Privacy policy
The https://bramble.bio/ website (hereinafter referred to as the “Website”), is owned and operated by Polski Bank Komórek Macierzystych Sp. z o.o. (hereinafter referred to as the “Service Provider”). The Service Provider is responsible for the content of the Website and for the processing of information collected on it.
Personal data controller
The controller of the personal data of the users of the Website is the Service Provider, i.e. Polski Bank Komórek Macierzystych Sp. z o. o. with its registered office in Warsaw, 00-867, Av. Jana Pawła II 29, Poland (hereinafter referred to as the “Controller”). The Controller can be contacted at the telephone number +48 22 436 40 50 at the e-mail address bramble@bramble.bio or at the postal address Av. Jana Pawła II 29, 00-867 Warsaw, Poland.
Data Protection Officer
The Controller has appointed a Data Protection Officer (hereinafter referred to as the “DPO”), who is Agnieszka Wiercińska-Krużewska. The DPO can be contacted by e-mail at: inspektor@pbkm.pl.
Information collection policy
Within the Website, the Controller processes personal data in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”). Any enquiries made to the Controller will be processed with confidentiality and commercial confidentiality.
Personal data will not be passed on to third parties unless the user agrees to receive commercial information and/or other forms of contact.
Purpose and legal basis of data processing
The processing of personal data will take place:
- in order to provide services electronically in terms of making the content collected on the Website available to users – the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR);
- for the purposes of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in responding to enquiries addressed to it concerning its business activities; with regard to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
- if you have given your consent, to contact you by e-mail or telephone for the purpose of making a commercial offer;
Consent may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of data processing up to the time of withdrawal of consent.
- in order to carry out marketing activities consisting of sending commercial information about offers or content concerning the Controller’s products and services in connection with the customer’s consent to receive commercial information via the communication channel in question (Art. 6(1)(a) of the GDPR);
For the purpose of sending commercial information about offers or content relating to the Controller’s products and services, personal data is processed only for those persons who have given their consent to receive such commercial information, through the communication channel of their choice. Such consent may be withdrawn at any time.
In this case, the user’s personal data will be processed in an automated manner, and the Controller will analyse selected aspects of the user in order to assess his/her behaviour or predict future actions. This will make it possible to better tailor marketing activities to the user’s preferences and interests.
- for other purposes arising from the legitimate interests pursued by Controller (Article 6(1)(f) of the GDPR);
If necessary, we process data to protect our legitimate interests. Examples of this include:
- customer satisfaction survey,
- the assertion and defence of claims,
- ensuring IT security, including the functionality of the Website,
- analytical and statistical purposes,
- maintaining social media profiles.
Recipients of personal data
Personal data may be shared with other recipients for the performance of a contract, based on consent or for purposes arising from the legitimate interests of the Controller, as referred to herein. The Controller reserves the right to disclose selected information concerning persons using the Website to the competent authorities or to third parties who make a request for such information, relying on the relevant legal basis (in accordance with the applicable legislation).
In addition, the data may be transferred to entities processing personal data on behalf of the Controller and their authorised employees, with such entities processing the data on the basis of a contract with the Controller and only in accordance with instructions and subject to confidentiality and adequate protection of personal data security. In particular, personal data is transferred to IT service providers and entities providing consultancy services to the Controller.
Duration of storage of personal data
Personal data will be stored until the consent given is withdrawn or an effective objection is made to the processing, in cases where the legal basis for the processing is the legitimate interest of the Controller.
The storage period may be extended if this is necessary to establish, assert or defend against claims. After this period, data will only be stored if required by law and only to the extent necessary. At the end of the retention period, the data will be permanently deleted or anonymised.
Rights of persons whose data is processed by the Controller
The person whose data is processed by the Controller has the right to:
- request access to and a copy of your personal data and to rectify, transfer, restrict the processing of your personal data or have it deleted,
- insofar as the processing of personal data is based on consent, to withdraw at any time the consent previously given for the processing of personal data,
- to object at any time to the processing of personal data on grounds relating to a particular situation, where the Controller is processing the data for purposes arising from a legitimate interest (Article 21(1) of the GDPR)
- lodge a complaint with the President of the Personal Data Protection Office if the processing of personal data is considered to be in breach of the law.
The need to provide personal data
The provision of data is voluntary, but may be necessary for the conclusion and performance of the contract, including the use of the Website and contacting the Controller.
Source of personal data
The personal data collected by the Controller comes directly from the data subjects. Personal data in the form of name, surname, contact details, company or place of employment, academic title or job title/function may also be obtained by the Controller from publicly available digital sources, such as websites, scientific articles or conference materials.
Transfer of data to a third country
The level of protection of personal data outside of the European Economic Area (hereinafter referred to as the “EEA”) may differ from the protection guaranteed by the laws of the European Union (hereinafter referred to as the “EU”) and countries associated with the EU. Therefore, the Controller transfers personal data outside the EEA only when necessary, ensuring adequate protection, in particular by:
- cooperating with processors of personal data in countries for which the European Commission has issued a decision confirming an adequate level of protection for personal data; in some cases, the European Commission may require such processor to participate in programmes approved by it for entities outside the EEA, which must provide the same level of protection for personal data as in the EU and associated countries (details available here);
- use of standard contractual clauses approved by the European Commission; combined with additional security measures, these provide personal data with the same level of protection as in the EU and associated countries (model contracts available here);
- the application of binding corporate rules approved by the relevant supervisory authority.
The Controller always gives notice of its intention to transfer personal data outside the EEA at the time of collection.
