How do we process your personal data? – GDPR information clause


    The controller of your personal data – “CONTROLLER” – is POLTING FOAM Sp z. o.o. with its registered seat in Gliwice at the address of ul. Jagodowa 10, entered in the National Court Register under the number 0000085447 NIP (taxpayer identification number): 642-000-12-51, REGON (national business register number): 008378040.

You can contact the Controller at the company’s location, by e-mail:, or by telephone: 32 331 30 37.

The Controller uses your personal data for the following purposes:

      1. conclusion and fulfilment of the binding agreement – throughout the duration of said agreement and for the time required to clear all settlements upon its completion (legal grounds: art. 6 section 1 b) of GDPR, abridged as “agreement fulfilment”);

      2. fulfilment of the legal responsibilities imposed upon the Controller (legal grounds: art. 6 section 1 point c), e.g.:

          a. issuing and archiving invoices and accounting documents,
          b. replying to letters and inquiries within the time and in the form established in appropriate provisions,

       3. fulfilment of the legitimate objectives of the Controller 3. (site monitoring to ensure safety, marketing of the products or services we offer, pursuance of claims) in accordance with art. 6 section 1 point f of GDPR,

       4. distribution of marketing communication and commercial information concerning the Controller, including customary contacts 4. (i.e. holiday cards, product offers, telephone conversations, cooperation offers, information about the provided services, products, events, etc.) – in such instances your personal data is processed in accordance with art. 6 section 1 points a and f of GDPR, i.e. the consent of the data subject (as long as the data subject in question expresses such consent) or the legitimate interests of the Controller.

      In order to fill out the form, the User needs to enter specific personal data. Providing personal data is strictly voluntary, but failure to provide the personal data designated as necessary makes it impossible to e.g. process the case submitted through the contact form. If fulfilment of an agreement to which the data subject is party or any action at the request of the data subject prior to conclusion of the agreement should require personal data processing, it will be necessary to provide the required and specific personal data range. Consent to electronic distribution of commercial information is strictly voluntary.

Personal data processing and archiving duration:

  1. for the time required to fulfil responsibilities, e.g. issue the invoice (legal grounds: art. 6 section 1 point c of GDPR, abridged as “legal responsibility”);

  2. for the time required by provisions to archive data, e.g. fiscal data (legal grounds: art. 6 section 1 point c of GDPR);

  3. for the time, in which the Controller may incur legal consequences for failing to fulfil a responsibility, e.g. be fined by state authorities or other business partners of the Controller (legal grounds: art. 6 section 1 point f of GDPR; abridged as “legitimate interest”);

  4. throughout the duration of the agreement (legal grounds: agreement fulfilment) and subsequently until expiration of the claims resulting from the agreement or for the duration of the Controller’s pursuance of claims or notification of appropriate authorities (legal grounds: legitimate interest of the Controller, art. 6 section 1 point f of GDPR);

  5. in scope of establishing, defending against, and pursuing claims, which includes sale of the Controller’s debts resulting from the agreement to a different entity – until expiration of claims resulting from the agreement (legal grounds: legitimate interest of the Controller, art. 6 section 1 point f of GDPR);

  6. direct marketing – for the duration of the agreement (legal grounds: legitimate interest of the Controller, art. 6 section 1 point f of GDPR);

  7. development of compilations, analyses, and statistics for the internal purposes of the Controller; this specifically includes reporting, marketing surveys, service development planning – for the duration of the agreement and subsequently until expiration of claims resulting from the agreement (legal grounds: legitimate interest of the Controller, art. 6 section 1 point f of GDPR);

  8. verification of creditworthiness for the time required to prepare such an evaluation in order to conclude, extend, or expand the scope of this or a subsequent agreement and to examine related claims (legal grounds: agreement fulfilment, art. 6 section 1 point b of GDPR); this also applies to data obtained by the Controller from other sources;

    In order to conclude the agreement and prepare the offer, the Controller requires the data needed to conclude the agreement (if you do not provide this data, the agreement shall not be concluded and no offer will be presented). Furthermore, the Controller may request optional data, which has no impact on conclusion of the agreement (if the Controller does not receive this data, the Controller will not be able to e.g. call the contact number, supervise fulfilment of the Agreement or offer inquiry). Providing data in order to conclude an agreement is not a statutory requirement.

Who receives your data from the Controller?

Your personal data is disclosed to:

      1) entities processing data on behalf of the Controller and involved in the following activities of the Controller:

          a) operators of the Controller’s ICT systems or providers of ICT instruments to the Controller,

          b) subcontractors supporting the Controller,

          c) entities providing consulting services, advisory services, auditing services, legal assistance, fiscal assistance, and accounting assistance to the Controller as commissioned to do so by the Controller;

    2) other personal data controllers processing personal data on their own behalf:

          a) entities operating postal or courier services;

          b) entities operating payment services (banks, payment institutions);

          c) entities cooperating with the Controller in scope of accounting, fiscal, and legal operations – in scope corresponding to that, in which they become data controllers;

    We can obtain your personal data directly from you (when you visit our location, from forms on the website, by telephone, or in writing). We can also obtain your personal data from other entities under your appropriate consent.

Will your personal data be disclosed outside of the European Economic Area (EEA)?

At present time, the Controller has no plans to disclose personal data outside of the EEA (which includes the European Union, Norway, Liechtenstein, and Iceland).

Automatic decisions

The Controller does not make automatic decisions with significant impact to your interests.

