+48 786 888 601

Privacy policy

According to Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR), we inform you that:

1. General Information

1. BWM KORPO Sp. z o.o. respects Users’ right to privacy and ensures the security of data provided by Users. It places particular importance on respecting the privacy of Users whose personal data is processed in accordance with the Act of May 10, 2018, on the protection of personal data, implementing Regulation (EU) 2016/679 of April 27, 2016 (General Data Protection Regulation – “GDPR”). BWM KORPO Sp. z o.o. takes special care in applying data security measures by using appropriate technological solutions to prevent unauthorized interference with Users’ privacy.

2. The data controller is BWM KORPO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, operating under the domain name impact-partner.pl, with its registered office at ul. Erazma Ciołka 13, apt. 221, WARSAW, 01-445, POLAND, KRS: 0000618122, NIP: 5272770306, REGON: 364481492 (hereinafter – Administrator).

3. Contact with the Administrator is possible in writing – at the address mentioned above or electronically – at the email address biuro@impact-partner.pl.

4. Administrator takes special care to protect the privacy and information provided regarding users of the website. The Controller carefully selects and implements appropriate technical means, including software and organizational measures, to ensure the protection of processed data, in particular protecting data from being disclosed to unauthorized persons, revelation, loss, destruction, unauthorized modification, as well as processing in violation of applicable legal provisions.

5. Personal data is processed only by trained employees who have been authorized by BWM KORPO Sp. z o.o.

6. The data administrator controller processes only data of adults.

7. In connection with the Administrator’s use of tools supporting its current activities, provided, for example, by Google, Customer Personal Data may be transferred to countries outside the European Economic Area, particularly to the United States of America (USA) or another country where the entity collaborating with the Administrator maintains tools for processing Personal Data in cooperation with the Administrator.

2. Purpose and Legal Basis for Processing Personal Data

1. Personal data is processed for the purpose of fulfilling orders and services provided by BWM KORPO Sp. z o.o. Data obtained during the registration process will be used by BWM KORPO Sp. z o.o. solely for order fulfillment and will not be shared with third parties.

2. Your personal data, provided directly to BWM KORPO Sp. z o.o. by you, will be processed for the following purposes: a. Marketing purposes related to the Administrator’s own services, using communication channels to which you have consented – based on Article 6(1)(a) GDPR, i.e., on the basis of your voluntary consent; b. Planning and managing marketing activities – for the Administrator’s internal needs – based on Article 6(1)(f) GDPR, i.e., on the basis of the legitimate interest pursued by the Administrator, which is the optimization of marketing activities related to the services promoted by the Administrator and the recording of marketing activities; c. Establishing, pursuing, or defending potential claims between you and the Administrator – based on Article 6(1)(f) GDPR, i.e., on the basis of the legitimate interest pursued by the Administrator, which is the ability to pursue or defend claims; d. Creating analyses and summaries based on Article 6(1)(f) GDPR, i.e., on the basis of the legitimate interest pursued by the Administrator.

3. Personal data obtained through the installation of so-called Cookies may be used for profiling. More information about cookies can be found in the Cookie Policy.

4. All personal data of Users will be processed only for the purpose for which it was collected. Processing personal data for marketing purposes is only possible after obtaining prior consent from the User, based on the regulations.

3. Data Retention Period

1. Personal data processed by the Administrator will not be retained for longer than necessary to perform activities related to it as specified by separate regulations (e.g., accounting requirements).

2. In cases where the basis for data processing is consent, personal data will be processed until consent is withdrawn.

3. In cases where the basis for data processing is the legitimate interest pursued by the Administrator, data will be processed until an objection is raised.

4. After the expiration of the above periods, personal data will be retained until the expiration of claims or until the legal obligation to retain data expires according to applicable laws.

4. Users’ Rights

1. Users have the right to:

  • Access their personal data (Article 15 GDPR)
  • Rectify their personal data (Article 16 GDPR)
  • Erase their personal data (“right to be forgotten” – Article 17 GDPR)
  • Restrict the processing of their personal data (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Object to processing (Article 21 GDPR)

2. At any time, consent for the processing of personal data can be withdrawn by submitting a statement to the Administrator at the address provided above or via email at biuro@impact-partner.pl. Withdrawal of consent does not affect the legality of data processing carried out by the Administrator based on consent before its withdrawal.

3. To exercise the rights listed above, please contact the Administrator (contact details provided above).

4. Additionally, you have the right to lodge a complaint with the supervisory authority responsible for personal data protection (the President of the Office for Personal Data Protection) if you believe that the processing of data violates GDPR.

5. Your personal data collected through cookies.

6. Your personal data is processed lawfully, in particular in accordance with the principles set out in GDPR.

5. Automatically Collected Data

1. During your visit to our website, data related to the visit is automatically collected, such as IP address, domain name, browser type, operating system type, etc.

2. Personal data is processed in accordance with the principles set out in Article 5 GDPR.

3. Data collected automatically may be used to analyze user behavior on our website, gather demographic data about our users, or personalize the content of our websites. This data is automatically collected for each user. Data collected during correspondence between you and our service will be used solely to respond to your inquiry.

