Privacy and cookie policy
for Counterparties of EFFECT GLASS S. A.
(hereinafter also referred to as “Privacy Policy")


EFFECT GLASS S.A. with its registered office at Kielce (hereinafter also referred to as “EFFECT GLASS” or „Controller”), would like to inform you that it attaches particular importance to compliance with the regulations of personal data protection.

Our aim is to ensure the security and protection of your personal data pursuant to legal regulations, including (in particular) the Regulation of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,  and repealing  Directive No. 95/46/EC (General Data Protection Regulation) – hereinafter also referred to as “GDPR”.

This Privacy Policy shall apply to personal data of natural persons who are our current or potential customers, counterparties and other entities with whom we have business relations (hereinafter: "Counterparties"). In addition, the Privacy Policy also applies to personal data of natural persons acting on behalf of economic entities, in particular their representatives, employees and other persons authorized by them.


P e r s o n a l   d a t a   p r o t e c t i o n

1. What is Personal Data ?

Personal data shall be all information about an identified or identifiable natural person through one or more specific factors which determine the physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, location data, contact details, information contained in correspondence, information collected through recording equipment or other similar technology („data subject”).

2. Personal Data Controller

Please, note that your personal data controller is:


With its registerred office at Kielce, 2 Hauke-Bosaka Street, 25-214 Kielce, phone: + 48 41 348 20 70, e-mail: .

3. The purposes and legal basis for the processing of personal data.

Your personal data may be processed for the following purposes:

(a) entering and implementation of a commercial contract, service contract, etc. – the legal basis for the processing of personal data is Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(b) the fulfillment of controller’s obligations under generally applicable law – the legal basis for processing is Article 6(1)(c) GDPR: necessary for compliance with a legal obligation to which the controller is subject;

(c) pursuing and defense of possible claims – the legal basis for processing personal data is Article 6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Additionally, the processing of personal data may also be based on your consent to the processing of personal data (e.g. in the case of processing your image for documentary or information purposes).

4. What personal data of counterparties or their representatives may be processed ?

In order to achieve the objectives set out in point 3 above, the controller may process only necessary data (in particular the following personal data) provided by the counterparties:

(A) name, personal identity number,

(b) company name, business address, email address, identification numbers (NIP or REGON, etc.),

(c) contact data, such as email address, phone number or fax number,

(d) job title,

(f) the bank account number.

The provision of your personal data is voluntary, but any refusal to provide such data shall carry with it the impossibility to process the information and conclude a contract.

The controller may also obtain your personal data from other sources, such as, in particular:

(a) sources publicly available, i.e. commercial or companies registers, letting the controller verify the information provided by the counterparties. In this case, the scope of the data processed shall be limited to data available to the public in the relevant registers;

(b) entities on whose behalf the data subject is acting. The scope of data processed shall in that case include the information necessary for the performance of the contract between the controller and that entity.

5. Who we provide your personal data to?

Within the law, we may transfer your personal data to the following entities:

(a) entities providing the controller with accounting services, other persons engaged in cooperation with counterparties, controller’s advisors (including legal ones), insurance agencies, debt collection companies, IT/technical support, as well as transport-, courier- and postal services;

(b) public authorities and bodies authorized to process personal data under the law.

6. Are we using automated decision making ?

We do not use automated individual decision-making (including profiling) within the meaning of Article 22 of the RODO during processing of the counterparty's personal data.

7. Are data transferred to countries outside the EEA?

Your personal data shall not be transferred outside the European Economic Area (EEA).

8. The period of retention of personal data.

In the case of processing for the purpose of entering and performing a contract the data shall be processed for the duration of the contract; and then up to a maximum  period based on the civil and criminal statutes of limitations for claims or for the time required for archival by law.

9. What are your rights?

Under the GDPR regulations you have the following rights:

(1) the right of access to data processed. On this basis, the data subject is entitled to obtain information on the processing of personal data from the controller, including the purposes for processing, the categories of personal data being processed, the legal basis of processing, the intended period of processing and the recipients to whom the data are disclosed; as well as to obtain copies of personal data undergoing processing;

(2) the right to rectify the data. Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed;

(3) the right to delete personal data. Individuals have the right to ask for their data to be deleted, except in the following cases:  the personal data the controller  holds is needed to exercise the right of freedom of expression; there is a legal obligation to keep that data; for reasons of public interest (for example public health, scientific, statistical or historical research purposes). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(4) the right to restrict processing. Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

(5) the right to data portability. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and the processing is carried out by automated means.

The data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(6) right to withdraw consent. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

(7) right to object. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

To exercise your rights under the Privacy Policy, you should contact the controller:

(a) in writing to the address: 25-214 Kielce, 2 Hauke-Bosaka Street,

(b) orally: at telephone number 48 41 348 20 70, or at the controller’s  headquarters address: 25-214 Kielce, 2 Hauke-Bosaka Street, or

(c) by email: or .

10. The right to make a complaint about a breach of personal data protection regulations.

A complaint concerning personal data breach shall be submitted to a supervisory authority. In Republic of Poland it is the President of the Office for the Protection of Personal Data (UODO): Urząd Ochrony Danych Osobowych 2 Stawki Street, 00-193 Warszawa.

This Privacy Policy is reviewed and updated as necessary to reflect any changes to the way we process your personal data.

This Privacy Policy enter into force on May 25th 2018.