Privacy Policy

The trust of people whose personal data we process and compliance with legal provisions regarding the protection of personal data are very important to us. We would like to notify you of our principles for collecting, processing, securing, transferring and using personal data and inform you who you can turn to in matters related to personal data.

In accordance with the requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”, we inform as follows:

(1) Personal Data Controller

The Personal Data Controller, hereinafter referred to as the “Controller”, is:

getsix Polska Sp. z o.o. with its registered seat in
ul. Zwycięska 45, 53-033 Wrocław
NIP: 1010003288
KRS: 0000271247

The Controller is responsible for the use of personal data in a safe manner, consistent with the purposes for which it was collected and in accordance with the applicable law.


(2) Contact with the Controller

Controller’s contact details:
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: ul. Zwycięska 45, 53-033 Wrocław

Contact with the Data Protection Supervisor
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: ul. Zwycięska 45, 53-033 Wrocław

General Provisions

We use the personal data collected only for specific, legitimate purposes for which this data was collected. The scope of personal data, the purpose of its processing, the legal basis for such processing, the processing period and the categories of recipients of data result from the legal requirements of the Controller and the nature and scope of actions taken by the data subject.


(3) The purpose of data processing by the Controller, the legal basis for processing and the storage period:

(a) The purpose for data processing: Take action at the request of the data subject before concluding a contract (e.g. preparing an offer).

legal basis for processing: Article 6(1)(b) of the Regulation (“the performance of a contract”)
Storage period: The data is stored for the period necessary to complete, terminate or expire a contract and for the period after which any legal claims may expire.

(b) The purpose for data processing: The conclusion and performance of a contract (including providing appropriate quality of services)

legal basis for processing: Article 6(1)(b) of the Regulation (“the performance of a contract”)
Storage period: The data is stored for the period necessary to complete, terminate or expire a contract and any settlements and for the period after which any legal claims may expire.

(c) The purpose for data processing: Conducting direct marketing (directing messages to carefully selected individual clients, in individual contact in order to obtain a direct response (reply))

legal basis for processing: Article 6 (1)(f) of the Regulation (“legitimate interests pursued by the Controller”)
Storage period: The data is stored for the duration of the legitimate interest pursued by the Controller and for the period after which any legal claims may expire. In the event of an effective opposition to the use of the data subject’s personal data, the Controller will no longer process this data for direct marketing purposes.

(d) The purpose for data processing: Conducting marketing

legal basis for processing: Article 6 (1)(a) of the Regulation (“the data subject’s consent”)
Storage period: The data is stored until the data subject withdraws the consent for further processing of their data for marketing purposes.

(e) The purpose for data processing: Issuing, collecting and storing invoices and accounting documents as well as keeping accounting books

legal basis for processing: Article 6 (1)(c) of the Regulation (“compliance with a legal obligation”) in relation to Article 74 (2) of the Accounting Act and Article 86 (1) of the Tax Ordinance Act.
Storage period: The data is stored for the period in which the provisions order the keeping of accounting books and accounting documents (i.e. for 5 years, counting from the beginning of the year following the fiscal year to which the data pertains) and for the period after which any tax liabilities may expire.

(f) The purpose for data processing: Responding to complaints within the period of time and in the form provided for by law

legal basis for processing: Article 6(1)(c) of the Regulation (“compliance with a legal obligation”)
Storage period: The data is stored for the duration of 1 year after the end of the warranty period or settlement of the complaint, and then for the period after which any legal claims may expire.

(g) The purpose for data processing: Expression of the opinion by the Client

legal basis for processing: Article 6 (1)(a) of the Regulation (“the data subject’s consent”)
Storage period: The data is stored until the data subject withdraws the consent for further processing of their data for this purpose.

(h) The purpose for data processing: Detection and prevention of misuse

legal basis for processing: Article 6(1)(c) of the Regulation (“compliance with a legal obligation”)
Storage period: The data is stored for the duration of a contract, and then for the period after which the claims resulting from the contract expire. If the Controller pursues claims or notifies competent authorities – for the duration of such proceedings and “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally finished, paid off, settled or expired”.

(i) The purpose for data processing: Specifying, defending and pursuing claims raised by or against the Controller (including the sale of debt to another entity)

legal basis for processing: Article 6 (1)(f) of the Regulation (“legitimate interests pursued by the Controller”) in relation to Article 74 (2) of the Accounting Act.

Storage period: The data is stored:

  • for the period after which the claims resulting from a contract expire;
  • if the Controller pursues such claims in civil proceedings or in criminal or tax proceedings, the accounting proofs (which may contain personal data) must be kept “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally finished, paid off, settled or expired”;
  • for the period in which the Controller may incur legal consequences of non-compliance, e.g. be fined with an administrative penalty.

