Polityka prywatności

1.1 The controller of your personal data, within the meaning of personal data protection law, is Promstahl Sp. z o.o. with its registered office in Bydgoszcz (85-033), at Plac Kościeleckich 3, entered into the Register of Entrepreneurs maintained by the District Court in Bydgoszcz, under KRS number 322443, Tax Identification Number (NIP) 125-151-65-69 (hereinafter referred to as "PP"). This means that we are responsible for using your data securely and in accordance with applicable regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1), hereinafter referred to as "GDPR." 

1.2 This document (hereinafter referred to as the "Privacy Policy") provides information on the principles of processing and protecting personal data collected by PP from you in connection with the purchase of PP products, the use of PP services (including those provided electronically), inquiries submitted to PP, the bidding process, participation in events organized by PP, participation in the recruitment process for PP employees, subscription to the Newsletter or other information channels about PP products and services, exchange of correspondence, etc., including in particular in connection with the use of our website.

1.3 The Privacy Policy is for informational purposes only, which means that it does not constitute a source of obligations for individuals whose personal data are processed in accordance with its provisions. One of its main functions is to fulfill the information obligation referred to in Article 13 of the GDPR.

2.1. Personal data obtained from you by PP are processed for the following purposes, depending on the situation in which the data were provided:
a. conclusion and performance of a contract with PP (regardless of the form of its conclusion: in writing or through the use of our services provided electronically via the website) – to the extent necessary to establish, define the content of, amend, terminate, and properly perform the contract;
b. fulfillment of legal obligations incumbent on PP, e.g., issuing and storing invoices and accounting documents, responding to complaints, performing obligations arising from warranty for product defects, ensuring the security of services provided;
c. establishing, defending, and pursuing claims;
d. direct marketing of PP’s products and services;
e. creating reports, analyses, and statistics for PP’s internal purposes, including in particular reporting, marketing research, ad targeting, remarketing, service development planning, development work in IT systems, creation of statistical models; assessment of the functioning of PP’s website, including page view statistics;
f. if you consent to receiving commercial information from PP electronically, your personal data will also be processed in order to provide you with information about our services, offers, and events organized by us, as well as information about products and services of entities cooperating with us (with our knowledge and explicit consent).

2.2. Personal data are not used for purposes other than those specified in the Privacy Policy, unless PP obtains your consent for processing the data for other purposes, or such use is required or permitted by law.

2.3. To the extent that the processing of your personal data is necessary for:
a. the performance of a contract concluded with you or taking steps at your request prior to entering into a contract – the legal basis for processing is the contract;
b. compliance with a legal obligation to which we are subject – the legal basis is that legal obligation;
c. purposes resulting from the legitimate interests pursued by PP, i.e., for direct marketing of our products and services, fraud prevention, or the establishment, pursuit, and defense of claims – the legal basis is the legitimate interest of PP.

2.4. If the use of your data is not necessary for the performance of a contract, compliance with a legal obligation, or does not constitute our legitimate interest, we may ask for your consent to specific ways of using your data. Consent may take the form of ticking a checkbox while browsing the website, selecting technical settings for using information society services, or another statement or behavior which, in the given context, clearly indicates that you have accepted the proposed processing of personal data. You may withdraw your consent at any time (this will not affect the lawfulness of the use of your data prior to the withdrawal of such consent).

2.5. Providing your personal data is not mandatory; however, failure to provide such data will result in PP being unable to carry out the actions for which the data are required.

2.6. Based on your personal data, PP will not make automated decisions concerning you, including decisions resulting from profiling.

3.1. Every person whose personal data is processed by a GKI Group company has the right to access the content of their personal data and to immediately rectify data that is incorrect. Taking into account the purposes of processing, the person whose data is processed has the right to request that incomplete personal data be supplemented, including by submitting an additional declaration.

3.2. If you give your consent to the processing of data, in particular for marketing purposes (including the sending of commercial information by electronic means), you may withdraw your consent at any time. A user receiving specific information or services, such as an electronic information bulletin (so-called Newsletter), may unsubscribe from it at any time by following the instructions contained in each such document sent.

3.3. A person who provides their personal data to a GKI Group company has the right to request that the company immediately delete their personal data, and the company is obliged to delete personal data without undue delay if one of the following circumstances occurs:

a. the personal data are no longer necessary for the purposes for which they were collected;

b. the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;

c. the data subject objects to the processing;

d. the personal data have been processed illegally;

e. the personal data must be deleted in order to comply with a legal obligation under EU law or the law of the Member State to which the GKI Group company is subject.

