This Privacy and Cookies Policy defines the rules of processing
personal data obtained through
the website www.pszczolka.pl (hereinafter referred to as: “The website”).
Personal data of the Website Users is collected automatically,
processed in compliance with the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Users have rights granted to them in individual provisions of the GDPR.
The owner of the Website and, at the same time, the Data Controller
is Fabryka Cukierków „Pszczółka” Sp. z o.o. KRS 0000370450, TIN 9462616622
Type of data processed, purposes
and legal grounds
Users’ personal data is collected for the purposes of the contact form
via the Website.
Your data is processed on the basis of Article 6, section 1 letter b GDPR – i.e.
implementation of the services provided via the Website.
When filling out the contact form mentioned in section 1,
Data sharing and entrusting
The User’s personal data, which is used by the Controller when running the Website, is transferred to the service providers. Suppliers of
services to whom personal data is transferred are subject to Controller’s instructions as to the purposes and methods of processing this data (processing entities).
Processors include Industi Sp. z o. o. seated in
Lublin, ul. Narutowicza 77/3, 20-019 Lublin in order to use the Website hosting services.
In the event of a request, the Controller provides personal data
to authorized state authorities, in particular common courts,
the prosecutor’s office, the police, the President of the Personal Data Protection Office or the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communication.
Rights of the User
The right to delete data, the so-called “right to be forgotten” (Article 17 of the GDPR).
The User has the right to request the deletion of all or some personal data if:
personal data is no longer necessary for the purposes for which they were collected or processed;
the personal data is unlawfully processed;
personal data must be removed in order to comply with a legal obligation provided for in the law of the European Union or the law of a Member State, which the Controller is subject to;
the personal data has been collected in relation to the offering of information society services.
Despite the request to delete personal data, in connection with the objection,
the Controller may keep certain personal data to the extent to which processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation that requires processing under the EU law or the law of the Member State, which the Controller is subject to. This applies in particular to personal data including: first name, last name, e-mail address, the data which is stored for
complaints and claims processing purposes related to the use of the Controller’s services.
The right to limit data processing (Article 18 of the GDPR).
Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request.
The user has the right to request the restriction of the use of personal data in the following cases:
when they question the correctness of their personal data – then
the Controller restricts their use for the time needed to
check the correctness of data, but not longer than 7 days;
when data processing is unlawful, and instead of deletion
of the data, the User will request the restriction of their use;
when personal data is no longer necessary for the purposes for which they were collected or used but they are needed by the User for the purpose of establishing, pursuing or defending claims;
when they objected to the use of their data – then
the restriction occurs for the time needed to consider whether – due to the special situation – protection of interests, rights and freedom of the User outweighs the interests pursued by the Controller processing the User’s personal data.
The right to access the data (Article 15 of the GDPR).
The User has the right to obtain confirmation from the Controller as to whether they are processing personal data, and if this is the case, the User has the right to:
access their personal data;
obtain information about the purposes of processing, categories of the personal data being processed, about the recipients or categories of recipients of this data, planned period of storage of the User’s data or about the criteria determining this period (when determining the planned period of processing
data is not possible), about the rights of the User under
GDPR and the right to lodge a complaint with the supervisory authority, about the source of that
data, about automated decision making, including profiling, and
about the security measures used in connection with the transfer of this data, except for
The European Union;
acquire a copy of their personal data.
The right to rectify the data (Article 16 of the GDPR).
The User has the right to request the Controller to immediately
rectify incorrect personal data concerning them. Taking into account the purposes of processing, the User has
the right to request the completion of incomplete personal data, including by
In the event of the User withdrawing from the right resulting from
the above rights, the Controller fulfils the request or refuses to fulfil it immediately, but no later than one month after its
receipt. However, if – due to the complexity of the request or
number of requests – the Controller will not be able to fulfil the request within a
month, they will fulfil them within the next two months by informing
the User within one month from receiving the request – about
the intended extension of the deadline and its reasons.
