B2B platform
free consultation

About us – About Alumaster Polska Sp. z o.o. as the personal data controller.

ALUMASTER POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ WITH ITS REGISTERED OFFICE IN TORUŃ) is entered in the Register of Entrepreneurs kept by the District Court in Toruń, 7th Commercial Division of the National Court Register, under KRS number 0000311086, has a share capital of PLN 170,000.00, uses the following numbers: NIP 879-256-78-72 and Regon 340470745, and is referred to in this PRIVACY POLICY as the “Administrator” (hereinafter: ‘Administrator’, “we”/ “us”/“our”).

We are the entity responsible for processing personal data obtained from you or about you (“you,” “your”). As our headquarters are located within the European Union, we process personal data in accordance with European data protection regulations and other applicable statutory provisions.


What is personal data?

Personal data is information that allows you to be directly or indirectly identified as a natural person (“indirectly” means in combination with other information) based on elements such as: name and surname, postal address, email address, social security number, telephone number, or unique device identifier.

Use of personal data

We use your personal data for the purposes described below. We do not collect or process more or other types of personal data than are necessary to achieve the relevant purposes. We use personal data only in accordance with this Privacy Policy, unless you have given your separate consent to other uses of your personal data. If we plan to use your personal data processed with your consent for purposes other than those specified in such consent, we will inform you in advance and, if you give your consent, we will proceed to process your data for those other purposes.

1) Personal data

We collect your personal data necessary for the provision of our services. This includes data such as your name, postal address, telephone number, email address, tax identification number, and bank account number. We use this data to communicate with you, present our service offer, our terms and conditions, conclude and perform contracts, and make financial settlements. We also use personal data and the content of communications to respond to your questions that arise during contact.

On the basis of separately expressed consents, personal data may also be processed for the following purposes:

a) sending commercial information
b) Sending marketing information electronically (email, phone, SMS), in accordance with the GDPR Regulation and the Electronic Communications Law of 10 November 2024 (art. 398–399).

2) Use of personal data for marketing purposes

Personal data may be processed for the purpose of sending commercial and marketing information regarding products and services offered by the Controller, using electronic communication means and telecommunications terminal devices such as email, telephone or SMS/MMS messages.

The legal basis for processing personal data for direct marketing purposes is:

  1. art. 6(1)(a) GDPR — consent of the data subject,
  2. Art. 10(1) and (2) of the Act on Providing Services by Electronic Means — consent to receive commercial information electronically,
  3. Art. 398(1) and (2) of the Electronic Communications Law of 10 November 2024 — consent to the use of telecommunications terminal devices and automatic calling systems for direct marketing purposes.
    Giving consent to the processing of personal data for marketing purposes is voluntary. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal. Consent can be withdrawn, among others, by contacting the Personal Data Controller or by clicking the appropriate link in the email message sent, unless this functionality is temporarily unavailable. The data subject has the rights specified in the GDPR, including the right to access their data, rectify it, erase it, restrict processing (as described below), as well as the right to object to the processing of data for marketing purposes.

3) Legal obligations and legal defense

We may be required to use and archive personal data for legal purposes and for compliance with applicable regulations:

  1. For the purpose of preventing crimes, detecting them, conducting investigations, preventing data loss and fraud, and combating other forms of misuse of our services and IT systems. We also have the right to use your personal data to meet internal and external audit requirements, ensure information security, protect and enforce our rights, safeguard our privacy, ensure the safety of people and property, or protect the property of others.

4) Use of the online website („Portal”)

This Privacy Policy also applies to the use of our website https://alumaster.pl (“Portal”) with regard to the following privacy-related elements:

  1. Log files: In the Portal, we collect data, including personal data, that is generally available about your device when it connects to the Internet. This data includes, among others, the IP address (Internet Protocol address), the type and version of the operating system and browser, and — if possible — the device manufacturer and model, as well as the date and time each request is sent to our servers.
  2. Our website uses cookies for functional, statistical and marketing purposes (including remarketing). Some cookies may be used to create user profiles based on their activity, which may result in personalized content or advertising.

The user can manage their cookie preferences through their browser settings and within our consent banner during their first visit to the site. The legal basis for using certain cookies is the user’s consent (Art. 6(1)(a) GDPR) — storing information or gaining access to information already stored on the user’s device is only possible after obtaining prior, explicit consent.

Obtaining personal data from other sources

As a rule, when we obtain your personal data from other sources, we make sure that the given company has already contacted you to inform you about the transfer of the data, or we ourselves provide you with this information during our first contact, while also providing other information required by law.

Sharing personal data

We disclose users’ personal data for the purposes described below only to the entities listed below — unless we have your explicit consent to transfer personal data to third parties of other categories mentioned elsewhere. We take all steps necessary to ensure that your personal data is processed, protected and transferred in accordance with the law.

1) External service providers

When necessary, we commission other entities (companies) and individuals to perform certain tasks related to our services on our behalf under data processing agreements. For example, we may transfer personal data to representatives, contractors or partners to provide hosting for our databases and applications, perform data processing services, or send you information you have requested.
The data shared with external service providers is transferred only to the extent required to achieve the specific purpose. External providers may not use the personal data received from us for any other purpose, particularly for their own benefit or the benefit of third parties. External service providers are contractually obliged to maintain the confidentiality of your personal data.

2) Transfer of assets

In the event of reorganization, restructuring, merger, sale or another type of asset transfer (collectively “asset transfer”), we may transfer information, including personal data, to the necessary extent and only when permitted, provided that the receiving party agrees to handle your personal data in a manner compliant with applicable data protection laws.
We remain committed to protecting the confidentiality of personal data and to notifying relevant users if their personal data becomes subject to a different privacy policy.

