office@annabathory.pl
tel. / WhatsApp: +48 501 19 20 48
umów wizytę
make an appointment
office@annabathory.pl
tel. / WhatsApp: +48 501 19 20 48
umów wizytę
make an appointment
Menu

Privacy notice

This Privacy Notice describes how personal data are processed, including the use of cookies and similar technologies, in connection with the use of the Website, as well as the processing of personal data carried out via the Controller’s social media profiles. This Privacy Notice applies to all websites and services that reference it.

Last updated: September 1st, 2025

CONTROLLER

Anna Báthory, conducting business under the name ANNA BÁTHORY PSYCHOTERAPIA SZKOLENIA COACHING, is registered in the Central Registration and Information on Business (CEIDG) maintained by the minister competent for economic affairs, identified by Tax Identification Number (NIP) 6782551489, the Polish tax identification number assigned to entrepreneurs for the purposes of tax identification purposes under Polish law, with its principal place of business at Jozefa Sarego Street No. 12, Unit 14, 31-047 Cracow (ul. Józefa Sarego, nr 12, lok. 14, 31-047 Kraków), Poland, email: office@annabathory.pl, phone: + 48 501 19 20 48.

DEFINITION

  1.  Personal Data – any information relating to an identified or identifiable natural person, identifiable in particular by reference to a name and surname or by reference to one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of that person, including the IP address of a device, location data, an identification number, and information collected through cookies and similar technologies; personal data within the meaning of Article 4(1) of the GDPR.
  2.  Health Data – personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about that person’s health status; personal data within the meaning of Article 4(15) of the GDPR.
  3.  Sensitive Personal Data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data processed for the purpose of uniquely identifying a natural person, or data concerning health, a natural person’s sex life or sexual orientation; personal data within the meaning of Article 9(1) of the GDPR.
  4.  EEA (European Economic Area) – a free trade area and internal market comprising the Member States of the European Union and the Member States of the European Free Trade Association, excluding Switzerland.
  5.  Cookies – IT data stored in the form of text-numeric files that are placed on the User’s end devices, such as a mobile phone, laptop, or tablet. The basic types of cookies include:
    • Strictly necessary cookies – used to provide the User with services and functionalities available on the Website. Strictly necessary cookies may be installed on the Website by the Controller;
    • Functional cookies – used to remember and adapt the Website to the User’s choices, for example, with respect to language preferences. Functional cookies may be installed on the Website by the Controller or by third parties whose services the Controller uses;
    • Analytical cookies –  used to collect information on the number of visits and traffic sources on the Website in order to improve its performance. Analytical cookies may be installed on the Website by the Controller or by third parties whose services are used by the Controller;
    • Marketing cookies – used to tailor the advertising content displayed to the User’s interests. Marketing cookies may be installed on the Website by the Controller or by third parties whose services the Controller uses;
    • Performance cookies – used to understand and analyze key performance indicators of the Website. Performance cookies may be installed on the Website by the Controller;
    • Other cookies – cookies that are not strictly necessary, including, inter alia, social media cookies.

The use of cookies other than strictly necessary cookies, as well as the processing of personal data in connection with the use of such cookies, is subject to the User’s consent. Such consent may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

  1.  Privacy Notice – this document.
  2.  GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  3.  Website – the website available at https://annabathory.pl/ and its subpages.
  4.  Information Society Service – any service normally provided for remuneration, at a distance, by electronic means, and at the individual request of a recipient of services; in Poland, an information society service is referred to as a service provided by electronic means; a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council.
  5. Act on the Provision of Electronic Services – the Polish Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
  6. Telecommunications Law Act – the Polish Act of July 16, 2004 – Telecommunications Law (Journal of Laws No. 171, item 1800, as amended).

USERS

  1. A User is any natural person who visits the Website, the social media profiles operated by the Controller, or uses one or more of the services or functionalities described in this Privacy Notice. A User is a data subject within the meaning of the GDPR.
  2. The Website is not intended for children. A User:
    • must be at least 16 years of age in order to independently give consent to the processing of personal data;
    • if under 16 years of age, must obtain the consent of a legal guardian in order to receive information society services.
  3. The Controller may take measures to verify the User’s age.

