This Privacy Policy explains the principles and scope of the processing of personal data obtained through the portal (hereinafter the “Webpage”), as well as MEDICOS’s data controller duties, and furthermore provides information on how cookies are used.

The Webpage may contain links to other websites operated by other entities that have their own privacy terms and policies that explain how they use your personal data. In such situations, please read the said terms and conditions and privacy policies carefully before providing any personal data on such a website, as we have no responsibility for third-party websites.

Data Controller’s details

The Owner of the Website and the data controller is Edyta Hryniecka, business activity: MEDICOS Edyta Hryniecka with its registered office at ul. Sarmacka 19, Warsaw 02-972, NIP [Tax ID Number]: 7381806412 (hereinafter the “Controller”, “MEDICOS”, or “We”).

You can contact us by:

  • sending an email to:
  • send a letter to: ul. Ukryty Raj 4 lok. 1, 02-757 Warsaw (preferably with the note “Personal Data”).

Data processing by the Controller

Personal data shall mean any information about an identified or identifiable natural person. Processing personal data shall be any action performed on personal data, by automated means or otherwise, such as collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying. We shall process your personal data as defined herein for various purposes, with different methods of collection, lawful basis for processing, use, disclosure and retention periods, which shall always be determined in relation to the purpose for which we process the data.

By using MEDICOS services, including by visiting the Website or contacting MEDICOS, you may provide us with your personal data. MEDICOS is committed to respecting your privacy and undertakes to do the right thing in terms of collecting, using and protecting your personal data.

Personal data collected by MEDICOS through the Webpage shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter the “GDPR”).

This Privacy Policy shall apply to all cases in which we are the Data Controller and process personal data. It shall apply both in cases where we process personal data obtained directly from the data subject and in cases where we have obtained personal data from other sources.

The Controller shall take the necessary measures to be transparent about the means and legal basis for personal data processing, as well as the purposes for which we process personal data. In particular, the Controller shall always inform you about the processing of data at collection, including the purpose and legal basis for processing – such as when entering into a contract. The Controller shall ensure that the data are collected only to the extent necessary for the stated purpose and processed only for the necessary duration. In addition, the Controller shall also take all necessary measures to ensure that her subcontractors and other cooperating entities also provide guarantees that appropriate security measures are applied whenever they process personal data on behalf of the Controller.

Information about the category of data subject

Below is information about the personal data we may collect from you when you use MEDICOS’s Webpage and offerings, and other personal data we may receive from other sources.

MEDICOS shall collect information concerning natural persons visiting the Webpage, information concerning natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, bestowed with legal capacity by law, conducting a business or professional activity on their own behalf, who are interested in MEDICOS’s offering.

The personal data processed on the Webpage shall concern:

  • natural persons visiting the Webpage;
  • natural persons contacting for information about MEDICOS’ offerings or to share comments about our business;
  • natural persons who contact us to place an order;
  • natural persons who have subscribed to the Newsletter.

Purposes of and legal basis for personal data processing

E-mail and traditional correspondence

If the Controller receives correspondence unrelated to MEDICOS’s offerings or services for the benefit of the sender, via the online contact form available at, by e-mail or by traditional mail, then the personal data contained in the correspondence shall be processed solely for the purpose of communication and settlement of the subject matter of the correspondence.
The legal basis for such processing shall be the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of correspondence addressed to the Controller in connection with its business activity.
The Controller shall process only the personal data that are necessary to settle the mat subject matter of the correspondence. All correspondence shall be stored in such a way as to ensure the security of the personal data and other information contained therein and shall be disclosed only to authorized persons.

Contact by phone

When a person contacts the Controller by phone, regarding a matter not related to a concluded contract or to MEDICOS’s offerings or services, then we may request personal data only if they are necessary to handle the subject matter of the call.
In such a case, the legal basis shall be the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of the need to handle a reported business-related matter.

Fulfillment of orders and performance of contracts

If the Controller collects personal data for the purpose of processing an order or performing a contract, the Controller shall provide the data subject with detailed information regarding the processing of their personal data no later than at the time of accepting the order or entering into the contract.
The processing shall be necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR).

Newsletter, sending offers

MEDICOS may send information about its offerings or provide other information requested by you to by phone or to the e-mail addresses you provide. We will send relevant offers and information about our products and services by e-mail, but only if you have given us your prior consent to do so by subscribing to the Newsletter or by requesting that we send you such information. You can unsubscribe from the Newsletter at any time by clicking on the unsubscribe link at the bottom of the email with the Newsletter sent to you, or by contacting us at
In such a case, the legal basis shall be:

  • Your consent to receive information about organized promotional campaigns and receive information by electronic communication means, in particular by e-mail or to the telephone number provided (Article 6(1)(a) of the GDPR).
  • Your consent to have certain data categories processed always for a specific purpose; we ask you to express this consent (Article 6(1)(a) of the GDPR).

