Privacy Policy

Last updated date: June 10, 2026

1. Introduction

This Privacy Policy describes the principles governing the collection, storage, and processing of personal data by ELMIRO Spółka z ograniczoną odpowiedzialnością [ELMIRO Limited Liability Company], with its registered office in Jaktorów, 96-313, ul. Ketlinga 3, entered in the Register of Entrepreneurs of the National Court Register (KRS) under number KRS 0001055010, Tax Identification Number (NIP) 5291849084, National Business Registry Number (REGON) 526221739 (hereinafter: the "Administrator," "we").

This is an important document from the perspective of protecting the personal data of our Clients and the users of our website, and we therefore ask that you familiarize yourself with its content.

2. Data Administrator and Contact

The Administrator of your personal data is ELMIRO Sp. z o.o. In all matters relating to the protection of personal data, you may contact us:

  • in writing, at the address of the registered office indicated above,
  • by electronic mail: info@elmiro.pl.

3. Type of Data Collected

We collect and process the following categories of personal data provided by Clients and users:

  • Contact data, such as: first name, surname, address, e-mail address, telephone number.
  • Data related to the use of our website (including cookie data, IP address, and data about the browser and device).
  • Data provided via the forms placed on our website.
  • Data provided in the content of messages sent by electronic mail.
  • Information concerning the projects and services we provide to the Client.
  • Other information provided voluntarily when contacting us.

4. Purposes and Legal Bases for Data Processing

We process your personal data for the following purposes and on the following legal bases:

Purpose of processing Legal basis (GDPR)
Conclusion and performance of contracts and projects with Clients Art. 6(1)(b) GDPR — necessity for the performance of a contract
Providing technical support and consultations Art. 6(1)(b) GDPR — necessity for the performance of a contract / taking steps prior to entering into it
Handling correspondence and inquiries addressed to us Art. 6(1)(f) GDPR — our legitimate interest consisting in providing responses and maintaining communication
Conducting analyses and statistics regarding the use of the website Art. 6(1)(a) GDPR — your consent (e.g., expressed in the cookie management tool) or Art. 6(1)(f) — our legitimate interest
Fulfilling legal obligations (e.g., tax, accounting) Art. 6(1)(c) GDPR — a legal obligation incumbent on the Administrator
Establishing, pursuing, or defending against claims Art. 6(1)(f) GDPR — our legitimate interest
Marketing of our own services Art. 6(1)(a) GDPR — your consent or Art. 6(1)(f) — legitimate interest

To the extent that we process data on the basis of our legitimate interest (Art. 6(1)(f) GDPR), that interest consists in particular of: maintaining communication with Clients, ensuring the security of our website and IT systems, conducting statistics, marketing our own services, and establishing and pursuing claims or defending against them.

5. Voluntary Provision of Data

Providing personal data is voluntary; however, in certain cases it may be a condition for concluding or performing a contract or may result from legal provisions (e.g., data required on an invoice). Failure to provide the data necessary to achieve a given purpose may make it impossible to achieve that purpose — for example, concluding a contract or responding to an inquiry.

6. Data Recipients

We do not sell personal data and do not transfer it to third parties for purposes inconsistent with this Policy. Your data may be disclosed only to:

  • entities that process data on our behalf and in accordance with our instructions (including providers of hosting and IT services, providers of analytics tools, the accounting office, law firms, and subcontractors involved in carrying out projects),
  • entities authorized to receive data on the basis of applicable legal provisions (e.g., state authorities),
  • where it is necessary to establish, pursue, or defend our rights.

7. Transfer of Data Outside the European Economic Area (EEA)

As a rule, we do not transfer personal data outside the European Economic Area.

8. Data Retention Period

We store personal data for the period necessary to achieve the purposes for which it was collected, and subsequently for the period resulting from legal provisions or for the purpose of securing potential claims. In particular:

  • data processed for the purpose of performing a contract — for the duration of the contract, and after its termination for the period of limitation of claims;
  • data processed for the purpose of fulfilling legal obligations (e.g., settlement-related) — for the period required by legal provisions (e.g., tax and accounting regulations);
  • data processed on the basis of consent — until consent is withdrawn;
  • data processed on the basis of legitimate interest — until an objection is effectively raised or that interest ceases to exist.

9. Rights of Data Subjects

In connection with the processing of personal data, you have the following rights:

  • the right to access your data and to obtain a copy of it,
  • the right to rectification (correction) of your data,
  • the right to erasure of your data (the "right to be forgotten"),
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object to processing based on legitimate interest, and — in the case of processing for direct marketing purposes — at any time,
  • the right to withdraw consent at any time — without affecting the lawfulness of processing carried out before its withdrawal.

To exercise the above rights, please contact us at info@elmiro.pl.

10. Right to Lodge a Complaint

If you consider that the processing of personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

11. Automated Decision-Making and Profiling

Your data is not used for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We use cookies necessary for the proper functioning of the website (e.g., those that maintain a session) without the need to obtain consent. We use the remaining cookies — in particular analytical and marketing cookies — only after obtaining your consent, expressed via the consent management mechanism available on the website (the cookie banner).

The consent given may be withdrawn at any time, or its scope changed, in the settings of this mechanism. Independently of this, cookie settings can also be managed in your web browser; however, this does not replace the required consent.

13. Data Security

We protect the personal data of our Clients and users against unauthorized access, loss, or damage. We apply appropriate technical and organizational measures to protect data, adequate to the risk.

14. Changes to the Privacy Policy

This Privacy Policy is subject to periodic updates. Each change will be published on our website together with the date of the last update.

Return to Main Page