What are “cookies”?

The term “cookies” should be understood to mean IT data, in particular text files, stored in the user’s terminal equipment intended for the use of websites. These files make it possible to recognize the user’s device and to display a website adapted to his or her individual preferences accordingly. “Cookies” usually contain the name of the website from which they come from, the time they are stored on the terminal equipment and a unique number.

What do we use cookies for?

The “cookies” files are used to: authenticate the user – they enable the storage of information when the user is logged in, so that the website can show the information and functions that are appropriate for the user, adjust the content of the website to the user’s preferences and optimize the use of the website, create anonymous, aggregated statistics that help to understand how the user uses the website and improve its structure and content, excluding personal identification of the user. 

What kind of cookies do we use?

On the websites are used two types of “cookies” so called “session” and “permanent”: permanent cookies – remain on the user’s device for a period of time specified in the parameters of “cookies” or until they are manually deleted by the user.Session cookies – remain on the user’s device until logging out of the website or turning off the software (web browser).The administrator of the service uses the following Own Cookies:PHPSESSID and JSESSIONID – cookies holding a session ID enabling user authentication andwapro_storage – a serialized collection of product IDs held in the store by an unauthorized user (cookie life 30 days) andwapro_cart – a serialized collection of IDs products and their quantity in the shopping cart of an unlogged user (cookie life 30 days)REDIRECT_URL – used to remember the address to which the redirection is to take place after switching from a website using SSL (HTTPS) to regular (HTTP) and vice versaThe service administrator uses External Cookies, which are downloaded from the external website Google Analytics [administrator cookies: Google Inc. based in the USA]. The “cookies” used by this website are subject to their own privacy policy. 

Do the “cookies” contain personal data?

The software does not save personal data in “cookies”.

Can determine the conditions under which cookies may be stored or accessed

  1. You can independently and at any time change the settings for cookies, specifying the conditions for storing and accessing cookies to your Device. Changes to the settings referred to in the previous sentence can be made by the User using the web browser settings or by using the service configuration. These settings can be changed in particular to block the automatic handling of cookies in the settings of your web browser or inform about the placement of Cookies on your device each time. Detailed information about the possibilities and ways of handling cookies are available in the settings of the software (web browser).
  2. User can at any time remove the cookies using the available functions in the web browser that he uses.
  3. Boundary of the use of cookies, may affect some of the functionalities available on the website of the Service.

The administrator of your data is VINCI CLINIC sp.z o.o.. The Data Administrator can be contacted by e-mail, phone or in writing to the address of the Administrator’s seat.

  • a) personal data shall be processed in order to conclude/execute the agreement and to enable and maintain contact with the Client with whom the Administrator intends to conclude or has concluded an agreement for the provision of the service or its temporary agreed service, e.g. domain and hosting for the website/ online store;
  • b) the basis for the processing of personal data is the conclusion/execution of the agreement and the legally justified interest of the Administrator – enabling and maintaining contact with the Client (Article 6(1)(b) and (f) TABLES);
  • c) we process the following personal data: name, surname, e-mail address, no. telephone, data of the customer’s company available to the public such as name, address and NIP,
  • d) personal data may be or are made available to the following categories of recipients: companies cooperating with VINCI CLINIC sp.z o.o. in order to complete the service indicated by the Customer;
  • e) we inform you that you have the right to: request access to your personal data, correct, delete or limit the processing, object to the processing, transfer of data;
  • f) providing personal data is voluntary, but it is necessary to conclude and perform an agreement with the Customer. If the personal data are not provided, the agreement cannot be concluded and executed;
  • g) personal data are processed in a secure IT infrastructure to which there is no access by persons outside the company VINCI CLINIC sp.z o.o.;
  • h) personal data shall be processed until the claims are time-barred, in order to establish or pursue possible claims or to defend against such claims by the Administrator – the legal basis for data processing is the legally justified interest of the Administrator (Article 6(1)(f) of Regulation 2016/679).

The data will be processed until the legal obligation of the Administrator ceases, your consent to the processing of personal data is withdrawn or the period of 5 years expires. The period of storage of personal data may be each time extended by the statute of limitations for claims, if the processing of personal data will be necessary for the Administrator to assert possible claims or defend against such claims in the situation.

You have the right to access your data and the right to request their correction, deletion or restriction of their processing, the right to withdraw your consent at any time by contacting the Administrator (form on the website, e-mail, telephone, in person), the right to transfer the personal data that you have provided to the Administrator, i.e. to receive from the Administrator your personal data, in a structured, commonly used machine-readable format. You may send this data to another data controller.

You also have the right to lodge a complaint with the data protection supervisory authority of the Member State of your habitual residence, place of work or place of the alleged breach.



Administrator: VINCI CLINIC sp.z o.o..
Personal data: all information about an identified or identifiable natural person through one or more specific factors that determine the physical, physiological, genetic, mental, economic, cultural or social identity of an individual, including the IP number of the device, location data, Internet identifier and information collected through cookies and other similar technology.
Policy: this Privacy Policy.
The Family: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Services: websites operated by the Administrator.
User: any natural person visiting the Website or using one or more services or functionalities made available in the Website and the offer of VINCI CLINIC sp.z o.o.


In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide particular services offered on the Website, as well as information about the User’s activity on the Website. Below are described detailed rules and purposes of processing personal data collected during the User’s use of the Website.