Other data sources

In connection with her business, the Controller shall also collect personal data in other instances – such as at events organized by the Controller, as well as through the exchange of business cards – for the purposes of initiating and maintaining business contacts.
In such a case, the legal basis for processing shall be the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of networking in connection with her business. Personal data collected in such cases shall be processed only for the purpose for which they have been collected, and the Controller shall ensure they are adequately secured.

We may also use personal data from other sources such as specialized companies that provide information, our business partners, and public records. This type of personal data helps us, for example, to:

  • to review and improve the accuracy of the data we have;
  • to improve and measure the effectiveness of our marketing communications, including online advertising.

In such a case, the legal basis shall be the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), through:

  • website management;,
  • customization of website content to meet your needs and expectations
  • assertion of and defense against claims.

Scope of data processed

Below we indicate the scope of data processed by Medicos through the Webpage, according to a breakdown by purpose of data processing:

  • website management, in terms of:
    • IP address
    • data on location, device and type of browser used
  • filling out the contact form available on the Webpage in order to contact us:
    • full name;
    • email address;
  • filling out the Newsletter service form available on the Webpage:
    • full name;
    • email address;

Medicos may also process anonymized usage data related to visits to the Webpage (so-called logs – IP address, domain). We use such data to generate statistics to help administer the Webpage. The data are aggregate and anonymous, i.e. they do not contain characteristics identifying a natural person – a site user, and the Logs are not disclosed to third parties, save for possible sharing of information concerning the site user’s IP number available at the request of state authorities authorized to do so under their investigations by applicable laws.

Data recipients

In connection with MEDICOS’s business that requires the processing of personal data, personal data shall be disclosed to external entities, including, in particular, providers responsible for the operation of IT systems and equipment (e.g., office equipment), providers of IT and technology services, data storage and linking services, payment processing, providers of legal, financial or accounting services, as well as archiving services, postal operators and couriers, marketing agencies. We shall only share personal data that enable our providers to provide the said services.
MEDICOS’s range of products includes products coming from many of our business partners and providers. In such situations, we shall only share personal data that enable our business partners to provide services or perform a contract. For example, as part of fulfilling an order, we may share your full name, contact data with our business partner so that they can deliver the products you ordered.
The Controller reserves the right to disclose selected information concerning the data subject to the competent authorities or to third parties who make a request for such information, based on the relevant legal basis and in accordance with the provisions of the applicable law.

Duration of processing

Your data will not be processed for longer than necessary, and the duration of such processing shall depend on a few factors:

  • (first of all) purpose of data collection;
  • dates of data collection;
  • is there a legal/regulatory basis to justify data retention;
  • is the data needed to protect your interest or a legitimate interest of MEDICOS.

The duration of data processing by MEDICOS has been determined as follows:

  • where the Controller processes personal data on the basis of consent, the duration of processing shall last until the user withdraws that consent or the purpose of data collection ceases, in the event that the purpose ceases to exist, we will retain the personal data obtained for the period resulting from the statute of limitations for claims (6 years);
  • where the Controller processes personal data on the basis of the Controller’s legitimate interest, the duration of processing shall last until the aforementioned interest ceases to exist (e.g., the statute of limitations for civil law claims) or until the data subject objects to further processing – where it is a legal right to make such an objection, and the purpose ceases to exist, the acquired personal data will be deleted.
  • where the Controller processes personal data because it is necessary due to applicable laws, the processing periods for such a purpose shall be determined by those laws.
  • in the absence of specific legal or contractual requirements, the basic data storage period for records and other documentary evidence produced during the performance of a contract shall be a maximum of 6 years.

Rights related to the processing of personal data

In connection with the processing of your personal data, data subjects shall have the following rights:

  • The right to withdraw your consent (at any time), which will result in the cessation of processing of personal data processed on the basis of your consent. Withdrawal of consent shall not affect the lawfulness of the processing of personal data we have carried out on the basis of your consent prior to its withdrawal.
  • The right to request erasure (right to be forgotten) of personal data from information systems and files. This right will be complied with the Controller as long as there is no legal obligation on the Controller to retain and thus process the data, despite the filing of the right to be forgotten.
  • The right to access your data (including the right to request a copy of your data).
  • The right to rectification (updating of data). Please be informed that updating of data will not delete the pre-update data, which is related to the obligation to maintain the consistency of data processed by the Controller for a specific purpose.
  • The right to restrict processing, including the right to object to data processing citing a specific situation. Please be informed that the indicated right will be complied with the Controller only if the performance of a certain activity does not contradict the applicable laws that oblige the Controller to process data.
  • The right to transfer your data from the information systems to a designated entity.

