Privacy policy and cookies

I. About us

II. General provisions

III. What we use your personal data for

IV. On what terms and on what basis we process your data

V. What rights you have

VI. How we contact you

VII. Subcontractors/processors

VIII. Subcontractors/processors

IX. How we take care of your data processing

X. Data retention

XI. Authorisations

XII. Cookies

I. About us
As a responsible organisation that is aware that information has a certain value being a resource that requires proper protection, we are committed to duly informing you on matters related to the processing of personal data, especially in view of the content of new data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”). For this reason, in this document we set out the key information about the legal grounds for processing personal data, the means by which the data is collected and used, and the rights of data subjects.

We inform you that the Controller of your personal data is POLONEZ PLUS sp. z o.o. with its registered office in Warsaw, ul. Złota 59, 00-120 Warsaw, address for correspondence: ul. Ściegiennego 252, 25-116 Kielce, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0000096766, Tax Id. Numer (NIP): 6571026504, National Business Registry Number (REGON): 290604078.
Contact on matters related to data protection is possible at: [email protected]. Personal data shall be obtained and processed in the manner and on the terms set out in this Policy.

II. General provisions
At POLONEZ PLUS Sp. z o.o. we attach particular importance to protecting privacy of our clients, contractors, partners, subcontractors, employees and associates. One of its key aspects is the protection of rights and freedoms of natural persons in relation to the processing of their personal data.
We ensure that the processing of your data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “GDPR”), the Act of 10 May 2018 on the protection of personal data, as well as specific provisions (contained, among others, in the Labour Law or the Accounting Act).
POLONEZ PLUS sp. z o.o. is a controller of personal data within the meaning of art. 4 item 7 of the GDPR, we also use the services of processors referred to in art. 8 of the GDPR – they process personal data on behalf of the controller (these are e.g. IT companies, software providers, security companies).
POLONEZ PLUS sp. z o.o. implements appropriate technical and organisational measures to ensure a level of security corresponding to the potential risk of infringement of rights or freedoms of natural persons with various probability of occurrence and seriousness of threat. Our activities in the field of personal data protection are based on the adopted policies and procedures, as well as regular training sessions to improve the knowledge and competences of our employees and collaborators.

III. What we use your personal data for
As an employer, we process the data of employees and persons who cooperate with us on a basis other than employment relationships. Contact data collected from contractors (e.g. their employees) are used for the conclusion and smooth execution of contracts. We use our clients’ data for the purpose of performing contracts and providing our services. We also conduct marketing activities, and in this context we try to reach as many interested parties as possible in order to provide them with up-to-date information about our products and services.
We share your data with third parties with your consent or when we are obliged to do so by law.

IV. On what terms and on what basis we process your data
We take care to protect the interests of data subjects and in particular ensure that the data shall be:

  • processed lawfully, fairly and in a manner transparent to the data subject,
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes,
  • adequate, relevant and limited to what is necessary for the purposes for which the data is processed,
  • correct and updated where necessary. We take steps to ensure that personal data which is inaccurate in light of the purposes of its processing is deleted or rectified without delay,
  • kept in a form which allows for identification of the data subject for no longer than it is necessary for the purposes of the processing,
  • processed in a way which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss or destruction.


We normally process your data based on your consent, which can be withdrawn at any time. Another case is when the processing of your data is necessary for the performance of a contract to which you are party or to take action at your request, even before the conclusion of the contract.

In some situations, processing is necessary for the fulfilment of a legal obligation incumbent on us as a controller. Such obligations arise, for example, under labour law or the Accounting Act.

Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the pursuit of claims related to our business activities.

V. What rights you have
We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form and to conduct all communications with you regarding the processing of your personal data in connection with the exercise of your right:

  • To the information provided when personal data is collected,
  • To the information provided on request – about whether data is being processed, and other matters set out in Article 15 of the GDPR, including the right to a copy of the data,
  • to rectify your data,
  • to be forgotten,
  • to restrict processing,
  • to data portability,
  • to objections,
  • not to be subject to a decision based solely on automated processing (including profiling),
  • to the information on a data breach.


Furthermore, if your personal data is processed on the basis of your consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of the processing carried out before its withdrawal.

If you wish to contact us regarding the exercise of a particular right, please contact us via email: [email protected]
The security of your data is our top priority, however, if you feel that we are in breach of the GDPR by processing your personal data, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

VI. How we contact you
We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide the information orally if we otherwise confirm your identity. If you communicate your request electronically, the information shall also be provided electronically where possible, unless you indicate another preferred form of communication.

VII. When we comply with your request 
We endeavour to provide information promptly – in principle within one month of receipt of the request.