JOINT CONTROLLERS

The Joint Controllers of the User’s personal data are:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland.

The joint controllership arises in connection with the Controller’s use of social media platforms. On the Website, social media plugins that redirect Users to social networking services are also used.

  • ZnanyLekarz LLC (ZnanyLekarz spółka z o.o.) with its registered office in Warsaw, ul. Kolejowa 5/7, 01-217 Warsaw, Poland, entered in the National Court Register under number (KRS) 0000347997 – the entity providing the platform on which the ZnanyLekarz profile is operated.

The joint controllership arises in connection with the Controller’s use of the ZnanyLekarz platform. 

PURPOSES AND LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA 

The personal data of individuals using the Website are processed by the Controller for the following purposes and on the following legal bases:

  1. On the basis of consent (Article 6(1)(a) GDPR) for the purposes of:
  • providing psychological, psychotherapeutic, and sexological consultations, including the processing of sensitive personal data, in particular health data concerning;
  • storing data in functional, analytical, advertising or other cookies, using cookies to ensure the proper functioning of the Website and its subpages, as well as collecting data from the Website;
  • enabling the submission of reviews regarding a product or service;
  • contacting the User by telephone, email, or via remote communication applications – with regard to personal data other than personal data other than special categories of personal data;
  • directing advertising on social media;
  • directing advertising on the Website;
  • providing the newsletter service;
  • granting discounts, providing discount codes, and informing about promotions and special offers;
  • sending the Controller’s offers.
  1. Due to the necessity for the conclusion and/or performance of a contract or for taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR), for the purposes of:
  • storing data in strictly necessary cookies and using cookies to ensure the proper functioning of the Website and its subpages, as well as collecting data from the Website;
  • providing the newsletter service;
  • contacting the User by telephone, email, or via remote communication applications;
  • sending offers for the Controller’s services or products;
  • accepting and processing an order, performing a service, or fulfilling a concluded contract;
  • handling complaints or withdrawals from a distance contract.
  1. Due to the necessity to comply with a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR), for the purposes of:
  • ensuring accountability and demonstrating compliance with the obligations imposed on the Controller by applicable laws, including the creation of records and other documentation required under the GDPR;
  • handling complaints or the withdrawal from a distance contract;
  • issuing an invoice or receipt and fulfilling other obligations arising from tax and accounting regulations, including for archival purposes.
  1. due to the legitimate interests pursued by the Controller (Article 6(1)(f) GDPR), for the purposes of:
  • ensuring the security and proper management of the Website, including improving its functionality and performance;
  • creating and maintaining databases;
  • operating the Instagram account, the website page on Facebook and LinkedIn, and interacting with Users of these social media platforms;
  • operating the profile within the Google My Business system and managing published reviews;
  • directing advertising on social media;
  • directing advertising on the Website;
  • directing marketing content to the User as part of the newsletter;
  • conducting research and analyses of the Website, including with respect to its functionality and improvement of its performance, as well as satisfaction with the services and products offered;
  • conducting research and analyses of social media used by the Controller;
  • analyzing the effectiveness of sales and advertising campaigns;
  • contacting Users, in particular, in order to obtain feedback on a purchased product or service;
  • storing unpaid orders;
  • protecting the Controller’s rights by establishing, pursuing or defending against claims;
  • carrying out statistical and analytical activities, including analysing User activity on the Website, the manner of using an account, and User preferences, for the purpose of improving the Website’s functionalities;
  • storing personal data for archival and evidentiary purposes, to secure information that may be used to demonstrate facts.

