Privacy Policy

§1. Controller and scope of the Policy

The controller of personal data within the scope described in this Policy is Bartosz Tomczyk, seated in Wroclaw at Antoniego Slonimskiego 13/74, NIP 6932119180, email: kontakt@pillio.health ("Controller").

If the Controller has appointed a data protection officer, contact is possible at: kontakt@pillio.health.

This Privacy Policy sets out the rules for processing personal data related to the use of the Pillio App and to the User's contact with the Controller.

The Policy is informational and transparency-focused. Its purpose is to explain precisely which data is processed by the Controller and which data, under the App architecture, remains only on the User's End Device and is not transmitted to the Controller.

§2. Key privacy principles

Using the core App features does not require creating an account, logging in or providing identifying data.

Under the current operating model of the App, most data entered and saved by the User remains on the User's End Device.

To check potential interactions, the App transmits to the Controller's server only the data necessary to perform that check, in particular identifiers or names of selected medicinal products, active substances, dietary supplements or other reference entries.

Other data stored in the App, in particular settings, history, schedules, health profile, notes and preferences, is processed locally on the User's End Device.

The Controller does not use data transmitted for interaction checks to create a User account, a marketing profile or to train external artificial intelligence models.

The Controller does not disclose data transmitted for interaction checks to third parties for advertising purposes.

In the described model, the App does not use external profiling mechanisms, advertising analytics or tracking SDKs that send user data to the Controller or advertising partners.

If the App operating model changes, especially if account, sync, telemetry, remote logs, external SDKs, embedded forms or broader server-side data transmission are added, this Policy will be updated accordingly before such changes are launched.

§3. Data entered into the App by the User

When using the App, the User may enter, select or compare information needed to obtain a Result, especially names or identifiers of medicinal products, active substances, dietary supplements or other reference entries available in the App.

If the User uses the potential-interaction check function, the App transmits to the Controller's API the minimum scope of data needed to search entries, compare the selected entries and return a Result.

Apart from data necessary to handle an interaction check, information saved in the App is processed locally on the User's End Device. The Controller does not have remote access to that local data, does not create copies on its side and does not know its content unless the User voluntarily discloses it in separate correspondence.

Depending on the context of use, information entered into the App may constitute personal data or even health data if it makes it possible to link therapy or health status with an identified or identifiable person. For that reason, the App limits transmission to data needed to check potential interactions and keeps other data local.

To the extent the App technically stores certain settings, preferences or history only locally on the User's End Device, that data remains under the User's control. As a rule, the Controller cannot independently read, rectify, delete or export it on the Controller side.

As a rule, local data can be removed using the End Device's system functions, especially by clearing app data or uninstalling the app, although the method and scope of removal depend on the operating system and device settings.

§4. Data processed by the Controller when the User contacts the Controller

If the User contacts the Controller, especially regarding a complaint, question, bug report or other correspondence, the Controller may process the data provided in that communication.

The scope of that data may include in particular:

first and last name,

email address,

telephone number,

message content,

data contained in attachments,

technical information related to handling the correspondence.

Providing data in correspondence is voluntary, but it may be necessary to receive a reply or have the matter handled.

The Controller processes correspondence data for the following purposes:

handling an inquiry, request or complaint,

communicating with the User,

fulfilling legal obligations binding on the Controller,

establishing, pursuing or defending claims,

maintaining internal records of handled requests.

The legal basis for processing ordinary personal data contained in correspondence is, as applicable:

Article 6(1)(b) GDPR - when processing is necessary to take steps at the User's request or to perform a contract;

Article 6(1)(c) GDPR - when processing is necessary to comply with a legal obligation binding on the Controller;

Article 6(1)(f) GDPR - when processing is necessary for the purposes of the Controller's legitimate interests, such as handling correspondence, archiving and defending against claims.

The Controller asks that special-category data, especially health data, not be sent in correspondence unless it is absolutely necessary.

If the User nevertheless sends special-category data, the Controller will process it only incidentally and only to the extent strictly necessary to handle the matter, fulfil a legal obligation or establish, pursue or defend claims, on an appropriate GDPR basis.

§5. Data recipients

With regard to data entered into the App and kept only locally on the End Device, the Controller does not disclose data to recipients because the Controller does not receive that data on the Controller side.

With regard to correspondence data, the Controller may disclose data only to entities supporting lawful and secure contact handling, in particular:

providers of email and hosting services,

IT service and technical support providers,

law firms or advisers when necessary,

postal or courier operators when contact occurs through those channels,

authorised public authorities where required by law.

Data is disclosed only to the extent necessary to achieve a given purpose and in accordance with applicable law.

§6. Transfers outside the European Economic Area

As a rule, the Controller does not plan to transfer personal data outside the European Economic Area.

However, if the use of email, hosting or support providers results in data being transferred outside the EEA, the Controller will ensure that this takes place lawfully, in particular using appropriate safeguards required by the GDPR.

§7. Data retention period

Data entered into the App and remaining only locally on the End Device is not stored by the Controller.

Data contained in correspondence is stored for the period:

necessary to handle the matter,

then for the period required by law, if such an obligation exists,

or for the limitation period for claims if storage is needed to establish, pursue or defend claims.

After the relevant period expires, data is deleted or anonymised unless further retention is required by law.

§8. Rights of data subjects

To the extent the Controller processes personal data on the Controller side, the data subject has, under the GDPR, the right to:

access data,

rectify data,

erase data,

restrict processing,

object to processing,

data portability where legally and technically possible,

withdraw consent to the extent processing is based on consent,

lodge a complaint with the President of the Personal Data Protection Office.

The rights described above apply only to data that the Controller actually possesses and processes on the Controller side.

With regard to data stored only locally on the End Device, the Controller is generally unable to satisfy requests for access, rectification, deletion or export because the Controller does not receive that data and has no remote access to it.

Requests regarding data processed by the Controller can be sent to: kontakt@pillio.health.

§9. Automated decision-making and profiling

The Controller does not carry out automated decision-making concerning Users within the meaning of the GDPR.

The Controller does not profile Users on the basis of data obtained through the App.

§10. Security

The App architecture has been based on the principle of minimising data on the Controller side by removing accounts, storing app data locally and limiting server transmission to data necessary to check potential interactions.

The Controller recommends that the User:

protect the End Device with a password, biometrics or another appropriate safeguard,

use an up-to-date operating system,

not share the device with unauthorised persons,

not store more identifying data on the device than necessary.

§11. Changes to the Privacy Policy

The Controller may change this Privacy Policy in particular in the event of:

changes in law,

changes in App functionality,

changes in data-processing methods,

changes in the Controller's contact details.

A new version of the Privacy Policy will be published in the App, in the place where it is downloaded or on the Controller's website at pillio.health.

Changes enter into force on the date indicated in the new version of the Policy.