Privacy policy


 The Polpharma Biologics Group is committed to protecting your privacy and personal data. This Privacy Policy contains detailed information on the processing of the personal data of the users of this website (hereinafter “Website”) and the people with whom we come into contact in connection in the performance of our business activities. 

1. Who is your personal data controller? 

The joint controllers of your personal data processed on the Website are: 
I. Polpharma Biologics S.A., with its registered office in Gdańsk at ul. Trzy Lipy 3, 80-172 Gdańsk, which is entered into the register of entrepreneurs of the National Court Register, which is entered into the register of entrepreneurs of the National Court Register under the number: 0000763945, TIN: 9571112470, fully paid-up share capital: PLN 1 255 000 000.00; DPO e-mail: iod@polpharmabiologics.comPaweł Sobel;
II. Polpharma Biologics Warsaw Sp. z o.o., with its registered office in Duchnice, ul. Spółdzielcza 4, 05-850 Duchnice, postal district Ożarów Mazowiecki, which is entered into the register of entrepreneurs of the National Court Register under the number: 0000498732, TIN: 1182096979, waste database number: 000476915, share capital: PLN 349,835,000.00;
III. Polpharma Biologics Utrecht B.V. ul. Yalelaan 46, 3584 CM Utrecht, The Netherlands; 
IV. Polpharma Biologics Group B.V., Herengracht 458, 1017 CA Amsterdam, The Netherlands; 
hereinafter jointly referred to as the “Joint Controllers”. 
If you contact one of the Joint Controllers, this entity will become the independent Controller of your personal data.

2. How can you contact us?

You can contact us on all matters regarding personal data processing, including in order to excercise your rights:
I. by e-mail to the following address:; or
II. by mail at the following address: Polpharma Biologics S.A., ul. Trzy Lipy 3, 80-172 Gdańsk.

3. What personal data do we process? 

Your personal data may be processed by the Joint Controllers to the following extent: 
I. data you provide to us for contact purposes (such as: name, surname, e-mail address, telephone number, entity in the name of you’re writing a message); 
II. your IP address and data regarding your activity on the Website (e.g. date and time of access to the Website, name and URL of the file downloaded, volume of data transferred, access status, identification data of the browser and operating system used). 
The need to provide your personal data does not result from any legal or contractual obligations, however, failure to disclose them in some cases may cause difficulties or make it impossible to use some of the Website's features as well as contacting us.

4. What is the purpose of processing your personal data? 

The purpose of processing your personal data is: 
I. to perform activities related to the administration of the Website to ensure its proper functioning; 
II. to enable you to communicate with each of the Joint Controllers; 
III. to analyse your activity on the Website, including i.e. through the use of “cookies”, to improve, develop, and adapt the Website to your needs, and to better tailor our services to your needs, to optimise our products and support processes, to build customer knowledge, to conduct internal reporting, and to ensure compliance with the law, industry codes and norms, and the internal regulations of the Joint Controllers; 
IV. to establish, investigate or defend against claims that may arise in connection with the use of the Website.   
The basis for processing your personal data for the above purposes is Article 6(1)(f) GDPR, namely the controller’s legitimate interest which consists in achieving the above-mentioned goals.
Additionally, we may process your personal data if you want us to take steps to start working with you (for example, by sending us an e-mail, via contact form on the Website) and your data is necessary for this purpose. The legal basis for the processing is Article 6(1)(b) GDPR.  
Based on your freely given consent (that is article 6(1)(a) of GDPR) we may use your personal data to market the products, services or activities of the Joint Controllers or other Polpharma Biologics Group companies.

5. Over what period will your personal data be stored? 

Your personal data will in each case no longer be stored than necessary for the purposes for which they are being processed. The period of storing your personal data will vary depending on the purpose for which your personal data is being processed. 
As a rule, your data obtained in connection with your visit to the Website and processed for the purposes specified in point 4. shall be stored until such a time as our legitimate interest is satisfied or until you raise an effective objection. 
If your data will be processed for the purpose of contacting one of the Joint Controllers, your data will be stored for the period necessary to respond to you. 
If your data is collected for the purpose of taking steps to establish a business relationship with you, your data will be stored for the period required to perform such activities and, possibly, for the period required to perform the agreement that is concluded as a result, and after the expiry of the above period, also for the period necessary to assert claims arising from the above activities. 
If your data is processed on the basis of your consent, its storing will continue until the consent is withdrawn, but no longer than until all purposes of processing personal data are fulfilled. 

6. To whom may your personal data be transferred? 

The Joint Controllers may transfer your personal data to the following categories of recipients: 
I. service providers, namely external companies assisting us in running our business (including IT service providers, advisory and legal service providers) with which we have entered into appropriate agreements on the processing of your data; 
II. public authorities which are entitled to process this data under the applicable provisions of the law; 
III. other entities from the Polpharma Biologics Group – to the extent to which this is necessary for the purposes described above. 
The recipients of personal data may be residents of or may have their registered offices in countries outside the European Union (“EU”) or European Economic Area (“EEA”). Personal data will only be transferred outside the EU or EEA either to countries that the European Commission has confirmed an adequate level of data protection or with appropriate safeguards. In such cases, you may request copies of these respective safeguards, or the specification of where your data has been made available, by contacting us in the manner described in point 2 above.  

7. What are your rights related to personal data processing? 

In connection with the processing of your personal data, you have the right to request to: 
I. obtain access to your personal data; 
II. receive a copy of your personal data; 
III. data portability; 
IV. correct or rectify any data that is incorrect or incomplete;
V. erasure of your data or restrict the processing of personal data;
VI. withdraw consent for the processing of personal data; 
VII. object against the processing of personal data. 
These rights are not absolute, and the Joint Controllers will handle your request in conformity with applicable laws and regulations. 
In the case of processing personal data on the basis of our legitimate interest, you have the right to object to such data processing at any time, for reasons related to your particular situation.
If we process your data on the basis of your consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
In order to execute the above-mentioned rights, please contact us at the address indicated in point 2 above.
You also have the right to lodge a complaint with a President of the Personal Data Protection Office (, Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, Poland) or Dutch Data Protection Authority (, Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG, The Netherlands). 

8. Profiling 

We do not use automated decision-making (including profiling) in the meaning of Article 22 GDPR in connection with the operation of the Website or contacting you in any other way. If we use such processes in the future, you will receive a separate notice from us in accordance with the respective provisions of the law.  

9. Security 

The Joint Controllers use appropriate technical and organisational measures to ensure that your personal data is protected against unauthorised use, processing, acquisition, and modification. 
Your use of the Website does not involve any particular risks, other than the normal risks associated with the use of the Internet. However, we advise you to be careful and to use appropriate software, in particular anti-virus and firewall security software. 

10. Cookies

Detailed information about the cookies used on the Website can be found in the Cookies Policy
Last update: 20.06.2022 


Let’s collaborate and deliver quality biosimilars together.

Get in touch for more information.