RIGHTS OF THE DATA SUBJECT

  1. The data subject is entitled to the following rights with regard to their personal data:
  • Right of access to personal data – the User has the right to request information about the personal data being processed. On this basis, the Controller provides the requesting person with information about the processing of personal data, including the purposes and legal bases for that processing;
  • Right to rectification – the User has the right to request the correction of inaccurate or incorrect personal data, as well as the completion of incomplete personal data;
  • Right to obtain a copy of personal data – the User has the right to obtain a copy of the personal data concerning them that are being processed;
  • Right to erasure – the User has the right to request the erasure of personal data when the processing is no longer necessary for the purposes for which the data were collected;
  • Right to restriction of processing – the User has the right to request that the Controller restrict the processing of personal data. This right applies in particular where:
    • The data subject contests the accuracy of the personal data;
    • The data subject does not wish the personal data to be erased;
    • The personal data are no longer necessary for the purposes for which they were collected, but cannot be erased due to applicable legal provisions;
    • The data subject has objected to the processing and is awaiting a decision regarding such objection.
  • Right to data portability – the User has the right to receive the personal data concerning them, which are processed by automated means on the basis of a contract or consent, in a structured, commonly used and machine-readable format. Within the scope of this right, the User may request that such data be transmitted to another controller, provided that this is technically feasible for both the Controller and the indicated entity;
  • Right to object to processing for marketing purposes based on the Controller’s legitimate interests – the User may object at any time to the processing of personal data for marketing purposes without providing any justification;
  • Right to object to processing based on the Controller’s legitimate interests for purposes other than marketing – the User has the right to object to such processing on grounds relating to their particular situation;
  • Right to withdraw consent – where personal data are processed on the basis of the User’s consent, the User has the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal;
  • Right to lodge a complaint – the User has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data infringes the GDPR or other applicable data protection laws. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland.
  1. The rights of the data subject (User) are not absolute and do not apply to all processing operations involving personal data. To exercise their rights, the data subject may contact the Controller by email at office@annabathory.pl or by traditional mail at Anna Báthory Psychoterapia Szkolenia Coaching, ul. Józefa Sarego 12/14, 31-047 Kraków, Poland, specifying the scope of their request.

RECIPIENTS OF PERSONAL DATA

  1. The business activity conducted by the Controller is supported by external entities to which the Controller discloses personal data, in particular, providers responsible for the operation and maintenance of IT systems, accounting services, as well as banks and payment service providers.
  2. The main recipients of personal data include:
  • MC2Systems Maciej Cybulski, Tax Identification Number (NIP): 5551751093 – an entity providing technical and IT support;
  • cyber_Folks Inc. (cyber_Folks S.A.), with its registered office in Poznań, ul. Wierzbięcice 1B, 61-569 Poznań, Poland, entered in the National Court Register under number (KRS) 0000685595 – an entity providing website hosting services, storage of data collected on servers, and operation of the email delivery system;
  • Fakturownia LLC (Fakturownia spółka z o.o.), with its registered office in Warsaw, ul. Juliana Smulikowskiego 6/8, 00-389 Warsaw, Poland, entered in the National Court Register under number KRS 0000572426 – an entity providing an invoicing system;
  • MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland – an entity providing a newsletter distribution system;
  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland – an entity providing the platform on which the social media profile on Instagram, the Website page (fan page) on Facebook, and the Meta Pixel tool are operated;
  • Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland – an entity providing the platform on which the YouTube channel is operated, as well as analytical tools (Google Analytics) and advertising tools (Google Ads);
  • Accounting Office “EKSPERT” Tranczewska-Krawczyk Małgorzata, Tax Identification Number (NIP): 5360010500 – an entity providing accounting and tax services;
  • ZnanyLekarz LLC (ZnanyLekarz sp. z o.o.), with its registered office in Warsaw, ul. Kolejowa 5/7, 01-217 Warsaw, Poland, entered in the National Court Register under number (KRS) 0000347997 – an entity providing the platform on which the ZnanyLekarz profile is operated.
  1. The Controller reserves the right to disclose personal data when such disclosure is required by a legal obligation imposed on the Controller, including the obligation to provide information to competent public authorities or law enforcement authorities.

