fbpx

Privacy policy

Privacy policy

PRIVACY POLICY

Personal Data Processing Principles

GRENEVIA SA, headquartered in Katowice (40-202), Al. Roździeńskiego 1a, in the interest of safety, respect, and the protection of your rights, particularly the right to privacy, presents this policy explaining the principles of application, collection, and processing of personal data.

When processing personal data, GRENEVIA SA adheres to the following guidelines, fulfilling at least one condition for personal data processing.

Principles of Personal Data Processing:

  • Processed lawfully, fairly, and transparently.
  • Collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary for the purposes, i.e., data minimization.
  • Accurate and, where necessary, kept up to date.
  • Stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed.
  • Processed in a manner that ensures appropriate security of personal data: protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using appropriate technical and organizational measures.

Lawfulness of Processing:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

Data Controller
The controller of your personal data is GRENEVIA SA, headquartered in Katowice (40-202), Al. Roździeńskiego 1a, KRS: 0000048716, Regon: 270641528, NIP: 6340126246.

Data Protection Officer
You can contact the Data Protection Officer via email at iod@famur.com.pl or by sending correspondence to GRENEVIA SA, Al. Walentego Roździeńskiego 1b, Katowice, with the note “Data Protection Officer.”

You can contact the Data Protection Officer on all matters related to the processing of your personal data.

Legal Basis for Data Processing:

  • Given consent.
  • Performance of a contract.
  • Compliance with a legal obligation to which the controller is subject.
  • Necessity to achieve purposes arising from the legitimate interests pursued by the controller, e.g., protection of the employer’s or client’s property.

Automated Decision-Making
Your personal data will not be processed in an automated manner, including profiling.

Personal Data Retention Period
The retention period of your personal data depends on the purpose for which the data are processed. The period for which your personal data will be stored is calculated based on the following criteria:

  • Legal provisions that may oblige the data controller to store data for a specified period.
  • The period necessary to protect the data controller’s interests.
  • The period necessary to provide services by the data controller.
  • The period for which consent has been given.

Data Recipients
Recipients of your data may include:

  • IT service providers.
  • Couriers.
  • Delivery companies.
  • Security companies.
  • Entities authorized to receive personal data under the law.
  • Other companies within the Grenevia Group on a co-administration basis.

Transfer of Data Outside the European Economic Area
Your personal data will not be transferred to a third country or an international organization.

Your Rights Related to Data Processing

You have the right to:

  • Access your personal data.
  • Rectify (correct, complete) your data.
  • Restrict processing or delete your data.
  • Transfer the personal data you have provided to us, i.e., to receive those personal data in a structured, commonly used, machine-readable format, and you have the right to transmit those data to another controller; if technically feasible, you have the right to request that the personal data be transmitted directly by us to another controller.
  • Object to the further processing of your personal data.

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you have doubts about the correctness of the processing of your personal data by GRENEVIA, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

How Do We Secure Your Personal Data?
The security measures applied to protect your data comply with legal requirements and ensure an appropriate level of data confidentiality.

Data Processing on Social Media

GRENEVIA SA has profiles on social media and operates websites on the following social media platforms (hereinafter: operator/operators):

  • Facebook
  • YouTube
  • LinkedIn
  • Vimeo
  • Instagram
  • TikTok
  • Twitter/X

GRENEVIA SA has limited influence on the processing of personal data by operators to the extent that operators process these data as separate Controllers or Joint Controllers (e.g., user management and shared information, joint administration with Facebook).

In matters where we can have an impact, we act within the available possibilities in accordance with the operator’s privacy principles.

The operator manages the entire IT infrastructure of the service, has its own privacy policy, and maintains contact with you (if you are a registered user of the service of the given social media platform). Additionally, the operator is solely responsible for all matters related to your data on the user profile, to which GRENEVIA SA does not have access.

Additional information regarding data processing by the operator can be found in the operator’s privacy policy:

  • Facebook: https://www.facebook.com/privacy/explanation
  • https://www.facebook.com/legal/terms/information_about_page_insights_data
  • https://www.facebook.com/legal/terms/page_controller_addendum
  • YouTube: https://support.google.com/youtube/topic/2803240?hl=pl&ref_topic=6151248
  • LinkedIn: https://pl.linkedin.com/legal/privacy-policy
  • Vimeo: https://vimeo.com/privacy
  • Instagram: https://privacycenter.instagram.com/policy
  • TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/pl
  • Twitter/X: https://twitter.com/pl/privacy

The purpose of data processing on our social media platforms is to inform you about our products and events related to the Grenevia Group and our industry, to enable you to express your opinions on published content, and to conduct correspondence related to topics you address to us.

