Policy privacy

Protecting your privacy is important to us. We are committed to protecting your personal data in an appropriate manner. In this privacy policy (the “Privacy Policy”) we set out how we process your personal data in connection with your use of the website available at: www.ssw.solutions (the “Website”), your contact with us and our marketing activities.

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“RODO”), we inform you:

Who is responsible for your personal data?

The following SSW companies are joint controllers of your personal data:

  1. SSW Spaczyński, Szczepaniak, Wickel, Goździowska sp.k. with registered office in Warsaw, address: Rondo ONZ 1/P. 12, 00-124 Warsaw, NIP: 5252569133;
  2. SSW Tax sp. z o.o. with its registered office in Warsaw, address: Rondo ONZ 1/P. 12, 00-124 Warsaw, NIP: 5252898144;
  3. SSW Advisory sp. z o.o. with its registered office in Warsaw, address: Rondo ONZ 1/P. 12, 00-124 Warsaw, NIP: 5223039303;
  4. Greeners sp. z o.o. based in Warsaw, address: Rondo ONZ 1/P. 12, 00-124 Warsaw, NIP: 5252947670.

– collectively referred to as the “Joint Administrators” or “we”, each a “Joint Administrator”.

As Joint Controllers, we jointly decide the purposes and means of processing your personal data, working together in accordance with the law. The substance of the arrangements regarding our responsibilities and the relationship between us and you is described in paragraph 13 below.

How can you contact us?

You can contact us on matters concerning the processing of your personal data:

  • by sending traditional correspondence to the following address: Rondo ONZ 1/P. 12, 00-124 Warsaw; or
  • via the following e-mail address: .

Have we appointed a Data Protection Officer (DPO)?

We have jointly appointed a Data Protection Officer (DPO) whom you can contact at the following email address: .

What personal data do we process?

We may process your personal data to the following extent:

  • personal data provided in the contact form, such as your name, e-mail address, telephone number and other data indicated in the body of the message, as well as personal data provided by you in the course of further e-mail correspondence or during telephone conversations – in the event of contact from our side in response to a message sent via the contact form;
  • personal data provided in the newsletter form, such as name, email address, industry and areas of interest;
  • automatically collected data – during your use of the Website, certain personal data may be collected by us by automated means (e.g. IP address, device and browser data). Such data is collected by means of cookies and other similar technologies. For detailed information on cookies, please refer to our separate cookie policy, which is available at Cookie Policy.

From which sources do we obtain your personal data?

Depending on the purpose of the processing, we either obtain your personal data directly from you (e.g. by completing and submitting a contact form) or collect it automatically as you use the website (e.g. with regard to data such as your IP address).

On what basis and for what purpose do we process your personal data?

We process your personal data for the following purposes and on the following grounds:

  • in order to handle messages sent via the contact form – the basis for processing is our legitimate interest in being able to contact you to respond to your message, as well as to conduct further contact if necessary (Article 6(1)(f) RODO);
  • in order to send you marketing information, including a newsletter, if you have given your marketing consent – the legal basis for such processing is our legitimate interest in being able to carry out direct marketing (Article 6(1)(f) RODO);
  • for analytical and statistical purposes – the legal basis for the processing is our legitimate interest in carrying out analyses of users’ activities, as well as their preferences in order to improve the functionalities used and services provided (Article 6(1)(f) RODO);
  • for the purposes of possible establishment and investigation of claims or defence against claims – the legal basis for the processing is our legitimate interest in being able to protect our rights (Article 6(1)(f) RODO).

What rights do you have?

You have the following rights in relation to the processing of your personal data in the cases and to the extent provided for by the RODO:

  • the right of access to the data, including the right to obtain a copy of the data;
  • the right to rectification of data;
  • the right to erasure;
  • the right to restrict data processing;
  • the right to object to the processing.

In addition, you have the right to lodge a complaint about the processing of your personal data with the President of the Office for Personal Data Protection (address: ul. Stawki 2, 00-193 Warsaw) if you believe that we are processing your personal data incorrectly.