(4) Data recipients

In order to perform a contract and to ensure the proper functioning of the Controller’s website, he uses the services of third parties cooperating with him (for example: postal services, couriers, payment service entities). Personal data is transferred to third parties only if and to the extent that makes it necessary to achieve the purpose of processing. Personal data provided to third parties may be used only for the purpose of the task ordered by the Controller.

Personal data may be provided to the following recipients cooperating with the Controller:

  • Subsidiaries of the getsix® Group – getsix Wrocław Sp. z o.o., getsix Poznań Sp. z o.o., getsix Szczecin Sp. z o.o., getsix Warszawa Sp. z o.o., getsix Katowice Sp. z o.o., getsix Services Sp. z o.o., getsix Polska Sp. z o.o. – to the extent necessary for the purposes resulting from the legitimate interests pursued by the Controller, including internal administrative purposes;
  • entities conducting postal, courier and similar activities (e.g. courier brokers) – to the extent necessary to carry out the delivery and correspondence;
  • selected entities acting on behalf of the Controller when handling accounting, tax, advisory, legal and debt recovery matters (including entities purchasing debt) – to the extent necessary to carry out a specific purpose of processing;
  • entities providing technical assistance services provided to the Controller and IT solution providers enabling the Controller to operate (for example, software, e-mail and hosting providers) – the Controller provides personal data to the trusted provider acting on his behalf only in the case and to the extent necessary to carry out a specific purpose of processing;
  • providers of solutions which serve the purpose of expressing/publishing client opinions – to the extent necessary to express such opinions.

(5) Transferring data outside the EEA

Personal data may be transferred outside the European Economic Area (including the European Union, Iceland, Liechtenstein and Norway) to Google LLC based on appropriate legal safeguards, which are standard contractual clauses of personal data protection, approved by the European Commission; see also point 9 Online Analysis.


(6) The rights of the data subject

The processing of personal data does not require any consent if, among other things: the processing is necessary to perform a contract, or take actions before a contract is concluded, results from a legal obligation of the Controller or is necessary to carry out the legitimate interest of the Controller. If the consent is necessary to be able to process personal data for a specific purpose, the Controller asks for such consent. The consent given can be withdrawn at any time.

In the event of withdrawal of consent, the data will no longer be processed to the extent that the consent was granted, but the withdrawal of the consent will not affect the lawfulness of the processing, which was made on the basis of consent before its withdrawal.

Pursuant to the principles set out in the Regulation, the data subject also has the right: to demand from the Controller access to the personal data relating to them, rectify it, delete it (“to be forgotten”) or limit its processing, to object to the processing, as well as to transfer such data.

If personal data is processed for direct marketing purposes, one can object at any time to the processing of this data for marketing purposes, including profiling, to the extent to which the processing is related to direct marketing.

In order to perform the above rights, an application should be submitted to the Controller by e-mail, letter or in person at the Controller’s office; Controller’s contact details can be found in point 2 above. To make sure that the person submitting the application is entitled to submit it, the Controller may ask for additional information confirming the identity of the person submitting.

The provisions of the Regulation indicate to what extent each of these rights can be used. This will depend in particular on the legal basis and purpose of personal data processing by the Controller. The above rights can be used free of charge not often than once per 6 months. In accordance with Article 12 of the Regulation, if the data subject’s demands are manifestly unjustified or excessive, in particular because of its continuing nature, the Controller may charge a fee.

The data subject has the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection.


(7) Obligation or no obligation to provide personal data

Using the Controller’s services and providing personal data to him is voluntary. However, the data subject is obliged to provide it in connection with:

  • concluding a contract with the Controller – in this case, providing personal data is a contractual condition and the data subject is obliged to provide the required data if they want to conclude a contract with the Controller. Each time, the extent of data required to conclude a contract is communicated to the data subject. Failure to provide this data results in failure to conclude such contract;
  • implementing the obligations arising from the provisions of law on the Controller – in this case, providing personal data is a statutory condition resulting from the provisions imposing on the Controller the obligation to process personal data (e.g. in connection with the obligation to issue, collect and store invoices and accounting documents and keep accounting books). Failure to provide this data will prevent the Controller from performing the indicated obligations, which will result in failure to conclude a contract.

(8) Use of data for advertising purposes

8.1 Newsletter
Our newsletter is sent only to people who have given us consent to send it by providing their e-mail address. At any time, consent to receive the newsletter can be withdraw by clicking on the unsubscribe link provided in each newsletter sent or by contacting the Controller at the above address.

Necessary personal data may be transferred to countries outside the European Economic Area due to the newsletter service provided by the Controller. The transfer is therefore necessary for the provision of services to the user. In such a case, the transfer of data takes place on the basis of appropriate safeguards in accordance with the provisions of personal data protection.