The legal basis for processing your data is Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.

The data you post on our social media pages, such as comments, videos, photos, links, public messages, etc., are published by the social media platform and are not used or processed by us for other purposes at any time.

We reserve the right to remove content on our social media profiles if necessary – if it violates legal regulations (including copyright and criminal law), indecent comments or attachments, including photos or videos, unauthorized advertising information, etc. Content may also be removed due to thread updates.

All posts published by you on social media platforms remain on the timeline at all times unless we remove them due to thread updates, legal violations, or violations of our guidelines.

Changes to Our Privacy Policy
GRENEVIA SA reserves the right to change the privacy policy by publishing new content on the website. After the change, the privacy policy will appear on the website with a new date.

Contact
Justyna Spyra Data Protection Officer Al. Walentego Roździeńskiego 1b 40-202 Katowice iod@famur.com

Katowice, 14/03/2025

Cookies policy

COOKIES POLICY

WHAT ARE COOKIES AND WHAT ARE THEY USED FOR

The service does not automatically collect any information, except for the information contained in cookies.

Cookies (so-called “cookies”) are IT data, in particular text files, which are stored in the end device of the service user and are intended for using the service’s websites. Cookies usually contain the name of the website from which they originate, the storage time on the end device, and a unique number.

The entity placing cookies on the end device of the service user and accessing them is the operator of the Grenevia S.A. Service, headquartered in Katowice, Al. Walentego Roździeńskiego 1b, 40-202 Katowice.

PURPOSE OF USING COOKIES

The purpose of using cookie technology is not to obtain personal data of visitors to the site, but it is possible that the information obtained through cookies may constitute such data.

Cookies are used for the purpose of:

  1. Adjusting the content of the service’s websites to the user’s preferences and optimizing the use of websites; in particular, these files allow recognizing the service user’s device and appropriately displaying the website, tailored to their individual needs.
  2. Creating statistics that help understand how service users use websites, which allows improving their structure and content.
  3. Maintaining the service user’s session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the service.
  4. Storing information about the selected language of the website.
  5. Storing information about the user’s consent to the use of third-party cookies (Google Analytics).
  6. Collecting information and reporting website usage statistics without personally identifying individual visitors to Google and distinguishing one user from another.

ORIGIN OF COOKIES

Third-party cookies are used by third parties to track the user’s visit to various websites where they place advertisements.

TYPES OF COOKIES AND THEIR USE

  1. NECESSARY cookies, enabling the use of services available within the service, e.g., authentication cookies used for services requiring authentication within the service.
  2. ANALYTICAL cookies, enabling the collection of information on how the service’s websites are used.
  3. FUNCTIONAL cookies, enabling “remembering” the settings selected by the user and personalizing the user interface, e.g., in terms of the selected language or region from which the user comes, font size, website appearance, etc.
  4. ADVERTISING cookies, enabling the delivery of advertising content to users more tailored to their interests.

The service uses two basic types of cookies: “session” cookies and “persistent” cookies.

COOKIE STORAGE TIME

“Session” cookies are temporary files that are stored on the user’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user.

Collected server logs, containing, among others, the user’s IP address, request arrival time, first line of the http request, http response code, number of bytes sent by the server, information about the user’s browser, information about errors that occurred during the HTTP transaction, information about the type of devices are stored for up to 6 months.

Third-party cookies are stored:

Cookie provider: Google Analytics Cookie name: _ga Cookie purpose: to collect information and report website usage statistics without personally identifying individual visitors to Google and distinguishing one user from another Cookie type: Third-Party Cookies Cookie validity period: 2 years

MANAGING COOKIES

In many cases, the software used for browsing websites (web browser) by default allows the storage of cookies on the user’s end device. Service users can change cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the web browser settings or to inform about their placement on the user’s device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings of the web browser used by the user.

The service operator informs that restrictions on the use of cookies may affect some of the functionalities available on the service’s websites.

