1.    PERSONAL DATA

We are publishing this document to explain the reasons for the collection and processing of personal data as part of our business:

1.1. What is personal data?

It is all information that allows one to distinguish one person from the others without much effort. It can apply both directly to that person (such as their name, identification number, and sometimes even their email address or online account), as well as the information that does not describe them directly. For example, they concern the person’s characteristics, such as state of health, views, place of residence, addictions, race or religion.

1.2. What personal data is being considered in our case?

We process data provided to us by our Customers, Contractors and Employees in connection with the use of our services, cooperation with us or employment.

1.3. What is data processing?

Processing is all activities that we can perform with personal data – related to both their active use, such as collecting, retrieving, recording, combining, modifying or sharing, as well as passive use, such as storing, limiting, deleting or destroying.

1.4. Who is the data administrator (i.e. who influences their processing and security)?

The administrator of data is the Bydgoszcz Regional Development Agency Sp. z o. o. in Bydgoszcz, ul. Unii Lubelskiej 4C, 85-059 Bydgoszcz,  KRS 0000489734, tel. 48 52 585 88 23, e-mail: barr@barr.pl, represented by the President of the Management Board – Ms. Edyta Wiwatowska.

1.5. On what legal basis and for what purpose do we process personal data?

Any processing of personal data must be based on an appropriate legal basis in accordance with applicable law.  Such a basis may be a person’s consent to the processing of data or other legal provisions  contained in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as GDPR) or in various acts of national law, such as laws or regulations.

Personal data may be processed by us for several different purposes, for example:

  • Personal data can be provided to us by e-mail. Data is then processed based on your consent (Article 6(1)(a) of GDPR), which is express automatically at the time when the data is shared (e.g. e-mail address). Your consent is voluntary and can be withdrawn at any time. In this case, we will immediately delete all information provided, unless you have become our Customer.
  • In case of Clients or persons interested in using the services we provide, we process personal data in connection with the contract concluded or in preparation for the conclusion of such a contract (Article 6(1)(b) of GDPR). This is always done according to your knowledge and will.  By expressing your intention to conclude a contract, you are aware of what personal data will be needed to sign the contract, and after signing it, it is clear what data has been provided or will be provided for this purpose later.
  • In case of Users of the services we offer, e.g. the recipients of marketing information prepared by us – we will process personal data based on one’s consent (Article 6(1)(a) of GDPR). Consent can be expressed verbally during a phone call or by responding positively to the inquiry we sent about the possibility of delivering an offer. The consent is voluntary and can be withdrawn at any time. In this case, we will stop providing the service and delete all the data provided immediately.
  • Data may also be processed in connection with the need to ensure the security of our IT network and information. This will happen when our IT infrastructure is used, e.g. by accessing our website or sending us messages. This is our legitimate interest (Article 6(1)(f) of GDPR).
  • If you are interested in becoming our employee, your personal data is processed in the form of an application or CV provided. This is done at your request (Article 6(1)(b) of GDPR) and with written consent, which can be withdrawn at any time. In this case, the application will not be considered by us and we will immediately delete all data provided. However, upon employment with us, further rules for data processing and the mandatory scope of their transfer and further processing are determined by the provisions of labor law (Article 6(1)(c) of GDPR).

1.6. Who is the data shared with?

In accordance with applicable law, we may transfer personal data to entities processing it on our behalf, such as a postal operator, accounting office, IT service providers or other subcontractors of our services indicated in the contract concluded. If, as our employee, a person has become a participant in the Employee Capital Plan, we will transfer the data to the financial institution that manages it. We are also obliged to make them available at the request of entities authorized to do so under other legal provisions (e.g. courts or law enforcement authorities). However, disclosure will only take place if they make a request to us in this matter, indicating the legal basis that allows them to make such a request.

We do not provide for the transfer of personal data to third countries or international organizations, i.e. outside the economic area of the European Union. In the European Union, thanks to the GDPR, the same level of protection for personal data is available in all member countries. The text of the GDPR is available in the Official Journal of the European Union.

1.7. How long will personal data be processed?

We pay great attention to limiting the scope of data we collect, as well as the time of their processing, to the necessary minimum. For this purpose, we carry out systematic reviews of our paper and electronic documents, removing unnecessary ones that have expired. Please note that the time of processing of your data, depending on the basis on which we obtained it, may be determined by separate legal regulations independent of us, which may impose an obligation on us to store personal data, regardless of ones will or willingness. Examples include labour law, social security law or accounting regulations.

If you have personally used our services and we have concluded a contract in this matter, in accordance with accounting regulations, we will hold your personal data in the financial and accounting documentation generated in this connection and process it for a period of five consecutive calendar years from the date of purchase/conclusion of the contract.

If the data we hold is to be used for a purpose other than that for which it was obtained, you will always be informed by us and will be able to object to this.

1.8. What are the rights in relation to personal data?

If your personal data is being processed, you always have the right to:

  • request access to data – within the limits of art. 15 of GDPR);
  • their rectification – within the limits of art. 16 of GDPR);
  • request for removal – within the limits of art. 17 of GDPR);
  • or limitation of processing activities – within the limits of art. 18 of GDPR);
  • transfer data, including obtaining a copy thereof – within the limits of art. 20 of GDPR);
  • object to the processing of data – within the limits of art. 21 of GDPR);

All these rights are discussed in detail in Articles 15 to 21 of the GDPR, the text of which is available in  of the Official Journal of the European Union.

Consent to the processing of personal data can also be withdrawn, in which case we will immediately delete your personal data, unless there is a legal obligation requiring us to further process it.

