PRIVACY AND COOKIES POLICY

I. INTRODUCTION

1. Nestmedic S.A. prioritizes the confidentiality of data and the protection of privacy of users of the Service (“User“), in particular customers, patients (“Patient“) and NESTMEDIC business partners (“Partner“) and persons authorized by them to access the Platform. The Privacy Policy sets forth the rules regarding the manner of collection, processing and use of Users’ personal data obtained in connection with the use of the www.pregnabit.com website (the “Service“), which includes:

1.1. the website pregnabit.com , nestmedic.com (the “Website“),

1.2. an online store available at the following web address: https://pregnabit.com/sklep/ (the “Store“), where you can purchase a mobile CTG device manufactured by NESTMEDIC (the “Device“),

1.3. the application located at: https://app.pregnabit.com/#/, https://adm.pregnabit.cloud, https://patient.pregnabit.cloud, https://pregnaone.com, https://patient.pregnaone.com (“Platform“), where services are provided to Users,as well as presents the rights of Users and the possibilities for Users to exercise control in connection with personal data processed by NESTMEDIC.

2. The abbreviation “GDPR” used in the Privacy Policy means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

II. PROTECTION OF PERSONAL DATA

1. The administrator of the personal data, subject to point 3 below, is Nestmedic Joint Stock Company with its registered office in Warsaw (01-993),  Pasymska 20, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the city of Warsaw. Warsaw, XIV Economic Department of the National Court Register under KRS No. 0000665017, NIP: 8943054930, REGON: 022455255, share capital PLN 2,146,305.40 (fully paid up) (“NESTMEDIC”).

If you have any questions about the use of your personal data at NESTMEDIC, please contact us:

By mail to: 20 Pasymska, 01-993 Warszawa, POLAND;

By e-mail: office@nestmedic.com

By phone: +48 664 346 559

2. The Data Protection Inspector of NESTMEDIC (“DPO”) is Anna Szopa. Contact with the DPO is possible:

By letter to the address: Nestmedic S.A., 20 Pasymska , 01-993 Warszawa, POLAND;

By e-mail: iod.nestmedic@nestmedic.com

By phone: +48 600 934 789

3. NESTMEDIC informs that in connection with the provision of services within the Platform, EDOKTOR24.PL is the independent administrator of Users’ personal data, including in particular Patients. Up-to-date information regarding the principles of processing of personal data by EDOKTOR24.PL, including, in particular, the legal basis, purpose, period of processing of personal data and the rights to which the data subject is entitled, is available at: https://edoktor24.scanmed.pl/other/polityka.pdf

4. In processing Users’ data, NESTMEDIC is guided by the following principles:

4.1. limitation of collected data to those needed to provide services

4.2. not to keep the data longer than necessary for the purposes indicated in the Privacy Policy;

5. SCOPE, PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

The Administrator processes personal data as follows:

5.1 Functioning of the Service and statistical purposes

5.1.1 Scope of personal data: automatically collected data available online – information about the website visited, including the URL, the path of visits to the Service (including date and time), information about the User’s network, such as device data, nodes, configurations, connection speed and network application performance; pages visited or searched, response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouseovers) and information about whether links were opened by the User.

5.1.2 Purpose: To administer NESTMEDIC’s servers; to collect general, statistical information about the User (e.g., regarding where the User is connecting to the Service); to monitor the Service (the correctness of the Service’s operation and to optimize the Service’s functionality); to ensure the online security of the Service.

5.1.3 Legal Basis:

5.1.3.1 Art. 6 (1) (a) GDPR- consent to process personal data contained in cookies;

5.1.3.2. Article 6(1)(b) GDPR – the necessity of data processing to perform the contract for the provision of electronic services in terms of providing certain information on the Website;

5.1.3.3 Art. 6(1)(f) GDPR – NESTMEDIC’s legitimate interest in analyzing User activity on the Service, ensuring the security of the Service, understanding Users’ use of the Service, performing compilations, statistics or business strategies of NESTMEDIC.

5.1.4 Providing the data referred to in 5.1.1 above is voluntary, but necessary to use the Service.

5.2 Contacting NESTMEDIC

5.2.1 Purpose: communication with the User via e-mail;

5.2.2 Legal basis:

5.2.2.1 Article 6(1)(f) GDPR – NESTMEDIC’s legitimate interest in responding to you during a phone call or to questions you send and to conduct further correspondence .

