Privacy Policy
Purpose:
Scope of data:
Legal basis:
Processing period:
Providing access to the
Website
IP adress
Article 6(1)(b) of the
GDPR – processing is
necessary for the
performance of the
agreement to which the
data subject is a party or
undertaking actions upon
request of the data
subject prior to the
conclusion of the
agreement
Until the lapse of the
period of limitation of
claims connected with
making the Website
available to the data
subject
Sending newsletter
e-mail address
Article 6(1)(b) of the
GDPR – processing is
necessary for the
performance of the
agreement to which the
data subject is a party or
undertaking actions upon
request of the data
subject prior to the
conclusion of the
agreement
Until the data cease to be useful or the user objects/withdraw the consent regarding the newsletter
Contact with the Users, responding to queries
Name, e-mail address, company name, position, other data voluntarily provided by the relevant person as part of communicating with us
Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in responding to queries and correspondence provided directly by the data subjects via contact form
Until correspondence ends or the data subject objects
Analysis of traffic within the Website
IP address, cookies files accepted by the Website visitor
Article 6(1)(a) of the GDPR – consent given by the User
Until the data cease to be useful or the User withdraws the consent
Running social media channels on Instagram and LinkedIn
Social media Website identifier, username, other personal information of the user provided as part of his/her profile, such as first and last name
Article 6(1)(f) of the GDPR – legitimate interest of Service Provider as the controller that consists in contacting and displaying content to persons who have interacted with Service Provider’s accounts in particular social media channels.
Until the data cease to be useful (until removal of the Service Provider account on the relevant Website) until the data subject objects; until end of all interactions between the data subject and Service Provider on the relevant Website
Enabling participation in events organized by the Service Provider
Name, surname, e-mail address
Article 6(1)(b) of the GDPR – processing is necessary for the performance of the agreement to which the data subject is a party or undertaking actions upon request of the data subject prior to the conclusion of the agreement
Until the lapse of the period of limitation of claims connected with participation in the given event by the data subject
Documenting and promoting events organized by the Service Provider, including publishing photos and videos containing the image of participants in the Blog section of the Website, on social media, or other promotional materials
Image (photographs, video recordings).
Article 6(1)(a) of the GDPR – explicit consent given by the data subject for the processing and publication of their image; Or Article 6(1)(f) of the GDPR – legitimate interes of Service Provider as the controller that consists in publishing the image of a person who has consented to the dissemination of his/her image in accordance with
Until withdrawal of consent (if based on consent), or until the data cease to be useful for the promotional/informational purpose, or an effective objection is raised (if based on legitimate interest)
2.5. If the Service Provider is advised that the relevant person uses the services or the Website functionalities in violation of generally applicable legal provisions, then the Service Provider may process the user’s personal data in a scope required for establishing his/her liability and seeking claims against that user. 2.6. The Service Provider does not transfer the users’ personal data to third countries, that, is beyond the European Economic Area.
2.7. The Service Provider does not carry out automated decision-making based on the processed personal data. The user will not be subject to profiling.
3. RECIPIENTS OF DATA
3.1. The Service Provider may entrust the processing of personal data to third parties for the purpose of proper functioning of the Website. The recipients of the data of the persons mentioned above in this Privacy Policy may involve in particular: the provider of hosting for the Website, e-mail operator, entities providing tools for website traffic analysis (e.g., Google Analytics), a newsletter service provider (when this service is implemented).
3.2. The personal data collected by the Service Provider may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of generally applicable legal provisions, or other persons and entities – in the cases prescribed by generally applicable legal provisions.
3.3. Each entity to which the Service Provider transfers personal data for processing on the basis of a personal data processing agreement (“Data Processing Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. An entity processing personal data on the basis of the Data Processing Agreement may process personal data through another entity only upon prior consent of the Service Provider.
3.4. Personal data may be disclosed to unauthorised entities under the Privacy Policy only upon prior written consent of the data subject.
