1. Important information

  • 1.1 This is a privacy policy of Jakub Kmieciak Consulting, Al.Wilanowska 85/13, 02-765 Warszawa, Poland (“we”, “us” or “our”), explaining the manner of gathering and processing users’ personal data. This privacy policy contains also legally required information and user’s rights concerning their personal data.
  • 1.2 This privacy policy refers to personal data identifying a “user” who is a customer or a potential customer or a person browsing our website or a person outside our organization who has relations with us. To our employees, suppliers or persons who perform work for us on different terms or persons who apply for a job a separate privacy policy or an agreement on the processing of personal data applies.
  • 1.3 Throughout the privacy policy, such information is called “personal data”, and in part 3 there are further details about this term.
  • 1.4 Users should read this privacy policy to understand how we can use their personal data.
  • 1.5 This privacy policy may be changed from time to time, therefore we encourage you to check it regularly.

2. Contact us at

2.1 A unit controlling personal data and contact details

  • 2.1.1 For the purposes of the applicable data protection laws, we are a unit that controls the personal data of users and as such we use them in accordance with this privacy policy.
  • 2.1.2 You can contact us in the following ways regarding the processing of users’ personal data by us:
  • (a) through a local customer service center or a customer assistant, whose details can be found on the agreement or on our website; or
  • (b) directly with a data protection specialist, using details provided in clause 2.2 of this policy.

2.2 Data protection specialist

How to contact our data protection specialist:

  • (a) e-mail: [email protected];
  • (b) traditional post: Jakub Kmieciak Consulting, Al.Wilanowska 85/13, 02-765 Warszawa, Poland

3. Categories, 1st source types of personal data gathered by us

  • 3.1 Personal data is all information that enables us to directly or indirectly identify a user, e.g., full name, address, telephone number, e-mail address or computer’s IP address.
  • 3.2 Categories and types of personal data, which we can gather, are:
  • 3.2.1 those that are related to the submission of a query by a user or entering our website:
  • (a) personal data, such as full name, address and telephone number, which are provided by the user or registered by us when the user sends us correspondence by traditional post or electronic mail or contacts us by phone;
  • (b) personal data entered by the user via our website or portal, including the contact details provided by them when creating the profile on our website;
  • (c) personal data gathered through cookie files; more information about the data we gather and how we use such files can be found here: cookie policy
  • (d) details of users’ visits to our site, including traffic, location, weblogs or other communication data;
  • 3.2.2 in relation with services provided by us:
  • (a) personal data provided by the user in the instructions on the provision of services ordered from us, e.g., full name, address, telephone number and e-mail address;
  • (b) personal data, which in the case of a business relationship, the user’s employer gives in the instructions on the provision of services ordered from us, e.g., full name and contact details of the user as a representative of a given company;
  • (c) personal data such as full name and financial standing obtained from a credit information agency;
  • (d) personal data from debtor identification specialists, if the user does not pay the invoice within the specified period and if we cannot determine their address based on contact details provided by them;
  • (e) personal data in the form of images or recorded on a video made in one of our locations or in the user’s location, if necessary, to provide or evaluate the services ordered from us;
  • (f) personal data provided by the user in our surveys on customer service;
  • 3.2.3 to develop, personalize or promote our products and services:
  • (a) personal data obtained directly from the user, e.g., their full name, contact details and preferences concerning specific services and/or products;
  • (b) personal data, such as contact details, interests, preferences, professional activity obtained from generally available sources and social media, e.g., LinkedIn, Facebook and Twitter;
  • (c) personal data from data brokers who requested the user’s consent to provide their personal data to us for the purposes of direct marketing, e.g. full name, postal address and/or e-mail address and professional activity;
  • (d) personal data, such as full name and e-mail address provided by the user for the purposes of competitions, promotions or prize draws;
  • (e) personal data gathered through cookie files; more information about the data we gather and how we use such files can be found here: cookie policy
  • (f) details of users’ visits to our sites, including traffic, location, weblogs or other communication data;
  • 3.3 We can also register personal data of users who, e.g., make a complaint about our services or products by phone. We write down key details of the conversation, which helps us process the complaint. This may include obtaining health data. Health data are considered “special category data”. In this privacy policy in clause 4.1.2 the ways in which we process these specific types of personal data have been described.

