As we attach great significance to the privacy of the users of our websites and are guided by the requirements established by the legal regulations, Syn2bio SA (hereinafter: ‘Syn2bio’ or ‘Company’) drafted this document to advise you of the rules we follow when collecting, safeguarding and processing the personal data conveyed by Users on the websites belonging to the Company.
1. Definitions
Personal Data – any and all information regarding an identified or identifiable living natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
Policy – this Privacy and Cookie Policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
User/Data Subject – every natural person visiting the Service or using one or more of the services offered by the Controller.
Service – internet service belonging to Syn2bio.
2. Data Controller
The Controller of Users’ personal data is Syn2bio SA with its registered office in Warsaw (postal code: 00-728) at ul. Józefa Piusa Dziekońskiego 3 („Controller”).
In the case of any inquiries or reports, the Controller can be contacted via e-mail (kontakt@syn2bio.pl) or by post to the address stated above.
Persons who submit an application or request pertaining to the processing of their personal data as part of exercising their rights may be asked by the Controller or an authorized party to respond to several questions pertaining to their personal data to facilitate verification of their identity.
3. Purpose of Processing Personal Data
3.1 Communication with Users
The Controller provides for the possibility of making contact with it, which calls for furnishing the contact data required to establish contact and respond to an inquiry. A User may also provide other personal data to facilitate contact or handle an inquiry.
Personal data are processed for the purpose of identifying the sender and handling its inquiry – the lawful basis for processing is the necessity of processing to perform a contract (art. 6(1)(b) of the GDPR), while if contact is made without being connected to the performance of a contract, the lawful basis for processing is the Controller’s legitimate interest (art. 6(1)(f) of the GDPR) involving the cultivation of relations with the User.
With respect to freely provided data the lawful basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) involving the cultivation of relations with the User.
3.2 Marketing
A User’s personal data may also be used by the Controller for the purpose of sending marketing messages to that person via various channels, i.e. by e-mail or MMS/SMS. These actions are undertaken by the Controller solely if the User has granted explicit consent which the User may retract at any moment.
Personal data are processed:
• to transmit commercial information – the lawful basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in connection with the expressed consent;
• for analytical and statistical purposes – the lawful basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) involving the analysis of Users’ activity in the Service to improve the functionalities employed.
3.3 Purposes associated with services and web service belonging to Syn2bio
The purposes of processing data in connection with the web service belonging to Syn2bio.
Personal Data may be processed on the basis of a consent given by a User when transmitting data through a dedicated form for the purpose and for the period needed to handle the task properly. The clauses provided under specific forms on the web service belonging to Syn2bio specify the details, including information on whether providing personal data is a statutory or contractual requirement or a prerequisite to enter into a contract and on whether the person to whom the data pertain is obligated to specify that data and what the possible consequences of not specifying that data are.
4. Origination of data
The Controller may obtain Personal Data directly from the Users of a Service or from third parties to whom the Users have given the ability to send data to their account.
5. Data recipients and access to data
The following data recipients may have access to personal data:
• authorized employees of Syn2bio,
• external service providers authorized by Syn2bio (such as suppliers of ICT resources, research organizations, marketing agencies, suppliers of ICT services, etc.) supporting us in the processing of personal data.
The level of protection for Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate degree of protection.
The Controller does not plan to transfer Personal Data outside the EEA. If, within the context of specific services, there is a different intent, the Controller always advises of the intention to transfer Personal Data outside the EEA at the stage of data collection.
Only the appropriate staff of the data recipients have access to the Users’ personal data to the extent required to perform the entrusted tasks and solely for the purposes of attaining the goals stated above. All of the persons authorized to process Personal Data are obligated to maintain the confidentiality of the data and safeguard the Data against disclosure to unauthorized persons.
6. Data Retention Period
The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. Data are processed:
• when submitting an effective objection against data processing in instances in which the lawful basis for processing data is the Controller’s legitimate interest – the data will be removed within 14 business days following receipt of such an objection,
• until the moment when consent for processing is retracted in the instances in which the lawful basis for data processing is consent.