Your rights

You can file a request to the Controller (concerning personal data) for the following:

    a) rectification (correction) of your data;

    b) deletion of personal data processed lawlessly or placed on the Controller’s websites;

      c) c) restriction of processing (suspending data operations or not deleting data – accordingly to the filed request);

    d) access to personal data (for information about the personal data processed by the Controller or a copy of the personal data);

    e) transfer of data to a different personal data controller or yourself (within the scope established in art. 20 of GDPR).

    You can exercise said rights by requesting to do so in a letter or e-mail sent to the Controller. In order to make sure that you are authorised to make the request in question, the Controller may request additional data in order to authenticate the individual making the request. The scope of each specific right and the situations allowing them to be exercised are established by provisions of the law. The right available for you to exercise will depend on e.g. the legal grounds of the Controller’s use of your personal data and the purpose of personal data processing.

Right to object

    Irrespectively of the aforementioned rights, you are entitled to file an objection against the processing of your personal data (including profiling) for the purposes of direct marketing at any time. After receiving the appropriate request, the Controller must stop processing personal data for this purpose. In specific situations, you have the right to file an objection against the Controller’s processing of your personal data (including profiling) when the data is used on the grounds of the Controller’s legitimate interest or public interest. In this situation, after examining your request, the Controller will not be authorised to process personal data covered by such an objection unless the Controller should demonstrate:

    1) valid and legitimate grounds for processing of personal data, which the law considers as superior towards your interests, rights, or freedoms, or

    2) rounds for establishment, pursuance, or defence against claims.


    If the Controller does not need to use your personal data in order to fulfil the agreement, fulfil a legal responsibility, or for purposes of legitimate interests of the Controller, the Controller may request consent for specific ways to use your personal data. You can withdraw your consent at any time (which will have no effect on the legality of the use of your personal data prior to said withdrawal of consent).


    If you are under the impression that the processing of your personal data breaches provisions of the law, you have the right to file a complaint to the President of the Personal Data Protection Office.


    Cookies are small text files uploaded to the hard drive of the user’s computer in order to identify said computer on our servers. If your browser is configured to allow cookies, we will use them to recognise your computer when you visit the website in order to provide a more personal and streamlined service and improve the website’s quality. You can also configure your browser to block cookies.

Google Analytics

    Monitoring your website activity – your personal data will be processed automatically (including in scope of profiling), which will not produce any legal consequences towards you. Personal data profiling is based on personal data processing (including automatic processing) to project personal preferences and interests.

    The entity uses Google Analytics, a service offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA). To analyse user behaviour on our website. Google Analytics uses cookies, which are saved on the user’s computer in order to analyse the ways the user is using the website. The information concerning the aforementioned obtained by the cookie is usually uploaded to and saved on Google’s servers.

    Users can turn off all cookies or delete selected cookies by appropriately configuring the browser software. However, please be advised that in such situations the user will not be able to take advantage of all of the website’s functions. Furthermore, the user may prevent Google from downloading the data obtained by the cookie in scope of the way the user is using the website (including the IP address) and may also prevent Google from processing said data by downloading and installing a browser plugin available online at:

    Google Analytics also gathers IP addresses in order to ensure safe use of the service and to identify the countries, regions, and cities of the users (IP-based geolocation).

    The data is archived in an encrypted format optimised for performance instead of in a traditional database of file system. This data is dispersed in numerous physical and logical volumes, which ensures redundancy and convenient access, therefore protection from external tampering.

    The data of all Google users (consumers, companies, even Google’s own data) is dispersed in the shared infrastructure, which is composed of numerous homogeneous computers and located in Google data centres.

    Google Analytics also ensures safe transfer of its JavaScript libraries and measuring data. By default, Google Analytics uses the HTTP Strict Transport Security (HSTS) mechanism, which instructs browsers supporting the HTTP protocol secured with SSL protocol (HTTPS) to use said encryption protocol in all communication between Google Analytics servers, users, and websites.

    Our website uses the Google Analytics anonymizeIP function. This means that IP addresses are abridged before processing in order to make it impossible to associate them with specific individuals. If the personal data obtained for the given user can be associated with a specific individual, said association is immediately excluded and the personal data in question is promptly deleted.

    We use Google Analytics in order to analyse use of the website and in order to improve it on a regular basis. The obtained statistics allow us to improve our offer and make it more interesting for the user. The legal grounds for use of Google Analytics are established in art. 6 section 1 point f of GDPR.

    You can find the Google privacy policy online at the following address: Please note that Google amends this policy every so often and make sure that you have the current version.

How we protect your data

    The Controller applies appropriate technological and organisational measures in order to ensure security of the processed personal data adequately to the hazards and categories of the protected data.

    The website is equipped with security measures aiming to protect the personal data we process from being modified, destroyed, accessed by unauthorised individuals, disclosed, procured, lost, or processed in breach of provisions establishing the terms of conduct for personal data processing.

    Only a limited number of the company’s employees authorised by the data controller have access to processing of the Users’ personal data.


    n the event of any questions concerning the processing and protection of the personal data of System Users and use of cookies, including any questions concerning this “Privacy Policy”, please contact the personal data Controller.

    Users can also contact us to request information on if and how the Controller is processing User data, the objectives and ways of processing of the personal data of System Users, and in order to exercise the rights entitles in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Amendments to the policy

    This Policy takes effect from the enforcement date established above. We may amend it from time to time. If we do, we will publish all amendments on this website. If you should continue to use our website after said amendments are made, you are approving the amended Policy.