1. General information
  2. Individual purposes, grounds and length of data processing
  3. Who has access to personal data?
  4. External links
  5. What rights do you have regarding your personal data processing?
  6. How can you notify us of your wish to exercise your rights?
  7. What categories of data do we process?
  8. Where does the Controller obtain data?
  9. Is providing the data voluntary?
  10. Changes to this Privacy Policy

Information for Website Users and Cookies Policy

of 15 November 2023


For the purposes indicated in this document, the data controller is ABC CZEPCZYŃSKI SP. Z O.O. SP. K. – ul. Wigury 20, 64-400 Międzychód, Poland, Tax Identification No. 595-14-42-504 (the “Controller”).

You can quickly and proficiently contact the Controller at the Controller’s registered office, i.e. the address indicated above, and by:

If you contact the Controller, the Controller may ask for additional information to verify your identity.

Data protection compliance is supervised by Piotr Sowa, who was appointed as the Data Protection Officer. You can contact the Officer in all matters concerning the processing of personal data by the Controller and exercising the rights relevant to processing personal data.

You can contact the Officer:

  • by e-mail:,
  • in writing: ABC Czepczyński sp. z o.o. sp. k. with its registered office in Międzychód (64-400), ul. Wigury 20.


This information applies to the platform (the “Platform”).

All terms should be understood in line with the Platform Terms of Use available at:

1.  General information

What is personal data? Personal data is information about an identified or identifiable natural person (“data subject”). This includes data such as name, surname, residential address, date of birth, telephone number or e-mail address (the list is not exhaustive).

Personal data are processed according to GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, the “GDPR”).


2.  Individual purposes, grounds and length of data processing

The data processing deadlines indicated below should be treated as maximum deadlines. This means that if a given goal is achieved before the planned retention period expires, the Controller will delete or anonymise the data.


Purpose of processing and legitimate interests

Legal basis for processing

Retention period

1)  Enabling the use of the website and ensuring its proper functioning.

The controller’s legitimate interest
(Article 6(1)(f) GDPR)
 to run the Portal.

One year since the last visit to the Portal.

2)  Replying to an inquiry or other notification sent using the contact form.

The controller’s legitimate interest
(Article 6(1)(f) GDPR) to carry on the correspondence.

For the period of maintaining ongoing relationships (e.g. answering questions, presenting offers, exchanging correspondence), and for one year after the termination of the relationship.

3)  Presentation of the offer (for persons submitting a quotation request on their own behalf).

The processing is necessary for taking steps before
 entering into a contract
(Article 6(1)(b) GDPR).

Until the end of the offer validity.

4)  Presentation of the offer (for persons submitting a quotation request on behalf of another entity).

The controller’s legitimate interest
(Article 6(1)(f) GDPR) to offer and initiate business cooperation.

Until the end of the offer validity.

5)  Approving and considering the request based on the GDPR.

Obligation under the GDPR to provide the data subject with information about activities
(Article 6(1)(c) GDPR).

5 years from the date of completing handling to the request.

6)  Determining and pursuing or defending against claims.

The controller’s legitimate interest
(Article 6(1)(f) GDPR) to establish, pursue or defend against claims.

Until the limitation period for claims expires.


3.  Who has access to personal data?

Your personal data may only be transferred to trusted recipients, in particular colleagues, IT service providers, and entities providing postal, courier or legal advice services.

The data is also transferred to companies related personally and financially.

The data may be made available to public administration bodies upon their request.

Because we use the services of Microsoft Corporation, your data may be transferred outside the European Economic Area. We concluded an agreement with Microsoft Corporation – the so-called Standard Contractual Clauses. This means that under the European Commission Decision No. 2021/914 EU of 4 June 2021, your personal data may be processed by that company in the USA. More information about the decision is available at:


4.  External links

The Platform may contain links to other websites. Such websites operate independently of the Controller and are not supervised by the Controller in any way. These websites may have their own privacy policies and regulations, which we recommend that you read.

If you have any doubts about any of the provisions of this Privacy Policy, we are at your disposal – you can find our details in the contact tab.


5.  What rights do you have regarding your personal data processing?

You have the right to:

  • access the data, including obtaining a copy of the data,
  • transfer the data,
  • rectify the data,
  • delete the data,
  • limit the processing,
  • submit a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, Warsaw 00-193).


The right to object

Each time your personal data is processed based on the controller’s legitimate interest (Article 6(1)(f) GDPR), you may object at any time. You can raise an objection using the contact details indicated at the beginning of this Privacy Policy.


6.  How can you notify us of your wish to exercise your rights?

You can exercise your rights in person at the Controller’s office, by post or by e-mail (the Controller’s contact details are provided at the beginning).

In response to your request, you may be asked to provide the data necessary to identify your personal data (including finding them) or verify your identity (confirming that you are the person you claim to be).


7.  What categories of data do we process?

The Controller processes only ordinary data.

