Privacy policy - Gerda
Home > Privacy policy

The privacy policy of the GERDA Sp. z o.o. Company


In respect of the implementation of the provisions of Regulation No 2016/679 of the European Parliament and Council (EU) from the 27th April 2016 on protection of physical persons with regards to personal data processing and free flow of such data, while repealing Directive No. 95/46/EC (referred to as  General Data Protection Regulation – GDPR), the Gerda Sp. z o.o Company, with its registered Office in Sokolow, gives you a set of necessary information about your personal data processing rules and about your rights, associated with the subject matter.

If you have any questions, regarding the mode and scope of your personal data processing by Gerda, as well as concerning your rights in this respect, please contact us, i.e., the Gerda Sp. z o.o Company, with its registered Office in Sokolow, ul. Sokolowska 49, 05-806 Komorow to the email address: or with our personal data inspector to the email address:

  1. What does this policy describe?

This policy of privacy (“the Policy”) contains the information of personal data processing by the Gerda Sp. z o.o Company:

  • defines the types of personal data which we collect and store;
  • explains how and why we store and use your personal data;
  • explains when and why we shall be sharing your personal data with other entities and
  • explains your rights and option possibilities which you have with regards to your personal data.

We want to ensure that it is clear to you if this Policy also includes the rules for your personal data processing. This Policy applies, if:

  • you are a user of a website, i.e., you make use of any of our web services: or (our website) and of the forms which they contain;
  • you are an end-user, i.e. you purchase our products or use our services as end-user;
  • you are a contractor, i.e. purchase our products or services for your business activity or provide us with any products or services;
  • you are a contractor’s representative, i.e. you represent the contractor in relations with us;
  • you are a participant of the Gerda Academy, i.e. you take part in training sessions and examinations, organised by the Gerda Academy or you are a certified editor of the Gerda Academy.

We process your personal data in accordance with the General Data Protection Regulation of the European Union (2016/679) (GDPR) and with other applicable regulations concerning data protection, which compensate and/or implement GDPR.

  1. Who is the administrator of your personal data?

The administrator of your personal data is:

Gerda Sp. z o.o.

Sokołowska 49
05-806 Komorow

(„Gerda”, „we”, „us” or „our”).

Regarding any issues, associated with your personal data processing, you may contact us by correspondence or to our e-mail address.

In order to enhance the personal data protection level, we have appointed Data Protection Inspector. This function is held by Mr Pawel Latkowski. You may contact with our Data Protection Inspector under the e-mail address:

  1. What information do we collect and from what sources?

If you are a user of our website, we collect the information, entered through the forms, contained therein, and entered by you during the website use. These are, in particular, your name, surname and contact data.

If you are an end-user, we collect the information which you provide to us via the website forms, telephone contacts, e-mail correspondence or via your profiles in the social media. We also collect the data which we receive from our contractors, e.g. with regards to submitted claims. These are, in particular, your name, surname and contact data

If you are a contractor, we collect the information, provided to us via the contact forms on the website, in the Partner’s Zone, contained in documents, which you send to us, during conversations with you, from e-mail correspondence and meetings; these are especially the pieces of information necessary to enter and implement a contract. The information may, in particular, include the name, the surname, the name of your organisation, its address, the Polish citizen ID (PESEL) No, the VAT No., the Business Register (REGON) No. and the bank account No. Your data can also be obtained from generally available sources.

If you are a contractor’s representative, we collect the information, provided to us via the contact forms on the website, in the Partner’s Zone, during conversations with you, from e-mail correspondence and meetings. The data may, in particular, include your name, surname, contact data, your position, the data of the entity which you represent and the data which are necessary to enter an agreement by us with this entity, unless they are necessary in this respect. Your data may also be transferred to us by an entity which you represent during the actual collaboration with us or which you have represented before this collaboration.

If you are a participant of the Gerda Academy, we collect the information which is entered via the contact forms on the website, in the course of registration at the Gerda Academy, in applications to training sessions, exams, in e-mail correspondence and in participation in the Gerda Academy. This information includes, in particular, your name, surname, business organisation, its address, phone number, the Polish citizen ID (PESEL) No. and image.

