1. Data Controller
The controller of your personal data is BIOCELLS MEDICAL Sp. z o.o., registered in Poland under KRS KRS 0001099454, NIP 1133130802, with its registered office at Franciszka Klimczaka 8A, 02-797 Warsaw, Poland.
For any data protection enquiries, contact us at info@biocellsmedical.com or call +48 22 307 48 82.
2. Personal Data We Collect
We may collect the following categories of data:
- Identity data — full name, date of birth, nationality.
- Contact data — email address, telephone number, postal address.
- Health data — diagnosis, medical history, current medications, test results and other information you provide through our consultation request form or during direct communication with our medical team.
- Technical data — IP address, browser type and version, device information, operating system, time zone, pages visited, referral source.
- Usage data — information about how you use our website, collected via cookies and analytics tools.
3. Legal Basis for Processing
We process your personal data on the following legal grounds under the General Data Protection Regulation (GDPR):
- Consent (Art. 6(1)(a) and Art. 9(2)(a)) — when you submit a consultation request containing health data, you provide explicit consent for us to process that data for the purpose of evaluating your eligibility and preparing a treatment proposal.
- Contract performance (Art. 6(1)(b)) — processing necessary to respond to your enquiry and, if applicable, to deliver medical services.
- Legitimate interest (Art. 6(1)(f)) — website security, fraud prevention, and improvement of our services.
- Legal obligation (Art. 6(1)(c)) — compliance with Polish medical record-keeping and tax regulations.
4. Processing of Health Data
Health data constitutes a special category of personal data under Article 9 of the GDPR. We process health data exclusively on the basis of your explicit consent, provided when you submit a consultation request form or share medical documentation with our team. This data is used solely to assess your medical situation, determine eligibility for treatment, and prepare an individualised therapy proposal.
Access to health data is strictly limited to authorised medical personnel involved in your case evaluation. You may withdraw your consent at any time by contacting us at info@biocellsmedical.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
5. How We Use Your Data
- To respond to consultation requests and provide medical assessments.
- To communicate with you regarding treatment programmes.
- To maintain medical records as required by Polish law.
- To operate, maintain and improve our website.
- To analyse website usage through anonymised or pseudonymised analytics.
- To deliver relevant information about our services through marketing communications (only with your consent).
6. Data Sharing and Third Parties
We do not sell your personal data. We may share data with the following categories of recipients:
- Hosting provider — Vercel Inc. (United States). Data transfers to the US are covered by the EU-US Data Privacy Framework.
- Analytics — Google Analytics (Google LLC, United States) for anonymised website usage statistics.
- Advertising — Meta Platforms (Facebook Pixel) for measuring the effectiveness of advertising campaigns. Activated only with your cookie consent.
- Legal and regulatory bodies — where disclosure is required by Polish or EU law.
7. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised transfer mechanisms.
8. Data Retention
- Consultation enquiries — retained for up to 3 years from the date of the last communication, unless a treatment contract is formed.
- Medical records — retained for 20 years from the date of the last entry, in accordance with Polish medical record-keeping regulations (Art. 29 of the Act on Patient Rights).
- Analytics data — retained in anonymised form for up to 14 months (Google Analytics default).
- Marketing data — retained until you withdraw consent or unsubscribe.
9. Your Rights Under GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no compelling reason for continued processing (subject to legal retention requirements).
- Restriction — request restriction of processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact info@biocellsmedical.com. We will respond within 30 days.
10. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland — uodo.gov.pl.
11. Cookies
Our website uses cookies and similar tracking technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These include encrypted data transmission (TLS/SSL), access controls, regular security assessments, and staff training on data protection obligations.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the revised policy.
