Privacy Policy 2021

Privacy Policy


In the interest of clarity and precision, we use the following definitions throughout this Privacy Policy:

Privacy Policy This Policy as fulfillment of your information obligations to you under Articles 13 and 14 of the GDPR.
Data Personal data, i.e. any information about an identified or identifiable person to whom the data relates – in relation to them the obligation to provide information is fulfilled by making the information contained in the Privacy Policy available on an ongoing basis
You You, and therefore the person whose Data we process in accordance with the Privacy Policy.
We/Controller/PolSource PolSource S.A with its registered office in Cracow (Poland), ul Dworska 1 A /LU4,  National Court Register number (KRS) 0000660076, statistical number REGON: 12000394200000, Tax Identification Number NIP: 6792835633, the entity providing the Privacy Policy, which is also the Data controller.
PolSource Group PolSource S.A with its registered office in Cracow (Poland), PolSource, Inc. with its registered office in Austin (Texas, USA) and PolSource Ltd. with its registered office in London (the United Kingdom), cooperating in the provision of services to clients.
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)


The Policy applies to the processing of data collected: (a) in connection with the services we provide and are collected most commonly from Polsource Group customers or data subjects acting on behalf of customers in project communications, including by email; (b) in connection with services provided by third parties to us.

In particular, but not exclusively, Data may include: the identifiers of the devices through which you access our site or use in the course of the relationship between us and the client you represent, contact information such as name, surname, e-mail address, registered or correspondence address, job title, possibly other data necessary for the purposes indicated below.

To summarize, we may receive Data: either directly from you or from third parties, most often customers to whom we provide services or entities that provide services to us. 

In addition, data of persons visiting may be collected via cookies (more information in this regard in the Cookies Policy). 

[Purposes, legal basis and duration of processing of personal data].

We process your personal data for the purposes set out below. For each purpose, we have indicated the legal basis for the processing and the criteria for the period of processing for that purpose.

Appropriately customizing the information displayed on the website and measuring user interactions on websites, as well as adjusting and improving the way the website works.

Art. 6  (1) (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller)

Controller’s legitimate interest in this regard is, among other things, to ensure that users can conveniently and uninterruptedly use the website

Depending on the cookie. The cookies used are installed for different periods. Some of them expire when the browser is closed, others are active for several days, months, or even years, mainly so that information about the user’s choices is not lost. After this period, they will be removed.
Processing data to provide services and ongoing contact with customers.

Art. 6  (1) (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller);

The legitimate interest of the Controller is to provide resources and services to customers and persons designated by customers.

Until the relationship with the client in question is terminated and the statute of limitations on claims has expired.
Administration of existing contracts with service providers and customers

Art. 6  (1) (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller);

The legitimate interest of the Controller in this case is the correct execution of contracts concluded with service providers or customers

Until the limitation period for these claims is met.
Communication on joint projects of PolSource Group.

Art. 6  (1) (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller);

The legitimate interest of the Controller in this case is the proper execution of activities jointly performed with companies of PolSource Group, as specified in cooperation agreements concluded by them.

Two years

We only process Data for as long as it is necessary. After the purpose for which the Data was processed has been fulfilled, the Data will be deleted or anonymized, unless we are required or authorized by law to retain some or all of the Data.

[Effects of refusal to provide data]

If the data is necessary for us to provide the services of the entity you are contacting us for or on our behalf, failure to do so may lead to substantial impairment of those services.

[Data recipents] 

Recipients of particular categories of Data may be: authorities before whom proceedings are pending or who request access to such Data, including from foreign jurisdictions, to the extent and for the purpose agreed with you. In addition, recipients may be persons who provide services to us, including but not limited to IT, accounting, legal, etc. services, and carriers and couriers. PolSource Group companies are also recipients of data to the extent necessary to provide services. 

In the course of its business, where required to provide services as part of PolSource Group’s joint projects. PolSource may occasionally transfer personal data to its counterparts in the United Kingdom or the United States. Since the European Commission has not approved an adequate level of protection for the transfer of data to the United States, we have, in accordance with European Union law, entered into a special agreement with our company in the United States (PolSource Inc., based in Austin, Texas) based on the standard contractual clauses approved by the European Commission, the use of which is governed by Article 46 GDPR.  You can find more information at the following link:

 [Your rights]

GDPR, depending on your situation, grants you a number of rights in relation to the processing of your Data. These are:

(a) right of access by the data subject and to receive copy of personal data undergoing processing.; (b) right to rectification; (c) right to erasure (‘right to be forgotten’); (d) right to restriction of processing; (e) right to withdraw consent at any time. Please, keep in mind that consent  withdrawal is not affecting the lawfulness of processing based on consent before its withdrawal;(f) the right to data portability; (g) the right to object to the processing of Data;

If you believe that processing of your data by us violates the law, you can file a compliant with the President of the Office for Personal Data Protection. For more information please click here:

[Automated Decision Making]

We do not make decisions by automated means, including profiling.

[Information Update

This Privacy Policy is up-to-date information about the processing of your Personal Data. Its content may change in order to be consistent with the facts regarding our processing of your Data. 


If you have any concerns about our processing of your Data, please contact us by sending an email to: