Privace and Cookies policy

§. Article 11. Protection of personal data

  1. The Seller shall process only the data that is necessary for due provision of its services.
  2. Personal data of Customers or End Customers may be transferred to third parties only for the purpose and to the extent necessary to properly provide services offered under these Regulations, in particular to courier companies for the purpose of delivery of the goods or to payment system operators, as well as to entities providing accounting and marketing services to the Data Controller. The Seller shall sign relevant personal data processing agreements with all such third parties and shall require that they ensure at least the same safeguards as those deployed by the Seller itself.
  3. Subject to the Customer's consent, the e-mail address provided at newsletter subscription will be used for marketing purposes with respect to products offered by The consent may be withdrawn at any time pursuant to Paragraph 8 of this Article 11.
  4. The database with Customer personal data shall be protected by law. The data shall be particularly protected and safeguarded against unauthorised access.
  5. The function of the Data Controller is held by the B2B ordering system referred to in Article 1(1) of these Regulations, which processes Customer personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the Act on 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000) and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No 144, item 1204, as amended).
  6. Subject to the purpose of the System's operations and the scope of the consent and statements made, the Seller shall not make available any Customer information or data to any third parties without legal grounds obliging the Seller to do so, and warrants that it shall make all efforts to properly safeguard the information, in particular as required by the provisions on the protection of personal data and the provisions of the Act on the provision of services by electronic means.
  7. The Seller shall ensure that its Customers can exercise their rights arising from the provisions on the protection of personal data. In particular, the Customers shall have the right to:
    1. access their personal data and receive a copy of thereof;
    2. rectify (correct) their data;
    3. erase their data.
  8. Shall the Customer consider that there are no grounds for the Seller to process his/her data, he/she shall have the right to demand erasure of the data or restriction of the processing.
  9. The Customer may demand restriction of processing of his/her personal data only to storage of the data or performance of actions agreed with the Customer if, in the Customer's opinion, the data held by the Seller is incorrect or processed unlawfully, or if the Customer does not want to erase it because it will be needed by the Customer for the purpose of establishment, exercise or defence of legal claims, or for the duration of the Customer's objection to processing - the right to object to processing.
  10. Marketing objection - the Customer shall have the right to object to processing of his/her data for the purpose of direct marketing. Shall the Customer exercise this right, the Seller shall no longer process the data for this purpose.
  11. Objection on grounds relating to a particular situation. The Customer shall also have the right to object to processing of his/her data pursuant to the legitimate interest of the Controller for purposes other than direct marketing, and when the processing is necessary for the performance of a task carried out for reasons of public interest or in the exercise of official authority vested in the Seller. The Customer should specify his/her particular situation which, in his/her opinion gives grounds to discontinuation of the processing. The Seller shall no longer process the Customer's data for such purposes unless the Seller demonstrates compelling legitimate grounds for the processing which override the Customer's rights or for the establishment, exercise or defence of legal claims; the right to data portability;
  12. The Customer shall have the right to receive personal data concerning him or her, which he/she has provided under an agreement or consent, in a structured, commonly used and machine-readable format (e.g. *.docx, *.xlsx, *.txt). The Customer may also instruct the Seller to transmit the data directly to another entity;
  13. The right to lodge a complaint with a supervisory authority. If the Customer considers that the Seller is processing his/her personal data unlawfully, he/she may lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority;
  14. The right to withdraw consent to processing of personal data. The Customer shall have the right to withdraw consent to processing of his/her personal data which is processed under his/her consent, without affecting the lawfulness of processing based on consent before its withdrawal.
  15. In order to exercise his/her rights, the Customer may send the Seller by e-mail to a relevant demand together with the Customer name/company name. Before exercising the right, the Seller must properly verify the identity of the person submitting the demand. The Seller shall reply to or execute such a demand within 14 days from the day it is delivered to the Seller. Communication with the Customer shall be carried out with the use of the e-mail address provided by the Customer.
  16. Exercising the right to erase personal data from the System is tantamount to deregistration and termination of the agreement for the electronic provision of services.
  17. Apart from deleting the Customer Account, the Seller shall permanently and irrecoverably erase the Customer data thus discontinuing the processing. However, the Controller reserves the right to store such data as the Customer's login time and IP address after deletion of the account for potential use by the Police or prosecutor office as well as data which is necessary for settling the services provided until they are finally settled and for archiving obligations imposed under law, e.g. the Accounting Act.
  18. Customer personal data obtained for the purpose of concluding an agreement shall be stored throughout the negotiations of the agreement and until the end of the period of limitation of any potential claims arising from the agreement. Data contained in financial and settlement documentation shall be stored for at least 5 years in accordance with the Accounting Act. The Seller shall store basic contact details for the purpose of direct marketing of its own products until the Customer submits an objection to processing of the data for such purposes, withdraws his/her consent if the processing has been carried out under consent, or until the Seller considers that the data has become outdated.
  19. Use of cookie files. Subject to web browser settings, during visits to our website one or more cookie files may be saved on the user's computer (terminal device).
  20. Before a consent is given, cookie files saved on the user computer are ones that are required for the proper functioning of the portal.
  21. Cookie files may be placed by Grupa Chrobry and third parties with which Grupa Chrobry cooperates. Please read the following information regarding cookie files and manners in which they are used.

