GERDA Sp. z o.o. (LLC) privacy policy

I. PERSONAL DATA PROCESSING NOTIFICATION

In compliance with the requirements set in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Gerda Sp. z o.o. (LLC) in Sokołów provides you with the necessary information on the rules of processing your personal data and your ensuing rights.
If you have any questions about the method and scope of the processing of your personal data by Gerda, or your ensuing rights, please contact Gerda Sp. z o.o. in Sokołów, 49 Sokołowska St., 05-806 Komorów, by email at This email address is being protected from spambots. You need JavaScript enabled to view it., or our Data Protection Officer at This email address is being protected from spambots. You need JavaScript enabled to view it..

1. What is described in this policy?
This privacy policy (“Policy”) contains the information on the processing of personal data by Gerda Sp. z o.o.:
• identifying the types of personal data we collect;
• clarifying how and why we collect and use your personal data;
• clarifying when and why we can share personal data with other entities;
• clarifying your rights and options regarding your personal data.
We wish to make it clear for you if this Policy also embraces the rules of processing your personal data.

The Policy applies if:
• you are a Website User, i.e. you use any of our websites: www.gerda.pl or www.akademiagerda.pl (Website), including the forms available thereon;
• you are an End-Customer, i.e. as such you purchase our products or make use of our services;
• you are a Contracting Party, i.e. you purchase products or services from us as part of your economic operation, or provide any products or services for us;
• you are a Contracting Party's representative, i.e. you represent a Contracting Party in dealings with us;
• you are a Gerda Academy Participant, i.e. you participate in training or exams held by Gerda Academy, or you are a Gerda Academy certified assembler.
We process your personal data in compliance with the EU General Data Protection Regulation (2016/679) (“GDPR”) and other applicable personal data protection regulations, supplementing and/or implementing GDPR.

2. Who is your Data Controller?
Your Data Controller is:
Gerda Sp. z o.o.
49 Sokołowska St.
05-806 Komorów
email: This email address is being protected from spambots. You need JavaScript enabled to view it.
(“Gerda”, “we”, “us” or “our”).
With regard to personal data processing issues, you can contact us by email or regular mail.
With a view to improving the security of the processing of your data, we have appointed our Data Protection Officer (Paweł Latkowski), available by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

3. What information do we collect and from what sources?
If you are a Website User, we collect information we obtain through the forms available on the Website, recorded while you are using the Website. This information specifically includes your first and last names and contact data.
If you are an End-Customer, we collect information we obtain from you through the forms available on the Website, by email or phone, via social media accounts, as well as data we receive from our Contracting Parties, regarding, for instance, complaints. This information specifically includes your first and last names and contact data.
If you are a Contracting Party, we collect information conveyed through the contact forms on the Website, in the Partner Zone, or in documents you send in, as well as information obtained from conversations, email correspondence and meetings, specifically including data necessary to enter into and deliver a contract. These may specifically include your first and last names, company, registered office address, PESEL (Polish Resident Identification Number), NIP (Taxpayer Identification Number), REGON (National Business Registry Number), bank account number. Your data may also come from publicly available sources.
If you are a Contracting Party's representative, we collect information conveyed through the contact forms on the Website, in the Partner Zone, in conversations, email correspondence and meetings. This may specifically include your first and last names, contact data, function, particulars of a Contracting Party you represent, data we need to enter into a contract with this entity, if necessary. Your data may also be provided by an entity you represent both before and throughout our cooperation.
If you are a Gerda Academy Participant, we collect information conveyed through the contact forms on the Website, as well as via Gerda Academy registration, training/exam applications, email correspondence, and Gerda Academy participation. This may specifically include your first and last names, company, address, telephone number, NIP, email address, PESEL, photograph.