In order to exercise the above rights, please contact us by one of the means indicated in point 2 above.

Is the provision of personal data voluntary?

Your provision of personal data is voluntary, but failure to provide personal data may, depending on the purpose for which the data are processed, prevent us from contacting you or sending you commercial information, including newsletters.

Who do we share your personal data with?

We may share your personal data with:

  • IT service providers;
  • to providers of marketing and accounting services;
  • auditors, legal or tax advisors;
  • providers of analytical and marketing tools;
  • to state authorities or other institutions, if such an obligation is imposed by law.

Do we transfer your personal data outside the EEA?

Your personal data may be transferred to the United States in connection with the use on the Website of analytical and marketing tools provided by Google LLC (such as Google Analytics). With regard to transfers of personal data to the United States, the European Commission has adopted a decision finding an adequate level of protection for personal data provided by the EU-US Data Privacy Framework. Google LLC participates in the Data Privacy Framework and is included in the list maintained by the US Department of Commerce. Therefore, the transfer of data to Google LLC is based on the indicated decision of the European Commission and does not require the implementation of the additional safeguards provided for in Chapter V of the RODO.

In addition, we store personal data on IT infrastructure provided by third parties whose servers may be located outside the EEA. Personal data is transferred in accordance with the requirements of data protection legislation, including Chapter V of the RODO. In the absence of a decision by the European Commission declaring an adequate level of protection for personal data for a particular third country, transfers outside the EEA to such a country shall take place following an assessment of such transfer in accordance with legal requirements and on the basis of the European Commission’s standard contractual clauses.

For more information on the existing safeguards we have implemented to ensure that the processing of personal data complies with the applicable legislation and how to obtain a copy of the safeguards or where and how to access the data, please contact us as indicated in paragraph 2 above.

How long do we process your personal data?

Depending on the purpose of the processing, we process your personal data for the periods indicated below:

  • Data collected as part of the handling of messages sent using the contact form, including follow-up contact if necessary
    • We store data for 1 year after the end of contact.
    • Exceptionally, we may keep such data for longer if the message involves a claim, a case before a court or other authority (until the proceedings have become final).
  • Data collected in the course of direct marketing and sending of marketing information, including newsletters
    • We will retain your data until you object to the processing of your data or until we have completed our marketing activities.
  • Data collected automatically by means of cookies and other similar technologies
    •  We store the data for the period indicated in our Cookie Policy.

Can the privacy policy change?

From time to time, the Privacy Policy may change – if it does, we will let you know accordingly. The current version of the Privacy Policy is effective as of 2 December 2024.

What are the essential arrangements between the Joint Administrators?

  • The lead co-administrator, i.e. responsible for the operation of the Website, is SSW Spaczyński, Szczepaniak, Wickel, Goździowska sp.k. with its registered office in Warsaw, address: Rondo ONZ 1/P. 12, 00-124 Warsaw, NIP: 5252569133.
  • The competent Co-Administrator for responding to a request from a personal data subject will be the Co-Administrator that received the request, unless only the Lead Co-Administrator can comply with the request. In the event that a request is addressed to several Joint Administrators, they are obliged, each separately, to respond to the request, having first agreed on a common position. Notwithstanding the foregoing, the Joint Administrators are obliged to cooperate in responding to requests from the personal data subject. To this end, the Joint Controller is obliged to inform the other Joint Controllers without delay of any request from the Personal Data Subject and to provide all necessary information in this regard.
  • If a data subject requests the erasure of his/her personal data on the basis of Article 17 of the RODO, the Joint Administrators shall immediately decide jointly on the erasure and agree on the content of the response. The decision on the erasure of the personal data and the agreement on the content of the response must be made without undue delay.
  • The Joint Controllers shall be jointly and severally liable for damage caused to a data subject as a result of a breach of the RODO pursuant to Article 82 of the RODO. In mutual settlements, the Joint Controllers shall use liability on a fault basis. If no fault can be attributed to any of the Joint Controllers or the degree of fault of the Joint Controllers is similar, each of them shall be liable for the damage in equal shares.