1. 1. Personal Data Controller – EBIS Spółka z ograniczoną odpowiedzialnością with its headquarters in Kraków, ul. Armii Krajowej 25, 30-150 Kraków, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0000459760,
    NIP: 6762464669, REGON: 122843907, share capital of PLN 51,000.00.
  2. 2. Website – the website maintained by the Controller at:
  3. User – natural person using the Website.
  4. Personal data any information about an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
  5. GDPR– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

This Privacy and Cookies Policy informs you about the rules for the processing of personal data on the website belonging to the Controller, as well as the use of cookies that may be used or made available during the User’s use of the Website.


In connection with the use of the Website by the User, information is collected about User activity on the Website
including data recorded in the form of cookies and server logs As a rule the Controller does not process Users’ personal data in connection with the use of cookies, as the information obtained by means of these files does not make it possible to identify and determine the User’s identity (the Controller only processes statistical, anonymised data).


If you have any questions regarding the processing of your personal data by the Controller, you may contact us at the e-mail or at the telephone number +48 12 307 06 35.


When using certain functions of the Website, the User may be asked to provide personal data. The extent of mandatory and optional data is determined in each case according to the needs of the particular service the User intends to use. Data through the Services are collected by the Controller directly from the data subjects.

If the User uses the Website solely for the purpose of reading its content, the Controller may collect certain information about the User using cookies, of which the Users are informed each time by the Controller. Information on cookies used on the Website is contained in point XI of this Privacy Policy.

The provision of data is voluntary but necessary in order to use the Website functionalities provided, including contact forms. If you do not accept the provisions of this Privacy Policy, you will not be able to use the Website functionalities made available to you, and you should refrain from submitting your personal data using the forms when you do not accept the provisions of this Policy.


The Controller will only collect and process Users’ personal data in accordance with the provisions of this Privacy Policy. Any data provided by the User, will be used by the Controller only for:

  • • for marketing purposes, when the User agrees to receive commercial or marketing communications from the Controller (including e.g. newsletter services) – the legal basis for data processing is Article 6 (1)(a) GDPR;
  • • to provide customer service and to contact the User, including in order to inform about any changes concerning the offer, products and services offered by the Controller – the legal basis for data processing is Article 6 (1)(b) or (f) GDPR;
  • • to process personal data in order to comply with legal obligations – the legal basis for data processing is Article 6 (1)(c) GDPR;
  • • to perform any contractual obligations to the Controller’s business partners, which is our legitimate interest in processing the data – the legal basis for processing the data is Article 6 (1)(f) GDPR;
  • • for analytical, developmental purposes, for improvements (including to improve user experience), administration, maintenance, technical support and security of the Website, which is our legitimate interest in processing the data – the legal basis for processing the data is Article 6 (1)(f) GDPR;
  • for the possible establishment, investigation or defence of claims, enforcement or investigation of potential violations of the terms and conditions of use of the Website or other actual or alleged unlawful activities, protection of the rights, property or security of the Website, Users, customers and employees of the Controller and other third parties, which constitutes our legitimate interest in processing the data – the legal basis for processing the data is Article 6 (1)(f) GDPR;
  • • for the purposes of using the contact form provided by the Controller on the Website, including the handling of enquiries and requests made through the contact channel provided by the User – the legal basis for data processing is Article 6 (1)(f) GDPR;
  • • for marketing purposes, including profiling for marketing purposes – the legal basis for processing is Article 6 (1)(f) GDPR.
  • • in order to use the tools of our partners that support the operation of the Website and to use these tools to enable the functionality of the Website in accordance with point XIII of this policy – the legal basis for the processing of your data is Article 6 6(1)(a) GDPR, i.e. your consent. 6 6(1)(a) GDPR, i.e. user consent.



Users’ personal data may be provided by the Controller:

  • • to companies cooperating with the Controller, insofar as the provision of such data is necessary in connection with the Controller’s interests;
  • • to persons authorised by the Controller, i.e. employees and associates who need to have access to personal data in order to perform their duties;
  • • Users’ personal data may be transferred to our partners and external entities providing services to the Controller and processed by them in order to enable them to perform the services commissioned by the Controller, including IT service providers, administrative, postal or courier services, as well as accounting, marketing and legal service;
  • • to public authorities or entities entitled to obtain the data under applicable law, e.g. courts, law enforcement agencies or state institutions, when they make a request, based on the relevant legal basis.