    What data do we collect?
  22. During your visit to our website, we automatically collect data regarding your visit, in particular your IP address, domain name, browser type and operating system.
  23. Our website uses cookie files which serve identification of your web browser while you are visiting our website. Cookie files contain small portions of text which can be read only by the sending website. The information collected helps us obtain knowledge about how often you visit our website and which elements of the website you are most interested in. We use the data to better adjust our online services to your needs, enhance the service and for statistic and advertising purposes. These files cannot be used for infecting a device with viruses or malware.
  24. Each individual cookie consists of four basic parts: name of the website: the name of the domain or subdomain that set the cookie;
  25. name of the cookie: the cookie has a unique name on the page that set it;
  26. Expiry date: some cookies expire when you close your browser (so-called session cookies), other cookies will be automatically deleted only after reaching the expiration date that has been set (so-called persistent cookies);
  27. Value: this is information in a cookie that the website uses to "remember" a previous visit.
  28. In cookie files, we store key information about users (e.g. ID) and information needed to optimise and properly display the web content. The information is used for
    1. recognising users who log in to protected websites, which enables them to visit a number of pages without the need to enter the user name or password on each of them;
    2. recording user preferences regarding the content and format of viewing (the user is not required to set his/her preferences during each visit);
    3. recording pages visited by users, which allows us to collect data which is useful in improving the content of and navigation across the website.
  29. Users of our System can discontinue providing us with this information by deleting the cookie files placed on their terminal devices by our service. To do this, you must change the settings of the web browser your are using.
  30. You have the right to refuse placing or reading cookie files on/from your device (computer, telephone). To do this, you must tick appropriate settings in your web browser options or refuse to give your consent when requested by an application embedded in the website.
  31. Configuring your browser to block installation of cookie files for certain websites selected by the user or for all websites can lead to loss of certain functionalities and hinder or prevent full use of its capabilities. As required by the Telecommunications Law of the GDPR, by configuring your web browser to allow installation of cookie files on your computer you acknowledge your consent to use cookie files. For more information on managing cookie files, visit or

    How do we safeguard your personal data:
  32. When we collect your personal data, communication between your computer and our server is encrypted with the SSL (Secure Socket Layer) protocol. In addition, our databases are protected against third party access.
  33. Your personal data may be transferred to a third country (including the USA) in connection with:
    1. actions undertaken in social media services and use of plug-ins and other tools offered by these services (including Facebook, Twitter, Google+);
    2. use of analytical tools and tools designed to enable anonymised tracking of user behaviour, such as, in particular, Google Analytics, Google Adwords; Criteo

    Automated data processing:
  34. Grupa Chrobry uses automated decision making systems. The following decisions are made in an automated manner:
  35. Profiling is carried out on the basis of such data held as, in particular, data regarding services provided, information obtained through cookie files, including transmission and location data;
  36. Profiling affect marketing information and offers which you will receive (customised offering).

    Changes to our privacy policy
  37. We reserve the right to change our privacy policy by publishing new content on our website. When changed, the privacy policy will be published on the website with a new effective date.