3) Public administration authorities

We disclose your personal data to public administration authorities when required by applicable law. For example, we respond to requests from courts, law enforcement agencies, regulatory bodies and other public institutions, including authorities outside your country of residence.

4) Transfer of personal data abroad

In some cases, it may be necessary to transfer your personal data to other countries. This Privacy Policy also applies when we transfer personal data to third countries, where a different level of data protection may apply than in your country of residence.

Security

We take data security very seriously. We apply appropriate security measures and implement physical, electronic and administrative procedures designed to protect the collected information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transferred, stored or processed. Our information security policies and procedures are aligned with widely recognized international standards. They are regularly reviewed and updated to reflect business needs, technological changes and regulatory requirements. Access to your personal data is granted only to employees, service providers and entities that need it to perform their duties.

Your rights. List of rights.

Every data subject, including you, has specific rights related to the personal data being collected. This applies to the entire data processing described in this Privacy Policy.
We respect each person’s rights and handle your concerns accordingly.
The list below provides information about your rights under data protection regulations according to the following rules:

  1. Right to withdraw consent: If the processing of personal data is based on your consent, you may withdraw it at any time by following the procedure described in the relevant consent form. We guarantee that consent can be withdrawn in the same way it was given, e.g., electronically.
  2. Right to define the scope of the consent(s): Consents for receiving commercial and marketing information are voluntary, may be given separately for each communication channel (e.g., email, phone, SMS) and may be withdrawn at any time, independently of each other, for one, several or all communication channels. For example: withdrawing consent for telephone contact does not affect the consent to receive email messages.
  3. Right to rectify data: You may receive from us a correction of the personal data concerning you. We strive to ensure that the personal data in our possession or under our control, and used on an ongoing basis, is accurate, complete, up to date, relevant and based on the latest available information. Where applicable, we provide access to a portal where the user can view and correct their personal data..
  4. Right to restrict data processing: You may receive confirmation from us that the processing of your personal data has been restricted if:
    a) you contest the accuracy of the information during the period in which we must verify its correctness,
    b) the processing is unlawful and you request restriction instead of erasure of the personal data,
    c) we no longer need your data, but you require it for establishing, exercising or defending legal claims, or
    d) you object to the processing while we verify whether our legitimate grounds override your rights..
  5. Right of access to personal data: You may request information from us about your personal data that we hold, including details about the categories of personal data in our possession or under our control, what these data are used for, where we obtained them (if not directly from you) and to whom they have been disclosed (if applicable).
    You may receive from us one free copy of the personal data we hold about you. We reserve the right to charge a fee for each additional copy issued.
  6. Right to data portability: At your request, we will transfer your personal data to another controller, if technically feasible, provided that the processing is carried out based on your consent or is necessary for the performance of a contract.
    Instead of receiving a copy of your personal data, you may choose the option in which we transfer this data directly to another controller indicated by you..
  7. Right to erasure of data: You may receive confirmation from us that your personal data has been erased if:
    a) the data is no longer needed for the purposes for which it was collected or processed;
    b) you have the right to object to further processing of your personal data (see below) and you choose to exercise this right;
    c) the processing is based on your consent, you have withdrawn your consent, and there are no other legal grounds for processing;
    d) the processing of personal data was unlawful;
    e) the processing is not necessary for compliance with a legal obligation that requires us to process the data;
    f) applicable legal requirements regarding data archiving do not prevent deletion;
    g) the deletion is related to establishing, exercising or defending legal claims.
  8. Right to object: You have the right to object — at any time — to the processing of your personal data due to reasons related to your particular situation, provided that the processing is not based on your consent but on our legitimate interest or the legitimate interest of a third party.
    In such a case, we will stop processing your personal data unless we are able to demonstrate compelling legitimate grounds for the processing, or for establishing, exercising or defending legal claims.
    If you object to the processing of your data, you must specify whether you are requesting their erasure or the restriction of their processing.
  9. Right to lodge a complaint: If you suspect a violation of applicable data protection regulations, you may lodge a complaint with the data protection supervisory authority in your country of residence or in the country where the alleged violation occurred.
    Timeframe: We will strive to fulfill your request within 30 days. However, this period may be extended due to reasons related to the specific right being exercised or the complexity of the request.

Access limitations: In some cases, we may not be able to provide you with access to all or part of your personal data due to statutory requirements. If we refuse access to data, we will provide the reason for such refusal.
Inability to identify: In certain situations, we may not be able to verify your personal data due to the identifiers you provide in your request. Personal data that we cannot retrieve if you provide only your name and email address includes, for example, data collected through browser cookies.

If we are unable to identify you as the data subject, we cannot fulfill your request to exercise your rights as described in this section, unless we receive additional information that allows such identification.
Exercising your rights: To exercise your rights, please contact us in writing, for example by email or traditional mail. Contact details are provided at the end of this Privacy Policy.

Storage of your personal data

We reserve the right to make changes — at our discretion — to the actions we take to ensure privacy, as well as to make amendments to this Privacy Policy at any time. Therefore, we encourage you to review this Privacy Policy regularly. This Privacy Policy is valid as of the date indicated as the “last modification” shown above. If you do not have an account on our Portal, we will inform you of any changes by email or traditional mail and provide you with an updated version of the Privacy Policy. We commit to treating your personal data in accordance with the Privacy Policy under which it was collected, unless we receive your consent to process it differently.

platforma B2B
bezpłatna konsultacja
B2B platform
free consultation