Privacy, cookies and personal data

Find out how we care about your privacy

The privacy policy

This Privacy and Cookies Policy defines the rules of processing
personal data obtained through
the website (hereinafter referred to as: “The website”).

Personal data of the Website Users is collected automatically,
processed in compliance with the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Users have rights granted to them in individual provisions of the GDPR.

§ 1

Data Controller

The owner of the Website and, at the same time, the Data Controller
is Fabryka Cukierków „Pszczółka” Sp. z o.o. KRS 0000370450, TIN 9462616622

§ 2

Type of data processed, purposes

and legal grounds

  1. Users’ personal data is collected for the purposes of the contact form
    via the Website.

  2. Your data is processed on the basis of Article 6, section 1 letter b GDPR – i.e.
    implementation of the services provided via the Website.

  3. When filling out the contact form mentioned in section 1,
    the User must obligatorily provide: full name, e-mail address, message content and confirmation of acceptance of the Website’s privacy policy.

§ 3

Data sharing and entrusting

  1. The User’s personal data, which is used by the Controller when running the Website, is transferred to the service providers. Suppliers of
    services to whom personal data is transferred are subject to Controller’s instructions as to the purposes and methods of processing this data (processing entities).

  2. Processors include Industi Sp. z o. o. seated in
    Lublin, ul. Narutowicza 77/3, 20-019 Lublin in order to use the Website hosting services.

  3. In the event of a request, the Controller provides personal data
    to authorized state authorities, in particular common courts,
    the prosecutor’s office, the police, the President of the Personal Data Protection Office or the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communication.

§ 4

Rights of the User

  1. The right to delete data, the so-called “right to be forgotten” (Article 17 of the GDPR).

The User has the right to request the deletion of all or some personal data if:

  1. personal data is no longer necessary for the purposes for which they were collected or processed;

  2. the personal data is unlawfully processed;

  3. personal data must be removed in order to comply with a legal obligation provided for in the law of the European Union or the law of a Member State, which the Controller is subject to;

  4. the personal data has been collected in relation to the offering of information society services.

Despite the request to delete personal data, in connection with the objection,
the Controller may keep certain personal data to the extent to which processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation that requires processing under the EU law or the law of the Member State, which the Controller is subject to. This applies in particular to personal data including: first name, last name, e-mail address, the data which is stored for
complaints and claims processing purposes related to the use of the Controller’s services.

  1. The right to limit data processing (Article 18 of the GDPR).

Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request.

The user has the right to request the restriction of the use of personal data in the following cases:

    1. when they question the correctness of their personal data – then
      the Controller restricts their use for the time needed to
      check the correctness of data, but not longer than 7 days;

    2. when data processing is unlawful, and instead of deletion
      of the data, the User will request the restriction of their use;

    3. when personal data is no longer necessary for the purposes for which they were collected or used but they are needed by the User for the purpose of establishing, pursuing or defending claims;

    4. when they objected to the use of their data – then
      the restriction occurs for the time needed to consider whether – due to the special situation – protection of interests, rights and freedom of the User outweighs the interests pursued by the Controller processing the User’s personal data.

  1. The right to access the data (Article 15 of the GDPR).

The User has the right to obtain confirmation from the Controller as to whether they are processing personal data, and if this is the case, the User has the right to:

  1. access their personal data;

  2. obtain information about the purposes of processing, categories of the personal data being processed, about the recipients or categories of recipients of this data, planned period of storage of the User’s data or about the criteria determining this period (when determining the planned period of processing
    data is not possible), about the rights of the User under
    GDPR and the right to lodge a complaint with the supervisory authority, about the source of that
    data, about automated decision making, including profiling, and
    about the security measures used in connection with the transfer of this data, except for
    The European Union;

  3. acquire a copy of their personal data.

  1. The right to rectify the data (Article 16 of the GDPR).

    The User has the right to request the Controller to immediately
    rectify incorrect personal data concerning them. Taking into account the purposes of processing, the User has
    the right to request the completion of incomplete personal data, including by
    submitting an additional statement by sending a request to the email address in accordance with § 8 of the Privacy Policy.