4. The way and the basis of our use of personal data

4.1 Legal ground not resulting from the user’s consent

  • 4.1.1 Users’ personal data will be processed by us only on the basis of at least one legal ground regarding the protection of personal data. The table below also defines the purposes in relation to which we have the right to process personal data of users:
Purposes of our use of personal data Legal grounds for data processing
Meeting our contractual obligations towards users. This would apply to the fulfillment of orders for goods or services placed by users. Processing is necessary in connection with any agreement signed between our company and the user.
In order to fulfill our own legal obligations, e.g., set out in health and safety or tax protection regulations. In order to use personal data in life-threatening situations when there is no time to obtain user data (e.g. after an accident we must provide personal data to medical personnel). Such processing is necessary to comply with the law. Data processing is necessary to protect the vital interests of a given user.
In order to conduct business, but to the extent other than fulfillment of contractual obligations towards the user, e.g.
  • for sending important notifications, e.g. news about changes in our terms and policies;
  • to solve problems related to the improper use of our website;
  • to provide the user with important information in real time about products or services ordered by them (e.g., about the change of date or location due to unforeseen circumstances);
  • for sending information ordered by the user;
  • to process user's queries;
  • for the purposes of developing, delivering and improving our goods or services;
  • to improve the usability of our website;
  • for internal research, analysis, testing, monitoring, communication with clients, risk management and administrative purposes;
  • for direct marketing purposes;
  • for data analytics;
  • to identify usage trends;
  • to determine the effectiveness of promotional and advertising campaigns;
  • to protect and defend our rights or our property;
  • for sale, preparation for sale or sale of our company in whole or in part, including for each potential buyer or his advisers; or
  • for the purpose of enforcing or applying our terms of use or delivery and other agreements with third parties.
We have a legitimate interest in the processing of data that is not superior to the interests, fundamental rights or freedoms of the user.

Examples of our legitimate interest:
  • effective and efficient management and operation of our business;
  • development, extension and promotion of our activities;
  • protection of our activities;
  • the security of our systems and data;
  • providing our customers with high-quality goods and services;
  • checking the suitability of our marketing activities for the client;
  • supporting and training our employees in order to provide high-quality services to clients.
  • 4.1.2 In addition, in a limited number of cases, we can lawfully process categories of special data in some ways. We define them below and provide the legal grounds for the processing of special data categories by us.
Purposes of our use of personal data Legal grounds for data processing
In order to answer any claim or potential claim regarding injuries or health problems. We have a legitimate interest in the processing of data that is not superior to the interests, fundamental rights or freedoms of the user. Examples of our legitimate interest:
  • managing and running our business;
  • protection of our activities;
  • providing our customers with high-quality goods and services.
Processing is necessary to establish, implement or defend legal claims, or whenever the courts perform judicial functions.
[In the case of our company dealing with work clothing in order to provide the employee with a product that we are obliged to guarantee under an agreement with their employer] [Processing of data is necessary to perform an agreement] [The relevant employer obtained and provided evidence that the user gave their explicit consent to our processing of such data for production purposes and to provide them with appropriate clothing]

4.2 Cases in which we rely on user’s consent

  • 4.2.1 We would like to use personal data of our users for many different purposes. For some of them it would be appropriate for us to obtain prior consent of users. These circumstances may be as follows:
  • (a) in cases, in which we gather categories of special health data when considering a complaint;
  • (b) in cases, in which we process child’s personal data, we may ask the user to prove their consent;
  • (c) in cases, in which we would like to use images presenting the user in promotional materials;
  • (d) in cases, in which our company or another carefully selected by us external company has new products and services that we think the user will be interested in.
  • 4.2.2 We only accept the criterion of consent with a legal ground in connection with a completely voluntary processing, i.e. one that is in no way necessary or obligatory.
  • 4.2.3 The user has the right to withdraw at any time a specific consent to the processing of their personal data, when in a given case we rely on such consent. In such a case, they should contact us using the details in part 2. Note: Even if the user withdraws their consent to our use of their personal data for a specific purpose, we may still rely on other grounds for processing of their personal data for other purposes. In such a case we will inform the user thereof.

