If you've reached this page, it means that the protection of your personal data matters to you. We want to assure you that we take your privacy seriously and that it is important to us. To this end, we have implemented not only legal but also technical measures to further strengthen its protection. In accordance with the GDPR, below we present the principles governing our processing of your personal data. Please review the most important questions relating to your personal data, and if you have any doubts regarding the Privacy Policy, feel free to contact us.

§1 Preliminary information

Pursuant to Art. 13 of the GDPR (and where we obtain data from other sources – also Art. 14 of the GDPR) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation), hereinafter referred to as the “GDPR”, we provide below information regarding the processing of your personal data.

The Privacy Policy contains information regarding our processing of your personal data. Detailed information on the use of cookies and other similar technologies is contained in the Cookies Policy, available below.

§2 Who is the Controller of your personal data?

The data controller is Adam Krajewski, conducting business under the name HOCELL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, NIP: 5772006011, REGON: 543760288, address: Krakowska 4, 42-300 Myszków, Poland. You can contact the Controller by e‑mail at: biuro@hocell.pl

§3 For what purpose do we collect your data and how long do we store it?

We may process your data for the following purposes:

1. Communication with you to resolve or finalize the matter to which the correspondence relates, including

responding to questions submitted via the contact form, e‑mail message, etc. (Art. 6(1)(f) GDPR)

Data will be processed on the basis of the Controller’s legitimate interest in communicating with you (Art. 6(1)(f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary but necessary for communication with you. Data may also be processed during archival processes for internal purposes, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.

2. Conclusion and performance of a contract and communication preceding the conclusion of a contract concerning contractual matters (Art. 6(1)(b) GDPR)

3. Establishing, defending and pursuing claims as part of the Controller’s legitimate legal interest (Art. 6(1)(f) GDPR)

4. Fulfilment of legal obligations incumbent on the Controller among others, tax and archiving obligations (Art. 6(1)(c) GDPR)

Data necessary for the conclusion and performance of a contract will be processed for the duration of the contract, including for the period of exercising rights arising from the contract (Art. 6(1)(b) and (f) GDPR). Providing this data is voluntary but necessary for concluding and performing the contract. Additional data provided to among others improve the performance of the contract will be processed no longer than until you object or the business purpose ceases, based on the legitimate interest of client service (Art. 6(1)(f) GDPR).

Data will be processed for the limitation period for claims resulting from applicable provisions, among others in Art. 118 of the Civil Code, and thereafter for an additional period of 12 months based on the Controller’s legitimate interest to defend against claims, and to determine and pursue claims (Art. 6(1)(f) GDPR).

Where legal obligations are being performed, data will be processed for the period during which separate provisions of generally applicable law require the Controller to retain the data. Where data are necessary for fulfilment of legal obligations incumbent on the Controller (such as issuing and keeping invoices, archiving obligations) – the retention period is 5 years from the end of the calendar year in which the tax obligation arose, unless provisions provide otherwise (Art. 6(1)(c) GDPR). In other cases of fulfilling legal obligations – the retention period is determined by the provisions regulating those obligations. (Art. 6(1)(c) GDPR).

Data may also be archived for internal and statistical purposes until you object or the business purpose ceases, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR).

5. Providing marketing/commercial information (hereinafter Marketing Information); (Art. 6(1)(a) or (f) GDPR)

We process data based on consent (Art. 6(1)(a) GDPR) – when we ask you to subscribe to a newsletter or consent to commercial communication – or on legitimate interest (Art. 6(1)(f) GDPR) to the extent permitted by law. The communication channel (e‑mail/SMS/phone) requires prior consent in accordance with electronic communications law. You may withdraw consent at any time.

Providing data is voluntary, but necessary to receive Marketing Information. Opting out of receiving Marketing Information prevents us from sending you Marketing Information.

Data may also be archived to enable potential determination, pursuit or defence of claims, including to demonstrate that marketing activities were conducted lawfully based on Art. 6(1)(f) GDPR. Data processed based on Art. 6(1)(f) GDPR will be processed no longer than until you object or the business purpose ceases – whichever occurs first.