You can exercise your rights indicated in (a)-(f) above by sending a relevant request:
by e-mail to:
or by traditional mail to: ul. Ukryty Raj 4 lok. 1, 02-757 Warsaw
If the Controller is unable to identify the applicant on the basis of the request, the Controller will ask the applicant for additional information. The Controller will respond to each request within one month of receipt. If it is necessary to extend the deadline, the Controller will inform the applicant of the reasons for the delay. The response will be provided in writing to the address indicated by the applicant, unless the request was submitted via e-mail or the applicant requested a response by e-mail; in such a case, the response will be sent to the e-mail address used for submitting the request. The processing of submitted requests shall be free of charge.

  • The right to lodge a complaint with the Supervisory Authority regarding the actions of the Data Controller concerning the processing of personal data; all necessary information in this regard are available at

How we protect your personal data

MEDICOS makes every effort to maintain the services it provides in a manner that protects your information from accidental or intentional destruction or loss. To ensure the security of your data, we use computer security measures such as:

  • restriction of access to data only to employees who need them to perform their job duties;
  • we have implemented physical, electronic and procedural security measures for personal data collection, storage and disclosure;
  • we use firewalls and encryption of data during transmission with the Secure Sockets Layer (SSL) protocol.

However, although we have taken appropriate technical and organizational measures to protect personal data, we cannot guarantee the security of any personal data sent to us over the Internet.
The personal data we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”). They may also be processed by non-EEA companies that work for us or for one of our service providers. If we do so, we ensure that your privacy rights are respected in accordance with this Policy. Most commonly, we do so by putting in place a specific type of contract (see here for more information: or through an approved program such as Privacy Shield

How we use cookies

The Webpage uses small files called cookies – computer data, in particular a text file. A cookie usually contains the name of the domain of its origin, its “expiration time”, and an individual random ID number. During each visit, the Webpage saves the cookies to the Webpage visitor’s end device, if the Internet browser allows it. This allows the Webpage to remember the user’s device and serves a few purposes. The information collected through such cookies helps tailor the products offered by MEDICOS to the individual preferences and actual needs of Webpage visitors. It also provides an opportunity to compile general statistics of views of the products presented on the Webpage.

The following types of cookies are used on the Webpage:

Ensuring efficiency: Type : Session -> cookies are deleted when the browser is closed

  • Compatibility (e.g., identifying browser type);
  • Optimization (e.g., measuring the loading time of the Website’s content);

Enhancing security: Type : Session -> cookies are deleted when the browser is closed

  • Verification that the user’s device is securely logged in throughout the user’s visit to the Website;

Saving preferences: Type : Session -> cookies are deleted when the browser is closed

  • Improvement of the operation of the Website, e.g. through personalized content, greeting or saving the selected language;

Analysis of how the Website is used: Type: Permanent -> deleted after not visiting the Website for a long time

  • Collection of statistics of, for example, the total number of page views and references to the Website;

Feedback from Website Users:

  • Non-display of one-off notifications after the User navigates to the next sub-page of the Website; Type: Session -> cookies are deleted when the browser is closed
  • Non-display of cyclic notifications for a defined period; Tupe: Permanent -> deleted after not visiting the Website for a long time

Plugins / widgets: Type: Permanent -> deleted after not visiting the Website for a long time

  • Sharing of Website content on social media platforms;
  • Logging of user interactions on the Website (e.g., by means of a counter of the number of shares);

Providing relevant marketing content (esp. online advertising): Type: Permanent -> deleted after not visiting the Website for a long time

  • Provision of online advertisements that we believe are most relevant to you on our Websites and third-party webpages;

Measuring the effectiveness of our marketing communications (incl. online advertising): Type: Permanent -> deleted after not visiting the Website for a long time

  • Measurement of the effectiveness of our online advertising campaigns and e-mail campaigns;
  • Control the number of ad impressions.

Your cookie preferences

You can disable the storing of cookies on your device, or disable the tracking of your online activity by such cookies, by changing your browser settings. Most web browsers automatically allow cookies to be stored on your computer; however, you may disable cookies, and thereby remain anonymous. Note, however, that if you do so, you can expect a limited presentation of online services and limited user guidance. The user can also easily delete cookies that have already been stored on the device by the browser. In such a case, the information they contain will be deleted from the end device. In order to configure the options of the device in terms of consenting to the storing of cookies and determining the scope of cookies stored, the User can make changes to the settings of the Internet browser used (in most cases, this option can be found in the Tools or Preferences menu of the browser).
We would like to inform you that if you do not change your cookies settings, it will result in cookies being stored on your end device. In such a case, our Website may store information on the User’s end device and access this information.
You can find information on how to manage cookies in individual browsers on the pages for each browser:

You can find additional information about cookies management can on sites such as ,

Final provisions

Should you any questions, objections or concerns about the content of this Privacy Policy or how we process personal data, please email us at The response time shall be 30 days.
This Privacy Policy may change from time to time. Your rights under this Privacy Policy will not be restricted without your express consent. Any changes to the Privacy Policy will be posted on this page, and we will notify you of any major changes in a more notable manner (including by sending an appropriate email notification for some services).
This document was last updated on 01/08/2022.