4. What is the purpose and lawfulness of our processing of your data?
In principle, we process your personal data:
a) based on your consent (if it forms a valid and effective basis for data processing) (GDPR, Art. 6 Sec. 1 L. a), in order to:
- send you email or text messages with information on our products, services, offers, promotional actions or events, including answers to your questions;
- identify your needs and expectations;
- enable you to use the Partner Zone;
b) if it is necessary in order to discharge the obligations under the regulations of law (GDPR, Art. 6 Sec. 1 L. c);
c) if it is necessary for the purposes of the legitimate interests pursued by us in our capacity as the Data Controller (GDPR, Art. 6 Sec.1 L. f) when:
- contacting you to reply to your questions, requests or comments, and processing your applications forwarded via contact forms or otherwise;
- as part of our existing relation, informing you about our products, services, offers or events we consider possibly interesting to you;
- managing our operations, including the development of new products and services, research, evaluation of the effectiveness of our sales, marketing and advertising;
- servicing, managing and upgrading our products and services;
- preparing reports and statements, archiving information;
- ensuring the security of our networks and systems.

Furthermore:
If you are a Website User, we process your data for the purposes of our legitimate interests ( (GDPR, Art. 6 Sec. 1 L. f), using analyzing and profiling tools in order to: customize our service to meet your needs (personalization); customize contents (adverts included) displayed to match your interests and your method of using online services and technologies provided by us; manage our operations; support technical problem diagnostics; support our online services and technologies; identify online service users; identify equipment for malpractice prevention; collect demographic data on our users; determine means of Website use.
If you are an End-Customer, we process your personal data in order to provide our service ( (GDPR, Art. 6 Sec.1 L. b) or for the purposes of the legitimate interests – to investigate a complaint (GDPR, Art. 6 Sec.1 L. f).
If you are a Contracting Party, we process your personal data in order to enter into and deliver a contract (GDPR, Art. 6 Sec. 1 L. b).
If you are a Contracting Party's representative, we process your personal data for the purposes of the legitimate interests (GDPR, Art. 6 Sec. 1 L. f) within the scope of our business relations, talks or negotiations, contracts entered into, as well as with the aim of solving other problems relating to our cooperation with entities you represent.

5. Who do we share your data with?
If and as necessary for the purposes of our processing of your data, we can share them with:
a) authorized data recipients in accordance with the regulations of law (e.g. courts, law enforcement agencies, administrative bodies, supervisory authorities);
b) data processors acting as such on our behalf (e.g. our ICT system and tool operators or providers, consulting, advisory, legal, accounting and marketing service providers, research agencies, etc.);
c) other members of the capital group we are a member of, i.e. entities directly or indirectly equity-related to Gerda Sp. z o.o..

Furthermore:
If you are an End-Customer, we can share your data with our Contracting Parties, i.e. entities we cooperate with on, for example, handling a complaint.
If you are a Contracting Party, Contracting Party's representative or Gerda Academy participant, we can share your data with Website users – if such data are available on the Website.
In each case we share your data, we ensure that only a minimum of information, as necessary for the purpose of processing, is shared.
Your data will not be transferred beyond the European Economic Area (EEA). However, should your data be transferred beyond the EEA, we undertake to ensure the cooperation with relevant entities on the applicable legal basis, in compliance with the adequate protection standards.

6. How long do we store your data?
We store your data as long as necessary for the purposes defined herein, in line with our data storage policies (unless a longer period is prescribed by the applicable law). Our data storage policies are based on the regulations of law in force. We will store and use the information on you to an extent necessary to comply with the legal requirements (e.g. if we are under obligation to store the information on you for tax purposes), resolve disputes, deliver a contract, perform a settlement agreement, or pursue any of the purposes defined herein.
In case of processing based on your consent, we will store your data until your withdrawal thereof and thereafter for a period as necessary for Gerda to pursue its legitimate interests as the Controller.

7. What rights do you have as the data subject?
Exercising your rights regarding personal data processing, you are free to make any of the following demands:
a) if we process your data based on your consent, you may withdraw your consent at any time, however such withdrawal not affecting the lawfulness of our processing based on your consent before its withdrawal;
b) you may demand access to contents of your personal data, including receiving a copy thereof;
c) you may exercise the right to your data portability, i.e. demanding that we provide your data in a structured, commonly used and machine-readable format, and that we transmit those data directly to another controller, if they are processed by us by automated means based on your prior consent;
d) you may demand that your personal data be rectified (corrected) if they are incorrect or incomplete;
e) on grounds relating to your particular situation, you may object to processing of your personal data if we process them based on necessity for our legitimate interests; you may also object to processing of your data for direct marketing purposes;
f) you may demand that your personal data be erased if they are no longer necessary for the purposes for which they have been collected or otherwise processed, you have objected to processing, you have withdrawn your consent processing has been based on and there is no other lawful basis for such processing, your data are being processed unlawfully, your data must be erased in order to discharge the legal obligation;
g) you may demand that processing of your personal data be restricted if you contest the accuracy of your data, such processing is unlawful, but you oppose the erasure of your data and request the restriction of their use instead; we no longer need your data for our purposes, and you need your data for the establishment, exercise or defense of legal claims; you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
To this effect, please contact us by regular mail or email at This email address is being protected from spambots. You need JavaScript enabled to view it.
Whenever you consider that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with the Inspector General for the Protection of Personal Data.