• to public authorities or entities entitled to obtain the data under applicable law, e.g. courts, law enforcement agencies or state institutions, when they make a request, based on the relevant legal basis.

In the case of cooperation with the Controller’s partners or third-party suppliers – the locations of such third-party suppliers may be either within countries that are members of the EU or outside the European Economic Area (EEA).

In the event that our partners or suppliers are based outside the EEA, the Controller shall ensure that transfers of data outside the EEA take place in accordance with applicable laws. The level of data protection in countries outside the EEA may differ from that guaranteed by European law. We may transfer data to our partners outside the EEA in particular on the basis of decisions issued by the European Commission or standard data protection clauses (e.g. when the transfer occurs in connection with the Controller’s use of the Google Analytics tool).

All third parties are obliged to comply with the Controller’s guidelines and to implement appropriate technical and organisational measures to protect Users’ personal data. Recipients of data may act as our processors (in which case they are fully subject to our instructions as to the processing of personal data) or as independent Controllers (in which case you should additionally read the personal data processing rules applied by these entities).



The User of the Services has the following rights in relation to the personal data processed by the Controller:

  • • the right of access to the User’s personal data;
  • • the right to rectification of User personal data if the data is inaccurate or incomplete;
  • • the right to erasure of personal data;
  • • the right to object to the processing of the User’s personal data. The right to object applies when the Controller’s processing of the data is based on the Controller’s legitimate interest, e.g. to profile the data for marketing purposes. Upon receipt of an objection, the Controller will stop processing the data for these purposes unless there are compelling legitimate grounds that override the interests, rights and freedoms of the User or the User’s data are necessary for the Controller to possibly establish, assert or defend claims;
  • • If the User has given his/her consent to the processing of personal data, e.g. in the case of a newsletter subscription or consent to receive commercial information, the User may withdraw his/her consent to further data processing at any time. Consent may be withdrawn at any time by contacting the Controller at the email address set out in Section IV of this Privacy Policy. The withdrawal of consent does not affect the lawfulness of the processing carried out by the Controller before the withdrawal of consent by the User;
  • • the right to portability of the User’s personal data;
  • • the right to restrict the processing of the User’s personal data;
  • • the right to lodge a complaint with a supervisory authority.



The Controller shall store and process the Users’ personal data for the period necessary for the purposes of fulfilling the purposes of processing indicated in Section VI of this Privacy Policy or in accordance with mandatory legal provisions, i.e., for example, until the User withdraws his or her consent or until the completion of the contract when the parties conclude a contract using the functionality of the Website or until contact is made or questions sent via the contact forms are answered.

Once the purpose of the processing has been achieved, the Controller will delete or anonymise the personal data and, where the Controller intends to process the data for analytical purposes, the Controller undertakes to use the data to the extent adequate and necessary for the specified purposes of the processing and, in particular, in a manner that prevents the identification and identification of the data subjects (e.g. by using pseudonymisation mechanisms)


The Controller shall apply appropriate and adequate technical and organisational measures to ensure an adequate level of security and integrity of Users’ personal data, using proven technological standards to prevent unauthorised access to Users’ personal data or other threats to personal data.

  • 1. For its operation, the Website uses cookies, which are short text information stored in your browse.
  • 2. When you reconnect to the Website, the Website recognises the device on which the page is opened. The files can be read by the system used by the Controller, as well as by the service providers used to create the Website.
  • 3. Some cookies are anonymised, which makes it impossible to identify the user without additional information.
  • 4. By default, the Internet browser allows the use of cookies on the devices you use, so the first time you visit the Website, a message appears asking you to agree to the use of cookies.
  • 5. The Controller may use its own cookies (i.e. the cookies referred to in points 6(a) – 6(c) below) or the cookies of the Controller’s partners (in terms of the cookies referred to in points b and c below).
  • 6. The Website uses the following cookies:
    1. a) essential – cookies used to provide Users with the services and functionalities of the Website that the User intends to use. Necessary cookies come exclusively from the Controller and are installed by the Controller on the Users’ final device;
    2. b) functional cookies – cookies allow the Website to remember and adapt to the User’s choices, including language preferences;
    3. c) creation of statistics / analytical cookies – these cookies are used to analyse how users use the Website (how many open the website, how long they stay on it, which content is of most interest, etc.). This allows us to continuously improve the Website and adapt its operation to users’ preferences;
  • 7. In the event that you do not wish cookies to be used when viewing the Website, the settings in your Internet browser should be changed as follows:
  • a) completely block the automatic handling of cookies, or
  • b) request notification whenever cookies are placed on your device. You can change your settings at any time.
  • 8. Disabling or restricting the use of cookies may result in significant difficulties in the use of the Website, e.g. in the form of longer page loading times, restrictions on the use of functionality, etc.
  • 9. Certain events triggered by persons using the Website and information about them are recorded in the form of logging on the server. The data stored in this way is used exclusively for the proper administration of the Website, to ensure its correct operation and the uninterrupted functioning of its various functionalities.
  • 10. The following information may be recorded as server logs:
  • a) the brand and model of the device on which the page is opened;
  • b) hardware ID;
  • c) type and version of the operating system;
  • d) date and time of logging in,
  • e) the IP address of the device.
  • 11. Logs of individual user activities may also be recorded in the form of logins. In this case, the logs are available in the tools designed to support the individual functionalities of the Website.
  • 12. The data indicated in para. 10 above are not associated with specific users and their use only covers the activities indicated in para. 9 above.