If necessary, this period may be extended by a further two months due to the complexity of the request. However, in any event, within one month of receipt of the request we shall inform you of the action taken and (where applicable) of the time extension, stating the reason for such delay.

VIII. Subcontractors/processors
f we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
We thoroughly check the entities to which we entrust the processing of your data. We conclude detailed agreements with them, and we perform periodic checks on the compliance of the processing operations with the content of such agreements and the provisions of law.
We may also transfer your personal data:

  • to entities and bodies authorised to process personal data on the basis of legal provisions,
  • to banks in the event of a settlement requirement,
  • to entities providing consultancy services,
  • to entities providing system and software services,
  • to entities providing hosting services,

IX. How we take care of your data processing

To meet the requirements of the law, we have developed detailed procedures covering issues such as:

  • data protection by design and data protection by default,
  • data protection impact assessment,
  • notification of infringements,
  • keeping a register of data processing activities,
    data retention,
  • exercise of data subjects’ rights.


We regularly review and update our documentation to be able to demonstrate compliance with legal requirements in accordance with the principle of accountability formulated in the GDPR, but also, out of concern for the interests of data subjects, we strive to incorporate best market practices.

X. Data retention
We keep personal data in a form which allows for identification of the data subject for no longer than is necessary for the purposes for which the data is processed. After such a period, we either anonymise (de-identify) or delete the data. In the retention procedure we ensure that the retention period of personal data is limited to the strict minimum.
The period of data processing is determined primarily on the basis of legal regulations (e.g. the duration of storage of employee records, accounting documents), as well as the justified interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.

The period for which personal data is stored, depends primarily on the purpose for which the data is collected, according to the following criteria:

  • the period of execution of the co-operation agreement/order – in case of data processing for the purpose of concluding and implementing the co-operation agreement,
  • the period necessary for the examination of the complaint lodged – in the case of data processing for the purpose of handling the complaint process,
  • until the dispute is resolved / the parties are settled, taking into account the relevant limitation periods – in the case of data processing for the purpose of asserting claims and taking action of a debt recovery nature,
  • until the moment of lodging an objection – in the case of data processing for the purpose of measuring the level of satisfaction among the controller’s clients and direct marketing (sending commercial information).

XI. Authorisations

We ensure that any person acting under our authority who has access to your personal data processes it only on our instructions, unless otherwise required by European Union or Member State law.

XII. Cookies

  • Cookies are IT data, in particular text files, which are stored in the Website User’s terminal equipment and are intended for use on the Website pages. Cookies usually contain the name of the website from which they come, the time of storing them on the terminal equipment and a unique number.
  • The entity placing cookies on the final device of the Website User and accessing them is the owner of the website.
  • The mechanism of cookies is not used to obtain any information about the users of the website or to track their navigation. Cookies used on the website do not store any personal data or other information collected from users and are used for statistical purposes.
  • By default, the software used to browse the Internet (web browser) allows the handling of cookies on the User’s device on which it is running. In most cases, you can configure the software yourself in this respect, including forcing an automatic blocking of cookies. The issues related to the configuration of the handling of cookies are to be found in the software settings (web browser). Please note that the setting of restrictions on the use of cookies may affect the operation of certain functionalities of the website.

Cookies are used for:

  • adjusting the content of the Website pages to User preferences and optimisation of the use of websites; in particular these files enable recognition of the Website User’s device and appropriate display of the website, adjusted to individual needs,
  • creating statistics which help to understand how users of the Website use the pages, which makes it possible to improve their structure and content,
  • maintaining a session of the Website User (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website,
  • The Website uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). ’’Session” cookies are temporary files that are stored in the final device of the User until logging out, leaving the website or switching off software (web browser). “Permanent” cookies are stored in the User’s terminal equipment for the time specified in the parameters of cookies or until they are deleted by the User.

The following types of cookies are used within the Website:

  • “necessary” cookies to enable the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website,
  • cookies used to ensure safety, e.g. used to detect misuse of the Website’s authentication;
  • “performance” cookies, enabling the collection of information on how the Website’s pages are used,
  • “functional” cookies, which make it possible to “remember” the User’s selected settings and personalize the User’s interface, e.g. with regard to the chosen language or User’s region, the font size, the appearance of the website, etc.
  • The website owner informs that the website contains links to other websites. The owner of the Website recommends getting acquainted with privacy policies in force there, because it is not liable for them.

The description of the technical and organisational security measures is contained in the Security Policy (protection of personal data) of the website owner. In particular, the following safeguards are applied:

  • Data collected from users during the registration process is secured by SSL protocol and by the mechanism of access authentication.