4. RIGHTS OF DATA SUBJECT
4.1. Each data subject has the right to (a) delete the collected personal data referring to him/her both from the system belonging to the Service Provider as well as from bases of entities that have co-operated with the Service Provider, (b) restrict the processing of data, (c) portability of the personal data collected by the Service Provider and referring to the relevant person, in this to receive them in a structured form, (d) request the Service Provider to enable him/her access to his/her personal data and to rectify them, (e) object to personal data processing, (f) withdraw the consent towards the Service Provider at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about the Service Provider to the supervisory authority (President of the Personal Data Protection Office).
4.2. All rights of the data subjects can be executed via e-mail address: gdpr@nutico.bio
5. OTHER DATA
5.1. The Service Provider may store http enquiries, therefore the files containing web server logs may store certain data related to the users, including the name of the user’s station – identification through http protocol, date and system time of receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the user before (if the user entered the Website through a link), information concerning the user’s browser, information concerning errors occurred by the realization of the http transaction. Only persons authorised to administer the IT system have access to the data referred to above. Such information and its summary do not identify user.
6. SECURITY
6.1. The Service Provider takes care of the security of personal data. For this purpose, the Service Provider has implemented appropriate safeguards and means of protection of personal data, taking into account risks connected with personal data processing processes. In particular, the Service Provider applies technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilations of the personal data collected by the Service Provider are stored on secured servers, moreover, personal data are also secured by internal procedures of the Service Provider related to the processing of personal data and information security policy.
6.2. Irrespective of the foregoing, the Service Provider states that using the Internet and services provided by electronic means may pose a threat of malware breaking into the ICT system and device of the relevant person, as well as a third party gaining access to data, including personal data. In order to minimise such threats, each person should use appropriate technical safeguards (antivirus programs) or programs securing identification on the Internet.
7. COOKIES
7.1. In order to ensure the correct operation of the Website, the Service Provider uses cookies (“Cookies”). Cookies are text information recorded on the user’s device (computer tablet, smartphone) that may be read by the ICT system of the Website or third parties.
7.2. The Service Provider uses the following types of Cookies:
7.2.1. Necessary (Technical) Cookies: These Cookies are required for the proper functioning of the Website. They enable basic functions such as correct content display, page navigation, or the operation of contact forms (if active). These Cookies are mandatory, and their use by the Service Provider does not require consent for their essential operation.
7.2.2. Functional Cookies: These Cookies allow the Website to remember settings and preferences chosen by the user (e.g., language, layout), enhancing user convenience.
7.2.3. Analytical/Statistical Cookies: These Cookies enable the collection of anonymous information about how the Website is used. They help in analysing website traffic and adapting content to visitor interests, for example, by measuring visit numbers, time spent on pages, device types used, and traffic sources (e.g., search engines, social media).
7.2.4. Marketing (Advertising) Cookies: These Cookies are used to create a user profile and display advertisements tailored to their interests, including after leaving the Website (e.g., on social media like Meta, LinkedIn, or in Google Ads). They are used for remarketing, ad personalization, and measuring ad campaign effectiveness.
7.2.5. Third-Party Cookies: These Cookies are installed by external entities whose services the Website uses. This includes cookies from Google (e.g., Google Analytics, Google Search Console), Meta (e.g., Facebook Pixel for Meta Ads), and LinkedIn (e.g., Insight Tag for LinkedIn ads). Examples include embedding maps, videos, social media integrations, and analytics tools.
7.3. It is not possible to determine the identity of a given person or otherwise identify him/her on the basis of Cookies. Cookies prevent the collection of any personal data.
7.4. Files generated directly by the Service Provider may not be read by other websites.
7.5. The Service Provider uses only the Cookies necessary to ensure the proper display of the Website and to provide its functionalities to particular persons. These Cookies are mandatory, and the use of them by the Service Provider does not require consent or any other action by the respective user of the Website.
7.6. The user may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings.
7.7. The user may individually disable storing Cookies on his/her device at any time in accordance with the instructions of the Internet browser producer, but this may disable certain parts of or the entire operation of the Website.
7.8. Details concerning Cookie support are available in the settings of the browser used by the relevant person.
7.9. As part of the banner provided within the Website, the user has the option to consent to particular types of Cookies. Within this banner, the user may also learn about the types of Cookies that are used on the Website, as well as verify which specific Cookies are used and who their provider is.
8. FINAL PROVISIONS
8.1. The Privacy Policy comes into force on 1st June 2025