GDPR information clause

Pursuant to Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1) („GDPR”) you are hereby informed of the following:


Data controller

You are notified that the personal data you have provided will be processed by the:

Smarter Diagnostics sp. z o.o. located at ul. Towarowa 20B, Olsztyn (10-417), entered in the Business Register of the National Court Register kept by the District Court in Olsztyn, VIII Commercial Division of the National Court Register, under KRS number: 0000826635, NIP number: 9512497221, REGON number: 385477710 („the Controler”).


Contact regarding the processing of personal data

In matters concerning your personal data, you may contact at the Controller’s offices or via e-mail regarding any matters concerning data processing and your rights in relation to the processing of your personal data.


Purpose of the processing

Your personal data will be processed for purposes including but not limited to the following:

  • to perform the obligations arising from the subject of electronic correspondence, including those related to the business activity conducted, on the basis of the Administrator’s legitimate interest, which is to ensure continuity of communication and to enable contact with the Administrator in matters of business activity – on the basis of Article 6(1)(f) of the GDPR,
  • to comply with the Administrator’s legal obligations in connection with its business activities – on the basis of Article 6(1)(c) of the GDPR,
  • carry out promotional or marketing activities, in particular directing new offers and proposals for cooperation, thus pursuing the Administrator’s legitimate interest – on the basis of Article 6(1)(f) of the GDPR,
  • within a scope broader than that resulting from universally applicable legal regulations, in the Administrator’s legitimate interest, e.g. possible assertion of claims resulting from the concluded civil law agreement by the Administrator – on the basis of Article 6(1)(f) of the GDPR,
  • performance of services provided by us – pursuant to Article 6(1)(b) of the GDPR, and we process sensitive personal data for this purpose pursuant to Article 9(2)(a) of the GDPR.


Storage (retention) period

Your personal data will be stored:

  • for the period necessary to protect the interests of the Controller,
  • in the case of other purposes involving the legitimate interests of the Controller, for the period in which those purposes remain valid, or until an objection is made,
  • for the period provided by laws obligating the Controller to process the data for a specific period and the limitation periods for claims,
  • for the duration of the contract and until the expiry of the limitation periods for possible claims under the concluded contract in the scope of the personal data provided to us for the purpose of providing our services,
  • for a period of 48 hours counted from the moment of providing sensitive personal data entrusted to us in order to provide the software demo on the Internet web page under the address


Data recipients

The recipients of your data may include:

  • the Controller’s employees, partners, and members of its bodies,
  • processors acting at the order of the Controller, for the purpose and in the scope required for the performance of the Civil Law Contract; such entities process the data on the basis of separate contracts concluded with the Controller, and only in accordance with instructions of, and in the scope specified by, the Controller,
  • entities authorized on the basis of general law.


Transfer of data outside the EEA

As a rule, the personal data provided by you shall not be made available to entities based outside the European Economic Area (EEA), i.e. in third countries. The transfer of your personal data outside the EEA may take place if it is necessary for the performance of the Administrator’s duties under a civil-law contract, including a situation where the proper performance of the civil-law contract requires the participation of the Administrator’s subcontractors or employees based outside the EEA, whereby it is possible to transfer your data to a third country only if the legal requirements are met – if the European Commission has made a finding of adequate protection or with the use of standard contractual clauses approved by the European Commission or in the case of having appropriate safeguards


Automated decision-making, including profiling

Your personal data will not be subjected to automated decision-making or profiling.


Rights of the data subject

With regard to the personal data you have provided to the Controller, you reserve the right to:

  • access it, demand its rectification, and obtain a copy of it,
  • demand that it be deleted or its processing limited, in cases provided by law,
  • object to the processing of your personal data, where the purpose of its processing is the legitimate interest of the Controller,
  • withdraw your consent, where the data is processed based on your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw your consent at any time;
  • move your personal data, i.e., to receive from the Controller information about the processing of your data in a structured, commonly used, machine-readable format, to the extent in which your data is processed for the conclusion and performance of the Contract, or based on your consent. You may transfer the received personal data to another data controller;
  • lodge a complaint with the President of the Personal Data Protection Office if you have determined that the Controller, in processing your personal data, has violated the provisions of the GDPR or other relevant regulations concerning the protection of personal data.

In order to exercise the above rights, contact your Data Protection Supervisor using the method described above.


Information regarding your obligation to provide data and the consequences of refusing to do so

Providing your personal data is voluntary. In certain cases, it may be necessary for you to provide personal data in order to fulfill the purposes resulting from the above-mentioned legitimate interests of the Administrator.

Document version: Rev. 2 / 21 June 2023