Ways to configure cookie settings in individual browsers can be found, among others, at the following addresses:

  • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  • Mozilla Firefox: http://support.mozilla.org/pl/kb/usuwanie-ciasteczek
  • Microsoft Internet Explorer: http://support.microsoft.com/kb/278835/pl

The user also has the option to disable the following cookies:

  • Google Analytics, by downloading the module available at: https://tools.google.com/dlpage/gaoptout/
  • Insight Tag of LinkedIn, by modifying the user settings on the LinkedIn page: https://www.linkedin.com/psettings/

DATA SHARING

Cookies placed on the user’s end device will be used by entities cooperating with the service operator, advertisers, and partners.

More information about cookies is available in the “Help” section of the web browser menu.

 

Types of cookies

The website uses the following cookies

Cookie provider Name of cookie Purpose of cookie Type of cookie Duration of cookie
Polylang, WordPress plugin pll_language store information about a selected language on the website First-Party Cookies 1 year
GDPR Cookie Compliance, WordPress plugin moove_gdpr_popup store information about site visitor consent to allow or not using 3d party cookies, Google Analytics in this case First-Party Cookies 1 year
Google Analytics _ga to collect information and report site usage statistics without personally identifying individual visitors to Google, and to distinguish one visitor from another Third-Party Cookies 2 years
Information obligation

Contractors

Contractors

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246. The company is part of the Grenevia Group, therefore your personal data will be subject to joint administration and transferred within the Grenevia Group for the purpose for which they are processed.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.” The Data Protection Officer will provide you with information regarding the arrangements between joint controllers.
  3. Purpose of Data Processing: Your personal data will be processed for the purpose of:
    • Taking actions at the request of the data subject before entering into a contract and, in the case of selecting your offer, for the purpose of signing and performing the contract, based on Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
    • Implementing the gift policy in force at the Data Controller (in terms of name, surname, position, company name), which results from the legitimate interest pursued by the Controller in connection with compliance with the anti-corruption policy and gift policy; based on Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
    • Establishing, pursuing, and defending claims, which results from the legitimate interest pursued by the Controller, based on Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  6. Data Retention Period: The personal data in question will be stored during the performance of the contract, as well as after its termination and the expiration of the time required to establish, pursue, or defend claims, up to a maximum of 10 years after the termination of the contract. In the case of data provided for participation in the procurement procedure, for 3 years from the end of the calendar year in which the procurement procedure was carried out. In the case of vehicle sales, for 5 years from the moment of sale. In the case of procurement procedures within a project related to obtaining EU funding, for the period specified in the funding agreement. Personal data related to the implementation of the gift policy will be stored for 5 years from the end of the calendar year in which the data were registered, as well as until the establishment, pursuit, or defense of claims.
  7. Data Sharing: Selected data may be shared with the following entities: Economic Information Bureau (BIG), law firms, bailiffs, insurance companies, debt collection companies, software providers, entities providing technical support, and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
  8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
  9. Voluntary Data Provision: Providing data is voluntary but necessary to participate in the procurement process and/or to conclude and perform the contract or order.
  10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

 

Contractor Employees

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
  3. Purpose of Data Processing: Your personal data will be processed for the purpose of:
    • Verifying the identity of persons authorized by the Parties to exchange information, make arrangements on behalf of the Parties, and perform other activities indicated in the contract using the provided email addresses and phone numbers of individual employees/collaborators, which results from the legitimate interest pursued by the Controller and is necessary for the performance of the contract to which your employer/client is a party; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
    • Implementing the gift policy in force at the Data Controller in terms of name, surname, position, company name, which results from the legitimate interest pursued by the Controller arising from the obligation to comply with anti-corruption regulations; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  6. Data Retention Period: The personal data in question will be stored during the performance of the contract with your employer, as well as after its termination and the expiration of the time required to establish, pursue, or defend claims. Your personal data related to the implementation of the gift policy will be stored for 5 years from the end of the calendar year in which the data were registered, as well as until the establishment, pursuit, or defense of claims.
  7. Data Recipients: Recipients of your data may include law firms and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
  8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
  9. Voluntary Data Provision: Providing data is voluntary but necessary to participate in the procurement process and/or to conclude and perform the contract or order.
  10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

 