3.4. Persons who provide their personal data to a GKI Group company have the right to request the restriction of the processing of personal data in the event that:

a. the data subject questions the accuracy of the personal data – for a period enabling the GKI Group company to verify the accuracy of such data;

b. the processing is illegal and the data subject objects to the deletion of the personal data, requesting instead the restriction of their use;

c. the GKI Group company no longer needs the personal data for the purposes of processing, but they are necessary for the data subject to establish, pursue or defend claims;

d. the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the GKI Group company override the grounds for objection of the data subject.

3.5. If the processing of personal data by a GKI Group company is carried out in an automated manner based on consent or a contract, the data subject has the right to receive the personal data concerning them that they have provided to the GKI Group company in a structured, commonly used and machine-readable format and has the right to transmit this personal data to another controller. The data subject has the right to request that the personal data be transmitted by the GKI Group company directly to another controller, if technically possible.

3.6. In order to exercise the rights referred to above, you can contact the GKI Group company in the manner indicated in point 9 below.

3.7. The GKI Group company will inform each recipient to whom the personal data has been disclosed of the rectification or deletion of personal data or the restriction of processing that it has carried out at your request, unless this proves impossible or requires a disproportionately large effort.

3.8. In connection with the processing of your personal data by the GKI Group companies, you have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office.

4.1. We transfer your data to:

4.1.1. entities processing data on our behalf and participating in the performance of our activities:

a) entities servicing the IT systems and computer hardware we use;

b) entities managing our properties;

c) our business partners, advertising agencies, and other entities intermediating in the sale of our products and services or organizing marketing campaigns;

d) subcontractors supporting us, for example, in the performance of our services, the transport of ordered products, product servicing, correspondence handling, or customer service;

e) entities providing us with advisory, consulting, auditing, legal, tax, and accounting services, and research agencies acting on our behalf;

4.1.2. other data controllers processing data on their own behalf:

a) entities conducting postal or courier activities; b) entities acquiring receivables or handling their collection – in the event of your failure to pay our invoices on time;

c) entities cooperating with us in handling accounting, tax, and legal matters – to the extent they become data controllers.

4.2. PP currently does not plan to transfer your data outside the EEA (comprising the European Union, Norway, Liechtenstein, and Iceland). However, during the term of the agreement, we may decide to transfer data outside the EEA – only to the extent permitted by law.

4.3. PP may share personal data at the request of authorities or law enforcement agencies, or when required by applicable laws, court judgments, or other government regulations. The need to share personal data may also arise for the purposes of conducting data privacy or security audits and/or when investigating complaints or taking action related to security threats. PP does not sell personal data to third parties, nor does it entrust the processing of personal data provided by users to third parties, and such information could be used by such third parties for their marketing purposes.

5.1. Your personal data will be stored no longer than necessary, i.e., depending on the purpose of their processing:

5.1.1. concluding and performing the contract between you and PP – for the duration of the contract and settlements after its termination, including the warranty period for defects or the quality guarantee provided in the contract;

5.1.2. fulfilling a legal obligation incumbent on PP:

a) for the duration of the performance of the obligations;

b) for the period during which the regulations require us to retain the data (e.g., tax); or

c) for the period during which we may suffer legal consequences of non-compliance, e.g., receive a financial penalty from government authorities;

5.1.3. purposes arising from legitimate interests pursued by PP:

a) direct marketing of our products and services – for the duration of the contract, and then for the period of warranty and/or post-warranty service;

b) fraud prevention – for the duration of proceedings before the competent authorities; c) pursuing and defending claims – for the period in which the claims become time-barred.

5.2. If we process personal data based on your consent to certain data uses, your data will be processed for the period specified when obtaining your consent, and in the absence of such a specification – until you withdraw your consent.

6.1. When using the websites of the GKI Group companies, data concerning the user is also collected automatically. This data can be collected in the system logs of the website, through so-called Cookies. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone).  

6.2. By saving Cookies on the device of the website user (computer, smartphone, tablet, etc.), the GKI Group company can, among other things:

a. Adjust the functioning of the website to your needs.

b. Eliminate the need to log in each time you visit the website (in the case of areas for registered users/customers).

c. Remember your settings from session to session.

d. Increase the speed and security of the website.

e. Personalize the website according to your needs and enable users to find the information they need faster.

f. Continuously improve the website with its users in mind.

g. Increase the effectiveness of marketing activities.

6.3. Cookies do not contain data identifying the user, and it is not possible to determine anyone's identity based on them. These files are not harmful to the user's end device in any way and do not change its settings or the settings of the software installed on it. The content of these files can only be read by the server that created them.  