TRANSFER OF PERSONAL DATA OUTSIDE THE EEA

  1. The level of personal data protection within the European Union may differ from that outside the EEA. The Controller cooperates with entities both within and outside the EEA.
  2. The Controller transfers personal data outside the EEA only where necessary, primarily in connection with the use of services provided by entities operating internationally. In such cases, service providers maintain branches or subsidiaries within the EEA. In addition, appropriate legal mechanisms are used to ensure an adequate level of data protection, including compliance mechanisms (such as binding corporate rules approved by the competent supervisory authority or international certification standards) and the standard contractual clauses adopted by the European Commission, as referred to in Article 46 GDPR. Adequacy decisions apply where transfers are made to third countries covered by a decision confirming an adequate level of protection. Personal data may also be transferred outside the EEA with the User’s consent.
  3. More information on the principles governing transfers of personal data outside the EEA cis available here.

DATA RETENTION PERIODS

  1. Personal data are retained for the period necessary to fulfill the purposes for which they were collected, including:
  • personal data processed in connection with subscribing to the newsletter – for the duration of the operation of the newsletter or until consent is withdrawn;
  • personal data processed in connection with the handling of the contact form – for the period necessary to handle the submission or inquiry;
  • other personal data processed on the basis of consent – until consent is withdrawn or the purpose of processing has been achieved;
  • personal data processed due to the necessity to perform a contract or to take steps at the request of the data subject – for the duration of discussions and negotiations preceding the conclusion of a contract or the performance of a service with respect to the data provided in a request for an offer, or for the duration of the performance of the service and cooperation;
  • personal data processed on the basis of the Controller’s legitimate interests – until an effective objection is lodged pursuant to Article 21 GDPR;
  • personal data processed in connection with the fulfilment of legal obligations incumbent on the Controller – for the period required by applicable laws, including tax, accounting and GDPR regulations;
  • personal data processed in connection with the Controller’s use of social media platforms, including the use of functionalities of such applications – for the period during which company pages or accounts exist on a given social media platform;
  • personal data processed for analytical purposes and in connection with the administration of the Website – until such data become outdated or lose their relevance, or until an objection is lodged pursuant to Article 21 GDPR.
  1. In addition, the User’s personal data may be processed for the purpose of protecting the Controller’s rights by establishing, pursuing, or defending against claims, for the duration of the applicable limitation periods for such claims.

REQUIREMENT TO PROVIDE PERSONAL DATA

Providing personal data is voluntary. However, failure to provide personal data may prevent you from using certain Website functionalities, accessing specific content, or completing a service or order.

AUTOMATED DECISION-MAKING AND PROFILING

  1. The Controller analyzes the personal data of newsletter subscribers, including the history of opening and viewing newsletters, browsing the Website, transactions carried out via the Website, and activity on social media profiles on the Instagram, Facebook, and LinkedIn platforms. This analysis is carried out in an automated manner, using the mechanisms and tools provided by the relevant service providers. However, this automated processing does not produce legal effects for the data subject, nor does it significantly affect the data subject’s situation, including their rights or freedoms.
  2. The purpose of automated processing is to enable the Controller to identify Users’ preferences so the Controller can adapt the content, offers, or communications created by the Controller to aggregated preferences.

COOKIES AND SIMILAR TECHNOLOGIES

  1. The Controller uses cookies to provide the User with services delivered by electronic means and to improve the quality of such services, ensure the proper functioning of the Website, including improving navigation, remembering cookie preferences, ensuring security and managing the Website, conducting statistical and analytical activities, for marketing purposes, enabling integration with social media platforms, and ensuring the proper functioning of the online store.
  2. During the User’s first visit to the Website, a message is displayed informing the User about the use of cookies, including their types, and requesting consent to the use of specific cookies.
  3. As a result of accepting cookies, information from the provider of a given service, over which the User has no control, may be stored in the memory of the User’s device, such as a tablet, computer, or mobile phone.
  4. The User has the ability to manage cookies:
  • Cookie management during the first visit to the Website – during the User’s first visit to the Website, a notice is displayed informing the User about the use of cookies, including their types. Within this notice, the User may give consent to selected cookies;
  • Deleting cookies from the device – User may delete cookies stored on their device. To do so, the User should clear the web browser’s browsing history. This action removes all cookies from all visited websites. The User should be aware that this may result in the loss of saved information (e.g., login details);
  • Preventing the storage of cookies – the User may configure their web browser to prevent the storage of cookies. However, this may hinder the proper functioning of the Website. As cookies are also used to remember the User’s cookie preferences, the User should be aware of the consequences of changing browser settings, particularly disabling the storage of cookies on the end device, which may result in the inability to use certain functionalities and may cause some content provided by the Controller to be unavailable.
  • Incognito mode – the User may use the incognito or private browsing mode offered by web browsers. In such cases, cookies are deleted upon closing the browser;
  • Other devices – if the User uses a different end device, a computer user profile, or a different web browser, it will be necessary to redefine cookie preferences.

