Privacy policy

On behalf of PHOTONICA S.A. we would like to inform you that the protection of your personal data is very important to us and we care about the privacy of all people who use our services.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) we inform you about issues related to the processing of personal data.


ControllerPHOTONICA S.A. with its registered office in Warsaw (02-675), at Wołoska 5 street, entered in the Register of Entrepreneurs of the National Court Register, maintained by the District Court for the Capital City of Warsaw in Warsaw 12th Economic Division of the National Court Register under KRS number: 0000869153, holding tax identification number (NIP): 5252843077 and statistical number (REGON): 387554282, with the share capital of PLN 100,000.00 (fully paid up);
DataInformation relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an Internet identifier;
EEAEuropean Economic Area, a zone that includes the countries of the European Union as well as Iceland, Liechtenstein and Norway;
CookiesSmall computer files that are stored on the User’s device when using the Portal;
Privacy PolicyThis Privacy Policy, which defines the rules for the processing of the Data;
PortalWebsite maintained by the Administrator, at;
GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation);
UODOUrząd Ochrony Danych Osobowych (Personal Data Protection Office) – a Polish supervisory authority within the meaning of the GDPR;
USERA natural person who uses the Portal, including leaving their contact details.


Contact with the Controller

The Controller may be contacted in relation to the Data processing

  1. electronically, by e-mail:
  2. by phone, at: +48 791 697 727
  3. by post, to the address of the Controller’s registered office.


What User Data does the Controller process?

The Controller may obtain and process, inter alia, the following types of Data and other information about Users:

  1. first name and surname
  2. email address;
  3. telephone number;
  4. information about the employer or company the User works for.

For what purpose and on what basis does the Controller process the Data?

The Data provided by Users may be processed by the Controller:

  1. in order to initiate contact with the User in response to the User’s expression of such a will – Article 6(1)(a) of the GDPR;
  2. to fulfil legal obligations incumbent upon the Controller – Article 6(1)(c) of the GDPR;
  3. for marketing purposes carried out in the interest of the Controller, the Data may be used in connection with the promotion of the Controller’s services and products – Article 6(1)(f) of the GDPR.

How long will the Data be processed?

The Data will be processed for the time necessary for the purposes of the processing, but no longer than:

  1. for the purpose of initiating contact with the User – for the duration of the contact with the User or until the consent granted is withdrawn;
  2. for marketing purposes – until the User raises a legitimate objection to this form of processing;
  3. in order to fulfil the legal obligations incumbent on the Controller – for the period required by applicable law;

What are the entities to which the Controller transfers the Data?

  1. The Controller may transfer the Data to third parties, in particular:
    1. to the state authorities, to the extent required by applicable laws;
    2. companies operating the Controller ICT systems (i.e. hosting companies, IT service providers);
    3. to companies carrying out marketing activities on behalf of the Controller;
    4. to other entities with which the Controller collaborates to ensure the functioning of the Portal.
  2. The Portal may contain references (links) leading to sites managed by third parties (e.g. social networks). The processing of Data on such sites is carried out in accordance with the terms and conditions established by the third parties. The Controller assumes no responsibility for the processing of Data by such third parties.


Will the Data be transferred outside the EEA?

  1. The Controller may transfer the Data outside of the EEA, including to countries against which the European Commission has not issued a decision in accordance with Article 45(1) of the GDPR.
  2. The Controller will take the measures required by the GDPR to ensure an adequate level of protection for Data processed outside the EEA.


Does the Controller profile Users?

Users are not profiled.

Automated decision making

The Controller will not use the Data to make automated (i.e. without human intervention) decisions regarding Users.


Is the provision of the Data mandatory?

The provision of the Data is voluntary and is not required by law.

Modification of the Data

  1. The User has the right to:
    1. obtain information on the Data currently being processed;
    2. modify the Data;
    3. limit the scope of the Data processing;
    4. obtain the Data from the Controller for the purpose of its transfer to another controller.
  2. Users have the right to obtain a copy of the Data currently being processed. The Controller will provide the Data in electronic form, in a commonly used data storage format. At the request of a User, the Controller may transfer such stored data to another designated controller.

Withdrawal of consent to the Data processing

The User has the right to revoke any consent given for the processing of the Data.


The User, have the right to object at any time to the processing of the Data based on Article 6(1)(f) of the GDPR, including profiling.

Deletion of the Data

The Controller will delete the Data in the following circumstances:

  1. the Data is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. the User to whom the Data refer, have withdrawn the consent on which the processing is based pursuant to Article 6(1)(a) of the GDPR and there is no other legal basis for the processing;
  3. a legitimate objection to the processing of the Data has been raised;
  4. the Data have been processed unlawfully;
  5. the Data must be deleted in order to comply with a legal obligation under European law or the law of a member state to which the Controller is subject.

Complaints to the Controller and Data Protection Authorities

If the processing violates the provisions of the GDPR, the User may lodge a complaint with the Controller or with the supervisory authority – UODO.

Exercise of rights

The rights related to the processing of the Data may be exercised by contacting the Data Controller in the manner indicated in point II of the Privacy Policy.



  1. The Portal uses Cookies.
  2. The use of Cookies makes it possible to maintain the User’s preferences regarding the display of content on the Portal.
  3. Cookies are stored until the User leaves the Portal, closes the Internet browser or until they are deleted by the User.
  4. Web browsers allow specific rules to be set for saving and storing cookies. Each User can individually modify the settings of the browser used in order to determine individual rules for the storage of Cookies.