Privacy policy

The controller of personal data is HTL-STREFA S.A. (hereinafter referred to as “HTL” or the “Data Controller”), with its registered office in Ozorków (95-035), at Adamówek 7. Personal data collected by HTL is processed in accordance with data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”), as well as the Polish laws enacted in connection with the GDPR, including the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended). HTL keeps personal data confidential and protects it from unauthorized access by third parties in accordance with the above-mentioned legal acts.

This Privacy Policy (the “Privacy Policy”) applies exclusively to the website www.htl-strefa.com (the “Website”) and does not apply to other websites that the data subject may access via links contained on the Website.

Unless otherwise indicated, the terms used in this Privacy Policy shall have the meanings ascribed to them in the GDPR.

This Privacy Policy may be updated periodically to reflect changes in applicable laws and/or organizational changes within HTL. The current version of the Privacy Policy will always be available on this Website. Please check it regularly.

1. Data collected and processed

The Data Controller processes only personal data necessary for the purposes described below. It is recommended that data subjects do not provide unnecessary and/or third-party personal data.

Personal data” means any information relating to an identified or identifiable natural person.

Personal data may be provided by the data subject:

  1. voluntarily, when the user of the website decides to contact the Data Controller electronically (basic identification data) or 
  2. automatically, while using and browsing the Website (operational data).

Personal data collected by the Data Controller may include, in particular:

  1. Identification data: Any information that directly or indirectly identifies a person, such as name, surname, contact details (address, email, phone number), job title, and specialization.
  2. Messages: Any correspondence addressed to HTL, including emails sent to our contact details or messages submitted via the contact form.
  3. Professional information: Especially relevant when responding to our job offers.
  4. Operational data: Such as device type, browser version, IP address, visited pages, use of specific Website features, etc.
  5. Location data: Information about your location collected via your device or browser, if you consent to share it.
  6. Cookies and data collected via cookies: The Website uses cookies. Detailed information is available in the Cookie Policy.

Unnecessary data (including special categories of data) and third-party personal data, if provided, will be deleted immediately.

2. Purposes and legal bases for processing

The Data Controller processes personal data:

  1. based on the data subject’s consent,
  2. when processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract,
  3. when processing is necessary for compliance with a legal obligation to which HTL is subject,
  4. when processing is necessary to protect the vital interests of the data subject or another natural person,
  5. when processing is necessary for the legitimate interests pursued by HTL or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

The Data Controller may use personal data in particular to:

  1. respond to inquiries or requests from the data subject,
  2. provide assistance regarding products and services,
  3. perform contractual obligations or take pre-contractual steps requested by the data subject.

Failure to provide relevant personal data may prevent the execution of the above actions, but does not exclude access to the Website itself.

The Data Controller may also process personal data for marketing purposes (including commercial offers), educational, and informational materials – only based on the data subject’s consent.

As part of passive data collection, the Website may use cookies or similar technologies necessary for its proper functioning, which cannot be disabled. Other cookies are used only with the user’s consent, for statistical purposes, and to improve the Website’s performance.

Personal data may also be processed without the data subject’s consent in the following cases:

  1. to comply with legal obligations or court/authority decisions,
  2. to fulfil obligations toward authorities or the data subject,
  3. to defend the rights of the Data Controller, including the right to legal defence.

3. Data processing methods

Personal data is processed electronically and/or in paper form through registration, processing, storage, and transmission of data using IT tools that ensure data security and confidentiality.

The Data Controller undertakes to:

  1. ensure the accuracy and up-to-date status of data,
  2. apply appropriate security measures,
  3. notify about data breaches (data breach notifications),
  4. comply with applicable data protection laws.

4. Data sharing and transfer

For the purposes indicated above, personal data may be shared with:

  1. employees and collaborators of the Data Controller,
  2. external data processing service providers acting as data processors,
  3. public administrative authorities,
  4. companies belonging to the same group as the Data Controller, acting either as independent controllers or processors, depending on the context.

The data subject may object to data processing based on the legitimate interests of the Data Controller at any time.

5. Transfer of data abroad

Personal data will be processed:

  1. in Poland – by HTL,
  2. in Italy and Germany – by Medical Technology and Devices S.p.A., Pikdare S.p.A. and Medical Technology and Devices Germany GmbH (affiliated companies within the group), if necessary or legally justified.

If data is transferred outside the European Economic Area (EEA), such transfer will occur only to countries that:

  1. have been deemed to ensure an adequate level of protection by the European Commission,
  2. or based on Standard Contractual Clauses,
  3. or under other appropriate legal safeguards.

6. Data retention period

The Data Controller retains personal data:

  1. no longer than necessary to achieve the processing purposes, unless otherwise required by applicable laws,
  2. to meet legal, regulatory, or contractual obligations.

7. Rights of data subjects

Every data subject has the right to:

  1. access their data,
  2. rectify inaccurate data,
  3. erase data (“right to be forgotten”),
  4. object to processing,
  5. restrict processing,
  6. data portability (if processing is based on consent or a contract and is carried out by automated means),
  7. not be subject to decisions based solely on automated processing,
  8. lodge a complaint with a supervisory authority.

To exercise these rights, you may contact:

  • by email: info@htl-strefa.pl
  • in writing: HTL-STREFA S.A., Adamówek 7, Ozorków 95-035, Poland,

or

  • lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (https://uodo.gov.pl/)

Last update 23.09.2025
Copyright © HTL Strefa 2025 Legal Notice Cookie Policy Privacy policy