Privacy policy of GFSP.PL website

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users of website. (hereinafter referred to as “Website”).

  • The administrator of personal data (hereinafter referred to as the “Administrator”) processed on the Website is:

– GFS Poland spółka z ograniczoną odpowiedzialnością based in Bielsko-Biała, at Komorowicka street No. 110, 43-300.  KRS: 0000641133, NIP: 9542769813, REGON: 365629258.

Contact details:
Office +48 33 333 90 92


  • In the interests of security of entrusted data, the Administrator has developed internal procedures and recommendations to prevent unauthorised access to data.  The inspections are carried out and their compliance with the following, currently applicable legal acts is constantly verified – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free the flow of such data and the repeal of Directive 95/46/EC (general regulation on data protection) (OJ L 119, p. 1), national regulations, including the Act on personal data protection, the Act on the provision of electronic services, as well as all types of implementing acts and other Community legislation.
  • Personal data are processed on the basis of express consent expressed by the User and in cases where the law authorises the Administrator to process personal data.
  • The Website performs the functions of obtaining information about the users and their behaviour in the following way:
    – through information provided by the users electronically, over the telephone related to the execution of orders,
    – by voluntarily entering information in forms,
    – by collecting “cookies” [see cookie policy].
  • The Website collects information voluntarily provided by the user.
  • The administrator notifies the user about the processing of their data, when collecting data from the user and about the planned change of the purpose of data processing.
  • For the purpose of fulfilling orders, personal data such as: name and surname, address details and payment data as well as telephone number and e-mail address of the User are collected. 
  • Data provided by the User in forms on the Website are processed for the purpose resulting from the function of a specific form, such as in order to process the contact details or use the newsletter function.
  • Personal data provided by the User may be processed for marketing purposes under a separate consent.
  • Users’ personal data are transferred to third parties only if it is allowed by law, including the objectives related to the order or settlement (payment), and for marketing purposes; data are transferred under explicit, prior and separate consent of the user.
  • The Administrator cannot make the order fulfilment conditional upon the User’s consent to the processing of data for marketing purposes.
  • Users’ personal data may be transferred to the following service contractors of GFS Poland sp. o.o.:
    – Marketing services (sending the newsletter campaign) by FreshMail Sp. z o.o.
    – Marketing services (handling Incola fun page) by Pitted Cherries Radowicz&Jaroszyński
    – Hosting services by S.A.
    As well as  other operators providing tax services (accounting services), IT and courier services. 
    In the future, other operators that may replace current service providers will process personal data made available to the administrator in a specific scope.
  • Operators cooperating with GFS Poland sp. o.o. receive only the necessary personal data to complete orders as well as for marketing purposes in case of a separate user consent.
  • User’s personal data are transmitted securely using encryption.
  • Personal data through the Website cannot be sold in accordance with the provisions of the Act on the protection of personal data.
  • Personal data collected for the purpose of order fulfilment or collected through an inquiry in the contact form will be collected and processed until an objection or withdrawal of consent for processing is received from the data subject and if the data were processed illegally or the need to remove them results from legal obligations.
  • If the data subject to removal were made public by the Administrator, the Administrator will makes reasonable efforts, including technical measures, to inform other administrators processing these personal data about the need to delete data and prevent access to them.
  • The user has the right to obtain free of charge information about personal data being processed.  The user also has the right to modify, lock, request transfer of collected data to another administrator and request to stop processing their data at any time by deleting them.
    For this purpose, please use the contact details indicated or the contact form provided on the Website
  • The administrator will supplement and update data on user’s request.  The administrator has the right to refuse to supplement the data if the supplement is inconsistent with the purposes of data processing (for instance the Administrator does not have to process data that are unnecessary).   The Administrator may rely on data subject statement regarding the data being updated, unless it is insufficient in the light of the procedures adopted by the Administrator (such as procedures for collecting such data), the law or if grounds exist to consider the statement unreliable.
  • At the User’s request regarding access to their data, the Administrator notifies the User whether or not that User’s data are processed and provides the details of processing, in accordance with Art. 15 of GDPR (the scope corresponds to the information obligation when collecting data), and also grants the user access to data concerning the User.
  • The Administrator limits data processing at the User’s request when:
    – The user questions the correctness of the data – for a period sufficient to verify their correctness,
    – the processing is unlawful, and the User being the data subject opposes the removal of personal data, requesting instead to limit their use,
    – Administrator no longer needs personal data, but they are needed by the data subject for the purpose of establish, investigate or defend claims,
    – The User lodged an objection to the processing for reasons related to User’s specific situation – until it is determined whether the Administrator has legally justified grounds overriding grounds of objection.
  • When processing is restricted, the Administrator stores the data but does not process it (does not use it, does not transmit it) without the consent of the data subject, unless in order to establish, investigate or defend claims, or to protect the rights of another natural or legal person or due of important public interest considerations. 
  • If the User does not consent to the processing or use of their personal data in accordance with these provisions, the User has the right to object by e-mail, telephone or using the form provided on the Website.
  • Administrator undertakes to notify the User without undue delay of any breach of security of personal data processed by the Administrator, if the violation may cause a high risk of breach of the rights or freedoms of individual.
  • Administrator will keep the processing of personal data to minimum, in terms of:
    – data adequacy for purposes (amount of data and scope of processing),
    – access to data,
    – duration of data storage.
  • Administrator reserves the right to change the Website’s privacy policy.  Administrator will notify users of any changes.
  • GFSP.PL Website and other systems are protected by current technical and organisational measures against loss, destruction, access, modification or dissemination of user data by unauthorised persons.
  • The Websites may contain links to other website.  Such websites operate independently of the Website and are not supervised by the Website in any way.  These websites may have their own privacy policies and regulations.
  • The User has the right to lodge a complaint with the supervisory body in connection with illegal processing of their personal data.

If in doubt about any of the provisions of this policy, please contact us via the contact form provided on the Website, which can be found in the tab – CONTACT, or via the contact details indicated above.

Cookie policy of GFSP.PL website

  • “Cookies” files are text files that are stored on user’s end device.
  • The Website does not automatically collect any information, except for information contained in “cookies”.
  • The Website operator places “cookie” files on user’s end device and has permanent access to them.
  • The content of “cookies” prevents identification of the Website user.
  • Personal data of Website users are not processed or stored using “cookie” files.
  • The Website administrator uses “cookies” in order to:
    – match the content of the website to the individual preferences of the user,
    – prepare statistics to understand users’ preferences and behaviours, analysis of these statistics is anonymous and enables matching of the content and appearance of the Website to the prevailing trends, statistics are also used to assess the popularity of the site.
  • The Website uses the following types of “cookie” files:
    – Session files are stored until the user leaves the website.
    – Permanent files are stored on user’s end device until they are deleted by the user or automatically deleted over time.
  • Website user has the option of changing the settings of their browser to prevent the use of “cookies”.
  • Website user may request information about placing “cookies” in their device.
  • Changes of settings in the user’s web browser regarding “cookie” files may limit access to some of the functions of the Website.

The policy is verified on an on-going basis and updated if necessary.  The current version of the Policy was adopted and is valid as of 25.05.2018.