Using the Service
Personal data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Administrator:

  • in order to provide services by electronic means within the scope of the content collected in the Service made available to Users – then the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) of the GDR),
  • for analytical and statistical purposes – then the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(b) of the GDR). f) FAMILY), consisting in conducting analyses of Users’ activity, as well as their preferences, in order to improve the applied functionalities and provided services;
  • in order to possibly establish, pursue or defend against claims – the legal basis for the processing is the Administrator’s justified interest (Article 6(1)(f) FAMILY) consisting in the protection of the Administrator’s rights;
  • for the Administrator’s marketing purposes – the principles of personal data processing for marketing purposes have been described in the MARKETING.

The User’s effectiveness on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions concerning the IT system used by the Administrator to provide services). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Administrator also processes these data for technical and administrative purposes, for the purposes of ensuring security of the IT system and its management, as well as for analytical and statistical purposes – in this respect the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the TYPE).

Contact forms
The administrator provides the opportunity to contact him using electronic contact forms. The use of the form requires providing personal data necessary to contact the User and answer the query. The User may also provide other data in order to facilitate the contact or handling the inquiry. Providing data marked as obligatory is required in order to accept and handle the inquiry, and failure to provide such data results in the inability to handle the inquiry. The provision of other data is voluntary.

Personal data is processed

  • in order to identify the sender and handle his inquiry sent by the form provided – the legal basis for the processing is the necessity of processing to perform the service provision agreement (Article 6(1)(b) of the GDR);
  • for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDR), consisting in keeping statistics of inquiries submitted by Users through the Service in order to improve its functionality.


The administrator processes Users’ personal data in order to carry out marketing activities, which may consist of:

  • to display marketing content to the User that is not adjusted to his/her preferences (including contextual advertising);
  • to direct e-mail notifications of interesting offers or content that in some cases contain commercial information (newsletter service);
  • to carry out other types of activities related to direct marketing of goods and services (sending commercial information electronically and telemarketing activities).

The Administrator processes Users’ personal data for marketing purposes in connection with directing advertising to the Users, including contextual advertising (i.e. advertising that is not adjusted to the User’s preferences). The processing of personal data for this purpose is carried out in connection with the implementation of the administrator’s legitimate interest (Article 6(1)(f) of the TYPE).

Personal data are processed:

Directive marketing
The User’s personal data can also be used by the Administrator to direct marketing content to him/her through various channels, i.e. by e-mail, MMS/SMS or telephone. Such actions are taken by the Administrator only if the User has given his consent in this respect, which the User may withdraw at any time.


The Administrator processes personal data of Users visiting the Administrator’s social media (Facebook) profiles. These data are processed only in connection with maintaining the profile, including the purpose of informing the Users about the Administrator’s activities and promoting various events, services and products. The legal basis for the Administrator’s processing of personal data for this purpose is his legitimate interest (Article 6(1)(f) of the TCO), consisting in promoting his own brand.


Cookies are small text files, installed on the User’s device, browsing the Service. Cookies usually contain the domain name of the website from which they come, the time they are stored on your device and a unique number. In this Policy, information about cookies also applies to other similar technologies used in the Service.

Service “cookies”
The Administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him/her use cookies, storing information or gaining access to information already stored in the User’s telecommunication terminal equipment (computer, phone, tablet, etc.). Cookie files used for this purpose include:

  • cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
  • authenticating cookies used for services requiring authentication for the duration of the session (user input cookies). authentication cookies;
  • contact cookies used to ensure security, e.g. used to detect user centric security cookies;
  • session media player cookies (e.g. flash player cookies), for the duration of the session (session ID). multimedia player session cookies;
  • permanent cookies used to personalize the User interface customization cookies for the duration of the session or slightly longer (user interface customization cookies);
  • cookies used to monitor website traffic, i.e. data analytics.
  • Google Analytics (these are files used by Google – i.e. an entity to which the Administrator has entrusted the processing of personal data – in order to carry out an analysis of the way the User uses the Website, including the creation of statistics and reports on the functioning of the Website).

Personal Data Processing Period

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the service provision or the execution of the order, until the consent expressed is withdrawn or an effective objection is raised to the data processing in cases where the legal basis for the data processing is the legitimate interest of the Administrator.

The period of processing may be extended where processing is necessary to establish, investigate or defend against possible claims, and after that period, only if and to the extent required by law. After the processing period, the data are irretrievably erased or rendered anonymous.


The user has the right to: access the content of the data and demand its correction, deletion, restriction of processing, the right to transfer the data and the right to object to the processing of data, as well as the right to lodge a complaint with the data protection supervisory authority.

To the extent that the User’s data is processed on the basis of consent, it may be withdrawn at any time by contacting the Administrator at the indicated e-mail address in the CONTACT DATA section.

Right to object
You have the right to object at any time to the processing of your data for direct marketing purposes, including profiling, if the processing is for the legitimate interest of the controller.

The user also has the right to object to the processing of his/her data at any time for reasons related to his/her particular situation in cases where the legal basis for the processing of the data is justified by the Administrator’s interest (e.g. in relation to the fulfilment of analytical and statistical purposes, including profiling).

Data Collection

In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems used to provide services, marketing agencies (in the scope of marketing and seo services) and entities related to the Administrator.

If the User’s consent is obtained, his/her data may also be made available to other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose information concerning you to the competent authorities or third parties who request such information, on an appropriate legal basis and in accordance with the provisions of applicable law.


The controller carries out an ongoing risk analysis to ensure that personal data are processed in a secure manner, ensuring in particular that only authorised persons have access to the data and only in so far as this is necessary for their tasks. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.

The Administrator takes all necessary steps to ensure that also his subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.

Contact data

Contact with the Administrator is possible via e-mail or in writing to the company address.


The policy is continuously reviewed and updated when necessary.