We only process your personal data for the purposes for which you contact us or use our services. Below you will find details of the different categories of data subjects.

2.1 Users of www.jjpbiologics.com

Every User who visits our website and views the content on it leaves an electronic footprint. This is solely related to the technical aspects of the websites, including functional cookies, which make the website work properly. Thanks to functional cookies, we can remember your preferences regarding the use of cookies and not ask you for them in the future. We may also count visits and traffic on the website, but this is general, statistical information and does not apply to individual Users.

We do not use any additional mechanisms to collect additional information. As a general rule, we do not have the possibility to combine data from functional cookies with other data that could allow the identification of our website Users. In extreme cases, however, it may happen that a User who uses other services on the website: a Newsletter subscription or a contact form, may be identified using this additional data.

We also do not use measures to adapt the content displayed.

We only store the data collected by functional cookies for the duration of the technical requirements. In the event that they constitute personal data within the meaning of the GDPR, the basis for their processing will be the legitimate interest related to the provision of the website service and the security of its operation (Art. 6(1)(f) GDPR).

2.2 Newsletter Subscribers

The website allows you to leave your e-mail address to subscribe to our Newsletter. We only process the email addresses of our Subscribers for the purpose of sending the Newsletter. The Newsletter may contain promotional, commercial and marketing information (please refer to the terms and conditions of the Newsletter Service contained in <JJP Biologics T&Cs>).

Any Subscriber may unsubscribe at any time, without giving any reason. To do so, please write us an email at: rodo@jjpbiologics.com or use the unsubscribe option included in the content of the Newsletter received.

All Subscribers receive the Newsletter with the same content. We do not use profiling or other forms of customisation of the content provided.

The basis for the provision of the Newsletter service to our Subscribers in accordance with the JJP Biologics T&Cs is the ordering of the Newsletter to the e-mail address provided in the order (Article 6(1)(a) of the GDPR and Article 10 of the Act on Provision of Electronic Services and, following the entry into force of the Electronic Communications Law, its Article 393). We process Subscribers’ data (email addresses) until they unsubscribe. Thereafter, we may process the Subscription history for evidential purposes for supervisory authorities, for a maximum of 1 year.

2.3 People contact via Contact Form, email, Social Media Chats and messages etc.

The data of persons who use our Contact Form on the website, correspond with us by post or e-mail, through various types of Chat or through social media messengers, are processed by us solely for the purpose of conducting the said correspondence, providing answers, settling matters with which the persons contact us. If an enquiry is made about our offer, activities or services, answering the enquiry may require the sending of commercial, promotional or marketing information, but only within the scope of the enquiry made.

We do not use contact data obtained in this way for future marketing purposes.

We keep a history of correspondence for a period of 3 years. If the correspondence relates to the performance of the cooperation, complaints or may result in potential claims by either Party, the correspondence will be stored for up to 6 years or as required by separate legislation.

2.4 Business Partners and their Representatives

We process the personal data of our Business Partners[i] and their Representatives: persons representing business entities or organisations, agents, employees, and representatives who act on behalf of or for or on behalf of the respective Business Representative.

We obtain the data from the Business Partner or directly from the data subject.

Depending on the scope and basis of the cooperation, the data of Business Partners and their Representatives is processed to a different extent. These may include:

1. Data of representatives and proxies processed in accordance with the national registers (e.g. National Register of Companies, Central Registration and Information On Business, content of the power of attorney, content of the agreement, NDA and other documents exchanged between the Parties, processed in connection with the concluded agreement or legal requirements;
2. Data contained in correspondence exchanged in connection with the implementation of the cooperation;
3. Data contained in accounting, tax records;
4. Data contained in project documentation, grant procedures, purchasing regimes, in accordance with relevant procedures and legal requirements.

The basis for our processing of personal data is:

1. Business Partner data – performance of cooperation (Art. 6(1)(b) GDPR) or legal requirements (Art. 6(1)(c) GDPR), e.g. commercial, civil, tax, accounting laws;
2. Representatives’ Data – legitimate interest of us and the Business Partner to provide ongoing business contacts for the purpose of the cooperation (Article 6(1)(f) GDPR);
3. Data required by law in connection with regulatory purchasing regimes or grant procedures – Article 6(1)(c) of the GDPR.

We process the data for the duration of the cooperation and then for a period of 6 years for tax, accounting and documentary purposes from the performance of the contract. In the case of research projects, grants, specific purchasing procedures or public procurement, the retention period may be longer. In each case, this will result from the documentation of the cooperation between the Parties.

2.5 Participants in procurement procedures – Offerers and their Representatives

Above, we have described the basis and scope for processing the personal data of Offerers[ii] and their Representatives. In connection with the conduct of purchasing procedures, we also process the personal data of Offerers and their Representatives with whom we do not currently cooperate, but whose data were included in the offers submitted to us as part of purchasing procedures, including the NDA. Our Offerers include varying degrees of their personal data and that of their Representatives, depending on the subject of the bid and the applicable purchasing procedure.

We only obtain personal data from Offerers in the offers submitted to us. Offerers are obliged to comply with the provisions of GDPR, so any Representative whose data is included in a offer should be informed that their personal data is being shared in the offer submitted to us.

The basis for processing the personal data contained in the offer is:

1. Offerer’s data – necessary to take steps to establish cooperation (Art. 6(1)(b) GDPR);
2. Data of Representatives – legitimate interest of ours and of the Offerer in order to establish cooperation (Art. 6(1)(f) GDPR);
3. Data required by law – if the relevant legal requirements apply in the applicable purchasing regime (Art. 6(1)(c) GDPR).

