Select Page

Privacy Policy

Personal data is processed in accordance with generally applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereinafter “GDPR”).

The Controller guarantees the confidentiality of all personal data processed by them. The Controller further ensures that all security measures are taken. Personal data is collected with due diligence, and it is properly protected from access by unauthorised persons. All entities entrusted with the processing of personal data guarantee the implementation of appropriate means of personal data protection and security required by law.

The Controller is the owner of the brand: Samarité and Herbus. If you are a customer, counterparty, or subscriber to the newsletter of one of our brands, we also encourage you to read the privacy policy dedicated to a specific brand:

General provisions

  1. This Privacy Policy (hereinafter referred to as the “Privacy Policy”) specifies the method of collecting, processing and storing the personal data of:
    • visitors to the website https://www.zemepharm.com/, which is owned by the Controller; job candidates;
    • persons contacting the Controller by email and telephone as well as
    • persons whom the Controller contacts.
  2. This Privacy Policy is provided for informational purposes only and it does not impose any obligations on data subjects.
  3. The Controller takes special care to protect the interests of data subjects and uses technical and organisational measures to ensure the protection of the processed personal data that is appropriate and adequate to the risks.

Data Controller

The Controller of personal data is Anna Mrowińska, running business under the name Zeme Pharm Anna Mrowińska with its registered office in Warsaw, at Al. J. CH. Szucha 3/2 (00-580), NIP: 9680876255, REGON: 300281484.

Contact with the Controller

  1. For matters related to the processing of personal data, please contact us by email to a dedicated email address: e-mail: ado@zemepharm.com
  2. You may also send us a message or request to our address for correspondence: Al. J. CH. Szucha 3/2, 00-580 Warsaw.

Purpose of and legal basis for data processing

  1. The purpose and basis for the processing of personal data by the Controller always results from the nature of the relationship between the Controller and the data subject.
  2. Each of these relationships is outlined separately below so that it is easier for you to find the appropriate provisions.

Visitors to the website https://www.zemepharm.com

  1. The Controller may process personal data for the following purposes:
    • monitoring and enforcing compliance with the terms of use of the website pursuant to Article 6(1)(f) GDPR – a legitimate interest to ensure the functionality of the website;
    • administering and managing the website, including confirming identity and preventing access by unauthorised persons – a legitimate interest to maintain the stability of the website and ensure cybersecurity for visitors to the website;
    • aggregating data for the purpose of conducting analyses, pursuant to Article 6(1)(f) GDPR – a legitimate interest to conduct activities aimed at improving the operation of the website;
    • direct marketing of our own products and services – the marketing carried out includes the following activities: using the analytical software Google Analytics and Google Ads which allows the collection of user data. In this case, the Controller collects only the following categories of data: source and medium of obtaining visitors to the website, behaviour on the website, information on devices and browsers, IP address, domain and geographical data. The legal basis for the processing of personal data is Article 6(1)(a) GDPR – consent expressed by setting web browser preferences using Facebook Pixel to send personalised Facebook ads to website users. Facebook Pixel collects, in particular, a history of events (user activities on the website, such as adding a product to the basket) in order to then display a personalised ad on Facebook. The legal basis for the processing of personal data is Article 6(1)(a) GDPR – consent expressed as part of setting specific web browser preferences.
    • establishing, investigating and defending claims pursuant to Article 6(1)(f) GDPR – a legitimate interest to protect the interests of the Controller.>
    • The whole text of the cookie policy used by the Controller can be read here.
  2. The recipients of your personal data will be entities providing IT services to the Controller to the extent that this applies to the activities related to managing the website, and a marketing company. In addition, the recipients of your data will be (subject to your consent) Google Inc. and Facebook Inc.
  3. The Controller is not responsible for data processing by Google and Facebook – the owner of Google Analytics and Google Ads tools and Facebook Pixel, Customers respectively. The Controller recommends that you should read the privacy policy of Google and Facebook to get to know the personal data processing rules used by Google and Facebook.
  4. Personal data will be processed until cookies are deleted, in accordance with the information included in the Cookies Policy. After the expiry of this period, the Controller will store personal data if they are required to do so by law, for the period provided for by law, or to pursue legitimate interests for the period of limitation of claims.
  5. In connection with the processing of personal data, the data subject has the following rights: the right to access personal data, the right to rectify (update) personal data, the right to erase data, the right to limit the processing, the right to transfer personal data, the right to object to the processing of personal data and the right to lodge a complaint with a supervisory authority.
  6. Moreover, the data subject has the right to withdraw their consent to the processing of personal data. The consent may be withdrawn by changing the web browser settings. If you do not want to receive personalised ads from the Controller on Facebook, please select the privacy settings on Facebook. Any withdrawal of the consent given will not affect the lawfulness of processing carried out on the basis of the consent given before the withdrawal.
  7. Providing personal data that is necessary for the operation of the website is voluntary, but without providing it, some functions of the website may not work properly. In other respects, providing personal data is voluntary.

