Effective from: October 9, 2025.
1) Data controller (ADO)
The administrator of the personal data of Users of the postalsmart.pl website (“Website”) is Postal Steel Group Polska sp. z o.o. with its registered office in Tarnowo Podgórne (62-080), ul. Sowia 6. Contact details published on the Website: +48 61 652 59 00, kontakt@postalsmart.pl; address as above. The Website footer indicates the copyright owner: Postal Steel Group Polska sp. z o.o.
Company identification data: NIP 7773140244, KRS 0000647476, REGON 301273819 (data confirmed on the group’s website and in business registers)
Data Protection Officer: The administrator has not appointed a DPO. For all matters relating to personal data, please contact us at: kontakt@postalsmart.pl.
2) Scope of application and categories of persons
This Policy applies to the data of persons:
- visiting the Website,
- contacting us (e-mail/phone/contact forms),
- submitting inquiries about offers, services, or installation,
- subscribing (if available) to the newsletter,
- expressing interest in B2B cooperation (including Installers, Developer/Investor, Distributor/Seller, General Contractor, Architect/Designer). The “Cooperation” subpages and contact forms available on the Website confirm these paths.
3) What data we process
Depending on the relationship and context:
- Identification and contact data: first name, last name, email address, telephone number; in B2B relationships also: company, tax identification number, position/role, region of operation.
- Project/installation data: investment address, technical preferences, scope and date of work; materials that you send yourself (e.g., plans/photos).
- Transaction/billing data – when a contract is concluded.
- Operational data: server logs, IP address, cookie identifiers, device/browser information (details in the “Cookies” section).
- Correspondence content and metadata (date/time, subject, contact channel).
- Newsletter/consents – when you voluntarily provide them (if the service is available).
4) Purposes and legal bases for processing (GDPR Article 6)
- Contact and handling of inquiries (B2C/B2B) – our legitimate interest: handling inquiries and sales, building a partner network (GDPR Article 6(1)(f)).
- Pre-contractual and contractual activities, including installation/service – (GDPR Article 6(1)(b)).
- Settlements, accounting, taxes, warranty/guarantee – legal obligation (GDPR Article 6(1)(c)).
- Own marketing and analytics (e.g., measuring the effectiveness of activities, improving services) – legitimate interest of the controller (GDPR Article 6(1)(f)).
- Consents (e.g., newsletter, telemarketing, analytical/marketing cookies) – (Article 6(1)(a) of the GDPR) + specific requirements: Article 10 of the UŚUDE (e-mail/SMS) and Article 172 of the Telecommunications Law (telephone calls).
- Investigation or defense of claims, archiving of evidence, audits – legitimate interest (Article 6(1)(f) of the GDPR).
- Recruitment (if conducted) – current: Article 6(1)(b) of the GDPR and Article 22¹ of the Labor Code; future processes: Article 6(1)(a) of the GDPR.
5) Leads from B2B partners (installers, developers, etc.)
On the “Cooperation” subpages and the “Contact” form, we collect partner leads (including Installers, Developers/Investors, Distributors, General Contractors, Architects/Designers). We typically process: contact person details, company details, scope/region of activity, description of experience/competence, content of the application, and technical metadata.
Purposes and bases: qualification and establishment of cooperation (Article 6(1)(b) and (f) of the GDPR), B2B communication (f), direct marketing after consent (a in conjunction with UŚUDE/PT). Detailed paths are confirmed on the Installer and Developer/Investor subpages.
6) Data recipients (categories)
We may entrust data to trusted entities that process it exclusively on our behalf, including:
- providers of hosting, CRM systems, email, and analytical/marketing tools,
- entities providing IT/service support, installers/logistics partners,
- accounting offices, law firms, insurers, advisors,
- payment operators (if the service provides for them),
- partners providing after-sales/service support. Data may be disclosed to public authorities if such an obligation arises from legal provisions.
7) Transfer to third countries (outside the EEA)
If we use tools from providers with servers outside the EEA, the transfer of data is based on appropriate legal safeguards, usually the European Commission’s Standard Contractual Clauses (SCC). We will provide a copy of the transfer mechanisms upon request.