5.3 Use of the Platform

5.3.1 Registration of the Patient’s account on the Platform and use of the Platform by the Patient (including provision of services).

5.3.1.1 Scope of data: first and last name, telephone number, PESEL, date of birth, address of residence

5.3.1.2 Purpose: to establish the Patient’s identity prior to the provision of services; to establish the Patient’s profile on the Platform; to provide the Patient with access to the Platform and its functionality; to contact the Patient; to organize the exchange of information between NESTMEDIC and other entities in connection with the operation of the Service and the provision of services to the Patient; to analyze and provide answers to the questions asked; to provide services electronically; to perform the contract;

5.3.1.3 Legal basis: Article 6(1)(b) of the GDPR – the necessity of processing data to perform the contract;

5.3.1.4 The provision of data referred to in 5.3.1.1 above is voluntary, but is a contractual requirement and is necessary for the performance of the contract and the provision of services by NESTMEDIC. Failure to provide personal data will result in the inability to perform the contract.

5.3.1.5 The source of the data referred to in the paragraph above: the Patient’s personal data may come directly from the Patient or from another User (including a Partner) setting up the Patient’s account on the Platform.

5.3.2 Registration of accounts of Platform Users other than the Patient and their use of the Platform.

5.3.2.1 Scope of data: first and last name, telephone number, e-mail address, professional license number.

5.3.2.2 Purpose: to establish and operate the account of the Partner and persons authorized by the Partner to access the Platform; to perform the contract; to provide services electronically; to organize the exchange of information between NESTMEDIC and other entities in connection with the operation of the Service and the provision of services to the Patient.

5.3.2.3 Legal basis: Article 6(1)(b) GDPR – the necessity of processing data to perform the contract.

5.3.2.4 Provision of the data referred to in 5.3.2.1 above is voluntary, but is a contractual requirement and is necessary for the performance of the contract and provision of services by NESTMEDIC. Failure to provide personal data will result in the inability to perform the contract.

5.4 Conducting research and development work related to the medical device and Pregnabit service.

5.4.1 Scope of data: name and surname, PESEL, date of birth week of pregnancy, day of the week of pregnancy, information on the number of pregnancies, information on the number of deliveries, other information and diagnoses related to pregnancy, results of cardiographic tests (CTG), including recording of fetal heart rate parameters and uterine muscle contraction activity, description and analysis of the Patient’s test results.

5.4.2 Purpose: To conduct research and development work related to the medical device Pregnabit service.

5.4.3 Legal Basis: Provision of the data referred to in Section 5.4.1 above is voluntary.

5.4.4 Source of the data referred to in Section 5.4.1 above: the Patient’s personal data may come directly from the Patient or from another User (including a Partner) setting up the Patient’s account on the Platform.

5.5 Fulfillment of orders in the Store and performance of concluded agreements

5.5.1 Purpose: performance of the agreement concluded as a result of an order placed by the User; issuance of an invoice and performance of other tax and accounting documentation obligations; performance of legal obligations (including tax or accounting regulations).

5.5.2 Legal Basis:

5.5.2.1 Article 6(1)(b) GDPR – the necessity of data processing for the performance of the contract;

5.5.2.2 Art. 6(1)(c) GDPR – fulfillment of legal obligations incumbent on NESTMEDIC, including tax and accounting obligations.

5.5.3 The provision of data referred to in 5.5.1 above is voluntary, but necessary for NESTMEDIC to conclude and perform the contract, and to the extent that the processing of personal data is the fulfillment of NESTMEDIC’s legal obligations – their provision is a statutory requirement.

5.6 Direct marketing

5.6.1 Scope: name, phone number, e-mail address, bank account details, reason for withdrawal from the contract, condition of the kit after the return.

5.6.2 Purpose: Personal data will be processed for the purpose of withdrawal from the contract concluded remotely

5.6.3 Legal basis: article 6.1.c GDPR- obligation under the law, i.e. article 27 of the Act of May 30, 2014 on consumer rights

5.7 Processing of personal data in case of withdrawal from the contract

5.7.1 Scope: first and last name, phone number, email address, bank account details, reason for withdrawal from the contract, status of the set after the return.