TOOLS AND FUNCTIONALITIES USED ON THE WEBSITE 

The Controller uses the following tools and functionalities to facilitate and improve the operation of its business activities, including the Website.

  1. Contact Form

The Controller allows contact via an electronic contact form available on the Website. Use of the contact form is voluntary. To use the contact form, the User must provide the personal data necessary to establish contact and respond to the inquiry. The User may also provide additional data to facilitate contact or the handling of the inquiry.

Providing personal data in the mandatory fields is required to submit and process the inquiry. Failure to provide such data will prevent use of the contact form and the handling of the inquiry. The provision of other personal data is voluntary.

  1. Social Media

The Controller operates social media profiles on the Facebook and Instagram platforms. Personal data provided via social media are processed to administer and manage these profiles, communicate with Users, including responding to questions, for statistical and analytical purposes, to engage in interactions, inform about events, interesting information, services and products offered by the Controller, and to build a community within the profiles. The legal basis for processing personal data is the Controller’s legitimate interests.

The rules applicable on social media platforms are established by the Controller; however, the terms of use of each social media platform result from the regulations and community standards of those platforms.

The User may stop following the Controller’s profile at any time. It is also possible to block a given account, including the Controller’s profile. Due to the specific nature of the platforms used by the Controller, only the use of the “block user” option ensures that no content created by the Controller will be displayed to the User. In other respects, content available on a given social media platform is of a public nature.

The Controller processes publicly available personal data of Users, such as name and surname or general information published on profiles, marked as public or made available to the Controller by the User. The processing of other personal data is carried out by the owners of the social media platforms in accordance with the terms and conditions of those platforms.

  1. Social Media Plugins

The Website uses plugins that redirect to the Facebook and Instagram social media platforms. These plugins are marked with the logo of the relevant social media service.

Personal data are transferred to social media platforms only when the User takes an active action by clicking the relevant plugin button. When the User clicks the icon bearing the logo of a social media platform, the User’s web browser establishes a connection with that platform’s servers, and the User is redirected to the website of the external service provider, i.e., the owner of the relevant social media platform. At the same time, the User’s browser establishes a direct connection with the servers of the selected social media platform. The use of these functionalities may involve the use of third-party cookies.

From the moment the User clicks a given plugin, the User’s personal data are processed by the relevant social media platform, and the owner of that platform becomes a joint controller of personal data. The Controller informs that, from the moment the plugin button is clicked, the Controller has no influence over the nature or scope of personal data collected by the owner of the relevant social media platform.

Personal data are transferred regardless of whether the User has an account on a given social media platform or is logged in. If the User is logged in to a given social media platform (e.g., Instagram), the collected personal data will be directly assigned to the User’s account (profile) on that platform.

  1.    Newsletter service 

The Controller processes the personal data of newsletter subscribers, including a first name and an email address. These fields are mandatory on the newsletter subscription form. Providing this personal data is voluntary; however, it is necessary to send the newsletter. To add an email address to the subscriber list, the User will be asked to confirm the subscription. Confirmation adds the User’s data to the newsletter mailing list database.

Subscribing to the newsletter means the User consents to receiving marketing and commercial information by electronic means of communication within the meaning of the Act on the Provision of Electronic Services. By confirming the newsletter subscription, the User also consents to the Controller’s use of telecommunications terminal equipment for the direct marketing of the Controller’s products and services, as well as for the transmission of commercial information. These consents are voluntary but necessary for the delivery of the newsletter. The subscriber may withdraw the granted consent at any time, which will result in the cessation of newsletter delivery.

