Privacy policy of the


  1. General
    1. The controller of personal data collected via the website is the company DIGITALBUILDINGDATA SP. Z O.O., with its registered office in Katowice (postal code: 40-850), at ul. Gabriela Narutowicza 16, holder of NIP (tax identification number): 6342985195 and REGON number (National Business Registry) 1387711304, entered in the register of businesses of CEIDG (Central Registration and Information on Business), e-mailing address (hereinafter, “Controller”), who is also a service provider.
    2. The personal data collected by the Controller through the website are processed in accordance with the applicable law, in particular in accordance with the General Data Protection Regulation No. 2016/679  of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR") and the Personal Data Protection act of 10 May 2018.
  2. Types of processed data, purpose and scope of data processing and data recipients
    1. Purpose of data processing and legal basis. The Controller processes personal data through the website if its users:
      • Use the contact form. The personal data are processed pursuant to Art. 6 sec. 1 lit. f GDPR for the purposes of the legitimate interests pursued by the Controller.
      • Sign up for the Newsletter for the purpose of sending commercial email marketing messages. The personal data are processed upon providing by user a separate consent, pursuant to Art. 6 sec. 1 lit. a GDPR
    2. Type of personal data processed.

      The categories of the user’s personal data processed by the Controller are the following:

      • Name and surname,
      • E-mail address.
    3. Period of personal data storing

      Personal data of users are stored by the Controller.

      • if the data are processed on the basis of performance of a contract, for no longer than is necessary for the performance of the contract, and after that time, for a period corresponding to the limitation period. Unless a special provision says otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business activity - three years.
      • if the data are processed on the basis of a consent, as long as the consent is not revoked, and after the consent is revoked: for a period of time corresponding to the limitation period that may be brought by the Controller and that can be made against it. Unless a special provision says otherwise, the limitation period is six years, for claims for periodic benefits and claims related to running a business – three years.
    4. When users use the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
    5. Navigational data, including information about links they decide to click or other Website activity, may also be collected from the user. The legal basis for that type of activity is the legitimate interest of the Controller (Art. 6 sec. 1 lit. f GDPR) in facilitating the use of services provided by electronic means and improving the functionality of those services.
    6. Providing any personal data by the user is voluntary.
    7. Personal data will also be processed in an automated manner in the form of profiling, provided that the user gives consent pursuant to Art. 6 sec 1 lit. a GDPR. As a result of profiling, a given person will be assigned a profile in order to make related decisions or analysis or predict their preferences, behaviours, and attitudes.
    8. The Controller exercises due diligence to protect the interests of data subjects

      and in particular ensures that the collected data are

      • processed in accordance with the law,
      • collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
      • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  3. Personal data sharing
    1. Personal data of users are transferred to service providers used by the Controller when running the website. Depending on contractual arrangements and circumstances, service providers the personal data are transferred to are subject to the Controller’s instructions as to the purposes for which and the means by which those data are processed (data processors) or determine the purposes for which and the means by which those data are processed (data controllers).
    2. Personal data of Customers are stored only within the European Economic Area (EEA).
  4. Right to control, right of access, and right to rectification of your own data
    1. The data subject has the right to access their personal data and the right to request from the Controller rectification or erasure of personal data or restriction of processing, the right to data portability, the right to object, the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
    2. Legal grounds for the Customer’s request:
      • Right of access – Art. 15 GDPR.
      • Right to rectification – Art. 16 GDPR.
      • Right to erasure (‘right to be forgotten’) – Art. 17 GDPR.
      • Restriction of processing – Art. 18 GDPR.
      • Data portability – Art. 20 GDPR.
      • Right to object – Art. 21 GDPR
      • Right to withdraw consent – Art. 7(3) GDPR.
    3. In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address:
    4. If the user wishes to exercise (one of) their rights referred to in point 2, the Controller shall immediately grant the request or refuse to grant it, but not later than within a month after receiving the request. If, however, due to the complex nature of the request or the number of requests, the Controller is unable to grant the request within a month, it will grant it within the next two months after informing the user within a month of receiving the request about the intention to extend the deadline and the reasons for that.
    5. If it is found that personal data are processed in violation of the GDPR provisions, the data subject has the right to bring a complaint to the President of the Personal Data Protection Office.
  5. Cookies
    1. The Controller website uses cookies.
    2. Installation of cookies is necessary for the provision of website services. Cookies contain information necessary for the website to work properly and allow the Data Controller’s to compile general statistics of website visits.
    3. The website uses functional and configurable types of cookies
    4. The Controller uses its own cookies to better assess how the user interacts with the content of the website. The files gather information on how the user uses the website, the type of website the user was redirected from and the number of visits and the duration of the user’s visit on the website. That information does not register specific personal data of the user, but is used to compile statistics on the website use.
    5. The user has the right to choose whether cookies can be placed on their computer by selecting them in the window of their browser. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
  6. Final provisions
    1. The Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk and categories of data protected, and in particular, protects the data against unauthorized disclosure, removal by an unauthorized person, unlawful processing and alteration, loss, damage, or destruction.
    2. The Controller provides appropriate technical measures to prevent unauthorized persons from acquiring and altering the personal data sent electronically.
    3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.