5.7.2 Purpose: Personal data will be processed for the purpose of withdrawal from the contract concluded remotely

5.7.3 Legal basis: article 6.1.c of GDPR- obligation under the law, i.e. article 27 of the Act of May 30, 2014 on consumer rights.

5.7.4 Provision of data on the withdrawal form is voluntary, but failure to provide such data may result in the inability to exercise the consumer’s right to withdraw from the contract.

5.8 Processing of personal data in case of filing a complaint

5.8.1 Scope: name and surname, telephone number, e-mail address, bank account details, reason for complaint and other information provided during complaint submission, complaint decision issued.

5.8.2 Purpose: If a complaint is filed, the personal data provided will be processed for the purpose of exercising rights regarding warranty for defects of the leased item under Article 664 of the Civil Code;

5.8.3 Legal Basis: Article 6(1)(c) of the GDPR – obligation under the law;

5.8.4 Provision of data is voluntary; however, failure to provide such data may result in the inability to process a complaint.

5.9 Investigation and defense of claims.

5.9.1 Scope: personal data referred to in 5.1 to 5.9 above.

5.9.2 Purpose: investigation of claims and defense of rights related to NESTMEDIC’s business activities.

5.9.3 Legal basis: Article 6(1)(f) GDPR – NESTMEDIC’s legitimate interest in pursuing claims and defending NESTMEDIC’s rights.

6. STORAGE PERIOD OF PERSONAL DATA

6.1 Personal data will be kept by NESTMEDIC for the following periods:

6.1.1. processing for the purpose of providing services electronically , performing contracts and exercising the Patient’s consumer rights – personal data will be stored for the duration of the performance of services and performance of contracts, but no longer than until the termination, expiration or termination of the contract in question or the statute of limitations for claims, and in the field of complaints, personal data will be stored for the duration of the complaint handling, but no longer than until the final resolution of the User’s complaint;

6.1.2. processing for the purpose of fulfilling obligations under the law – personal data will be kept for the time specified in generally applicable laws, including if there is a suspicion that they may be subject to control or proceedings by state authorities for a period of five years from the date of a potential violation of the law or the occurrence of the consequences of a violation of the law, and the duration of such proceedings.

6.1.3. processing for marketing purposes – personal data will be kept for a period no longer than necessary for the purposes for which the data are processed or until the User withdraws consent to the processing of his/her personal data, but no longer than until the User’s account is deleted from the Service;

6.1.4. the assertion of claims and defense of NESTMEDIC’s rights – personal data will be kept for the duration of the contract in question, and then for the period of the statute of limitations for claims under the relevant legislation;

6.1.5. operation of the Website and for statistical purposes – personal data will be stored for 18 months from the date of the last visit to the Website;

6.1.6. internet marketing and remarketing – personal data will be stored for a period of 1 month from the User’s last visit to the Website.

7. RECIPIENTS OF PERSONAL DATA

7.1 Recipients of Users’ personal data, shall be:

7.1.1. entities cooperating with NESTMEDIC, including in particular:

7.1.1.1. Medyczne Centrum Telemonitoringu spółka z ograniczoną odpowiedzialnością (Medical Telemonitoring Center LLC)  with its registered office in Warsaw (01-993),  Pasymska 20, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the City of Warsaw in Warsaw, XIV Economic Department of the National Court Register under the number KRS 0000624315, NIP: 8992792740, REGON: 364761470 (“MCT“);

7.1.1.2. EDOKTOR24.PL Spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw (00-660), ul. Lwowska 15/6, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Business Division of the National Court Register under No. 0000444941, NIP: 1132861449, REGON: 146469011 (“EDOKTOR24.PL“);

7.1.2 An entity, other than MCT or EDOKTOR24.PL, engaged in therapeutic activity within the meaning of Article 2.1.5 of the Act of April 15, 2011 on therapeutic activity;

7.1.3 Entities providing Internet marketing tools:

7.1.3.1. Facebook Pixel provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. They enable the targeting of advertising campaigns on Facebook. This causes Facebook to know that a person registered with it is using the Portal. Facebook is the administrator of the data collected in this way. The Portal does not transfer any additional personal data from itself to Facebook. The service is based on the use of cookies on the user’s terminal device. The information collected by Facebook Pixel is anonymous, i.e. it does not allow direct identification. More information can be found in Facebook’s privacy policy.