The Website uses so-called social plug-ins that redirect to the Controller’s profiles maintained on social networks and instant messengers (Facebook, LinkedIn, Whatsapp). Using the functionalities offered by these plug-ins, Users can go to a page belonging to the Controller (so-called “Fanpage”) on the selected social network or instant messaging service and read information about the Controller on the services or instant messaging services to which the redirection is made.

When using the indicated plug-ins, data is exchanged between the User and the respective social network, messenger or Internet service. However, the Controller does not process this data, which is collected by the administrators of the indicated services when using the plug-ins. Therefore, the Controller encourages the User to read the regulations and privacy policies of these services before using the respective plug-in. The use of certain functions of the indicated providers may involve the use of third-party cookie.

Personal data provided voluntarily on Fanpage will be processed by the Controller in order to manage the given Fanpage, communicate with you, including answering your questions, interacting with you, informing you about the Administrator’s offer, organised events, creating a Fanpage community on the chosen platform, to which redirections in the form of social plugins lead. From the moment you click on the respective plug-in, your personal data is processed by the respective website/social network/Internet communicator, and its owner becomes a joint controller of your personal data in accordance with Article 26 of the GDPR. With regard to the data you voluntarily provide on social networking sites or instant messaging services, you have the rights set out in section VIII of this Policy.

For more information on the technologies used, please refer to the privacy policy of the respective provider:





For certain functions on our Website, we use the services of external providers. The respective services are mostly optional functions, which must be expressly selected or used by you. We have entered into contractual agreements with the respective providers for the provision or integration of their services and, within the scope of our capabilities, we endeavour to ensure that the external providers also transparently inform you about the extent of the processing of your personal data and comply with the data protection laws.


As part of our Website, we use the Google Maps service provided in connection with certain functionalities of the Website (redirection to the Controller’s location or office premises). This is our legitimate interest within the meaning of Article 6(1)(f) GDPR, which is also the legal basis for the use of Google Maps. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”).

In order to use the Google Maps service, it may be necessary to store your IP address. This information will, in principle, be transferred to Google’s servers in the USA, where it will then be stored. The Website Controller has no influence over this data transfer.

Google Analitycs

Google Analytics uses its own cookies primarily to report on user interaction with the Website. The cookies are used for this service for the Controller’s analytical and statistical purposes (information about User activity and use of the Website).

Google Analytics also supports an optional browser add-on which, when installed and activated, disables Google Analytics measurements on all pages viewed by the User:

In some cases, data collected using the above-mentioned tool may constitute personal data, i.e. information such as pseudonymised cookie identifiers, pseudonymised ad display identifiers, IP addresses, other pseudonymised user identifiers.

The legal basis for the application of the indicated service to you is consent pursuant to Article 6 6(1)(a) GDPR in conjunction with the Controller’s legitimate interest, i.e. Article 6 (1)(f) GDPR.

More information about the service is available at:


The data provided by Users on the Controller’s websites will not be subject to automated decision-making, but the Controller reserves that User data may be profiled for marketing purposes. The legal basis for such processing is our legitimate interest, i.e. Article 6 6(1)(f) GDPR.

  1. 1. To the extent not covered by this Policy, the relevant generally applicable provisions shall apply, in particular the GDPR and the Polish Act of 16 July 2004 — Telecommunications Law.
  2. 2. The User shall be informed of any changes introduced to this Policy by publication of the new text of the Policy on the Website and by displaying a message upon entering the Website.
  3. 3. This Policy shall be effective as of 01.09.2022.