The period of data processing may be extended if processing is necessary for the establishment or assertion of claims or defense against claims, and after this period – only if and to the extent required by law.
7. Rights related to Personal Data Processing
All persons to whom the data pertain may take advantage of the following rights with respect to the Controller:
a) the right to demand access to their personal data and obtain information about how they are processed and the right to correct that data if they are incorrect (according to art. 15 and 16 of the GDPR),
b) the right to demand a limitation on the processing of their data in the situations and according to the rules specified in art. 18 of the GDPR (a Data Subject may demand a limitation on the processing of its personal data for the period it takes to verify their correctness or examine its objection to data processing, This right is also held in a situation in which, according to the Data Subject, the processing of its data is illegal, but it does not want the data to be removed immediately or in the event that the data are needed for a longer period than the adopted period of processing assumed on account of issues related to asserting or defending claims),
c) the right to demand the removal of data in accordance with art. 17 of the GDPR (right to be forgotten),
d) the right to transfer data according to the rules specified in art. 20 of the GDPR (if personal data are processed on the basis of a consent),
e) the right to lodge an objection at any moment against the processing of its personal data for reasons related to its special situation if the data are processed by Controllers as part of performing their legitimate interests (according to art. 21(1) of the GDPR),
f) the right to lodge an objection at any moment against the processing of its personal data for purposes associated with direct marketing (according to art. 21(2) of the GDPR),
g) the right to submit a complaint to the regulatory authority responsible for Personal Data protection (Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).
In addition, the User has the right to withdraw its consent to the processing of personal data at any time if consent is the lawful basis for processing. For this purpose, it suffices to proceed in accordance with the instructions specified in the Service or to contact the Controller. Withdrawing consent does not affect the lawfulness of processing conducted based on consent before its withdrawal.
8. Security of Personal Data
The Controller regularly analyzes risk to ensure that it processes Personal Data in a secure manner – ensuring above all that:
• technical and organizational means suitable to the risk associated with the processing of personal data;
• only authorized persons have access to the data solely to the extent necessary for them to perform their tasks. The Controller ensures that all operations concerning Personal Data are performed solely by authorized employees and associates.
The Controller safeguards data against being made available to unauthorized persons and also against their processing in violation of the applicable legal regulations. The Controller exercises constant control over the data processing process while simultaneously restricting access to data to the greatest possible extent which additionally provides the pertinent authorizations only when this is necessary to run a website properly.
9. Cookie Policy (referred to as Cookies)
The service uses files containing cookies (referred to as cookies). The textual information saved in the computers of the persons using the Service helps customize the services and content to satisfy individual needs. Moreover, this mechanism is responsible for facilitating access by users to the resources collected therein. This mechanism is not used for the purpose of downloading users’ personal data or any other information regarding them. For the Service to operate properly it is necessary to activate the cookie function in the browser’s settings.
What are cookies?
Cookies are small portions of information saved by your browser. Cookies allow websites to remember your preferences.
How can you manage cookies?
If a user does not wish to receive cookies, the user may adjust the browser settings. It should be noted that disabling the cookies needed for the registration, security and retention of a user’s preferences makes it more difficult to use websites and in extreme cases it may make it impossible to use websites.
To manage cookies you should select the web browser you use from the list below and proceed according to the instructions for a given browser:
▪ Internet Explorer
▪ Chrome
▪ Safari
▪ Firefox
▪ Opera
Mobile devices:
• Android
• Safari
• Windows Phone
• Blackberry
Links to other websites
The service belonging to Syn2bio contain links to other websites. The Controller is not liable for the privacy rules applicable to those websites. We encourage you to review the privacy policy employed by those websites after switching to those websites. This Privacy Policy pertains solely to the www services belonging to the Company.
Google Analytics
Website traffic on the Service may be monitored using Google Analytics. The purpose is to collect data regarding the method and popularity of using our website. By using the Service’s website, you agree to Google Analytics analyzing your data for the purposes described here.