8) Storage period
- correspondence and inquiries – up to 12 months from the end of the case (unless an agreement is reached),
- contract/service data – for the duration of the contract, then until the expiry of the limitation period for claims and for the period required by tax/accounting regulations (as a rule, 5 years from the end of the tax year),
- B2B partner leads – up to 24 months from the last activity or until an effective objection is made; in the case of a contract being concluded – as above,
- newsletter/marketing consents – until consent is withdrawn,
- cookie data – in accordance with the life cycle of a specific file/digital identifier (section “Cookies”).
9) Rights of data subjects
You have the right to: access your data, rectify it, delete it, restrict its processing, transfer data, object (when based on our legitimate interest), and withdraw consent at any time (without affecting the lawfulness of processing prior to its withdrawal).
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl).
10) Obligation/voluntary nature of providing data
Providing data is voluntary, but may be necessary for: responding, preparing an offer, concluding/performing a contract, settlements, service/installation or sending a newsletter (if available). Lack of data may prevent the above purposes from being achieved.
11) Sources of data (when we do not collect it directly)
In B2B relationships, we may, within the limits of the law, supplement the data with information from public registers (KRS/CEIDG) or official company websites (contact details) in order to establish contact regarding cooperation and verify basic information about the partner. The Company’s identification data (NIP/KRS/REGON) are confirmed by public sources.
12) Automated decisions and profiling
We do not make decisions that have legal effects on you solely in an automated manner. We may conduct marketing profiling (e.g., content matching, remarketing) only based on your consent to marketing cookies, which you can withdraw at any time (see “Cookies”).
13) Cookies and similar technologies
13.1. What are cookies?
Cookies are small files stored on your device. They are used to:
- ensure the necessary functions of the Website (website logic, security),
- remember settings (functional),
- analyze traffic and performance,
- marketing (personalization/remarketing – only with your consent).
Legal basis:
- necessary cookies – our legitimate interest and Article 173(3) of the Telecommunications Law (consent is not required),
- analytical/marketing/functional cookies – consent (Article 6(1)(a) of the GDPR in conjunction with Article 173 of the Telecommunications Law).
13.2. Consent management
- via the banner/consent management panel on the Website (you can change your selection at any time),
- in your browser settings (blocking/deleting cookies).The current list of cookies and providers (name, purpose, validity period) is presented in the consent tool on the Website.
13.3. Data collected automatically
In server logs and analytical tools, we may collect: IP address, online identifiers, browser type/version, language/time zone settings, referring URL, activity on the Website, approximate location (based on IP), response times, errors, etc. The scope depends on the consents selected.
14) Communication and marketing
14.1. Contact (email/phone/forms)
We use the data to handle the matter, prepare a quote, provide advice, and respond to you – our legitimate interest (Article 6(1)(f) of the GDPR). We provide contact and telephone numbers on the Website (including the addresses kontakt@postalsmart.pl, b2b@postalsmart.pl, bok@postalsmart.pl, numbers +48 61 652 59 00, +48 505 331 007).
14.2. Newsletter and compliant marketing communication
If a newsletter is available, we send commercial information only after obtaining consent (Article 6(1)(a) of the GDPR in conjunction with Article 10 of the UŚUDE). Each message contains a link to unsubscribe.
14.3. Telemarketing
We make telephone contact for marketing purposes only after obtaining prior consent in accordance with Article 172 of the Telecommunications Law (basis: Article 6(1)(a) of the GDPR).
15) Data security
We use technical and organizational measures appropriate to the risk, including: transmission encryption (TLS/SSL), access and authorization control, password policies, backups, access logging, selective access to processors based on processing agreements.
16) Policy changes
We may update the Policy in the event of changes in law, technology, or processing methods. The current version will be published on the Website in the “Privacy Policy” tab. The Company’s identification and contact details and brand affiliation are confirmed by the information on the Website and on the POSTAL group website.
Contact address for privacy matters
Email: kontakt@postalsmart.pl | Phone: +48 61 652 59 00 | Address: ul. Sowia 6, 62-080 Tarnowo Podgórne, Poland.