1. Introduction
Epil Care Sp. z o.o. (operating as Idunn Medical, "we," "our," or "us"), NIP 7011077441, with its registered office in Warsaw, Poland, is the controller of personal data processed through this B2B distribution platform and related services.
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, register for a B2B account, place inquiries, or otherwise interact with us. It applies to business contacts and authorized users of partner organizations.
Where mandatory law grants you stronger protections, those protections prevail.
2. Data We Collect
We collect only data that is reasonably necessary to operate a secure B2B wholesale platform, verify professional buyers, fulfil orders, and meet regulatory obligations. Some information is provided directly by you; other data is generated through your use of the platform.
Categories of Personal Data
- Identity & Professional Details: Name, job title, work email, phone number, company name, VAT or tax identifiers, business registration details, and professional licences or clinic registrations submitted for B2B verification.
- Account & Transaction Data: Login credentials (stored in hashed form where applicable), order history, quotations, delivery addresses, correspondence, and payment-related references processed through our banking or payment partners.
- Technical & Usage Data: IP address, browser type, device information, log files, and interaction data used to secure the platform, prevent abuse, and improve reliability.
- Communications: Messages sent through contact forms, email, WhatsApp, or other support channels connected to your B2B relationship with us.
3. How We Use Your Data
We process personal data for B2B relationship management, order fulfilment, account verification, customer support, fraud prevention, and compliance with applicable law. We do not use professional credentials or account data for marketing communications without a separate opt-in where required by law.
Depending on the processing activity, our legal bases under the GDPR may include: performance of a contract or pre-contractual steps (Art. 6(1)(b)); compliance with legal obligations (Art. 6(1)(c)); and our legitimate interests in operating a secure B2B platform, verifying buyers, and protecting our business (Art. 6(1)(f)), balanced against your rights.
4. Sharing & Processors
We do not sell personal data. We share data only where necessary to provide our services, with your instruction, or where required by law.
Logistics & Fulfilment Partners
Delivery and customs data may be shared with carriers and logistics providers (such as DHL, UPS, or FedEx) to ship orders, monitor cold-chain handoffs where applicable, and complete customs formalities.
Service Providers
IT hosting, email, analytics, customer-support, and payment infrastructure providers that process data on our documented instructions as processors, subject to appropriate contractual safeguards.
Regulatory & Legal Disclosures
Authorities, courts, or advisers where disclosure is required by EU or national law, or reasonably necessary to establish, exercise, or defend legal claims.
International Transfers
Where data is transferred outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses or rely on another lawful transfer mechanism recognised under GDPR.
5. Retention & Security
We retain personal data only for as long as needed for the purposes described in this Policy, including statutory retention periods for accounting, tax, and regulatory records under Polish and EU law.
We apply technical and organisational measures appropriate to the nature of B2B medical distribution, including access controls, encryption in transit where supported, and restricted internal access to verification documents. No method of transmission or storage is completely secure.
6. Your Rights
Subject to applicable law, you may have the right to request access, rectification, erasure, restriction, portability, or objection to certain processing of your personal data. You may also withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
To exercise these rights, contact us at contact@idunnmedical.com. We may need to verify your identity before responding. You also have the right to lodge a complaint with the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, Poland.
We have not appointed a Data Protection Officer, as we do not currently meet the statutory criteria requiring one. Privacy inquiries are handled by our designated business contact channel above.
7. Cookies & Analytics
Our website may use essential cookies required for security and basic functionality. Non-essential cookies, including analytics tools such as Google Analytics or a privacy-focused alternative, will only be activated after appropriate consent where required by law.
You can manage cookie preferences through the cookie banner when implemented and through your browser settings.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last Updated” date above. We encourage registered partners to review this page periodically.