The mailing system used by the Controller to distribute the newsletter records all activity and actions taken by the User in connection with emails sent to the User, including the date and time an email is opened, clicks on links contained in the message, the moment of unsubscribing, and similar interactions.

  1. Security Tools

The Controller uses the TLS (Transport Layer Security) protocol to ensure encryption and secure connections to the Website.

  1. Statistical and Analytical Tools

The Controller uses the following statistical and analytical tools:

  • Google Analytics

The Controller uses the Google Analytics service on the Website for analytical purposes. A dedicated tracking code has been implemented in the Website’s source code, which uses cookies provided by Google LLC in connection with the Google Analytics service. Information generated by cookies regarding the User’s use of the Website is generally transmitted to and stored on Google servers located in the United States.

Google Analytics has been implemented on the Website with the code “gat._anonymizeIp();” to ensure anonymized recording of IP addresses (so-called IP masking). As a result of IP anonymization, the User’s IP address is shortened by Google within the EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there.

Within the Google Analytics tool, the following information is processed, among others: information about the operating system and web browser used by the User; subpages viewed within the Website; the time spent on the Website and its subpages; navigation between subpages of the Website; and the source from which the User accesses the Website.

  • Meta Pixel (formerly Facebook Pixel)

The Controller uses the Meta Pixel on the Website for marketing purposes. Meta Pixel enables the measurement of the effectiveness of advertisements on Facebook for statistical and market research purposes by determining whether Users visiting the Website were redirected to the Website after clicking on a Facebook advertisement (so-called “conversion”).

A dedicated tracking code has been implemented in the Website’s source code, which uses cookies provided by Meta in connection with the Meta Pixel service.

  • Statistics Available on Social Media Platforms

The Controller uses statistical features made available by the owners of social media platforms on the Controller’s social media profiles. 

SERVER LOGS

Using the Website involves sending requests to the server on which the Website is hosted. Each request sent to the server is recorded in server logs, which may include, inter alia: the public IP address of the device from which the request was sent; the username provided during the authorization process; the date and time of the request; information about the User’s web browser; language settings; access times and requested addresses; the website from which the User was redirected; and information about the web browser or operating system used by the User.

The above data are not associated with specific individuals using the Website and are used solely as auxiliary material for administrative purposes. The Controller does not use server logs to identify the User.

SECURITY OF PERSONAL DATA

  1. The Controller continuously monitors whether personal data is processed securely.
  2. The Controller takes all necessary measures to ensure that subcontractors and other cooperating entities provide guarantees that they will implement appropriate security measures when acting on the Controller’s behalf.

APPENDICES

  1. Appendix No. 1 – Privacy Notice for the Patient

MODIFICATIONS TO THE PRIVACY NOTICE

  1. The Controller strives to continuously improve its procedures and the protection of personal data; therefore, this Privacy Notice is reviewed and updated as necessary.
  2. The Controller encourages Users to regularly review this document to stay informed about any updates.
  3. The most current version of the Privacy Notice is published on the Website.