  1. For what purpose and on what grounds do we process your personal data?

As a rule, we process your personal data:

  1. a) under your consent (unless it is an important and effective basis for data processing) (Art. 6 section 1 letter a of GDPR), in order to:

– send you e-mail messages or text messages with information about our products and services, offers, promotional actions or events, and to respond to your questions and enquiries;

– recognise your needs and expectations;

– enable you to use the Partner’s Zone;

  1. b) when it is necessary to exercise the duties, imposed onto us by legal regulations (see Art. 6 section 1 letter c of GDPR);
  2. c) when it is necessary for the execution of our legitimate interests (see Art. 6 section 1 letter f of GDPR), when:

– we contact you, while responding to your questions, requests and remarks, handling your applications, provided to us via a contact form or through other ways;

– within our relationship we inform you about our products and services, offers or events which, in our opinion, may interest you;

– we manage our business, creating new products and services, carry out research works, assess the efficiency of our sales, marketing and advertisements;

– we handle, manage and optimise our products and services;

– we issue reports and file data;

– we ensure safety of our networks and systems.

In addition:

If you are a website user, we process your data on the basis of our legitimate interest (see Art. 6 section 1 letter f of GDPR), when we make use of analytic and profiling tools for the purpose of: tailoring our service to your needs (customisation); adapting the displayed messages (including advertisements) to your interests and methods of using online services and the technologies which we provide; managing of our business activity; support in the diagnostics of technical problems; handling or technologies and online services; identifying online service users; identifying devices to prevent abuse incidents; collection of demographic data of our users; identifying the ways in which our website is used.

If you are an end-user, we process your personal data to provide a service (see Art. 6 section 1 letter b of GDPR) or on the basis of our legitimate interest to analyse a submitted claim (see Art. 6 section 1 letter f of GDPR).

If you are a contractor, we process your personal data to enter an agreement (see Art. 6 section 1 letter b of GDPR).

If you are a contractor’s representative, we process your personal data under our legitimate interest (see Art. 6 section 1 letter f of GDPR) in the scope in which our business relationship is maintained, our talks or negotiations are carried out, agreements are entered and other issues are solved, regarding our collaboration with the entities which you represent.

  1. Whom do we disclose your data to?

If it is necessary to attain the objectives, for which your data are processed, we may disclose them to:

  1. a) entities authorized to receive such data under applicable laws (e.g. courts, legal protection authorities, administrative authorities and supervising authorities, etc.);
  2. b) outsourced entities, processing your data to our order, i.e. companies, contracted to provide us with specific services with which personal data processing is associated. For example, these outsourced contractors may handle our IT systems or give us access to their communication and IT tools. These may also include specialised entities, providing us with services in the scope of law, accounting and booking, advising, consulting and marketing, as well as research agencies;
  3. c) other entities in the same Capital Group, to which we belong, i.e. equity related, directly or indirectly, with the Gerda Sp. z o.o. Company.

In addition:

If you are an end-user, we may disclose your data to our contractors, i.e. the entities with which we collaborate, e.g. in the scope of dealing with claims.

If you are a contractor, a contractor’s representative or a participant of the Gerda Academy, we may transfer your data to the users of our website, unless these data are made available.

In every case your data are disclosed, we shall ensure that the disclosed information will only include a minimum of the information, necessary to  achieve the purpose of data processing.

Your data will not be transferred beyond the area of the European Economic Area (EEA). In case, when your data were to be transferred beyond the EEA’s boundaries, we shall do our best to ensure that our cooperation with such entities was founded on appropriate legal bases and that those entities guaranteed appropriate data protection standards.

  1. How long do we store your data?

Your data are stored for the period necessary to achieve the goals, presented in our policy of privacy protection, and conformable with our data storage policy (unless a longer period is required by the applicable law). Our data storage policy is based on the provisions of an applicable law. We shall store and make use of your data in the scope necessary to meet legal requirements (e.g. if we have to keep your data for tax purposes), for solution of disputable matters, to implement agreements, settle disputes or for any purpose, defined in this privacy protection policy.

In case of your data processing, carried out on the basis of your consent, we shall store your data for the period till your consent is withdrawn and, after that, for a period and in the scope required to pursue by Gerda a legitimate interest of the data controller.