  1. In the event of the User withdrawing from the right resulting from
    the above rights, the Controller fulfils the request or refuses to fulfil it immediately, but no later than one month after its
    receipt. However, if – due to the complexity of the request or
    number of requests – the Controller will not be able to fulfil the request within a
    month, they will fulfil them within the next two months by informing
    the User within one month from receiving the request – about
    the intended extension of the deadline and its reasons.

  2. The User may submit complaints, inquiries and requests to the Controller
    regarding the processing of their personal data and implementation of
    their rights.

  3. The User has the right to request the Controller to provide a copy of
    standard contractual clauses, directing the inquiry in the manner indicated in § 6 of the
    Privacy Policy.

  4. The user has the right to lodge a complaint with the President of the Office of
    Personal Data Protection, in the scope of violation of their rights to protection of
    personal data or other rights granted under the GDPR.

Cookies Policy

§ 5

Cookies mechanism

  1. The website uses cookies. They are saved on
    the end device of the person visiting the Website, if
    the web browser allows it. The cookies usually contain a name of
    the domain it comes from, its “expiry time” and individual,
    randomly selected number identifying this file.

  2. The information collected using this type of file is for the purpose of:

  1. adjusting the content of the Website to the User’s preferences
    and optimizing the use of the Website; in particular these files
    allow to recognise the User’s device and properly display the webpage, tailored to their individual needs,

  2. to maintain User’s session,

  3. statics, in particular allowing the Controller to analyse
    the manner in which users use the Website.

  1. When using the
    Website additional information may be downloaded, in particular:

  1. an IP address assigned to the User’s computer or an external IP address
    Internet providers, domain name, browser type, access time, type of the operating system.
  2. section permissions: location, contacts and phone.
  3. It uses analytical type of cookies. In the case of this kind of
    cookies the Website uses Google’s solutions and tools, i.e. Google Analytics. More information on the Google Analytics code and cookies can be found in the Google Analytics Policy
    regarding security and privacy

§ 6

Final provisions

  1. Questions and doubts regarding this Privacy Policy and Cookies, as well as
    Website Users
    can be reported to the Controller electronically
  2. In the event of a change in the current Privacy and Cookies Policy, appropriate modifications to the above rules will be made available on the Website.



a. Fabryka Cukierków ,, Pszczółka ”, Sp. z o. o. with its registered office in Lublin, ul. Ludwika Spiessa 7, postal code: 20 – 270 Lublin (hereinafter referred to as: the “Company” or “Administrator”), declares that in the case of personal data processing within the meaning of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th of April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), shared to the extent necessary in connection with commercial or business cooperation between the Company and you or an entity represented by you, your employing entity or otherwise cooperating with you (hereinafter also referred to as the “contractor”), is their Administrator.
b. In this clause, the Company informs about all forms of use of personal data in the territory of Poland in relation to natural persons who are:

  • suppliers or contractors of the Company,
  • subcontractors or contractors of the Company’s suppliers,
  • partners, employees, statutory representatives, proxies, representatives of suppliers, contractors or their subcontractors,
  • other persons whose data we process for the purposes of issuing or executing invoices as part of cooperation with suppliers or contractors

(hereinafter collectively referred to as the “You”).

c. Contact to the person responsible for ensuring compliance of personal data processing with the provisions of the law on their protection by the appointed Administrator: e-mail address: phone no.: +48 81 463 23 41

d. In the case of concluding a contract directly between you and the Company, providing the data specified above is voluntary, but necessary for the purpose of concluding the contract and handling cooperation between you and the Company. This also applies to a situation either the Company orders goods or services from you on a regular basis or just once.

e. If you do not conclude a contract directly with the Company, providing your personal data may be your official duty or may be necessary to conclude a contract between you and a third party (contractor).

f. The consequence of not providing the data is the inability to perform the abovementioned actions by the Company.

g. The administrator processes personal data in the event that (legal basis for the processing of personal data):