Data will be processed until the end of the purchasing procedure and then for 3 years for archiving purposes. This period may be longer if directly required by law.

2.6 Visitors

Our Guests visiting us at our premises are subject to identity verification carried out at the reception desk and, for this purpose, must present their identity document (e.g. ID, passport, driving license) (this obligation applies only to the presentation of the document, the document does not leave our Guest’s hands). Each of our Visitors is registered in advance on the list of scheduled visits for the day, and his/her presence is then recorded in the visitors’ book with the date and time of entry and exit.

We only process the data for the purpose of providing a reliable administrative service and for the security of property and protected information (Article 6(1)(f) of the GDPR). We do not use the data so obtained for other purposes. Data entered regarding visits are archived for 3 years for security purposes.

The office building in which our headquarters is located is equipped with video surveillance. However, this monitoring is outside our administration. Please contact the building administrator regarding the video surveillance used in the building. 

2.7 Social Media activity

We are active on Social Media, in particular:

1. we operate a Fanpage on LinkedIn;
2. we operate a youtube channel.

 We post content related to our activities and products, news on the achievements and successes of our Team Members, share interesting industry articles authored by our Team Members or from other sources.

Team members actively participate in the exchange of opinions in the comments under our posts and on the profiles of other individuals or institutions.

We also occasionally post job advertisements for our Team.

In connection with social media activity, we have access to personal data under the terms of the relevant social media platform: members of our social networks: followers, subscribers, people who post comments or are otherwise active on our profiles, people who use instant messaging to exchange correspondence with us, people on whose profiles our Team Members are active, who share our content, tag us or our Team Members or otherwise interact with us. We also receive notifications about the activities of people we follow or who follow us.

Furthermore, in connection with the use of a professional profile on LinkedIn, we have access to the statistical and analytical tools provided to us by LinkedIn. We can therefore receive information on who has visited our Fanpage, what activities they have undertaken, how long they have stayed on our Fanpage and what content they have used. We can also receive reports showing us where we are mentioned on LinkedIn, what activities are undertaken towards us by other LinkedIn users elsewhere on the platform.  LinkedIn provides a wide range of statistical and analytical tools per LinkedIn’s Terms and Conditions. We only use the basic functions that allow us to keep up to date with news in the industry in which we operate and in related industries, provide content to members of our social network, professional activity and take care of our PR and that of our Team Members.

We only access personal data from social media on the respective Social Media platform. We do not copy social media data, save it elsewhere or store it on our media[iii] . Occasionally, we generate statistical reports and use them outside LinkedIn, but these contain only general data.

The basis for the processing of personal data on social media is our legitimate interest in undertaking industry and professionally related community and PR activities (Article 6(1)(f) GDPR).

2.8 Job Applicants

Sometimes we post job advertisements on our website or Social Media. In such cases, we process the data of Job Candidates contained in the applications submitted to us (CVs, cover letters, completed forms, other documents submitted by the Candidate) solely for the purpose of recruitment.

We publish job advertisements on various portals, including LinkedIn, pracuj.pl. A Candidate wishing to make an offer can use the application options available on a given portal. We will then receive information about the submitted application and have access to it through the portal selected by the Candidate.

We do not copy the applications of Job Candidates and do not ask them to send their applications by e-mail directly to us. It is only at an advanced stage of recruitment that we can download the application of the selected Candidate(s).

The legal basis for the processing of the Job Candidates’ personal data depends on the position and the related form of the proposed collaboration and on the scope of the data provided to us:

1. If the job advertisement relates to employment under the Labour Code, the basis for our processing of the data of the Candidates will be the law (Article 6(1)(c) RODO). If the scope of the data submitted to us exceeds that indicated by us, the basis for processing will be your consent (Article 6(1)(a) GDPR);
2. If the advertisement relates to a cooperation based on a civil law contract or a B2B contract, the legal basis for the processing of the Candidates’ data will be to take steps towards the conclusion of a cooperation agreement (Article 6(1)(b) GDPR).

We will process your data until the recruitment is completed. The portals on which we advertise jobs decide how long applications will be available. The standard timeframe is four months, but this timeframe is set by the respective portal. After this time, we do not have access to the applications submitted. If a Candidate has progressed to an advanced stage of recruitment and we have downloaded their application, we can process it until the recruitment process is complete and then for 1 year.

If you submit your application without us recruiting you or, during the recruitment process, you express your wish to have your application included in our Job Candidate database, your application will be processed on the basis of your freely given consent (Art. 6(1)(a) GDPR) for one year, unless you inform us beforehand that you have withdrawn your consent to have your personal data processed in the Job Candidate database.

2.9 Complaints, disputes, defense, or redress of grievances

Certain documents and information are archived in order to provide us and our Business Partners with economic security in the event of the need to defend or assert claims. This applies to the implementation of collaborations, grants, purchase proceedings, but may also relate to other matters, e.g. the Guests register, correspondence received by us, the content of Social Media activity or recruitment proceedings. The basis for our data processing for this purpose is Article 6(1)(f) of the GDPR.

If an investigation, mediation, or court case is initiated, the documents and data we need will be processed until the conclusion of the proceedings and the expiry of the limitation period for claims, in accordance with the applicable legal provisions.