6.4. When the user uses our website, GKI uses three types of cookies: session cookies, permanent cookies and marketing cookies. Session cookies are temporary files that are stored in the user's device memory until the user logs out of the website, leaves the website or closes the browser. Permanent files are stored in the user's device memory for the time specified in the parameters of these files or until the user deletes them. Marketing files are "cookies" saved by other external scripts used on our website. They are used by us mainly for remarketing purposes (see items 6.11.-6.14 below).  

6.5. By default, most web browsers available on the market accept the storage of Cookies by default. The User can independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to the User's device. The User can change the settings referred to in the previous sentence using the web browser settings or by configuring the service. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or to inform each time Cookies are placed on the User's device. Detailed information on the possibilities and methods of handling Cookies is available in the software (web browser) settings.

6.6. Users may delete cookies at any time using the available features in their web browser.

6.7. Restricting the use of cookies may affect some functionalities available on the PP website.

6.8. Detailed information on changing cookie settings and deleting cookies in the most popular web browsers is available in the browser's help section.

6.9. PP also processes anonymized operational data related to the use of its website (so-called logs – IP address, domain) to generate statistics helpful in website administration. From the moment a user connects to the website, information about the number (including IP) and type of the user's end device used to connect to the website appears in the website's system logs. This data is aggregated and anonymous, meaning it does not contain any identifying features of website visitors. Logs are not disclosed to third parties.

6.10. PP may use Google Analytics, which collects anonymous information about the PP websites you visit using cookies. Detailed information regarding the Google Analytics privacy policy can be found at: http://www.google.com/intl/pl/analytics/privacyoverview.html.

6.11. Additionally, PP may use Google AdWords and Google Analytics remarketing codes from display advertisers. These codes are used to create remarketing lists to tailor personalized ads to users who have visited our website, and then display them on the Google AdWords advertising network, the Google search engine, and on the websites of entities participating in the Google content network.

6.12. Our website, using the "similar audiences" feature, operates within the Google AdWords system and analyzes browsing activity on websites within the display network over the last thirty days. This information is then subjected to contextual targeting to define a remarketing audience profile. Google AdWords uses this data to identify a group of new users who share similar browsing patterns to those on the PP remarketing list. This list is never based on browsing history on sensitive topics, such as those related to race, religion, sexual orientation, or health.
6.13. By using remarketing tools and the "similar audiences" feature, our website does not collect your personal data through cookies, only your browsing history, and therefore, you remain anonymous.

6.14. You have the option to opt out of the collection of remarketing codes and display advertiser codes through Google AdWords and Google Analytics, as well as the display of custom ads on the Google Display Network, as described in Section 6.5 above.

6.15. The PP website may include features that enable content sharing using third-party social media applications, such as the Facebook "Like" button or the Twitter widget. All of these social media applications may collect and use data regarding user activity on the PP website. Any personal data you provide through such social media applications may be collected and used by other users of these social media applications, and interactions conducted through them are subject to the privacy policies of the companies providing the applications. We have no influence on and take no responsibility for the above companies and their use of user data.

7.1 PP declares that it strives to ensure a high level of security of the personal data it processes. Any incidents affecting data security, including suspected sharing of files containing viruses or other files of a similar nature or containing destructive mechanisms other than files, should be reported to the email address indicated in section 9 below.

7.2. PP employs technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data being protected. In particular, it protects data against unauthorized access, unauthorized removal, processing in violation of applicable laws, and alteration, loss, damage, or destruction. Furthermore, PP takes special care to ensure that personal information is:

· accurate and processed lawfully,

· obtained only for specified purposes and not further processed in a manner incompatible with those purposes,

· adequate, relevant, and not redundant,

· accurate and up-to-date,

· not retained longer than necessary,

· processed in accordance with the rights of the data subjects (to whom it relates), including the right to restrict access,

· stored securely,

· not transferred without appropriate protection.

7.3. Personal data is stored in a database that employs technical and organizational measures to ensure the protection of processed data in accordance with the requirements set out in generally applicable data protection laws. Access to the database is limited to individuals authorized by the data controller.

7.4. PP maintains appropriate policies and procedures to protect personal data against unauthorized loss, misuse, alteration, or destruction. We make every effort to limit access to users' personal data to those with a need to know. Those who have access to the data are obligated to maintain its confidentiality. Furthermore, one of PP's policies in this regard is to retain personal information only for as long as necessary to fulfill the user's request or until the user requests deletion of such information.

In matters related to the processing of personal data, you can contact any of the GKI Group companies, as their administrator, by contacting the designated Data Protection Officer, writing to the following address: rodo@immobile.com.pl

PP may make changes to this document, which reflect the current Privacy Policy. In the event of any changes, the date of the last update, shown below, will also change.

Privacy Policy last updated: November 12, 2025.