Shareholders

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to the correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
  3. Purpose of Data Processing: The personal data of shareholders are processed for the purpose of fulfilling the Company’s legal obligations or exercising its rights based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), in particular based on the provisions of the Commercial Companies Code and the Act on Trading in Financial Instruments.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Data Recipients: Recipients of your data may include law firms.
  6. Data Retention Period: Your personal data will be stored for the time necessary to fulfill the legal obligations imposed on the Company and the time required to establish, pursue, or defend claims.
  7. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  8. Mandatory Data Provision: Providing data is mandatory and necessary to fulfill the legal obligation imposed on the Company.
  9. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

    Persons Concerned by the Report (Article 14 GDPR)

    We inform you that:

    1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
    2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
    3. Purpose of Data Processing: Your personal data will be processed in connection with the fulfillment of the legal obligation imposed on the controller to clarify the reported violation of the law (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), and the legitimate interest of the data controller (Article 6(1)(f) of Regulation (EU) 2016/679) in connection with the required time to establish, pursue, or defend claims.
    4. Source of Personal Data: Your personal data were obtained from the person reporting the violation.
    5. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
    6. Data Retention Period: Your personal data will be stored for 3 years from the end of the calendar year in which follow-up actions were completed, the external report was forwarded to the public authority competent to take follow-up actions, or after the conclusion of proceedings initiated by these actions.
    7. Data Recipients: Recipients of your data may include entities providing legal services and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
    8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
    9. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
    10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

      Persons Making Reports (Article 13 GDPR)

      We inform you that:

      1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
      2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
      3. Purpose of Data Processing: Your personal data will be processed in connection with the fulfillment of the legal obligation imposed on the controller to protect the identity of persons reporting violations of the law based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), the legitimate interest of the data controller (Article 6(1)(f) of Regulation (EU) 2016/679) in connection with the required time to establish, pursue, or defend claims, or voluntarily given consent if you choose not to remain anonymous (in accordance with Article 6(1)(a) of Regulation (EU) 2016/679).
      4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
      5. Data Retention Period: Your personal data will be stored for 3 years from the end of the calendar year in which follow-up actions were completed, the external report was forwarded to the public authority competent to take follow-up actions, or after the conclusion of proceedings initiated by these actions.
      6. Voluntary Data Provision: Providing data is voluntary.
      7. Consent-Based Data Processing: Your data processed based on consent will be stored until the consent is withdrawn. Consent for personal data processing can be withdrawn at any time electronically at iod@famur.com. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. Withdrawal of consent does not mean withdrawal of the report. Withdrawal of consent means that the person reporting the violation, who provided their personal data, becomes anonymous from the moment of withdrawal.
      8. Data Recipients: Recipients of your data may include entities providing legal services and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
      9. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
      10. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
      11. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

Non-Identifiable Data

We inform you that:

In the case of making a report anonymously, the Data Controller is unable to identify the data of the reporting person, which means that under Article 11 GDPR, processing that does not require identification occurs. Therefore, we inform you that Articles 15, 16, 17, 18, 19, and 20 GDPR do not apply (unless the data subject, in order to exercise their rights under these articles, provides additional information allowing them to be identified).

Article 15 GDPR – The right to access the content of your personal data and to obtain information, including the categories of data and purposes of processing, as well as to obtain a copy of the data.

Article 16 GDPR – The right to rectify incorrect or complete incomplete personal data.

Article 17 GDPR – The right to erasure of data (“right to be forgotten”), meaning the deletion of data that are no longer necessary for the purposes for which they were collected, as well as data processed without a legal basis (the person has withdrawn consent for data processing) or unlawfully.

Article 18 GDPR – The right to restrict data processing, meaning to stop data operations or not delete data, according to the submitted request.

Article 19 GDPR – The obligation to notify about the rectification or erasure of personal data or the restriction of processing.

Article 20 GDPR – The right to data portability processed in an automated manner.

Contact

Justyna Spyra

Data Protection Inspector

Al. Walentego Roździeńskiego 1b
40-202 Katowice
iod@famur.com

PRIVACY POLICY

Personal Data Processing Principles

GRENEVIA SA, headquartered in Katowice (40-202), Al. Roździeńskiego 1a, in the interest of safety, respect, and the protection of your rights, particularly the right to privacy, presents this policy explaining the principles of application, collection, and processing of personal data.

When processing personal data, GRENEVIA SA adheres to the following guidelines, fulfilling at least one condition for personal data processing.