6. Hosting

1. The service is hosted (technically maintained) on the servers of the operator: home.pl.

2. Registration details of the hosting company: home.pl or Operator – home.pl Spółka Akcyjna with its registered office in Szczecin at ul. Zbożowa 4, 70-653 Szczecin, registered in the National Court Register by the District Court Szczecin – Centrum in Szczecin XIII Commercial Division of the National Court Register under number 0000431335, REGON 811158242, NIP 8522103252.

3. You can find more information about hosting and check the hosting company’s privacy policy at https://home.pl.

4. The hosting company:

  • Implements measures to protect against data loss (e.g., disk arrays, regular backups)
  • Uses appropriate fire protection measures (e.g., specialized fire suppression systems)
  • Applies adequate protection measures for power failures (e.g., dual power supply paths, generators, UPS systems)
  • Employs physical security measures to control access to data processing locations (e.g., access control, monitoring)
  • Ensures proper environmental conditions for servers as part of the data processing system (e.g., environmental control, specialized air conditioning systems)
  • Implements organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.)
  • Has appointed a Data Protection Officer

5. To ensure technical reliability, the hosting company maintains server-level logs. The logs may include:

  • zasoby określone identyfikatorem URL (adresy żądanych zasobów – stron, plików)
  • czas nadejścia zapytania
  • czas wysłania odpowiedzi
  • nazwę stacji klienta
  • identyfikacja realizowana przez protokół HTTP
  • informacje o błędach jakie nastąpiły przy realizacji transakcji HTTP
  • adres URL strony poprzednio odwiedzanej przez użytkownika (referer link)
  • w przypadku gdy przejście do Serwisu nastąpiło przez odnośnik
  • informacje o przeglądarce użytkownika
  • informacje o adresie IP
  • informacje diagnostyczne związane z procesem samodzielnego zamawiania usług poprzez rejestratory na stronie
  • informacje związane z obsługą poczty elektronicznej kierowanej do Operatora oraz wysyłanej przez Operatora

7. Use of Data and Data Sharing

Login and personal data entry points are protected during transmission (SSL certificate). This ensures that personal and login data entered on the site are encrypted on the user’s computer and can only be read on the destination server.

Personal data may be shared with entities that technically perform certain services. This particularly applies to situations where BWM KORPO Sp. z o.o. provides information about the User to entities such as the operator of the registered domain name, domain registration partners, IT system providers and IT service providers, legal and analytical service firms, postal and courier operators, electronic payment system operators, and banks for payment processing, as well as authorities authorized to receive personal data under legal provisions. In the event of an inspection by the President of the Personal Data Protection Office, data may be disclosed to the employees of the Personal Data Protection Office in accordance with the Personal Data Protection Act.

Users’ personal data is stored in a database with technical and organizational measures to ensure data protection, in compliance with data protection regulations. Customer Personal Data may also be processed based on:

  • Applicable Legal Regulations – when processing is necessary to fulfill a legal obligation of the Administrator, for example, when the Administrator processes contracts based on tax or accounting regulations (Article 6(1)(c) GDPR).
  • Legitimate Interests – when processing is necessary for purposes other than those mentioned above based on legitimate interests pursued by the Administrator or a third party, particularly for establishing, pursuing, or defending claims, and for correspondence with Clients (Article 6(1)(f) GDPR).

In the event of a personal data breach, the Administrator will notify the supervisory authority (the President of the Personal Data Protection Office) without undue delay, and no later than 72 hours after becoming aware of the breach, unless it is unlikely that the breach will result in a risk to the rights or freedoms of individuals. For notifications submitted to the supervisory authority after 72 hours, the Administrator will include an explanation for the delay. If the personal data breach is likely to result in a high risk to the rights or freedoms of individuals, the Administrator will notify the data subject of the breach without undue delay.

8. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on the user’s computer to help the website analyze how users interact with it. The information generated by the cookie about the user’s use of the website (including the user’s IP address) will be transmitted to Google and stored on servers in the United States.

Google will use this information to evaluate the user’s use of the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage. Google may also share this information with third parties if required to do so by law or if those third parties process the information on Google’s behalf. Google will not associate the user’s IP address with any other data held by Google.

Users can opt-out of cookies by selecting the appropriate settings on their browser, but please note that this may result in some features of the website being unavailable. By using this website, the user consents to the processing of their data by Google in the manner and for the purposes described above. Users who do not consent to the operation of Google Analytics should block cookies.

9. Security and Contact Information

BWM KORPO Sp. z o.o. performs regular backups of its websites and email services. Additionally, BWM KORPO Sp. z o.o. implements spam protection and antivirus measures. Software and security systems are continually updated.

Inquiries and requests regarding the processing of personal data can be sent by traditional mail to: ul. Erazma Ciołka nr 13, lok. 221, WARSZAWA, 01-445, POLAND, or by email to biuro@impact-partner.pl.

10. Changes to Our Privacy Policy

We reserve the right to amend the above privacy policy by publishing a new privacy policy on this page with a new date.

Date of update: 09.09.2024