Appendix No. 1 – Privacy Notice for the Patient

  1. The Controller is Anna Báthory, conducting business under the name ANNA BÁTHORY PSYCHOTERAPIA SZKOLENIA COACHING, entered in the Central Registration and Information on Business (CEIDG) maintained by the minister competent for economic affairs, identified by Tax Identification Number (NIP) 6782551489, with its registered office at ul. Józefa Sarego 12, Unit 14, 31-047 Kraków, Poland, email: office@annabathory.pl, phone: +48 501 19 20 48.
  2. The Joint Controller of personal data is ZnanyLekarz LLC (ZnanyLekarz sp. z o.o.), with its registered office in Warsaw, ul. Kolejowa 5/7, 01-217 Warsaw, Poland, entered in the National Court Register under number KRS 0000347997, to the extent that the patient uses the ZnanyLekarz platform to access the Controller’s services.
  3. The Controller processes the personal data of data subjects:
    1. On the basis of consent (Article 6(1)(a) GDPR), for the purposes of:
  • providing psychological, psychotherapeutic, and sexological consultations, including the processing of special categories of personal data, in particular data concerning health;
  • enabling the submission of reviews regarding a product or service;
  • contacting the data subject by telephone, email or via remote communication applications – with regard to personal data other than special categories of personal data.
  1. Due to the necessity for the conclusion and/or performance of a contract or for taking steps at the request of the data subject (Article 6(1)(b) GDPR), for the purposes of:
  • contacting the data subject by telephone, email, or via remote communication applications;
  • sending offers for the Controller’s services or products;
  • accepting and processing an order, performing a service, or performing a concluded contract;
  • handling complaints or the withdrawal from a contract concluded at a distance.
  1. Due to the necessity to comply with a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR), for the purposes of:
  • ensuring accountability and demonstrating compliance with obligations imposed on the Controller by law, including the creation of registers and other documentation required under the GDPR;
  • handling complaints or the withdrawal from a contract concluded at a distance;
  • issuing invoices or receipts and fulfilling other obligations arising from tax and accounting regulations, including for archival purposes.
  1. On the basis of the Controller’s legitimate interests (Article 6(1)(f) GDPR), for the purposes of:
  • storing unpaid orders;
  • protecting the Controller’s rights by establishing, pursuing, or defending against claims;
  • storing personal data for archival and evidentiary purposes, in order to secure information that may be used to demonstrate facts.
  1. The main recipients of personal data include:
    • ZnanyLekarz LLC (ZnanyLekarz sp. z o.o.), with its registered office in Warsaw, ul. Kolejowa 5/7, 01-217 Warsaw, Poland, KRS 0000347997 – the entity providing the platform on which the ZnanyLekarz profile is operated;
    • Fakturowania LLC (Fakturownia sp. z o.o.), with its registered office in Warsaw, ul. Juliana Smulikowskiego 6/8, 00-389 Warsaw, Poland, KRS 0000572426 – the entity providing an invoicing system;
    • PayPro Inc. (PayPro S.A.), with its registered office in Poznań, ul. Pastelowa 8, 60-198 Poznań, Poland, KRS 0000347935, NIP 7792369887 – the entity providing payment and electronic transaction services (Przelewy24);
    • Accounting Office “EKSPERT” Tranczewska-Krawczyk Małgorzata, NIP 5360010500 – the entity providing accounting and tax services;
    • competent public authorities, where required by applicable law.
  2. Personal data are transferred outside the EEA only where necessary, primarily in connection with the use of services provided by entities operating internationally. In such cases, appropriate safeguards are applied to ensure an adequate level of protection, in particular standard contractual clauses adopted by the European Commission pursuant to Article 46 of the GDPR, binding corporate rules approved by the competent supervisory authority, or other compliance mechanisms. Transfers may also take place on the basis of the data subject’s consent.
  3. Personal data are retained for the period necessary to fulfill the purposes for which they were collected, including:
    • personal data processed in connection with the handling of the contact form – for the period necessary to handle the inquiry;
    • other personal data processed on the basis of consent – until consent is withdrawn or the purpose of processing has been achieved;
    • personal data processed due to the necessity to perform a contract or to take steps at the request of the data subject – for the duration of pre-contractual discussions and negotiations or for the duration of the performance of the service and cooperation;
    • personal data processed on the basis of the Controller’s legitimate interests – until an effective objection is lodged pursuant to Article 21 of the GDPR;
    • personal data processed in connection with the fulfilment of legal obligations – for the period required by applicable laws, including tax, accounting, and GDPR regulations.
  4. In addition, personal data may be processed for the purpose of protecting the Controller’s rights by establishing, pursuing, or defending against claims, for the duration of the applicable limitation periods.
  5. Providing personal data is voluntary. However, failure to provide personal data may result in the inability to perform the service.
  6. The Controller does not carry out profiling within the meaning of the GDPR. Decisions are not made in an automated manner.
  7. The data subject has the right to access their personal data, the right to rectification, erasure or restriction of processing, the right to object to processing, as well as the right to data portability, where applicable under law. The data subject also has the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland.
Call Now Button