Principles of Personal Data Processing:

  • Processed lawfully, fairly, and transparently.
  • Collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary for the purposes, i.e., data minimization.
  • Accurate and, where necessary, kept up to date.
  • Stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed.
  • Processed in a manner that ensures appropriate security of personal data: protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using appropriate technical and organizational measures.

Lawfulness of Processing:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

Data Controller
The controller of your personal data is GRENEVIA SA, headquartered in Katowice (40-202), Al. Roździeńskiego 1a, KRS: 0000048716, Regon: 270641528, NIP: 6340126246.

Data Protection Officer
You can contact the Data Protection Officer via email at iod@famur.com.pl or by sending correspondence to GRENEVIA SA, Al. Walentego Roździeńskiego 1b, Katowice, with the note “Data Protection Officer.”

You can contact the Data Protection Officer on all matters related to the processing of your personal data.

Legal Basis for Data Processing:

  • Given consent.
  • Performance of a contract.
  • Compliance with a legal obligation to which the controller is subject.
  • Necessity to achieve purposes arising from the legitimate interests pursued by the controller, e.g., protection of the employer’s or client’s property.

Automated Decision-Making
Your personal data will not be processed in an automated manner, including profiling.

Personal Data Retention Period
The retention period of your personal data depends on the purpose for which the data are processed. The period for which your personal data will be stored is calculated based on the following criteria:

  • Legal provisions that may oblige the data controller to store data for a specified period.
  • The period necessary to protect the data controller’s interests.
  • The period necessary to provide services by the data controller.
  • The period for which consent has been given.

Data Recipients
Recipients of your data may include:

  • IT service providers.
  • Couriers.
  • Delivery companies.
  • Security companies.
  • Entities authorized to receive personal data under the law.
  • Other companies within the Grenevia Group on a co-administration basis.

Transfer of Data Outside the European Economic Area
Your personal data will not be transferred to a third country or an international organization.

Your Rights Related to Data Processing

You have the right to:

  • Access your personal data.
  • Rectify (correct, complete) your data.
  • Restrict processing or delete your data.
  • Transfer the personal data you have provided to us, i.e., to receive those personal data in a structured, commonly used, machine-readable format, and you have the right to transmit those data to another controller; if technically feasible, you have the right to request that the personal data be transmitted directly by us to another controller.
  • Object to the further processing of your personal data.

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you have doubts about the correctness of the processing of your personal data by GRENEVIA, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

How Do We Secure Your Personal Data?
The security measures applied to protect your data comply with legal requirements and ensure an appropriate level of data confidentiality.

Data Processing on Social Media

GRENEVIA SA has profiles on social media and operates websites on the following social media platforms (hereinafter: operator/operators):

  • Facebook
  • YouTube
  • LinkedIn
  • Vimeo
  • Instagram
  • TikTok
  • Twitter/X

GRENEVIA SA has limited influence on the processing of personal data by operators to the extent that operators process these data as separate Controllers or Joint Controllers (e.g., user management and shared information, joint administration with Facebook).

In matters where we can have an impact, we act within the available possibilities in accordance with the operator’s privacy principles.

The operator manages the entire IT infrastructure of the service, has its own privacy policy, and maintains contact with you (if you are a registered user of the service of the given social media platform). Additionally, the operator is solely responsible for all matters related to your data on the user profile, to which GRENEVIA SA does not have access.

Additional information regarding data processing by the operator can be found in the operator’s privacy policy:

  • Facebook: https://www.facebook.com/privacy/explanation
  • https://www.facebook.com/legal/terms/information_about_page_insights_data
  • https://www.facebook.com/legal/terms/page_controller_addendum
  • YouTube: https://support.google.com/youtube/topic/2803240?hl=pl&ref_topic=6151248
  • LinkedIn: https://pl.linkedin.com/legal/privacy-policy
  • Vimeo: https://vimeo.com/privacy
  • Instagram: https://privacycenter.instagram.com/policy
  • TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/pl
  • Twitter/X: https://twitter.com/pl/privacy

The purpose of data processing on our social media platforms is to inform you about our products and events related to the Grenevia Group and our industry, to enable you to express your opinions on published content, and to conduct correspondence related to topics you address to us.

The legal basis for processing your data is Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.