We do not process special categories of data, such as information that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data or data regarding health, sexuality or sexual orientation.


8.  Where does the Controller obtain data?

In general, the Controller obtains data directly from you. If we obtain data from another source, you will be informed of this fact separately and clearly.


9.  Is providing the data voluntary?

As a rule, the data is provided freely. Whenever data submission is:

  • voluntary, but necessary to achieve specific purposes (e.g. e-mail contact via an online form) or
  • obligatory (e.g. it results from legal provisions),

you will be informed about this clearly and separately (e.g. on the form through which personal data is collected).


10.    Changes to this Privacy Policy

The Controller reserves the right to make changes to this document, which may result from the development of Internet technology or possible changes in the law regarding the protection of personal data. We will inform you about any changes in a visible and understandable manner via the Platform.


11.    Cookies Policy

1)  General information

Cookies are small text files that are placed on your device by websites you visit. They are commonly used to make websites work or be more efficient, as well as to provide information to website owners.


2)  For what purpose does the Controller use cookies?

Taking into account their purpose, the Controller may use two categories of cookies:

  • Functional cookies – set by us to implement additional functionalities or improve the functionality and performance of the website, but they are not directly related to the requested service,
  • Targeting cookies – set to provide analytical data for behavioural advertising and remarketing. They collect all browsing information necessary to create profiles and understand user habits to develop an individual and specific advertising procedure. The profile created in relation to your interests and browsing behaviour is used to tailor the advertising you see when you access other websites.


The collected data are not combined with information such as name and surname, e-mail address and other data, enabling easy identification of the person visiting the website.


3)  What cookies do we process?


Cookie name





Functional cookies


Polylang sets this cookie to remember the language you have selected when you return to the website and to obtain language information when it is not otherwise available.

1 year


Targeting cookies


YouTube is a platform owned by Google for hosting and sharing videos. YouTube collects user data through embedded videos on websites, which are aggregated with profile data from other Google services to serve targeted ads to users across a wide range of their own and other websites.

5 months


YouTube uses YSC to remember user input. Registers a unique ID to keep statistics on what YouTube videos the user has watched



This cookie serves as a unique identifier to track the viewing of videos integrated with the Platform.

5 months


Used to detect whether the user has consented to the cookie banner. This cookie is necessary to make the website GDPR-compliant.

1 year


4)  Controlling and deleting cookies

Most browsers offer the option to accept or reject all cookies. The user may save cookies in the browser settings.

However, please remember that blocking all cookies may cause difficulties in the operation of the Platform or completely prevent the use of some of its functionalities.

Managing and deleting cookies varies depending on the browser you use. Detailed information on how to manage cookies can be obtained by using your browser’s Help function or by visiting, which explains how to control and delete cookies in most browsers.


You can also read information about cookie management directly on the websites of individual web browsers:

5)  Operational data

Even if cookies are not installed, the website administrator may gain access to data describing how the Platform is used (“operational data”), in particular:

  • the IP address assigned to your device or the external IP address of your Internet provider,
  • domain name,
  • browser type,
  • access time,
  • type of operating system.


To ensure the highest quality of the website, we occasionally analyse log files to determine which pages are visited most often. We may also collect navigational data, including information about the links and references you choose to click or information about other activities you undertake on the Platform. In this regard, the legal base is the legitimate interest (Article 6(1)(f) of GDPR) to facilitate the use of electronic services and improve the functionality of these services.


The operational data are not combined with information such as name and surname, e-mail address or other data enabling easy identification of the person visiting the website.


6)  Personal data protection

In certain exceptional situations, information obtained through the cookie mechanism and operational data may constitute personal data within the meaning of the GDPR. If the information indicated above is classified as personal data, the Controller is the personal data controller. Even in case of doubts about whether a specific category of information constitutes personal data, the Controller introduces mechanisms to protect this information as personal data.


The processing of the above categories of data to the extent necessary for the correct display of the website (necessary cookies) is based on the so-called legitimate interest of the Portal Controller (Article 6(1)(f) GDPR). For this purpose, log files may be occasionally analysed to:

  • determine what browsers are used by people visiting the Platform,
  • determine which tabs or subpages of the Platform are most often or least frequently visited or viewed,
  • determine whether the Platform does not contain errors,
  • prevent unauthorised access to the Platform,
  • prevent the distribution of malicious codes,
  • interrupt denial-of-service attacks,
  • prevent damage to computer systems and electronic communications systems.


In the cases of processing your personal data presented above, you have the right to object.


The recipients of this data may be entities providing IT services to the Controller.


7)  Deleting operational data and data obtained through the cookie mechanism

The retention period of cookies, i.e. the period after which the files will be deleted, has been specified in point 3 above.

If we obtain your personal data as part of the services described above, they will be deleted or anonymised no later than after the expiry of the limitation period for potential claims related to the use of the Platform or earlier if you submit an effective objection.