1. General provisions
    1. This Privacy Policy is intended for persons using the website and the form available at
    2. Furthermore, this Policy applies accordingly in all instances specified in it, that is, when contacting the Company by phone or by e-mail.
    3. The Policy specifies the rules for collecting and processing the personal data obtained by the Data Controller during the use of the website or contacting us using the online contact form.
  2. Personal Data Controller
    1. The controller of your personal data is Norsa Pharma Sp. z o.o., ul. Prof. M. Życzkowskiego 14, 31-864 Kraków,
  3. Legal basis for personal data processing:
    1. Your personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR).
    2. The legal basis for the processing of your personal data by the Data Controller is formed by
      1. your consent (Article 6.1.a of the GDPR);
      2. situation when processing is necessary for the fulfilment of legal obligations of the Controller (Article 6.1.c of the GDPR).
    3. The provision of your personal data under sections a) and b) above is voluntary; however, when you refuse to provide the data you will not be able to use the website functionalities.
    4. Your personal data can be processed in relation to a legal interest of the Controller, e.g., to secure and pursue claims (Article 6.1.f of the GDPR).
  4. Purposes and the scope for personal data processing:
    1. The personal data provided by you shall be processed:
      1. or purposes to which you have given your consent (e.g. to receive answers in reply to messages sent using the contact form).
    2. Within this scope, the Controller shall process the following data provided by you: e-mail address, first name and surname, cookie files, and IP number.
  5. Disclosure of personal data
    1. Your personal data shall be made available to relevant government agencies or third parties when such duty results from generally applicable provisions of law.
  6. Data protection
    1. The Controller shall be obliged to protect your data collected when completing the form.
    2. The Controller ensures the safety of personal data through the use of appropriate technical and organisational measures implemented, aiming at prevention of illegal processing of the data, as well as their accidental loss, destruction or damage. The Controller shall make every effort for the personal data to be:
      1. correct and processed in accordance with legal regulations;
      2. obtained only for specific purposes and not processed in a way contrary to these purposes;
      3. adequate, appropriate and not excessive;
      4. precise and up to date;
      5. retained no longer than it is necessary;
      6. processed in accordance with rights to which data subjects are entitled, including the right to restrict disclosure;
      7. stored in a secure way;
      8. not transferred without ensuring their appropriate security.
    3. Data filing systems are secured against access of third parties. Only persons authorised by the Data Controller, trained in the protection of personal data and obliged to maintain your personal data as confidential, are authorised to process your personal data.
    4. Personal data collected to reply to inquiries made in the contact form.
  7. Authorisations
    1. You are entitled to request the Controller to provide you with access to personal data, to rectify and delete them, to limit their processing or to object to their processing, as well as the right to data portability. You are also entitled to withdraw the previously given consent to the processing of personal data at any time.
    2. You have the right to receive the following information from the Data Controller:
      1. concerning purpose, scope and method of the processing of your personal data;
      2. time from which your personal data has been processed;
      3. source from which your data originates;
      4. recipients or categories of recipients to whom your data are made available.
    3. Furthermore, on your request, the Controller shall supplement, update or rectify your personal data, as well as suspend (temporarily or permanently) their processing or will remove them when your data proves to be incomplete, out of date, untrue or collected in breach of the Regulation, or no longer required for the purpose for which they were collected.
    4. Furthermore, if your personal data are processed by the Controller for direct marketing purposes, at any time you have the right to object to your personal data being processed for purposes of such marketing, including profiling, to the extent to which such processing is related to direct marketing. To use your rights provided for in this paragraph, you should send a relevant request to the Controller.
    5. You are entitled to lodge a complaint with a supervisory authority when you decide that the processing of your personal data by the Controller infringes the current regulations.
  8. Cookie files
    1. The Controller declares that it uses “cookie” files.
    2. The cookie files are information sent by a server and saved on your device (e.g. on a hard drive of your computer or telephone).
    3. Data obtained with the cookie files does not allow to identify you, but allows the Data Controller to determine whether a given computer was used to visit the website (however, this is not tantamount to information stating the identity of those who visited the given website), and what the preferences of the user were (what they found most interesting at that website).
    4. The Data Controller uses internal cookies:
      1. to ensure the correct operation of the website,
      2. for statistical purposes.
    5. The Controller can install both permanent and temporary files on your computer.
    6. Temporary files are usually removed when a browser is closed, while the permanent files are not removed with the closing of the browser.
    7. Permanent files are files ensuring specific functions not only during a given session, but also throughout the time they are retained on your computer. The permanent files are used to: collect information on the way in which the website is used, including data on subpages visited by the User and possible errors, verifying the effectiveness of website advertising, improving the website functioning by recording errors appearing, or testing different variants of the site style.
    8. The website uses Google Analytics, which uses cookie files on your device to develop statistic on the traffic on the website.
    9. To advertise its website and its services, the Controller uses Google AdWords, which uses cookie files installed on your device.
    10. You can remove the cookie files installed on your computer by the website by complying with the instructions of the manufacturer of your browser.
    11. It is also possible to block the access of cookie files to your device by appropriately configuring your browser, but this may cause the website to function incorrectly.
    12. The Controller uses a server which records information on the device you use to connect with the website, i.e. the device and the browser type, computer IP, date and time of access, and the event qualification, in the server log.
    13. Only persons authorised to administer the IT system have access to the files with logs. Files with logs can be used to develop statistics to estimate traffic on the website and the occurrence of errors, which cannot be used to identify you.
  9. Final Provisions

The terms and conditions specified in this Privacy Policy may have to be updated in the future. The updated terms and conditions shall be available on our website.