The data you post on our social media pages, such as comments, videos, photos, links, public messages, etc., are published by the social media platform and are not used or processed by us for other purposes at any time.

We reserve the right to remove content on our social media profiles if necessary – if it violates legal regulations (including copyright and criminal law), indecent comments or attachments, including photos or videos, unauthorized advertising information, etc. Content may also be removed due to thread updates.

All posts published by you on social media platforms remain on the timeline at all times unless we remove them due to thread updates, legal violations, or violations of our guidelines.

Changes to Our Privacy Policy
GRENEVIA SA reserves the right to change the privacy policy by publishing new content on the website. After the change, the privacy policy will appear on the website with a new date.

Contact
Justyna Spyra Data Protection Officer Al. Walentego Roździeńskiego 1b 40-202 Katowice iod@famur.com

Katowice, 14/03/2025

COOKIES POLICY

WHAT ARE COOKIES AND WHAT ARE THEY USED FOR

The service does not automatically collect any information, except for the information contained in cookies.

Cookies (so-called “cookies”) are IT data, in particular text files, which are stored in the end device of the service user and are intended for using the service’s websites. Cookies usually contain the name of the website from which they originate, the storage time on the end device, and a unique number.

The entity placing cookies on the end device of the service user and accessing them is the operator of the Grenevia S.A. Service, headquartered in Katowice, Al. Walentego Roździeńskiego 1b, 40-202 Katowice.

PURPOSE OF USING COOKIES

The purpose of using cookie technology is not to obtain personal data of visitors to the site, but it is possible that the information obtained through cookies may constitute such data.

Cookies are used for the purpose of:

  1. Adjusting the content of the service’s websites to the user’s preferences and optimizing the use of websites; in particular, these files allow recognizing the service user’s device and appropriately displaying the website, tailored to their individual needs.
  2. Creating statistics that help understand how service users use websites, which allows improving their structure and content.
  3. Maintaining the service user’s session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the service.
  4. Storing information about the selected language of the website.
  5. Storing information about the user’s consent to the use of third-party cookies (Google Analytics).
  6. Collecting information and reporting website usage statistics without personally identifying individual visitors to Google and distinguishing one user from another.

ORIGIN OF COOKIES

Third-party cookies are used by third parties to track the user’s visit to various websites where they place advertisements.

TYPES OF COOKIES AND THEIR USE

  1. NECESSARY cookies, enabling the use of services available within the service, e.g., authentication cookies used for services requiring authentication within the service.
  2. ANALYTICAL cookies, enabling the collection of information on how the service’s websites are used.
  3. FUNCTIONAL cookies, enabling “remembering” the settings selected by the user and personalizing the user interface, e.g., in terms of the selected language or region from which the user comes, font size, website appearance, etc.
  4. ADVERTISING cookies, enabling the delivery of advertising content to users more tailored to their interests.

The service uses two basic types of cookies: “session” cookies and “persistent” cookies.

COOKIE STORAGE TIME

“Session” cookies are temporary files that are stored on the user’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user.

Collected server logs, containing, among others, the user’s IP address, request arrival time, first line of the http request, http response code, number of bytes sent by the server, information about the user’s browser, information about errors that occurred during the HTTP transaction, information about the type of devices are stored for up to 6 months.

Third-party cookies are stored:

Cookie provider: Google Analytics Cookie name: _ga Cookie purpose: to collect information and report website usage statistics without personally identifying individual visitors to Google and distinguishing one user from another Cookie type: Third-Party Cookies Cookie validity period: 2 years

MANAGING COOKIES

In many cases, the software used for browsing websites (web browser) by default allows the storage of cookies on the user’s end device. Service users can change cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the web browser settings or to inform about their placement on the user’s device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings of the web browser used by the user.

The service operator informs that restrictions on the use of cookies may affect some of the functionalities available on the service’s websites.

Ways to configure cookie settings in individual browsers can be found, among others, at the following addresses:

  • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  • Mozilla Firefox: http://support.mozilla.org/pl/kb/usuwanie-ciasteczek
  • Microsoft Internet Explorer: http://support.microsoft.com/kb/278835/pl

The user also has the option to disable the following cookies:

  • Google Analytics, by downloading the module available at: https://tools.google.com/dlpage/gaoptout/
  • Insight Tag of LinkedIn, by modifying the user settings on the LinkedIn page: https://www.linkedin.com/psettings/

DATA SHARING

Cookies placed on the user’s end device will be used by entities cooperating with the service operator, advertisers, and partners.