If you believe that in any way – which we obviously do not want – we have violated your rights or failed to ensure the security of your personal data, you have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.

1.9. Automated decision-making and information about profiling.

We do not make any automated decisions taking place without human intervention based on personal data. We also do not take any profiling activities.

1.10. How is your personal data protected?

In order to ensure personal data security, we use the organizational and technical measures required by law. We have installed the necessary physical safeguards at our premises to prevent unauthorized persons from accessing the data. Our employees have the required authorizations and may process data in a limited manner, i.e. only to the extent necessary for the proper performance of their official duties.

1.11. Protection of privacy of minors

Our site does not monitor or verify information about the age of users, senders and recipients of messages, and those interested in receiving notifications about our activities, including newsletters. Contact information from visitors (such as phone numbers and email addresses of users) is used to fulfil orders, send information about our company and commercial offers.

Minors should not send any information or place orders or subscribe to services provided by our company without the consent of their parents or legal guardians. We will require such consent in each case when we obtain knowledge that the user is a minor (“child”) within the meaning of art. 8 of the GDPR, that is, they are below 16 years old.

1.12. Contact details for the Data Protection Inspector

In all matters related to the protection of personal data, you can contact the Data Protection Officer appointed by us, whose function is performed by Sławomir Rzepecki, tel. 602-734-255, email  rodo@barr.pl or by sending correspondence to the address provided in point 1.4.

2.    COOKIES

2.1. What are cookies and what are they for?

Cookies are text files that are saved on your device and used by the server to recognize this device when you reconnect. Cookies are collected at each “entry” and “exit” from the website. Cookies are not used to determine the  identity of users, but only the device – among others, so that after recognizing the browser you use, the displayed image is best suited to the technical capabilities of the equipment (e.g. its resolution) or its type (desktop or mobile version).

Cookies are most often used for counters, polls, online stores, websites that require logging in, advertisements and to monitor visitor activity. Cookies also allow, among other things, to remember your interests and adapt websites to them in terms of the content displayed and advertising matching.

Currently, cookies are used by virtually all websites operating on the Internet – search engines, information websites, blogs, online stores, websites of offices, magazines and newspapers, and so on. They are also used by our website.

More information on cookies can be found at the website of the Association of Employers of the Internet Industry IAB Polska .

2.2. What do cookies do?

In general, they operate on the following principles:

  • they identify computer and browser data used to browse websites – they allow, for example, to find out whether a given computer has already visited the website,
  • data obtained from cookies are in no way combined with personal data of users obtained, for example, during registration on websites,
  • they are not harmful to you or your computers or smartphones – they do not affect the way these devices work,
  • they do not cause configuration changes in terminal devices or in the software installed on these devices,
  • default parameters of the cookies only allow for the reading of information contained in them by the server that have created them,
  • based on your behaviour on the visited websites, they provide information to the servers, thanks to which the displayed page is better suited to individual preferences.

2.3. What types of cookies are there?

There are the following types of cookies:

  • “Session cookies” – are temporary files stored in the browser’s memory until the end of its session (i.e. until the browser is closed). These files are mandatory for some applications or functionalities to work properly. When you close your browser, they should be automatically deleted from the device on which you viewed the page.
  • “Permanent cookies” – facilitate the use of frequently visited websites (e.g. they remember your favourite colour layout or menu layout on your favourite websites). These files are stored in the appropriate folder for a longer period of time, which you can adjust in the settings of the browser you are using. Every time you visit the website, data from these cookies is transmitted to the server. This type of cookies is sometimes called “tracking cookies”.
  • “Third-party cookies” – are files usually coming from advertising servers, search servers and so on, cooperating with the owner of a given website. Thanks to them, the displayed ads are tailored to your preferences and habits, which in turn often allows you to use some of the website content free of charge. With their help, “clicks” on ads, user preferences, etc. are also counted.

2.4. Do you have to consent to our use of cookies?

Remember that you have the ability to manage cookies yourself. This is made possible, for example, by the web browsers you use (usually the mechanism is enabled by default). In the most popular browsers, you can:

  • accept cookies, which will allow you to take full advantage of the options offered by websites,
  • manage cookies at the level of individual websites selected by you,
  • define settings for different types of cookies, for example accepting permanent files as session files, etc.,
  • block or delete cookies.

Information on how to enable and disable cookies in the most popular browsers can be found at:

If you leave your browser settings unchanged, you agree to our use of cookies.  Blocking them or disabling some of their types may prevent you from using the full functionality of the website or disrupt its proper functioning.

2.5. What do we use cookies for?

As part of the website, both session cookies and permanent cookies are used. We use them for the following purposes:

  • creating statistics, which makes it possible to improve the content and structure of the pages,
  • maintaining the website user’s session.

In order to display the page correctly, the following information is collected: name and version of the web browser, language settings, date and time of sending the request to the server from which the IP request was sent, the requested URL.  This data is collected in order to enable the proper operation of the website.

In order to create statistics, a web analytics tool is used – Google Analytics, which collects data and uses its own cookies in accordance with Google’s Privacy Policy .

Google collects data on its servers obtained from the placement of cookies on devices and uses this information to create reports and provide other services relating to use of the Internet. Google may also transfer this information to third parties where required to do so by law, or in the case where such third parties process the information on Google’s behalf.

The data collected by our website is not disclosed or made available to third parties, with the exception of competent law enforcement authorities authorized to conduct criminal proceedings in connection with its initiation at our request. This will only happen if you take any action that is unlawful or harmful to us.