
    • For data processed on our Fanpage – until an objection to further processing is submitted by clicking "dislike," withdrawing the like, deleting a comment, or unsubscribing.
    • For Newsletter service – for the duration of the service or until consent to receive commercial information electronically is withdrawn.

    XIV. Cookies

    While using the Website, data about the user are automatically collected. These data may include:

    • IP address
    • Domain name
    • Browser type
    • Operating system type

    These data may be collected via:

    • Cookies
    • Google Analytics system
    • Server logs

    Cookies are small text files stored by the browser on the hard drive of your computer or on the memory card of your smartphone. During subsequent visits to the Website, the information stored in cookies is sent back to the Website. This allows the Website to recognize you and adapt content to your needs.

    To improve our Website, provide the most relevant content, and analyze how Users use our Website, we may use cookies.

    We may process data contained in cookies for purposes such as:

    • Personalizing the Website: remembering User information so the User does not need to re-enter it on subsequent visits;
    • Delivering content, advertisements, and information tailored to the User;
    • Monitoring aggregated website usage metrics, such as total visitors and page views.

    We use the following types of cookies:

    • Session cookies – temporary files stored on the user's device until leaving the Website;
    • Persistent cookies – stored on the user's device for the period specified in the file parameters or until manually deleted.

    Cookies can be divided into the following categories:

    • Essential cookies – ensure proper functioning of the Website, security, and maintained session; these are installed by default, without them the Website cannot function properly.
    • Statistical cookies – allow collecting information about how the Website is used (checkbox to select);
    • Functional cookies – allow remembering choices made by Users, e.g., language or font size (checkbox to select);
    • Marketing cookies – to adjust the content and form of advertisements (checkbox to select).

    We use analytics and similar services containing third-party cookies. During use of the Website, third-party cookies may be used to enable Website functionalities, integrated sites, or to analyze the effectiveness of advertising campaigns and collect anonymous usage information for statistical purposes.

    This Privacy Policy does not regulate the rules for using third-party cookies. Each third party establishes its own rules in its privacy policy. We encourage reviewing details on Google Analytics: https://support.google.com/analytics/answer/6004245, Facebook Pixel: https://www.facebook.com/privacy/policy

    Users can manage consents to selected cookies using the dedicated tool on the Website, choosing which cookies will be collected during use (except essential cookies necessary for Website functioning). Lack of consent, removal, blocking, or limiting cookies may make some functionalities of the Website difficult or impossible to use.

    XV. Server Logs

    Using the Website involves sending requests to the server on which the Website is hosted.

    Each request sent to the server is recorded in server logs. Logs include, among other things: User's IP address, server date and time, information about the internet browser and operating system used by the User.

    Data recorded in server logs are not associated with specific persons using the Website and are not used by the Administrator to identify the User of the Website.

    Server logs are solely auxiliary material used to administer the Website, and their content is not disclosed to anyone except persons authorized to administer the server.

    XVI. Newsletter

    The Administrator provides a Newsletter service electronically. The Newsletter service involves sending information about offers, promotions, and events related to the Administrator's activity to the email address provided by the User. The Administrator indicates that the Newsletter will not be sent at regular intervals (e.g., monthly); sending the Newsletter will depend on promotional actions undertaken by the Administrator and will be irregular.

    The service is provided in accordance with the law, in particular the Act of July 18, 2002, on the provision of electronic services and the Regulation (EU) 2016/679 (GDPR).

    To use the free Newsletter service, the User must have an active email address, voluntarily consent to receive commercial information electronically. Newsletter subscription is done by filling out the contact form available on the Administrator's Website (providing personal data in the form of first name, last name, and email address) and accepting this Privacy Policy regulating data processing and service provision rules. Sending a message in this way constitutes the User's declaration of intent to subscribe to the Newsletter service.

    The Administrator is not responsible for the User providing false data or the failure to deliver the Newsletter due to reasons beyond the Administrator's control (e.g., technical problems on the internet service provider side).

    The Administrator undertakes to provide the service in accordance with this Policy and applicable law, ensuring the protection of Users' personal data in accordance with GDPR and the Personal Data Protection Act. The User undertakes to use the service in compliance with the law and this Policy and not to provide unlawful content.

    The Newsletter service is provided for an indefinite period. The User has the right to unsubscribe from the Newsletter at any time by withdrawing consent. A statement of withdrawal of consent can be sent at any time to the email address or Administrator's headquarters indicated in Chapter I. After unsubscribing, the User's email address will be immediately removed from the subscriber database.

    XVII. Contact Form

    The Administrator provides a service consisting of making a contact form available for scheduling appointments and other purposes specified by the User in the form.

    For this purpose, it is necessary to provide data such as first name and last name, email address or phone number, enter the message content, and click the "order call" or "schedule appointment" button.

    The Administrator will make efforts to respond to inquiries within 48 hours.

    XVIII. Provision of Electronic Services

    Providing unlawful content by Users is prohibited.

    The User is obliged to use the Administrator's Website and offered Services in compliance with the law, good practices, using accurate data, and not acting contrary to this Policy. The Administrator is not responsible for the User providing false data or service delivery failures due to reasons beyond the Administrator's control (e.g., technical problems on the internet service provider side).

    The User is obliged to maintain confidentiality and not disclose to third parties any information obtained in connection with the provision of Services by the Administrator, including commercial, organizational, technological, and financial information.

    Technical requirements necessary to use electronic services include internet access, a device such as a computer, laptop, or other portable device with a web browser, email access, and a properly configured email account, any properly configured web browser supporting, among other things, cookies (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).

    Using services on the Internet, despite security measures applied by the Administrator to prevent or significantly hinder system breaches (hacking attacks), may involve the risk of unwanted infection of the IT system by malware. Therefore, the Administrator additionally recommends using updated antivirus software and applying an appropriate system firewall.

    The User has the right to submit complaints regarding electronic service provision. Complaints should be submitted in writing to the Administrator's headquarters or via email (as indicated in Chapter I). The complaint should include the User's name and email (for email submissions), a description of the problem constituting the basis of the complaint, and the User's request related to the complaint. The Administrator will consider the complaint within 14 days of receipt. The User will be informed of the result through the same communication channel.

    XIX. Users' Rights in Relation to the Processing of Their Personal Data

    You have the following rights in connection with the processing of your personal data:

    • Right of access to processed personal data – based on this right, the Administrator, at the request of the data subject, provides information about the processing of their personal data, including primarily the purposes and legal bases of processing, the scope of held data, the entities to which the personal data are disclosed, and the planned date of their deletion. As part of the right of access, the data subject may also request information about whom their personal data are disclosed to and whether they are subject to profiling and automated decision-making. The data subject also has the right to obtain a copy of their data.
    • Right to rectification – based on this right, the Administrator, at the request of the data subject, removes any discrepancies or errors in the processed personal data, and supplements or updates them if they are incomplete or have changed.
    • Right to erasure (right to be forgotten) – based on this right, the Administrator, at the request of the data subject, deletes data whose processing is no longer necessary for any purpose for which they were collected, consent to their processing has been withdrawn, or objection has been raised and deletion is not required for establishing, exercising, or defending the Administrator's claims.
    • Right to restriction of processing and data portability – based on this right, the Administrator, at the request of the data subject, ceases processing of these personal data to the extent permitted by law and also provides these personal data in a format allowing them to be read by a computer.
    • Right to lodge a complaint – using this right, a person who considers that their personal data are being processed contrary to applicable law may lodge a complaint with the President of the Personal Data Protection Office.
    • Right to object – the data subject may object at any time to the processing of personal data for the purposes for which they were collected and are being processed. An objection applies to direct marketing – if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such purposes.
    • Right to withdraw consent – if personal data are processed based on consent, the data subject may withdraw this consent at any time. Withdrawal of consent does not make the processing of personal data up to that point illegal; revoking consent does not affect the lawfulness of previous processing but will result in personal data no longer being used for those purposes from the moment of withdrawal.

    A request to exercise the rights described above can be submitted via traditional mail to the Administrator's headquarters or via the email address indicated in Chapter I.

    The request should, as far as possible, precisely indicate what the request concerns, in particular the recipient of the request and which right described above the person submitting the request wishes to exercise. If the Administrator is unable to determine the content of the request or identify the person submitting the request based on the submission, the Administrator will request additional information from the applicant.

      Book a consultation

      Leave your contact details — we will call you back, answer your questions, and find the best solution for you. You can also call us at +48 730 630 657