More information about cookies is available in the “Help” section of the web browser menu.

 

The website uses the following cookies

Cookie provider Name of cookie Purpose of cookie Type of cookie Duration of cookie
Polylang, WordPress plugin pll_language store information about a selected language on the website First-Party Cookies 1 year
GDPR Cookie Compliance, WordPress plugin moove_gdpr_popup store information about site visitor consent to allow or not using 3d party cookies, Google Analytics in this case First-Party Cookies 1 year
Google Analytics _ga to collect information and report site usage statistics without personally identifying individual visitors to Google, and to distinguish one visitor from another Third-Party Cookies 2 years

Contractors

Contractors

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246. The company is part of the Grenevia Group, therefore your personal data will be subject to joint administration and transferred within the Grenevia Group for the purpose for which they are processed.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.” The Data Protection Officer will provide you with information regarding the arrangements between joint controllers.
  3. Purpose of Data Processing: Your personal data will be processed for the purpose of:
    • Taking actions at the request of the data subject before entering into a contract and, in the case of selecting your offer, for the purpose of signing and performing the contract, based on Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
    • Implementing the gift policy in force at the Data Controller (in terms of name, surname, position, company name), which results from the legitimate interest pursued by the Controller in connection with compliance with the anti-corruption policy and gift policy; based on Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
    • Establishing, pursuing, and defending claims, which results from the legitimate interest pursued by the Controller, based on Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  6. Data Retention Period: The personal data in question will be stored during the performance of the contract, as well as after its termination and the expiration of the time required to establish, pursue, or defend claims, up to a maximum of 10 years after the termination of the contract. In the case of data provided for participation in the procurement procedure, for 3 years from the end of the calendar year in which the procurement procedure was carried out. In the case of vehicle sales, for 5 years from the moment of sale. In the case of procurement procedures within a project related to obtaining EU funding, for the period specified in the funding agreement. Personal data related to the implementation of the gift policy will be stored for 5 years from the end of the calendar year in which the data were registered, as well as until the establishment, pursuit, or defense of claims.
  7. Data Sharing: Selected data may be shared with the following entities: Economic Information Bureau (BIG), law firms, bailiffs, insurance companies, debt collection companies, software providers, entities providing technical support, and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
  8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
  9. Voluntary Data Provision: Providing data is voluntary but necessary to participate in the procurement process and/or to conclude and perform the contract or order.
  10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

 

Contractor Employees

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
  3. Purpose of Data Processing: Your personal data will be processed for the purpose of:
    • Verifying the identity of persons authorized by the Parties to exchange information, make arrangements on behalf of the Parties, and perform other activities indicated in the contract using the provided email addresses and phone numbers of individual employees/collaborators, which results from the legitimate interest pursued by the Controller and is necessary for the performance of the contract to which your employer/client is a party; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
    • Implementing the gift policy in force at the Data Controller in terms of name, surname, position, company name, which results from the legitimate interest pursued by the Controller arising from the obligation to comply with anti-corruption regulations; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  6. Data Retention Period: The personal data in question will be stored during the performance of the contract with your employer, as well as after its termination and the expiration of the time required to establish, pursue, or defend claims. Your personal data related to the implementation of the gift policy will be stored for 5 years from the end of the calendar year in which the data were registered, as well as until the establishment, pursuit, or defense of claims.
  7. Data Recipients: Recipients of your data may include law firms and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
  8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
  9. Voluntary Data Provision: Providing data is voluntary but necessary to participate in the procurement process and/or to conclude and perform the contract or order.
  10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

 

Shareholders

We inform you that:

  1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
  2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to the correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
  3. Purpose of Data Processing: The personal data of shareholders are processed for the purpose of fulfilling the Company’s legal obligations or exercising its rights based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), in particular based on the provisions of the Commercial Companies Code and the Act on Trading in Financial Instruments.
  4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
  5. Data Recipients: Recipients of your data may include law firms.
  6. Data Retention Period: Your personal data will be stored for the time necessary to fulfill the legal obligations imposed on the Company and the time required to establish, pursue, or defend claims.
  7. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
  8. Mandatory Data Provision: Providing data is mandatory and necessary to fulfill the legal obligation imposed on the Company.
  9. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

