ICZ Properties sp. z o.o. with its registered office in Żywiec pays special attention to respect for the privacy of the users visiting our website https://szpitalzywiec.pl (“Website”). We want everyone who visits our website to know how to protect their privacy. Therefore, we encourage all visitors to read this Privacy Policy. If you have any questions regarding the processing of personal data of visitors to our Website, please also contact us at biuro@szpitalzywiec.pl

Who is the data controller?

In accordance with the provisions of the General Regulation on Personal Data Protection No. 2016/679 (hereinafter referred to as “GDPR“), the administrator of personal data collected of visitors to our Website is ICZ Properties Limited with its registered office in Żywiec, at ul. Sienkiewicza 52, 34-300 Żywiec, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Bielsko-Biała, 8th Commercial Division under KRS number: 0000530651, NIP: 701-044-80-36; REGON: 360121058, share capital of PLN 110 900.00 (hereinafter “Administrator” or “we“). This means that we are responsible for the use of data in a safe manner and in accordance with applicable laws.

What personal data do we collect and for what purpose?

The scope of the personal data processed and the purpose for which they are processed vary depending on the functionality of the Website you choose to use.

With regard to all visitors to the Site, the Administrator has automatic access to public IP addresses from which you are browsing the information content of the Website and to data contained in logbooks (http queries). The collected data is used exclusively for website administration and statistical purposes. The processing of this data is based on the pursuit of our legitimate interests in the administration and operation of the Website and the possibility of carrying out analyses and statistics (Article 6(1)(f) of the GDPR). On the basis of collected data, statistics may be generated to help administer the Website. The statistics do not contain any features that identify visitors to the Website.

If you use any social plugins (Facebook, Twitter, LinkedIn) contained on the Website, some of your data may be transferred to the operators of these social networks. More information about this can be found below.

In addition, we also collect data that you choose to provide to us through: 1) Contact Form, 2) Recruitment Form, or 3) Newsletter Subscription.

1. Contact Form

If you use the contact form (“Contact” tab), the Administrator processes your personal data in the form of name, surname, e-mail address and other data provided in the message. The collected data is used exclusively to respond to your inquiries (and possible further inquiries within the same correspondence). The processing of this data is based on the pursuit of the legitimate interests of the Administrator in the form of the processing of requests addressed to us (Article 6(1)(f) GDPR). If any special categories of personal data, including health data, are included in the message, the legal basis for the processing is your consent, expressed by including such data in the inquiry and sending them to the Administrator (Article 9 (2) (a) GDPR). You can withdraw this consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

2. Recruitment form

Within the recruitment form (“Careers” tab) the following personal data of candidates for a job are collected: name, surname, e-mail address, telephone number (optional), other personal data given in the content of the message and the resume of the candidate. This data is processed for the purpose of recruitment and evaluation of the candidate for the position. The basis for the processing of this data is their indispensability for the purposes of concluding a contract with the candidate (Article 6(1)(b) of the GDPR in conjunction with Article 221(1) of the Labour Code) and, beyond the data listed in Article 221(1) of the Labour Code, the candidate’s voluntary consent (Article 6(1)(a) of the GDPR). Detailed information on the processing of these data can be found in the “Information clause for job applicants“.

3. Newsletter

If you subscribe to the Newsletter, the Administrator shall process the e-mail address of the registered persons in order to provide the Newsletter service. Providing an e-mail address is voluntary, but necessary to use the Newsletter service. The legal basis for processing is the performance of an electronic service contract in the form of a Newsletter (Article 6.1.b of the GDPR Act). More information about the Newsletter service can be found below.

If the Administrator needs to be protected against possible claims, all or some of the exchanged personal data may be further processed on the basis of the Administrator’s legitimate interest in protecting the Administrator against claims of third parties (Article 6.1.f of GDPR), however, no longer than within the limitation period of possible claims.

How do we process the data?

The data collected by us will be processed no longer than is necessary for the administration and operation of the Website. In the case of personal data collected through the contact form or by subscribing to the Newsletter, this data will be processed – respectively – for the time necessary to answer the inquiry/further inquiry and for the duration of the Newsletter service, however, no longer than until you cancel this service. The period of storage of personal data obtained by the recruitment form is determined by the “Information clause for job applicants“.

We may transfer data to entities processing data on our behalf, participating in our processing activities, i.e. entities operating our IT systems and providing us with IT tools, including the hosting provider (nazwa.pl). In the case of the Newsletter service, your personal data in the form of the e-mail address will also be sent to the MailChimp service provider used to send out the Newsletter, i.e. The Rocket Science Group, LLC with its registered office in Atlanta, United States of America. This means that the data will be transferred to a third country, i.e. the United States of America. The security of the transferred data is ensured in this case by the participation of this entity in the EU-US Privacy Shield Program. The legal basis for data transfer in this respect is the performance of the contract for the provision of electronic services in the form of a Newsletter (Article 6(1)(b) of the GDPR).

Your personal data may also be transferred to other entities of the Administrator’s capital group, having their registered offices in the United Arab Emirates, Canada and the United States of America. In this case, data security is ensured by binding corporate rules within this group and standard data protection clauses, and with respect to personal data of recipients covered by the provisions of the Canadian Personal Information Protection Act and electronic documents transferred to Canada – the basis for transfer is the Commission Decision of 20 December 2011 No 2002/2/EC in conjunction with Article 45(9) of the GDPR.

The Administrator will not make automated decisions, including decisions resulting from profiling, with respect to such persons on the basis of personal data of persons visiting the Website. Profiling means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects of that individual’s work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

Cookies

Administrator uses cookies to make it easier for visitors to use the Website and to create anonymous statistics. Cookies are IT data, in particular text files sent by the Internet service visited by the Internet user to the user’s device (computer, smartphone, tablet, etc.) and intended for the use of websites. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device and a unique number.

Most of the cookies we use are called session cookies. They will be automatically deleted at the end of your visit. Other cookies, which allow us to recognize your browser on your next visit, will remain stored on your devices until you delete them.

The basis for installing and sharing cookies on your terminal device is your consent, expressed through further use of the Website after reading the information about cookies, displayed after entering the Website. Cookie management by a visitor to our Website, including blocking cookies, is possible at any time by changing the settings of the Internet browser used. Most often, web browsers allow cookies to be stored by default in the user’s device, so it is worth making sure that the current browser settings correspond to the user’s preferences. Please note that blocking or restricting the use of cookies may affect some features of the websites you are visiting.

Social plugins on the website and related data transfer

On our Website we use so-called social plugins of the following social networking sites (“Social Networking Services”):

If you share our Website by clicking on the corresponding social plugin button, a connection is established between your browser and the server of one of the Social Networking Services. This means that your personal data (in particular your IP address, the browser used, the duration of your visit to our Website) is transferred to the Social Media. If the Website is shared while you are logged into your account on one of the Social Networking Services, you can link the content of our Website with your profile on the Social Networking Service. As a result, a Social Networking Service may assign your visit to our Website to your account on this Social Networking Service. Our role in this process is limited to collecting and transmitting this data when you click on the social plugin button. The legal basis for the transfer of such data by us is the Administrator’s legitimate interest in marketing and promoting the Website (Article 6(1)(f) of the GDPR Act). When transferring data to the United States of America, the security of the data transferred is ensured by the participation of the aforementioned Social Services in the EU-US Privacy Shield Program.

Please note that as Administrator, we are not responsible for any further processing of data submitted by the Social Media themselves. For more information on this subject, please refer to the respective privacy policies of these Social Media Services (links above).