6. Administration and management of the website and groups on social platforms (among others. Facebook (Meta), Instagram, LinkedIn), in the case of processing on social platforms, including communication and targeting marketing content (Art. 6(1)(f) GDPR)

Data provided to use the platform will be processed no longer than until you object or the business purpose ceases – whichever occurs first, based on the legitimate interest of servicing platform Users.

These data will be processed only if you decide to: like the page / join the group / select the “Follow” option or otherwise leave your data on a platform managed by us, e.g. by posting an entry or comment. Data will be processed for the existence of the page/group or until you object, which may occur by unchecking the “Like”, “Follow” options, deleting the comment/post, or by other means provided by the platform/page or by contacting me. We inform you that rules regarding the page/fanpage/group are set by the Controller, whereas the rules for using the social network where the page/fanpage/group is hosted are set by the entity operating those networks.

7. Analytical and statistical purposes (Art. 6(1)(a) or (f) GDPR)

We process data for analytical and statistical purposes to better understand how you use our products/services and how we can develop them. These data may come from various sources – for example from analytics tools (if we use a website or application), from customer service systems, accounting programs, reservation or communication systems, as well as from compilations and reports created for our internal needs.

If we use cookies or similar technologies, tools other than those strictly necessary are enabled only after you give consent (Art. 6(1)(a) GDPR) in the cookies banner. Data necessary for proper operation, security and functionality of the service are processed on the basis of legitimate interest (Art. 6(1)(f) GDPR). When we do not use cookies, analytical data come from our own systems and are processed on the basis of legitimate interest (Art. 6(1)(f) GDPR) to create statistics, analyze trends and improve services.

Where possible we apply pseudonymisation or anonymisation, and reports are aggregated (e.g. number of inquiries, average contact time, most selected service categories), without the possibility of assigning them to a specific person. We process data until you object or the business purpose ceases – whichever occurs first, and in the case of consent – until it is withdrawn. You have the right to object to processing carried out on the basis of our legitimate interest, and in the case of consent – to withdraw it at any time.

8. Promotion and marketing of products (Art. 6(1)(a) or (f) GDPR)

If you provide us with your data, in particular in the form of reviews, they will be processed on the basis of the Controller’s legitimate interest in marketing, for the purpose of improving the quality of services and products and promoting the Controller’s services and products. These data will be processed for the period necessary to achieve business purposes or until you object. Providing data is voluntary.

9. Recruitment (Art. 6(1)(b) and Art. 6(1)(c) GDPR)

Data may be processed for the time necessary for the recruitment process and conclusion of a contract (Art. 6(1)(b) GDPR). Data required by labour law are processed on the basis of Art. 6(1)(c) GDPR in connection with Art. 22¹ of the Labor Code. In the case of additional data provided voluntarily – the basis is your consent (Art. 6(1)(a) GDPR).

Your data may also be used for future recruitment purposes – based on expressed consent – for a maximum of 3 years due to the recruitment cycle in the industry (this period is counted from the end of the year in which the application was obtained). Providing personal data is voluntary, although providing certain data may be necessary for conducting the recruitment and concluding a contract. Failure to provide such data will result in not undertaking the aforementioned actions.

10. Collection of special categories of data (sensitive data) - Art. 9(2)(a) GDPR
Sensitive categories of data are collected for the purpose of performance and proper execution of the contract – based on informed and voluntary consent (Art. 9(2)(a) GDPR) – until the business purpose ceases or consent is withdrawn – whichever occurs first. Providing this data is voluntary, but it is necessary for proper performance of the contract (if providing the data is indicated as necessary for performance of the Contract).

In the case of data processed on the basis of Art. 6(1)(f) for the purposes described above, we verify the justification for further storage every 12 months and delete/anonymize data that are no longer needed.

§4 To whom may we disclose your data?

We disclose your data to other entities only when it is necessary to achieve the processing purposes referred to in §3 and only to the extent necessary to achieve that purpose. As a rule, we collect and process only the data you provided to us, subject to data collected automatically or semi‑automatically (e.g. online identifiers, system logs, cookies and similar technologies). More about cookies can be found in §8.

We may transfer your data to processors acting on our behalf. Data are made available to other companies/entities only when necessary.