    Persons Concerned by the Report (Article 14 GDPR)

    We inform you that:

    1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
    2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
    3. Purpose of Data Processing: Your personal data will be processed in connection with the fulfillment of the legal obligation imposed on the controller to clarify the reported violation of the law (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), and the legitimate interest of the data controller (Article 6(1)(f) of Regulation (EU) 2016/679) in connection with the required time to establish, pursue, or defend claims.
    4. Source of Personal Data: Your personal data were obtained from the person reporting the violation.
    5. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
    6. Data Retention Period: Your personal data will be stored for 3 years from the end of the calendar year in which follow-up actions were completed, the external report was forwarded to the public authority competent to take follow-up actions, or after the conclusion of proceedings initiated by these actions.
    7. Data Recipients: Recipients of your data may include entities providing legal services and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
    8. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
    9. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
    10. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

      Persons Making Reports (Article 13 GDPR)

      We inform you that:

      1. Data Controller: The controller of your personal data is Grenevia SA (owner of the FAMUR brand), headquartered in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS number: 0000048716, Regon: 270641528, NIP: 6340126246.
      2. Contact Information: If you have any questions related to the processing of your personal data, we encourage you to contact the Data Protection Officer, who can be reached via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1b, with the note “Data Protection Officer.”
      3. Purpose of Data Processing: Your personal data will be processed in connection with the fulfillment of the legal obligation imposed on the controller to protect the identity of persons reporting violations of the law based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), the legitimate interest of the data controller (Article 6(1)(f) of Regulation (EU) 2016/679) in connection with the required time to establish, pursue, or defend claims, or voluntarily given consent if you choose not to remain anonymous (in accordance with Article 6(1)(a) of Regulation (EU) 2016/679).
      4. Automated Decision-Making: Your personal data will not be processed in an automated manner, including profiling.
      5. Data Retention Period: Your personal data will be stored for 3 years from the end of the calendar year in which follow-up actions were completed, the external report was forwarded to the public authority competent to take follow-up actions, or after the conclusion of proceedings initiated by these actions.
      6. Voluntary Data Provision: Providing data is voluntary.
      7. Consent-Based Data Processing: Your data processed based on consent will be stored until the consent is withdrawn. Consent for personal data processing can be withdrawn at any time electronically at iod@famur.com. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. Withdrawal of consent does not mean withdrawal of the report. Withdrawal of consent means that the person reporting the violation, who provided their personal data, becomes anonymous from the moment of withdrawal.
      8. Data Recipients: Recipients of your data may include entities providing legal services and the cloud service provider Microsoft. The principles of data protection by Microsoft in the form of a privacy statement can be found on the microsoft.com website in the privacy section.
      9. Data Storage Location: Your personal data will be stored on servers located in the European Union. However, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
      10. Your Rights: You have the right to request access to your personal data, rectification, deletion, or restriction of processing, the right to object to processing, and the right to data portability.
      11. Right to Lodge a Complaint: We inform you that you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

Non-Identifiable Data

We inform you that:

In the case of making a report anonymously, the Data Controller is unable to identify the data of the reporting person, which means that under Article 11 GDPR, processing that does not require identification occurs. Therefore, we inform you that Articles 15, 16, 17, 18, 19, and 20 GDPR do not apply (unless the data subject, in order to exercise their rights under these articles, provides additional information allowing them to be identified).

Article 15 GDPR – The right to access the content of your personal data and to obtain information, including the categories of data and purposes of processing, as well as to obtain a copy of the data.

Article 16 GDPR – The right to rectify incorrect or complete incomplete personal data.

Article 17 GDPR – The right to erasure of data (“right to be forgotten”), meaning the deletion of data that are no longer necessary for the purposes for which they were collected, as well as data processed without a legal basis (the person has withdrawn consent for data processing) or unlawfully.

Article 18 GDPR – The right to restrict data processing, meaning to stop data operations or not delete data, according to the submitted request.

Article 19 GDPR – The obligation to notify about the rectification or erasure of personal data or the restriction of processing.

Article 20 GDPR – The right to data portability processed in an automated manner.

Justyna Spyra

Data Protection Inspector

Al. Walentego Roździeńskiego 1b
40-202 Katowice
iod@famur.com

Globe icon EN Globe icon