  1. What are your rights?

While asserting your rights in the scope of personal data processing, you may address the following demands to us:

  1. a) if we process your personal data on the basis of your consent, you may withdraw this consent at any time; keep in mind, however, that the consent withdrawal does not affect the compliance with the law of data processing, carried out by us under your consent before it has been withdrawn;
  2. b) you may request an access to your personal data and obtain their copy.
  3. c) you may exercise your right to transfer your personal data, i.e. to demand from us your personal data to be returned to you in a structured, commonly used and machine readable format, as well as you may ask us to send the data directly to another data administrator, if we process these data in an automatic way, on the basis of your previous consent;
  4. d) you may demand to correct your personal data, if they are incorrect or incomplete;
  5. e) because of your special situation, you may submit an objection against the processing of your personal data, if we process them with regard to our legitimate interest; you may also object to the processing of your data for the needs of direct marketing;
  6. f) in cases defined by the law – e.g. if your data are invalid/obsolete, redundant, unlawfully processed and also, if you have withdrawn your consent to their processing (if the consent was the basis for their processing) or have effectively submitted your objection, regarding your personal data processing – you may request your personal data to be cancelled;
  7. g) you may also request to restrict your personal data processing for the period when your submitted objection or request, concerning the correctness of your personal data, the compliance of your personal data processing with the applicable law or our legitimate interest, as well as if you need the data for the purpose to determine, investigate or defend your claims.

For this purpose, contact us through correspondence or to the email address:

In any case, when you consider our processing of your personal data to be incompatible with the provisions of GDPR, you have also the right to submit a complaint to President of the Personal Data Protection Office.

  1. Do you have to provide your data?

Your providing us with your data is entirely arbitrary, however, without these data, we shall not be able to achieve the above-mentioned goals, including, in particular, responding your questions and enquiries, presenting you our offers, concluding agreements nor maintaining business relations, etc.


We make use of cookie files and of other monitoring technologies in order to: (i) extend our knowledge on how the users (“the Users”) enter and use our website or the website (“the Website”) and (ii) improve the quality of your experience, resulting from your interactions with us in the net. This policy of website and cookie file use contains the information about our technologies and their handling methods.

  1. Cookie files and other monitoring technologies: Definition

A “cookie” is a text file which is sent by a website to the visiting computer or to any other device, connected with the internet, in order to identify the visitor’s browser or to record the information or settings from the visitor’s browser. A cookie file usually contains the name of the domain from which it has been sent, its “life period” and a randomly generated, unique identifier.

We can use other technologies, including web beacons and JavaScript, which – in certain cases – support our website, together with cookie files and other means, in order to have your device identified. Those other technologies enable to activate specific functions on our website. We can also make use of certain technologies in order to find out if the e-mail message, which we have sent to you, has been opened or if the link, contained therein, has been clicked by you.

  1. How do we use cookie files?

In the course of using our net services, both we and other entities (such as advertising networks) may acquire an information about the users on their network using mode in general, their use of the network in time and on the use of third person websites.

We use cookie files for various purposes. For example, we monitor the total number of our website visitors – by anonymous and aggregated rules. We can also use cookie files to remember you, when you visit our website again or to customise the website to your preferences. In this situation, certain information may be associated with the cookie file, including your personal data.

The monitoring technologies may be of permanent (i.e. the files will remain on your computer or device till you cancel them) or session character (i.e. the files will remain till browser closing).

Our website uses, in particular, the following cookie file types:

  • Necessary cookie files These are files which are necessary to provide services and ensure the availability of the functions which you clearly request for. We can use cookie files and the monitoring technologies to prevent abuses, improve safety, for system administration and to enable your access to the payment functionality. We do need to obtain your prior consent with regards to the cookie files, the use of which is necessary for us.
  • The cookie files, which are used for performance analysis and assessment. We may use cookie files to evaluate our website performance, including our analytical activities, undertaken to improve the quality of the contents which are offered via the website.
  1. Setting and deletion of cookie files

You may refuse the use of cookies by selecting the appropriate settings on your browser or set it in such a way that you will be informed each time you receive a cookie file.

Remember, however, that a total refusal of cookie files may result in an inability to use all the functions of our website.

Alternatively, you can also visit the site, which contains a detailed information on how to switch off cookie files in your browser or device, as well as a more general information on cookie files. The information on cookie file deletion from your mobile can be found in its operation manual. You may also give up receiving cookie files.

Remember that any limitation, imposed on cookie file reception, may affect the access to website functions.

  1. Server’s logs

The information about certain Users’ behaviours is subject to login at server layer. The data are used exclusively for service administration and to ensure the most efficient handling of provided hosting services.

Reviewed resources are identified by URL addresses. In addition, the following data may be required to be entered:

  • the time of enquiry,
  • the response time to enquiry,
  • the name of the customer’s workstation – this identification is handled by http protocol,
  • the information about errors which have occurred during http transaction processing,
  • the URL address of the website previously visited by the User (reference link) – in case, when the transfer to a new website has been done via a link,
  • the information about the User’s browser,
  • the information about the User’s browser,

These data are not referred to specific persons, browsing this particular website, and are used exclusively for the server’s administration purposes.