The Controller currently sends the newsletter using the MailChimp platform, therefore the recipient of your data is The Rocket Science Group LLC with the seat 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

This entity guarantees that personal data transferred to the United States of America is secure because they are protected under the EU-US agreement – see also Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176) (Text with EEA relevance)

For more information about security measures, how to obtain copies of these security measures, and where to make them available, contact the Controller at the above address.

8.2 Banner advertising
A banner ad is an advertisement which takes the User to another website by clicking on it. As part of banner advertising, for example, products that Users have viewed, or similar products are presented to Users. We can also present ads of our partners.

Banner advertising uses cookies or pixels. Direct information about the User is not saved. Only pseudonymised data is used. Additional information about cookies, pixels and retargeting/remarketing is provided below.

8.3 Cookies
The Controller’s websites use cookies i.e. text files saved on the User’s device. These files allow you to analyse the way of using a website and identifying the User’s web browser. By entering appropriate browser settings, you can block the installation of cookies – this may limit the functionality of the website.

The Controller may process data contained in cookies for anonymous analysis of visitors’ activities, study their behaviour (e.g. opening specific websites) in order to provide them with advertisements tailored to their expected interests, also when they visit other partner websites of Google Inc. and Facebook Ireland Ltd. advertising network and to improve the administration of Controller’s websites.

8.4 Onsite Targeting
The Controller uses cookie technology to conduct the analysis of visitors’ activities (e.g. opening specific subpages) and may present the User with advertisements and/or special offers. The purpose of these activities is to provide the User with content that most closely matches the area of his search.

8.5 Retargeting, third-party cookies and third-party data collection for the purposes of banner advertising
The Controller’s websites use retargeting technology (remarketing).

The Controller uses the services of third parties who use cookies on the Controller’s website, they are:

Google Analytics, Universal Analytics and Google Remarketing provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Detailed information on the functioning of the above services is available at www.google.com/intl/pl/policies/privacy/partners/ see also https://policies.google.com/privacy/update?hl=pl&gl=pl

and

Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Detailed information is available at https://www.facebook.com/about/privacy

The User can disable cookies by changing the settings of their web browser.

8.6 How can you block the saving of cookies?
In order to block the saving of cookies, the User should enable the settings in the web browser to accept the saving of cookies only if they agree.

To accept the use of Controller’s cookies, and at the same time block the use of third-party cookies, select the option “Block third-party websites’ cookies” in the browser settings.

8.7 Competitions, market research and opinion surveys
Each competition and promotional campaign has separate Regulations. In order to take part in them, the User is asked to provide the personal data listed in the Regulations and by giving consent, including the use of telecommunication devices in market research or opinion surveys (phone number, e-mail address) by the competition organizer for the purpose of direct marketing by the Controller. Shared personal data will be processed for the purpose of conducting the contest, notifying of the winnings and for the needs of market research or opinion survey.

The answers provided as part of market research or opinion survey are not made available to third parties or published.


(9) Online analysis

The Controller uses Google Analytics provided by Google for analysing website traffic. Google Analytics analyses the User’s behaviour on the website through the use of cookies. The information generated by cookies on the use of the website by the User (including their IP address) is passed to Google and stored on its servers in the USA. Google will use this information to analyse the use of websites by the User, create reports for the websites using Google Analytics and provide other services. Google may also transfer this information to third parties, as required by law, or if third parties process this information on behalf of Google.

By using the website, the User consents to the processing of their data by Google in the manner and for the purposes set out above.

The website is analysed by Google Analytics with the extension “_anonymizeIp ()” and therefore the IP addresses are processed only in abbreviated form, which makes it impossible to directly link the address to a given User.

The User can opt out of cookies by entering the appropriate browser settings. This may limit the functionality of the website and it may not be possible to use all of its functions.

The consent to store and collect personal data can be withdrawn at any time with effect for the future.

In order to prevent the transmission of data generated by a cookie file related to the User’s use of the website (including the IP address) to Google and the processing of such data by Google, it is sufficient to download and install the blocking plug-in available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en


(10) Server log file

The web browser provides data about the User’s activities on the Controller’s websites, which are saved in the server log files. The data records saved in this way contain the following data: date and time of downloading, name of the page being opened, downloaded data volume, as well as information about the product version of the web browser used, IP address, reference website URL (the address of the website from which the user was redirected).

The server log file data records are analysed in order to remove errors, manage server performance, protect against DDoS attacks, and customize offers.


(11) Automated decision-making and profiling

Personal data will not be used for automated decision-making that will cause legal effects for the data subject, including for profiling.


(12) Final Provisions

Controller’s websites may contain links to other websites. Such websites operate independently of the Controller and are not supervised by the Controller in any way. The Controller recommends reading privacy policies after going to other websites. The Controller is not responsible for the principles of data handling on these websites.

Get in touch