5. Recipient of users’ personal data

5.1 We may disclose users’ personal data to:

  • 5.1.1 companies in our group and affiliates who may process personal data on our behalf to implement or improve our usual business practices. Any such disclosure will be used solely to process personal data for the purposes set out in the privacy policy;
  • 5.1.2 external data processors (e.g. Google) to enable us to implement or improve our normal business practices. We sign agreements with our data processors, which means that they cannot take any action on personal data without proper instructions from us. Such entities are obliged to secure data and store them only for a specified period;
  • 5.1.3 legal bodies and legislative authorities that request personal data or to report suspected or actual breaches of applicable laws;
  • 5.1.4 external professional advisers, e.g., accountants, auditors and lawyers, provided that they are subject to confidentiality clause;
  • 5.1.5 executive bodies, courts or other relevant party to the extent necessary to establish, enforce and defend rights under legislation;
  • 5.1.6 third parties in necessary cases for the purpose of preventing, investigating and detecting offenses or convicting criminals or pursuing criminal penalties;
  • 5.1.7 third parties who consider purchasing or have decided to purchase some or all of our assets or shares (including as a result of reorganization, dissolution or liquidation of the company); and
  • 5.1.8 third parties that support plug-ins or content on our website, which the user has used (e.g. on Facebook, Twitter, Instagram).

6. Transfer of personal data between countries

  • 6.1 The personal data we collect may be transferred outside the European Economic Area, in particular to the United States, stored outside such area and/or processed.
  • 6.2 In relation to such processing:
  • 6.2.1 appropriate security are standard contractual clauses on data protection between us and the recipient; or
  • 6.2.2 this is done on the basis of a decision establishing an adequate level of data protection; namely:
  • (a) privacy shield when transferring data to the United States; or
  • (b) the decision of the European Commission that a non-EU country provides an adequate level of protection.

7. Duration of personal data storage

  • 7.1 We will store the user’s personal data for a period that is appropriate in accordance with our data retention policy. The length of such period specified in the retention policy is determined by at least one of the following criteria:
  • 7.1.1 we have an obligation to retain personal data in order to fulfill all legal obligations, such as commercial, tax or competition law;
  • 7.1.2 in cases where the retention of personal data is necessary to improve and support the original purpose of processing such data
  • 7.1.3 protection against all potential claims arising from the original purpose of processing; or
  • 7.1.4 in cases, in which we process the user’s personal data on the basis of their consent and in which they uphold their consent.
  • 7.2 Details regarding the data retention period can be obtained by contacting us as described in part 2.
  • 7.3 We review the length of the period in which we store the users’ personal data. Such reviews are carried out every year.

8. Contractual or regulatory requirements concerning provision of personal data by the user

  • 8.1 In certain circumstances the provision of one’s personal data is necessary to:
  • 8.1.1 comply with the provisions of law or an agreement; or
  • 8.1.2 to conclude an agreement.
  • 8.2 The user may decide whether they want to provide their personal data necessary to conclude an agreement or as part of the requirement arising from an agreement. However, in case the user does not provide us with their personal data we may not be able to provide all or some services expected based on an agreement. An example of this may be the lack of possibility on our part to provide the user with certain products or services because we do not have all personal data or the lack of possibility to perform an agreement because the user’s personal data are required for this purpose. Further details may be found in our terms and conditions.

9. The user’s rights concerning personal data

  • 9.1 In accordance with the applicable law, including the relevant provisions on personal data protection, besides the user’s right to withdraw prior consent to the processing of personal data (see clause 4.2.3), they have other rights in relation to the processing of personal data, including:
  • 9.1.1 the right to request access to personal data processed or controlled by us;
  • 9.1.2 the right to request that any inaccuracies in the personal data be corrected or – after taking account of the processing purposes – incomplete data be completed;
  • 9.1.3 the right to request on a legitimate basis defined by law:
  • (a) removal of personal data processed or controlled by us; or
  • (b) limiting the processing of personal data processed or controlled by us;
  • 9.1.4 the right to object the processing of personal data on a legitimate basis defined by law;
  • 9.1.5 the right to receive their personal data in a structured, commonly used format and format that can be deciphered by a computer and provide such data for processing to another controlling entity to the extent permitted by law; and
  • 9.1.6 the right to lodge complaints concerning the processing of personal data with the Information Commissioner’s Office or other relevant supervisory body. Information on how to do it can be found at https://ico.org.uk/concerns/.

The users who wish to exercise one of the above rights should contact us in a manner specified in part 2.

10. Links to other websites

  • 10.1 This policy defines how we gather and use users’ personal data. If they enter other website through links on our website, they should also read the privacy policy of such other website. We are not responsible for any use of users’ personal data by websites of other companies not related to us.
ValuePedia Logo