Job candidates

  1. The Controller may process the personal data of job candidates for the purpose of conducting a recruitment process (assessment of qualifications, abilities, skills for a given position, selection of the best person for our team), on the basis of:
    • Article 6(1)(b) GDPR (taking action at the request of the data subject),
    • Article 6(1)(c) GDPR (the legal obligation of the controller, including, first of all, the obligation under Article 221 § 1 of the Polish Labour Code),
    • Article 6(1)(a) GDPR (consent expressed by clear affirmative action, i.e., by sending the application documents within the scope of documents not required by law but provided by the candidate in these documents).
    • Article 6(1)(f) GDPR (legitimate interest of the controller, which is the ability to check your skills, competences – within the scope of data provided to us during the interview).
  2. Your personal data may be transferred to entities which provide us with a number of services, including: legal services, IT service providers (computer repair services, website and mail hosting and server, IT outsourcing), which are used by the controller, to an IT system provider, an accounting office, as well as state authorities and other entities authorised under the law.
  3. We store your personal data until the recruitment process is completed or until the candidate resigns from applying for employment, unless the candidate agrees to the processing of their personal data also for the purposes of possible future recruitment.
  4. In connection with the processing of personal data, the data subject has the following rights: the right to access personal data, the right to rectify (update) personal data, the right to erase data, the right to limit the processing, the right to transfer personal data, the right to object to the processing of personal data and the right to lodge a complaint with a supervisory authority.
  5. Providing your personal data is mandatory to the extent required by the provisions of the Polish Labour Code. If the candidate does not provide their data, the candidate will be excluded from the recruitment process. Providing other types of data is voluntary and does not affect the candidate’s eligibility to join the recruitment process.

Persons contacting the Controller by email and telephone as well as persons whom the Controller contacts

  1. The Controller may process personal data for the following purposes:
    • answering questions, including contacting specific persons for this purpose by email, telephone or in any other way, i.e., pursuant to Article 6 (1)(f) GDPR – a legitimate interest consisting in the possibility of answering a question about the conducted business activity.
    • establishing cooperation directly with such a person or the employer/entity represented by this person, i.e., pursuant to Article 6(1)(f) GDPR – a legitimate interest in establishing and maintaining relationships as part of business activity.
  2. The purposes and bases described above apply to any persons who contact Zeme Pharm Anna Mrowińska in Warsaw in reference to any matter before the purpose of such contact is determined, or when it is Zeme Pharm Anna Mrowińska in Warsaw that contacts such persons (by telephone or email) in reference to any matter.
  3. Personal data will be processed until after the closing of the matter to which the inquiry, contact or objection to the processing of personal data pertains. After this period, the Controller will store personal data if they are required to do so by law, for the period provided for by law, or to pursue our legitimate interests for the period of limitation of claims.
  4. In connection with the processing of personal data, the data subject has the following rights: the right to access personal data, the right to rectify (update) personal data, the right to erase data, the right to limit the processing, the right to transfer personal data, the right to object to the processing of personal data and the right to lodge a complaint with a supervisory authority.
  5. The provision of the data is voluntary but it is necessary for an answer to be provided.

Data recipients

  1. The controller uses the services of entities that provide sufficient guarantees as regards the security of personal data, including through the implementation of appropriate technical and organisational measures.
  2. Personal data is not always entrusted or provided to all of the aforementioned recipients. The Controller provides data only when it is necessary to achieve a specific purpose of processing and only to the extent necessary.
  3. Because the Controller uses Google Analytics, Google Ads and Facebook Pixel tools, your personal data may be transferred to a third country (i.e., a country outside the European Economic Area) – the United States of America.

Duration of personal data processing

  1. The duration of our processing of your data depends on the purpose for which the data is collected, as well as on the determined legal basis of the purpose.
  2. Precise duration of the processing of your data can be found in the appropriate sections of the Privacy Policy. We encourage you to read the information included there.

Rights of the data subject

  1. The GDPR has defined a number of rights that you have in connection with the processing of your personal data. Subject to the provisions set out in the GDPR, you have the following rights:
    • the right to request access to your personal data; the right to rectify, erase, transfer, or limit the processing of your data,
    • the right to object to the processing of data, if data is processed on the basis of a legitimate interest,
    • the right to lodge a complaint with a supervisory authority (the President of the Personal Data Protection Office), if the data subject believes that the processing of their personal data violates the provisions of the GDPR,
    • the right to withdraw your consent, with the reservation that any withdrawal of the consent given will not affect the lawfulness of processing carried out on the basis of the consent given before the withdrawal. If you wish to withdraw your consent, please contact us at the email address: ado@zemepharm.com
  2. If you wish to exercise the above-mentioned rights, please contact the Controller as specified in the “Contact with the Controller” section.

Source of data

  1. In principle, personal data processed by the Controller is obtained directly from the data subject.
  2. The obligation to provide personal data or the lack of such obligation also depends on the relationship that the data subject has with the Controller, as well as on a specific process which is part of this relationship.

Final provisions

  1. The website may contain links to other websites. The Controller is not responsible for the rules of personal data protection applied by other controllers. However, the Controller recommends that visitors should read the privacy policies of other websites after landing on them.
  2. We will review and update this document on a regular basis. This policy was last updated on 22 February 2022.