We entrust your data to a hosting company, an IT company / entity managing the website, a company providing accounting services, a company providing invoicing software, a company providing newsletter services, a company providing cloud services, entities providing marketing services, entities providing administrative services, entities providing consulting services, subcontractors, lawyers, couriers or postal operators, a training platform, a social platform, a customer service platform, an appointment booking platform, a platform for sharing products or providing services, and other entities that support the Controller in achieving the processing purposes. Personal data may be disclosed by the Controller to entities entitled to receive them under applicable law, including among others authorities, common courts and administrative courts, enforcement offices, notarial offices, etc.

As a rule data will not be transferred outside the EEA, except in situations described below. In other cases, where data are transferred outside the EEA, this will be based on your consent, standard contractual clauses or other safeguards provided for in the GDPR, after fulfilling the among others information obligation.

Services provided by Microsoft Ireland Operations Ltd or Meta Platforms Ireland Limited (so‑called Facebook), Google Ireland Ltd. are performed by entities established in the EU, however due to the global nature of these entities’ operations, data may be transferred to the USA based on standard contractual clauses or other legal safeguards compliant with the GDPR. Regardless, these entities have implemented safeguards compliant with the GDPR to protect personal data, including the use of among others standard contractual clauses. More information about data processing by the aforementioned providers can be found in the Privacy Policies of each provider.

§5 What rights do you have?

Under the GDPR you have the right of access to your personal data, rectification of personal data, erasure of personal data, restriction of processing of personal data, objection to processing of personal data, data portability, withdrawal of consent to processing; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Detailed information regarding the above rights is contained in the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). We generally respond to your requests within 1 month (Art. 12(3) GDPR).

If you believe that your personal data are being processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office. In such a case, however, I encourage you to contact me first to clarify any doubts.

§6 Are your data profiled?

The Controller analyses personal data in an automated manner using tools provided by software providers (e.g. via statistics, history), solely to the extent that does not produce any legal effects with respect to you or significantly affect your situation, including guaranteed rights and freedoms. The purpose of automated processing is to learn Users’ preferences (more information on analysis is provided in §8 - Cookies Policy).

§7 Legal provisions applicable to personal data

Matters not regulated herein are governed by the applicable legal provisions, including European law (among others. the GDPR).

§8 Cookies Policy

While using the Website technical information and online identifiers may be collected automatically, in particular by means of cookies and similar technologies. Such data may constitute personal data.

Cookies (so‑called “cookies”) are information technology data, in particular text files, which are stored on the end device of the Website User and are intended for use on the Website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.

Cookies are used in particular for the following purposes:

• technical and functional – necessary for the proper functioning of the Website and its features (e.g. session maintenance, cart, forms),

• analytical and statistical – enabling analysis of how the Website is used, which helps improve its structure and content (e.g. Google Analytics 4),

• marketing and advertising – allowing remarketing activities and targeting personalized advertising content (e.g. Google Ads, Meta Pixel, TikTok Pixel),

• communication and performance – supporting chat service, site performance optimization or service efficiency.

The current list of cookies used on the Website, together with information about their categories, providers and retention periods, is available in the consent management tool (cookies banner visible on the site).

You can change your cookie settings yourself in your web browser. In many cases the browser by default allows cookies to be stored on the User’s end device. Detailed information on the possibilities and methods of handling cookies is available in the browser settings. Not consenting to cookies may limit the functionality of some features of the Website.

The Controller uses technologies that monitor actions taken by the User on the Website:

Meta conversion pixel (Facebook Pixel)

On our site we use the Meta Pixel (Facebook Pixel) tool provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The Meta Pixel is a piece of code placed on the site that enables analysis of users’ actions on the website and targeting of personalized ads to them on Meta services (among others. Facebook, Instagram). This allows us to reach people who visited our site or showed similar interests (remarketing).

The Pixel also allows us to measure the effectiveness of advertising campaigns, e.g. by checking whether a user performed a specific action on the site (a so‑called conversion).

The legal basis for processing for marketing tools is your consent (Art. 6(1)(a) GDPR) expressed in the cookies banner; tools are activated after consent is given. You can manage consent at any time in the banner/preferences center settings on the Website. For necessary technical functions we rely on legitimate interest (Art. 6(1)(f) GDPR) consisting in ensuring the security and proper operation of the service. Detailed information about the operation of the Meta Pixel and Meta’s data processing rules is available here: https://www.facebook.com/privacy/explanation Information about the Meta Pixel: https://www.facebook.com/business/help/742478679120153

Google Tag Manager (GTM)

On our site we use Google Tag Manager (GTM), provided by Google Ireland Limited.

Google Tag Manager is a technical tool that enables management of other tags and scripts placed on the site (e.g. Google Analytics 4, Google Ads, Meta Pixel, TikTok Pixel). GTM itself does not collect or process users’ personal data – it only triggers other tags that may collect data.

If specific tags have been enabled on the site via GTM (e.g. analytical or marketing tags), they may collect user data in accordance with the rules described in this Privacy Policy.

The legal basis for using GTM is the Controller’s legitimate interest (Art. 6(1)(f) GDPR) in ensuring the proper functioning of the site and facilitating management of tools. Tags that require consent are triggered by GTM only after consent is given.

Information about data processing rules can be found in the Privacy Policy. Information about GTM can be found at: https://marketingplatform.google.com/about/tag-manager/

Google Analytics 4

For the analysis of the use of our website and its optimization we use the Google Analytics 4 service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to collect information about users’ activity on the site (e.g. the source of entry to the site, visited subpages, device type, web browser). This information is used to create statistics that help improve the site’s performance and tailor its content to users’ needs.

For necessary technical purposes we rely on legitimate interest (Art. 6(1)(f)). Analytical tools other than those necessary are activated after consent is given in the cookies banner (Art. 6(1)(a) GDPR). You can manage consent/objection at any time in the banner settings or by using the browser add‑on provided by Google (https://tools.google.com/dlpage/gaoptout).

Detailed information on data processing within Google Analytics can be found on the following pages: Google Privacy Policy: https://policies.google.com/privacy

Google Ads
On our site we use Google Ads advertising tools provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables advertising activities, including remarketing, that is targeting personalized ads to Users who visited our site or expressed certain interests. Google Ads uses cookies and similar technologies to analyse user behaviour and tailor ad content. The legal basis for marketing tools is your consent (Art. 6(1)(a) GDPR) expressed in the cookies banner; tools are activated after consent. For necessary technical functions we rely on legitimate interest (Art. 6(1)(f) GDPR) of ensuring the security and proper operation of the service. Detailed information on Google’s data processing within Google Ads is available at: Google Privacy Policy.

Google Ads Customer Match

As part of advertising activities we use the Google Ads Customer Match feature provided by Google Ireland Limited.

The Customer Match feature allows us to match our ads to selected audience groups. For this purpose we may upload lists containing selected contact details of our customers to Google. Data such as e‑mail address, phone number, first and last name are hashed beforehand. Google compares the data we provide with data of users who have a Google account. If a match is found, users may be assigned to an appropriate target group and receive personalized ads. After matching, hashed data are automatically deleted by Google. The Controller does not receive any new data or information about individual users from Google – only statistical information about the size of the target group.

The legal basis for processing data in this respect is your consent (Art. 6(1)(a) GDPR), expressed via the cookies banner or another explicit action. You can withdraw consent at any time – e.g. via cookie settings or by contacting the Controller – which does not affect the lawfulness of processing prior to its withdrawal.

Detailed information about Google’s data processing practices within Customer Match can be found at: https://support.google.com/adspolicy/answer/6299717?hl=pl.

§9 Social plugins

The Website uses plugins, widgets and other social tools provided by portals such as: Facebook (Meta), Instagram, YouTube, LinkedIn. Rules regarding data processing are described directly on the websites of the above Providers.

§10 Joint controllership

Data processed for statistics collected within the Facebook (Meta) / Instagram platform are jointly controlled by the Controller and Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed terms of joint controllership, including information on rights, are described on the Privacy Policy.

Data processed within the LinkedIn platform are jointly controlled by the Controller and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed terms of joint controllership, including information on rights, are described on the Privacy Policy. The Controller processes data based on the Controller’s legitimate interest in analysing Users’ activity as well as their preferences to improve functionalities and services provided. In matters concerning personal data, you may contact both the Controller and the Joint Controller.

The division of responsibilities of the parties as joint controllers is determined by arrangements under Art. 26 GDPR, published in the privacy policies of the given platform.

This Privacy Policy is effective from 2 April 2026.