  • this processing is necessary to fulfill contractual obligations towards you, if you are or will be a party to a contract concluded with the Company or to take specific steps before concluding a contract, e.g. preparing a drafts of the contract (Art. 6 para. 1 (b) of the GDPR);
  • this processing is necessary in order to fulfill the legal obligations of the Company or it is explicitly required by law (Art. 6 para. 1 (c) of the GDPR) – in the scope of personal data contained in documents subject to archiving on the basis of legal provisions;
  • such processing is necessary for the implementation of the legitimate interests of the Company or a third party and does not excessively affect your interests or fundamental rights and freedoms (Art. 6 para. 1 (f) of the GDPR), such as: establishing, protecting and pursuing claims related to the concluded contract , marketing of the Company’s products. When processing personal data on this basis, the Company always tries to maintain a balance between our legitimate interest and your privacy.
  • Your data may also be processed for other purposes, in which case you will each time receive information on this subject, in a manner consistent with the information obligation resulting from the GDPR (Art. 13 and 14 of the GDPR) and, if necessary, you will be asked to provide the necessary consents (Art. 6 para. 1 (a) of the GDPR).

h. Personal data is processed only for a specific purpose and to the extent necessary to achieve it and just for as long as it is necessary. The basic purposes pursued by the Company through the processing of personal data and the periods during which it processes them are listed below.

Purpose of processing
Processing period
Fulfilling contractual obligations
The duration of the contract between the Company and you or an entity you represent, an entity that employs or otherwise cooperates with you (contractor)
Storage of documentation for the purpose of demonstrating compliance with legal obligations, in particular the Accounting Act and the Tax Ordinance Act
The period specified in the relevant provisions of law – as a rule, these are 5-year periods, counted from the end of the calendar year in which, for example, an invoice was issued

Independently from abovementioned periods, your data may be processed by the Company:
(a) for the purposes of establishing, defending or pursuing civil law claims by the Company as part of its activities, as well as defense against such claims – for appropriate limitation periods for such claims, i.e. in principle not longer than 3 years from the occurrence of the event giving rise to the claim and
(b) in order to demonstrate the fulfillment of obligations resulting from the settlement of subsidies from public funds – for the relevant periods indicated in the contracts and in the relevant regulations governing the granting of subsidies – as a rule, these are
5-year periods.

i. The categories of Personal Data concerned: name, surname, e-mail address, other data necessary for the conclusion, performance and settlement of the contract.

j. The recipient of your personal data will be:
a) on behalf of Fabryka Cukierków Pszczółka sp. z o.o. – organizational units/departments responsible for the implementation and settlement of the Agreement and possible debt collection in the event of failure to comply with its provisions by the Company’s contractor,
b) on behalf of entities outside Fabryka Cukierków Pszczółka sp. z o.o. – institutions authorized by law, law firms / law firms providing legal services, financial institutions participating in the process of contract implementation and settlement, and entities providing IT, advisory and auditing services for the Company.

k. Your personal data will not be transferred to any third country/ international organization.

l. You have the right to access your personal data and the right to rectify, delete or limit processing, the right to object to the processing, as well as the right to transfer personal data, the right to lodge a complaint with the competent supervisory authority if you believe that that the processing of personal data by the Company violates the provisions of the GDPR.

m. If the data has not been collected from you, their source is:

  • Contractors, i.e. entities in which you are employed or with whom you cooperate on a different basis, or which you represent. In such a case, the scope of data processed will include information necessary to handle cooperation and contact with the contractor, and the Company may also obtain personal data of contractors’ subcontractors from contractors who provided the Company with such data in order to handle cooperation between the contractor and the Company.
  • publicly available sources, such as the CEIDG or KRS business registers (to verify the information you provide). In such a case, the scope of processed data will be limited to data available to the public in relevant registers.

n. In the case of data processing on the basis of consent, you have the right to withdraw it at any time pursuant to Art. 6 para. 1 (a) GDPR, but the withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.

I hereby declare that:

  • I have read the above information clause,
  • I undertake to immediately disclose the content of the information clause to all persons whose personal data I provide to the Company on the basis of the provisions of this clause.