7.1.3.2 Google Ads provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ads is used to promote our website in search results and on third-party sites, also using remarketing tools. Activities in this regard are based on consent to the use of cookies under the terms described below. The functionality of Google Ads is based on leaving a Google cookie on the user’s terminal device, which, by means of an identifier (ID) associated with the sites visited, enables interest-based ads to be displayed. For more information about Google Ads’ data processing, please refer to Google’s privacy policies.

7.1.3.3 Google Analytics, a tool for creating statistics, analyzing them and optimizing the website, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The tool collects data using cookies. Cookies may be used by advertising networks, in particular the Google network, to display ads tailored to the way you use the Website. For this purpose, they may retain information about the user’s navigation path or how long the user stayed on a particular page. The administrator of the data collected in this way is Google LLC. To learn more about the third-party administrator’s use of cookies, please refer to Google’s privacy policies.

7.1.4. payment processors for NESTMEDIC services in order to handle and process payments for these services;

7.1.5. entities providing services necessary to send transactional and product information via email or SMS to the extent that disclosure is necessary to automate, simplify and analyze these processes;

7.1.6. external entities providing and supporting information systems or other technological solutions used by NESTMEDIC;

7.1.7. external entities providing accounting and bookkeeping services to the extent that disclosure is necessary to provide these services to NESTMEDIC;

7.1.8. legal advisors and consultants serving NESTMEDIC to the extent that disclosure is necessary for the use of their services;

7.1.9. governmental authorities and the judiciary and law enforcement, if required by law.

7.2 NESTMEDIC, to the extent of the recipients specified in 7.1.3 and 7.1.5, may transfer personal data outside the European Economic Area, to third countries, including the United States of America. In such cases, personal data shall be transferred with appropriate data protection standards, including the standard contractual clauses included.

8. USER RIGHTS

8.1 Right to withdraw consent to the processing of personal data – The User has the right to withdraw consent at any time. The withdrawal of such consent shall not affect the lawfulness of the processing performed on the basis of consent before its withdrawal.

8.2 Right to access and obtain a copy of personal data – The User has the right to obtain information about the processing of personal data concerning him, and in the case of processing, the right to access such data. The User also has the right to obtain a copy of the personal data concerning him in the possession of NESTMEDIC and certain other information in this regard.

8.3 Right to rectification of personal data concerning the User – The User has the right to request the correction of any incomplete or incorrect personal data concerning him or her and held by NESTMEDIC.

8.4 Right to delete personal data concerning the User – The User has the right to request deletion of personal data in certain situations. NESTMEDIC may refuse to delete personal data in certain situations, i.e. the need to retain data for the purpose of compliance with the law or for the purpose of asserting claims and defending rights.

8.5 Right to restrict the processing of your personal data – You have the right to request restriction of the processing of your personal data (suspension of processing).

8.6 Right to portability of personal data – The User has the right to request assistance in transferring personal data concerning him to another entity.

8.7 Right to object – The User has the right to object to the processing of personal data based on NESTMEDIC’s legitimate interest or the legal interest of third parties. An objection may be raised at any time for reasons related to the User’s particular situation. If such an objection is raised, NESTMEDIC will no longer process such personal data unless it demonstrates the existence of valid legitimate grounds for processing that override the interests, rights and freedoms of the User to whom the data relate, or grounds for establishing, asserting or defending claims.

8.8 Right to lodge a complaint to a supervisory authority – The User has the right to lodge a complaint to the supervisory authority for the protection of personal data, i.e. the President of the Office for Personal Data Protection (PUODO) in Warsaw (Stawki 2 Street, 00-193 Warsaw) at: kancelaria@uodo.gov.pl or via Electronic Submission Box (ESP) at: https://uodo.gov.pl/pl/83/153.

8.9 The rights referred to in clauses 8.1 to 8.8 above may be exercised by the User in particular at the e-mail address: office@nestmedic.com.

9. PROFILING

NESTMEDIC does not use the User’s personal data for the purposes of automated decision-making, including profiling.