About cookies
As part of the Website, the Controller uses information contained in cookies. Cookies are digital data, in particular small text files which are stored on your terminal equipment (e.g. laptop, tablet, smartphone) when you visit the Website. They may be used by the Controller, in which case they are installed directly by the Website, as well as by the Controller’s partners (e.g. Google).
Cookies store information that is created in cooperation with the user’s terminal equipment. The cookies used on the Website are primarily used to ensure the proper functioning of the Website, including maintaining the login session. If the user gives separate consent to the installation of other cookies, they will also be used for the purposes of adjusting Website settings and for analytical purposes. Below, the Controller provides detailed information on the cookies used. In turn, the section “Blocking or restricting cookies by the user” provides information on how to manage their settings.
On the Website, the Controller uses cookies of the following categories: essential, preferences, statistics.
- The Controller uses the necessary cookies to provide the user with access to the content and functions available on the Website, including for the proper functioning of the Website. The legal basis for the processing of the user’s personal data is the necessity for the performance of the contract for the use of the Website (Article 6(1)(b) of the GDPR). Necessary cookies may be installed via the Website by the Controller.
- Preference cookies are used by the Controller to remember settings that adapt the Website to the user’s preferences (e.g. language selection) and to personalise the functions used by the user. In order to use them, the user’s prior consent is required. The user can give his/her consent to the use of preference cookies through the cookie banner available on the Website, and can withdraw it at any time in the same way. Preference cookies may be used both by the Controller and by trusted partners. The legal basis for the processing of your personal data is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in improving the quality of the service provided to access the Website, based on your consent.
- Statistics cookies are used by the Controller to understand how a user uses the Website, including where traffic comes from and which content is most frequently visited. The use of these files enables statistical analyses to be carried out, e.g. on the number of visits to the Website, which allows the Website to be improved and new features to be introduced. The use of these files requires the user’s prior consent. The user may give his/her consent to the use of statistics cookies by means of the cookie banner available on the Website, and may revoke it at any time in the same manner. Statistics cookies may be used both by the Controller and by its trusted partners. The legal basis for the processing of users’ personal data is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in improving the Website on the basis of analyses of users’ activities, in relation to the consent they have given.
- Marketing cookies are used to tailor targeted content to the user’s preferences. The collection of information about the user by means of these cookies is aimed at personalising marketing activities and measuring their effectiveness. To install marketing cookies, it is necessary to obtain the user’s prior consent. Marketing cookies can be installed both by the Controller and by its trusted partners. The legal basis for the processing of the user’s personal data is consent (Article 6(1)(a) of the GDPR).
- Social media cookies are small files stored on a user’s device by social networking platforms (e.g., LinkedIn) when they visit websites integrated with these services. They enable features like content sharing, commenting, and logging in via social media accounts. Additionally, they allow platforms to track user activity across different websites to tailor ads and analyze online behavior. This helps social media services deliver more personalized content and advertising experiences. Social media cookies can be installed both by the Controller and by its trusted partners. The legal basis for the processing of the user’s personal data is consent (Article 6(1)(a) of the GDPR).
Detailed information on the individual cookies used within a given category (including their name, purpose of their use and validity period) is available to the user by clicking on the “Cookie Settings” button located in the footer of the Website. After clicking on the button, the user will see the cookie banner in the Website window and should then select and expand the category of cookies of interest.
In order to use preference,statistics, social media and marketing cookies, the user must give separate consents. The user’s consent is not required only for cookies that are necessary to provide the service of access to the Website. Without the use of these cookies, the Controller cannot provide the service of access to the Website. The user can give separate consents to the use of preference,statistics, social media and marketing cookies by using the cookie management platform (i.e. button “Cookie settings” in the footer of the Website or the cookie banner displayed when entering the Website page).
Blocking or restricting cookies by the user
The user has the possibility to manage the consents given, including withdrawing them at any time. To withdraw or give consent, the user should click on the “Cookie Settings” button in the footer of the Website, then move the slider next to the selected category of cookies and click “Allow selection” or “Deny”.
In addition, users can delete cookies at any time from their browser settings. Instructions on how to do this in the various browsers can be found below:
The user can also check his/her cookie settings at any time, e.g. via http://optout.aboutads.info.
For details of the various tools used by the Controller and its trusted partners, please see the “Analytical tools on the Website” section below.
Analytical tools on the Website
The Controller and its trusted partners use a variety of tools and solutions for analytical purposes. Basic information on these tools can be found below. Please refer to the privacy policy of the specific partner for further details.
- Google Analytics
Google Analytics cookies are used by Google to analyse your use of the website, to create statistics and reports on how the website works. Google does not use the data collected to identify you, nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection for this service is available here: https://policies.google.com/technologies/ads?hl=en-GB.
- Teracen
Teracent is a dynamic ad serving tool that uses cookies to tailor advertising content to users. To opt-out of Teracent’s cookies, you can use the opt-out options available on sites such as the Network Advertising Initiative or use the opt-out options described within this Policy.
- DoubleClick
DoubleClick is a tool for evaluating the effectiveness of advertising campaigns run by the Administrator (including Google AdWords campaigns) and for analysing their results. Detailed information on data collection and the rules of this service can be found here: https://support.google.com/campaignmanager/answer/2839090?hl=en&sjid=6878315917702019199-EU.
- Sales Manago
Sales Manago solutions allow you to store customer data in one place and use it to select target groups and personalise campaigns using personal, transactional and behavioural data. Sales Manago uses Machine Learning and AI to create customer profiles. More information can be found here: https://www.salesmanago.pl/info/rodo.htm.