Privacy Policy

  1. General provisions
    1. This privacy policy is addressed to users of the website and the form provided on
    2. In addition, this Policy also applies accordingly in the cases specified therein, and therefore in contact by the Company via phone or e-mail.
    3. The policy sets out the rules for collection and processing of personal data obtained by the Controller, both when using the website and in the event of contact via the contact form.
  2. Controller of the personal data
    1. The controller of personal data is Norsa Pharma Sp. z o.o., ul. Prof. M. Życzkowskiego 14, 31-864 Kraków,
  3. Legal basis for data processing
    1. Your personal data are processed pursuant to the Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter GDPR).
    2. The legal basis for processing of your personal data by the Controller is:
      1. your consent (Art. 6 para. 1, letter a of GDPR);
      2. the situation in which processing is necessary to fulfill the legal obligation incumbent on the Controller (Art. 6 para. 1 letter c of GDPR),
    3. Providing your personal data on the basis of the above points a) and b) is voluntary, however, refusal to provide data will prevent you from using functionalities of the website.
    4. Your personal data may be processed in connection with the Controller’s legitimate interest, e.g. for the purpose of securing and enforcing claims (Art. 6 para. 1 letter f) GDPR).
  4. Objectives and scope of personal data processing
    1. The personal data you provide will be processed:
      1. for the purposes in respect to which you gave consent to processing of your personal data (e.g. receiving responses via the contact form),
    2. In the above scope, the Controller will process the following data provided by you: e-mail address, first name, last name, cookies, IP number.
  5. Sharing personal data
    1. Your personal data will be made available to competent state authorities or third parties if such an obligation will result from the generally applicable law.
  6. Data protection
    1. The Controller is obliged to protect your data, which were collected during filling the form.
    2. The Controller ensures the security of personal data owing to implementation of proper technical and organizational measures that are aimed at preventing unlawful processing of data and their accidental loss, destruction and damage. The Controller takes all possible measures to ensure that personal data are:
      1. correct and processed in a lawful manner,
      2. obtained only for specific purposes and not further processed in a manner contrary to those purposes,
      3. adequate, relevant and not excessive,
      4. accurate and up-to-date
      5. not stored for a period longer than necessary,
      6. processed in accordance with the rights of persons to whom they relate, including in accordance with the right to the reservation of access,
      7. securely stored,
      8. not transferred without adequate protection.
    3. Personal data files are secured against access by third parties. Only persons authorized by the Controller, with received training in the protection of personal data and obliged to keep your personal data secret are allowed to process your personal data.
    4. Personal data collected to answer the question in the contact form.
  7. Rights
    1. You are entitled to request for access to personal data to the Controller, to rectify, delete or limit processing, as well as to object to the processing. You also are entitled to transfer data. You also have the right to withdraw your prior consent to the processing of personal data at any time.
    2. You are entitled to obtain the following information from the Controller:
      1. on the purpose, scope and method of processing your personal data,
      2. on date since when your data are processed,
      3. on the source of your data,
      4. on recipients or categories of recipients to whom the data are shared.
    3. In addition, upon your request, the Controller will supplement, update and correct your personal data, as well as discontinue (temporarily or permanently) their processing or delete them, if your data prove to be incomplete, outdated, incorrect or have been collected in violation of the Act or are no longer required to achieve the purpose, for which they were collected.
    4. In addition, in the case of processing of your data by the Controller for direct marketing, you have the right to object at any time to processing of personal data for the purposes of such marketing, including profiling, to the extent to which processing is related to such direct marketing. To exercise the rights referred to in this paragraph, an appropriate request should be submitted to the Controller via e-mail.
    5. You have the right to lodge a complaint with the supervisory body when you find that the processing of your personal data by the Controller violates the applicable law.
  8. Cookies
    1. The Controller declares that it uses “cookies”.
    2. Cookies are information that is sent by the server and saved on your device (e.g. computer’s or phone’s hard disk).
    3. The data obtained using cookies do not enable identifying you, but allow the Controller to determine whether a website was visited using a given computer (which is not tantamount to information about who visited this website) and what user preferences were at that time (what he/she is most interested in on the website).
    4. The Controller uses internal cookies to:
      1. maintain proper functioning of the website,
      2. for statistical purposes.
    5. The Controller can place both permanent and temporary files on your device.
    6. Temporary files are usually deleted when the browser is closed, while when it comes to permanent files, closing the browser does not delete them.
    7. Persistent files are those that provide specific functions not only during a given session, but throughout their entire conservation period on the computer. Permanent files are used for: collecting information on how to use the website, including data on pages visited by the User and any errors, checking the effectiveness of page ads, improving operation of the website by registering errors, testing various options of the style of websites page.
    8. The website uses Google Analytics, which uses cookies located on your device to render statistics on the website traffic.
    9. The Controller uses the Website and Google AdWords services for the purpose of advertising, which services utilize cookies placed on your device.
    10. You can delete cookies left by the Website on your device at any time in accordance with the instructions of your web browser provider.
    11. It is also possible to block access of cookies to your device by properly configuring your browser, however, then the website might not function properly.
    12. In order to analyze the operation of the IT system, the Controller uses a server that automatically saves in server logs the information about the device you use to visit the website, i.e. on the type of device and browser you use, about the computer’s IP, date and time of visit, qualification of the event.
    13. Only people authorized to administer the IT system have access to the log files. Log files can be used to compile statistics on the assessment of website traffic and occurrence of errors that prevent you from being identified.
  9. Final provisions

In the future, you may need to update the Rules set out in this Privacy Policy. Policy update will be available on the website.