Privacy Policy

Information on personal data processing

Data Controller

The personal data controller, that is the entity that decides on objectives and measures of personal data processing is: “Milarex” Spółka z ograniczoną odpowiedzialnością with registered office in Słupsk (76-200), ul. Braci Staniuków 36, entered into the register of entrepreneurs of the National Court Register kept by the District Court for Gdańsk – Północ in Gdańsk, the 8th Economic Department of the National Court Register under number 0000209848, REGON (Polish statistical number) 771483688, NIP (tax identification number) 8392756807.

Acquisition of information on personal data processing

You may contact the Controller on issues related to personal data processing at its correspondence address mentioned in clause 1 above, at e-mail address [email protected], at phone number +48 59 722 06 00; fax: +48 59 722 06 46 or via a contact form published at website

Data acquisition and purpose of their processing

The Controller acquires and processes personal data for the following purposes:

  1. pursuit of the Controller’s business activity comprising in particular entering into and executing agreements on commercial cooperation with counterparties (article 6 sec. 1 letter b of GDPR);
  2. handling requests files via the contact form published on the website (article 6 sec. 1 letter f of GDPR – the legitimate interest in form of acknowledgment of notifications sent to the Controller and possible replies to notifications and requests submitted via the contact form or entering into other forms of contact),
  3. electronic and non-electronic correspondence (article 6 sec. 1 letter b and c of GDPR);
  4. the recruitment process (article 6 sec. 1 letter a and c of GDPR), if acquisition of personal data is related to recruitment of employees and other persons to be hired by the Controller; 
  5. keeping statistics (article 6 sec. 1 letter f of GDPR – the legitimate interest in possession of information on statistics related to performed activities, which makes it possible to improve the pursued activities;
  6. analysis of traffic on the website in order to optimise the available functionalities (article 6 sec. 1 letter f of GDPR - the legitimate interest in the need to analyse traffic on the website in order to optimise the available functionalities);
  7. marketing activities for own products and services (article 6 sec. 1 letter f) of GDPR – the legitimate purpose: marketing activities to promote own business activity) – in case of persons, who have agreed for personal data processing for this purpose;
  8. filing and defence against claims (article 6 sec. 1 letter f of GDPR – the legitimate interests in need to participate in pre-trial procedures, litigations and then enforcement procedures in order to claim the Controller’s rights to defend its interests);
  9. examination of complaints (article 6 sec. 1 letter c of GDPR).

Data recipients

Personal data may be transferred by the Controller to other entities to be processed, in particular to:

  1. state authorities or other entities entitled by law, in order to fulfil obligations imposed on the Controller;
  2. entities supporting the Controller in performed business at the Controller’s request, in particular provider of external systems and services (including IT and recruitment systems and services).

The Controller will not transfer personal data to a third country or an international organisation.

Data retention period

The Controller is obliged to retain data for periods defined by law or when it is necessary for correct operations of the Controller as an entrepreneur and compliance with the accountability principle. The data will be stored for the periods defined below:

  1. data provided through a contact form – until expiry of the purpose of processing but no longer than 2 years in order to comply with the accountability principle, unless an objection to processing is raised;
  2. data provided for purposes related to the recruitment process – up to 6 month from the end of the recruitment process in respect to a given job or until consent is withdrawn;
  3. data processed for statistical purposes – throughout the period when the Controller has other legal grounds to process data than the statistical purposes; after legal grounds for processing end, personal data for statistical purposes will not be processed;
  4. data processed for the purpose of the analysis of user traffic on the website – they will be processed until an objection is raised, but no longer than through a period of existence of the legal grounds to process data for other purposes than the analysis of user traffic on the website; after legal grounds for processing end, personal data for analysis of user traffic will not be processed;
  5. data processing for marketing purposes – in case of data processing on the basis of a legitimate purpose – until an objection is raised; in case of data processing on the basis of consent – until consent is withdrawn;
  6. data processed for the purpose of submission of and defence against claims – until lapse of the period for submission of and defence against claims resulting from a specific legal relationship, that serves as its basis.

Rights related to processed data and voluntary provision of data

Every data subject has the right to access the contents of their data and the right to rectify or delete them, restrict their processing, the right to transfer data, the right to raise objection, the right to withdraw consent any time without affecting the legitimacy of processing before the consent is withdrawn (if data are processed on the basis of consent). To withdraw granted consent, you must send an email at: [email protected]

Moreover, if the processing by the Controller violates the GDPR provisions, you have the right to file a complaint to the supervisory authority, that is the Chairperson of the Personal Data Protection Office.

Data are provided on voluntary basis, but if you do not provide them, it will not be possible for the Controller:

Automated personal data processing

Personal data will not be processed in an automated manner (including in form of profiling) in such a way that such automated profiling would entail any legal consequences for an individual or have similar significant impact on a data subject.

Within the scope of performed activities, the Controller uses cookies, but it does not process personal data within the meaning of GDPR within the scope of these activities.