8. Do you have to provide your data?
Providing your data is absolutely voluntary. However, if you do not provide your data, this will make it impossible for us to pursue the purposes referenced hereinabove, specifically including replying to your inquiries, presenting our offers, entering into agreements with you, maintaining our business relations, etc..



II. WEBSITE AND COOKIES POLICY

We use cookies as well as other monitoring technologies in order to: (i) extend our knowledge of how users (“Users”) use our websites www.gerda.pl or www.akademiagerda.pl (“Website”) and (ii) improve the quality of your experience resulting from online interactions with us. This Website and Cookies Policy contains the information about the technologies we use and support.

1. Cookies and other monitoring technologies: Definition
A 'cookie' is a text file sent by a website to a visitor's computer or other Internet-linked device to identify a visitor's browser or record information or settings on an Internet browser. A cookie usually contains the name of a domain it has been sent from, its (cookie's) 'lifetime' and randomly generated unique identifier.
We can use other technologies, including web beacons and JavaScript, which in some cases cooperate, along with cookies and other means, with our Website to make it possible to identify your device. Such other technologies make it possible to activate specific functions on our Website. We can also use particular technologies to identify if an email we sent you has been opened or if a link contained therein has been clicked on by you.

2. What use do we make of cookies?
When our online services are used, both we and other entities (such as advertising networks) can obtain information about users, regarding their use of the Web, their use thereof over time, and their use of third party websites.
We use cookies for various purposes. For example, we monitor a total number of our Website visitors – on an anonymized and aggregated basis. We can also use cookies to be able to remember you in case you revisit the Website and personalize it in keeping with your preferences. In that situation, a cookie may involve some information about you, which may constitute your personal data.
Monitoring technologies can have a permanent (i.e. files remain on your computer until you delete them) or serial (i.e. files are stored until a browser is shut down) character.
Our Website makes particular use of the following types of cookies:
• Necessary cookies. Such cookies are those necessary to provide services and assure the availability of a functionality (functionalities) you explicitly request. We can use cookies and monitoring technologies to prevent malpractice, improve security or system administration, or to enable you to use the payment service function. We are not under obligation to obtain your consent with regard to cookies whose use is necessary.
• Cookies for rating analysis and evaluation. We can use cookies to evaluate the efficiency of our Website, including as part of analytical operations aimed at the improved quality of contents offered via the Website.

3. Cookies settings and deletion
You can deactivate the reception of cookies in your browser settings or set your browser so that you are informed each time you receive a cookie.
However, you should remember that if block cookies entirely, this may make it impossible for you to use all the functions on our Website.
Alternatively, you can also visit the pages which contains the exhaustive information on how to deactivate cookies on your browser or device, as well as more general information on cookies themselves. Information on how to delete cookies from your cell phone can be found in the phone user guide. You can also waive the reception of cookies.
Remember that the limited possibility of receiving cookies may affect the functionality of the Website.

4. Server logs
Information on certain user behaviors is subject to server-level logging. Such data are used exclusively for website administration and optimal hosting service support purposes.
Browsed databases are identified with URL addresses. Other recordable data may include:
- inquiry reception time,
- reply dispatch time,
- customer station name – identification through http protocol,
- information on errors during http transaction,
- URL address of page previously visited by user (referrer link) – in case of transfer to the Website via referrer link,
- information on a User's browser,
- IP address information.
Such data are not matched to specific persons browsing the Website, being used for the server administration purposes only.