III. COOKIE FILES

1. NESTMEDIC uses cookies (i.e. small computer data sent to the User’s device, identifying it in a manner necessary to simplify or cancel a given operation, they may be text files) or other similar technologies in order to collect information related to the use of the Website, matching the provision of services to the individual needs and preferences of the User, as well as enabling the collection and processing of statistical data on the use of NESTMEDIC services.

2. There are three basic types of cookies:

2.1. session cookies: specific to a particular visit, limited to sending the so-called session ID (a random string of digits generated by the server) so that the User does not have to re-enter the same information after moving to another page of the site or after leaving the site altogether. Session files are not permanently stored on the User’s device and are deleted when the browser is closed;

2.2. permanent cookies: files that record information about the User’s preferences, stored in the cache memory of the User’s browser or mobile device; and

2.3. third-party cookies: placed by third parties outside NESTMEDIC to collect data from a number of different websites or sessions.

3. NESTMEDIC uses cookies for the following purposes:

3.1. proper provision of services and operation of the Website;

3.2. proper security of access to Users’ personal and medical data;

3.3. to better adapt the provision of services to the individual needs and preferences of the User;

3.4. to enable the collection and processing of statistical data on the use of the Service;

3.5. marketing, including advertising of services via the Internet;

3.6. to collect information on how Users use the Service;

3.7. improving performance, improving the Service;

4. when accessing the Service for the first time, the User must agree to cookies or take other possible actions indicated in the displayed message in order to be able to make full further use of the content and functionality of the Service. The User may at any time change his/her browser settings, disable or delete cookies. Disabling cookies may adversely affect the functionality or completely prevent the use of the Services.

5. The following cookies are used on the Website:

5.1. On the Website/shop:

Name of cookieType of cookiesMode of operation
cookielawinfo-checkbox-analyticsessentialConfirmation of statistics in the information on the processing of personal data
cookielawinfo-checkbox-necessaryessentialConfirmation of information on the processing of personal data
wc_cart_createdessentialShopping basket handling
wc_cart_hash_#essentialShopping basket handling
wc_fragments_#EssentialDisplay of information
gaStatisticalFor the collection of statistics on website usage
_ga_#StatisticalTo collect statistical data on the number of visits to the website
_fbpMarketingFor collecting marketing information via Facebook
frMarketingFor collecting marketing information via Facebook
Tk_lrMarketingFor the collection of marketing information
Tk_orMarketingFor the collection of marketing information
Tk_r3dMarketingFor the collection of marketing information
Tk_tcMarketingFor the collection of marketing information
trMarketingFor collecting marketing information via Facebook

5.2. On the app.pregnabit.com Platform:

Cookie nameType of cookiesMode of operation
rc::aEssentialTo operate a system to distinguish between human and robot
rc::cEssentialTo operate a system to distinguish between human and robot
_session_key Necessary to support logging

5.3 On the Platform adm.pregnabit.cloud / pregnaone.com :

Cookie nameType of cookiesMode of operation
AUTH_SESSION_IDEssentialNecessary to support logging
cookietestEssentialNecessary to determine whether use of a cookie is accepted
KC_RESTARTEssentialIdentifies the logged-in user
kc-callback-#EssentialNecessary to support logging into the system

6 Cookies are stored, depending on the file, for the duration of the session, for 2 days, 3 months, 1 year, 2 years, 5 years.

IV. FINAL PROVISIONS

1 Amendments to the Privacy Policy. The provisions of the Privacy Policy may consist of improvements and changes, and the latest versions of the Privacy Policy will be published on the Site (as well as on the Platform) each time and will be dated as of the last update. No future changes will restrict the User’s rights without the User’s consent.

2 Versions of the Privacy Policy. For the processing of personal data obtained by NESTMEDIC through the Service or in connection with the operation of the Service, including in particular those collected from Users’ e-mails, orders placed through the Store, and submitted through the Platform, prior to the effective date of this Privacy Policy, the version of the Privacy Policy in effect on the date of the occurrence of the event giving rise to the acquisition of personal data referred to in the preceding sentence shall be applied. Archived versions of NESTMEDIC’s privacy policies are available at: https://pregnabit.com/polityki-prywatnosci/

3 Effectiveness of the Privacy Policy. This Privacy Policy shall enter into force on 30.11.2022.