The User may submit complaints, inquiries and requests to the Controller
regarding the processing of their personal data and implementation of
The User has the right to request the Controller to provide a copy of
standard contractual clauses, directing the inquiry in the manner indicated in § 6 of the
The user has the right to lodge a complaint with the President of the Office of
Personal Data Protection, in the scope of violation of their rights to protection of
personal data or other rights granted under the GDPR.
a. Fabryka Cukierków ,, Pszczółka ”, Sp. z o. o. with its registered office in Lublin, ul. Ludwika Spiessa 7, postal code: 20 – 270 Lublin (hereinafter referred to as: the “Company” or “Administrator”), declares that in the case of personal data processing within the meaning of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th of April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), shared to the extent necessary in connection with commercial or business cooperation between the Company and you or an entity represented by you, your employing entity or otherwise cooperating with you (hereinafter also referred to as the “contractor”), is their Administrator.
b. In this clause, the Company informs about all forms of use of personal data in the territory of Poland in relation to natural persons who are:
(hereinafter collectively referred to as the “You”).
c. Contact to the person responsible for ensuring compliance of personal data processing with the provisions of the law on their protection by the appointed Administrator: e-mail address: Jadwiga.Milczuk@fcpszczolka.pl phone no.: +48 81 463 23 41
d. In the case of concluding a contract directly between you and the Company, providing the data specified above is voluntary, but necessary for the purpose of concluding the contract and handling cooperation between you and the Company. This also applies to a situation either the Company orders goods or services from you on a regular basis or just once.
e. If you do not conclude a contract directly with the Company, providing your personal data may be your official duty or may be necessary to conclude a contract between you and a third party (contractor).
f. The consequence of not providing the data is the inability to perform the abovementioned actions by the Company.
g. The administrator processes personal data in the event that (legal basis for the processing of personal data):
h. Personal data is processed only for a specific purpose and to the extent necessary to achieve it and just for as long as it is necessary. The basic purposes pursued by the Company through the processing of personal data and the periods during which it processes them are listed below.
Purpose of processing
Fulfilling contractual obligations
The duration of the contract between the Company and you or an entity you represent, an entity that employs or otherwise cooperates with you (contractor)
Storage of documentation for the purpose of demonstrating compliance with legal obligations, in particular the Accounting Act and the Tax Ordinance Act
The period specified in the relevant provisions of law – as a rule, these are 5-year periods, counted from the end of the calendar year in which, for example, an invoice was issued
Independently from abovementioned periods, your data may be processed by the Company:
(a) for the purposes of establishing, defending or pursuing civil law claims by the Company as part of its activities, as well as defense against such claims – for appropriate limitation periods for such claims, i.e. in principle not longer than 3 years from the occurrence of the event giving rise to the claim and
(b) in order to demonstrate the fulfillment of obligations resulting from the settlement of subsidies from public funds – for the relevant periods indicated in the contracts and in the relevant regulations governing the granting of subsidies – as a rule, these are
i. The categories of Personal Data concerned: name, surname, e-mail address, other data necessary for the conclusion, performance and settlement of the contract.
j. The recipient of your personal data will be:
a) on behalf of Fabryka Cukierków Pszczółka sp. z o.o. – organizational units/departments responsible for the implementation and settlement of the Agreement and possible debt collection in the event of failure to comply with its provisions by the Company’s contractor,
b) on behalf of entities outside Fabryka Cukierków Pszczółka sp. z o.o. – institutions authorized by law, law firms / law firms providing legal services, financial institutions participating in the process of contract implementation and settlement, and entities providing IT, advisory and auditing services for the Company.
k. Your personal data will not be transferred to any third country/ international organization.
l. You have the right to access your personal data and the right to rectify, delete or limit processing, the right to object to the processing, as well as the right to transfer personal data, the right to lodge a complaint with the competent supervisory authority if you believe that that the processing of personal data by the Company violates the provisions of the GDPR.
m. If the data has not been collected from you, their source is:
n. In the case of data processing on the basis of consent, you have the right to withdraw it at any time pursuant to Art. 6 para. 1 (a) GDPR, but the withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.
I hereby declare that: