GENERAL INFORMATION

Nowa Bud Ltd., headquartered in Kąty Węgierskie, places particular emphasis on respecting the privacy of individuals using our services, including visitors to our website. In fulfilling our legal obligation to inform you, below we present our Privacy Policy, outlining the principles we apply to protect your personal data.

VOLUNTARY PROVISION OF PERSONAL DATA

Providing your personal data is always voluntary. However, it is essential for communication with you and for entering into and properly executing a contract. Your consent to the processing of personal data for marketing and contact purposes is entirely voluntary and does not affect our service provision. Without such consent, however, we will not be able to contact you to present our current offer or to execute the contract.

DATA CONTROLLER

The controller of your personal data is Nowa Bud Ltd., based in Kąty Węgierskie, 05‑126 Kąty Węgierskie, Przyleśna 6, registered in the National Court Register (KRS) by the District Court for the Capital City of Warsaw, 14th Commercial Division, under number 0000583224, share capital PLN 5,000.00, NIP: 5361920977, REGON: 362866928. Correspondence address: 05‑090 Janki, Falencka 1‑B. Contact email: RODO@nowa‑bud.pl.

PROCESSING OF PERSONAL DATA BY THE CONTROLLER

In connection with our business activities, the Controller collects and processes your personal data in accordance with applicable laws, particularly the GDPR (Regulation (EU) 2016/679 of 27 April 2016). The Controller ensures transparency of data processing, informing you at the time of collection or shortly thereafter about the purposes and legal basis of processing—for example, when entering into a contract. The Controller ensures that data are collected only to the extent necessary and processed only for the time required. The Controller ensures compliance with applicable law. In the event of a data breach that poses a risk to individual rights and freedoms (e.g., data leak or loss), the Controller will inform the supervisory authority and the affected persons in accordance with legal requirements.

CONTACT WITH THE CONTROLLER

You may contact the Controller by email at biuro@nowa‑bud.pl or by postal mail at the correspondence address. The Controller has appointed a Data Protection Officer (DPO), who can be reached via the above email or by post for any questions regarding data processing.

DATA RECIPIENTS

In the course of business, personal data may be disclosed to external entities, including IT service providers, maintenance and security services, legal and accounting advisors, couriers, postal operators, brokers, insurers, and affiliated companies. The Controller reserves the right to disclose data to authorities or third parties upon legal request and where legally appropriate.

DATA RETENTION PERIOD

The retention period depends on the type of service and the purpose of processing, as well as applicable laws. For processing based on the Controller’s legitimate interest (e.g., for security), data are kept as long as necessary to fulfill that interest or until effective objection. If processing is based on consent, data are kept until consent is withdrawn. Data processed under contract are retained until its termination. Retention may be extended for claims purposes and thereafter data are irreversibly deleted or anonymized.

RIGHTS OF DATA SUBJECTS

You have the rights to:

  • receive information about data processing (purpose, legal basis, data categories, recipients, and retention period);
  • obtain a copy of your personal data;
  • request rectification;
  • request erasure of data that are no longer necessary;
  • request restriction of processing;
  • request data portability (in a machine-readable format) and transmission to another provider, where technically feasible;
  • object to processing for marketing purposes;
  • object to processing based on legitimate interest (e.g., analytics), with justification;
  • withdraw consent at any time without affecting the lawfulness of prior processing;
  • lodge a complaint with the Office for Personal Data Protection (UODO) if processing is unlawful.

To exercise these rights, contact the Controller or the DPO via the provided contact details.

FILING REQUESTS

Requests to exercise data subject rights may be submitted:

  • in writing to Nowa Bud Ltd., Przyleśna 6, 05‑126 Kąty Węgierskie;
  • by email to RODO@nowa‑bud.pl.

If identification is not possible, the Controller will request additional information. A response will be sent without undue delay, no later than one month after receipt. If an extension is necessary, the Controller will inform you of the reasons. Responses are sent by post unless an electronic form is requested or the inquiry was by email.

PURPOSES AND LEGAL BASES FOR PROCESSING

  • Email and postal correspondence: processed on the basis of the Controller’s legitimate interest (Article 6(1)(f) GDPR) – for handling inquiries and communication.
  • Telephone contact: data may be requested when necessary to address the inquiry, also under legitimate interest (Art. 6(1)(f)).
  • CCTV and access control: used for safety and security, under legitimate interest (Art. 6(1)(f)), and not used for other purposes.
  • Recruitment: data in CVs or job applications are processed as required by labor law (Art. 6(1)(c)), and additional data (not legally required) are only processed with consent (Art. 6(1)(a)). Legitimate interest also underlies processing of recruitment data for claims-related purposes (Art. 6(1)(f)).

COLLECTION OF DATA IN RELATION TO SERVICES OR CONTRACTS

When data are collected for the purposes of specific contracts, detailed information is provided at the time of contracting. Data may also be collected at business events, meetings, or via business cards on the basis of the Controller’s legitimate interest (Art. 6(1)(f)). Such data are processed only for the purpose collected and protected accordingly.

DATA SECURITY

The Controller implements organizational and technical measures to ensure access to personal data only by authorized personnel and records all data processing operations. Service providers and subcontractors are required to maintain appropriate security measures. The Controller regularly assesses risks and updates protections as needed.

TRANSFER OF DATA OUTSIDE THE EEA

Because data protection levels outside the European Economic Area (EEA) may differ, the Controller transfers data outside the EEA only when necessary and with safeguards, such as:

  • countries with an adequacy decision by the EU Commission;
  • EU Standard Contractual Clauses;
  • Binding Corporate Rules approved by a supervisory authority;
  • when transferring to the USA, Privacy Shield participants (as recognized by the EU Commission).

The Controller always informs you of any transfers outside the EEA at the time of data collection.