Privacy Policy

1. General Information

This Privacy Policy sets out the rules for the processing and protection of personal data of users of the website www.pathologycourses.com and participants of educational events organised under the Pathology Courses series (the “Service” and the “Course”).

The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation – “GDPR”) and applicable national data protection laws.

2. Data Controller

The controller of personal data is:

MEDVISA SŁAWOMIR POZIOMEK
ul. Uprzejma 6/2
60-185 Skórzewo, Poland
NIP: 5591819259
REGON: 302822441
E-mail: biuro@medvisa.pl

(hereinafter referred to as the “Controller”).

The Controller has not appointed a Data Protection Officer, as there is no statutory obligation to do so.

3. Scope of Processed Personal Data

The Controller may process the following categories of personal data:

  • identification data (e.g. name, surname, professional title);
  • contact details (e.g. e-mail address, telephone number);
  • professional data (e.g. profession, workplace, medical licence number – if required for accreditation purposes);
  • invoicing data (e.g. company name, address, tax identification number);
  • technical data (e.g. IP address, browser data, cookies);
  • any other data voluntarily provided by the User via forms or e-mail correspondence.

4. Purposes and Legal Bases of Processing

Personal data are processed for the following purposes and on the following legal bases:

  1. Registration and participation in the Course
    Legal basis: Article 6(1)(b) GDPR – performance of a contract.
  2. Issuing invoices and fulfilling accounting obligations
    Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation.
  3. Communication with Users and Participants
    Legal basis: Article 6(1)(b) and (f) GDPR – performance of a contract and the Controller’s legitimate interest.
  4. Organisation and administration of Courses, including certificates and educational points
    Legal basis: Article 6(1)(b) GDPR.
  5. Marketing and information about future events (where applicable)
    Legal basis: Article 6(1)(a) GDPR – consent, which may be withdrawn at any time.
  6. Website analytics and cookies
    Legal basis: Article 6(1)(a) GDPR – consent, and Article 6(1)(f) GDPR – legitimate interest in ensuring proper functioning of the Service.

5. Data Recipients

Personal data may be disclosed only to:

  • entities providing services to the Controller (e.g. IT service providers, accounting firms, event service providers), acting on the basis of data processing agreements;
  • public authorities, where required by law;
  • entities authorised by the data subject.

Personal data are not sold and are not transferred to third countries or international organisations, unless required by law or explicitly consented to by the data subject.

6. Data Retention Period

Personal data shall be stored:

  • for the duration of the Course and the performance of related obligations;
  • for the period required by accounting and tax regulations;
  • until consent is withdrawn, where processing is based on consent;
  • until the expiry of limitation periods for potential claims.

After the expiry of the above periods, personal data shall be securely deleted or anonymised.

7. Rights of Data Subjects

Each data subject has the right to:

  • access their personal data (Article 15 GDPR);
  • rectify inaccurate or incomplete data (Article 16 GDPR);
  • erase data (“right to be forgotten”) where applicable (Article 17 GDPR);
  • restrict processing (Article 18 GDPR);
  • data portability (Article 20 GDPR);
  • object to processing based on legitimate interest (Article 21 GDPR);
  • withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal;
  • lodge a complaint with a supervisory authority, in particular in the EU Member State of habitual residence or place of work.

Requests regarding the exercise of rights should be sent to: biuro@medvisa.pl.

8. Cookies and Technical Data

The Service uses cookies and similar technologies to ensure proper functioning of the Website, analyse traffic and improve user experience.

Cookies may be:

  • session cookies (deleted after closing the browser);
  • persistent cookies (stored for a specified period).

Users may manage cookie settings through their browser or cookie consent tool available on the Website. Restricting cookies may affect the functionality of the Service.

9. Data Security

The Controller applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorised access, loss, alteration or disclosure of personal data.

10. Links to External Websites

The Service may contain links to external websites that operate independently of the Controller. The Controller is not responsible for the privacy practices of such websites and encourages Users to review their privacy policies separately.

11. Amendments to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy where required by changes in law, technology or the manner of operation of the Service.

Any amendments shall be published on the Website and, where required by law, communicated to Users in advance.

12. Final Provisions

This Privacy Policy is effective as of 22 December 2025.

Any matters not regulated herein shall be governed by applicable provisions of EU and Polish law.

If you have any questions regarding this Privacy Policy or the processing of personal data, please contact the Controller at: biuro@medvisa.pl.

Shopping Cart