Privacy policy


  1. The Controller of personal data collected via the website (hereinafter referred to as the “Site”) or other channels of communication with the user is Firma Handlowo-Usługowa INSTBUD Stanisław Boguta Spółka Jawna seated in Nieznanowice, Nieznanowice 50, 32-420 Gdów, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 12th Commercial Division of the National Court Register under KRS number: 0000353001, e-mail:, tel. (012) 251-08-70, in_liner address: Gdów 1465, 32-420 Gdów, e-mail:, tel.: 573 901 661, (hereinafter: Controller).
  2. Users’ personal data are processed on the basis of the principles provided for in GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”) (O.J. EU. L 2016 No. 119, p. 1), as well as in the Act of 10 May 2018 on the protection of personal data (consolidated text, Journal of Laws 2019 item 1781), implementing acts to the aforementioned Act.
  3. Firma Handlowo-Usługowa INSTBUD Stanisław Boguta Spółka Jawna with its registered seat in Nieznanowice acts as the Controller of the personal data collected via the website
  4. In order to meet the statutory requirements, the Controller selects and applies appropriate technical and organisational measures to ensure the protection of the processed data and secures the data against their disclosure to unauthorised persons, as well as against their processing in violation of the applicable laws.


  1. All personal data is collected on the Site on an entirely voluntary basis.
  2. The basis for the processing of personal data by the Controller, collected in the course of using the Site, is Article 6(1)(a) and (b) of GDPR, i.e. the User’s explicit consent to the processing of such data given for the purpose of using the Site, as well as taking steps necessary to conclude an agreement and the need for the Controller to perform the agreement for the benefit of the User concerned. In addition, the possibility of such processing of personal data is confirmed by acceptance of the content of the Privacy Policy.
  3. The User’s personal data may also be processed on the basis of Article 6(1)(c) of GDPR for accounting and bookkeeping purposes.
  4. Data processed in connection with the use of the Site will be stored for at least the period of the statute of limitations for the individual legal relationship as defined by law.


  1. The purpose and scope of the personal data processed by the Controller results from the nature of the activity performed by the User.
  2. The Controller shall take particular care to protect the interests of data subjects and, in particular, ensure that the data collected by it are processed:
    1. lawfully, fairly and in a manner transparent to the data subject,
    2. for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes,
    3. are adequate, relevant and limited and subject to the purpose of the processing,
    4. in a form which permits identification of the data subject, for no longer than is necessary for the purposes for which the data are processed,
    5. in a manner which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
  3. The User shall provide the following data, during the use of the services specified on the Site, where this is necessary and expedient:
    1. full name,
    2. address – where necessary,
    3. invoicing data,
    4. e-mail address,
    5. telephone number,
    6. company name – optional, for users who are not consumers;
    7. tax ID number – optional, for users who are not consumers.
  4. The User’s personal data will be processed by the Controller in order to perform the contract, to make mutual settlements and to take actions before the conclusion of the contract at the request of the User.
  5. Providing the data specified in point 3 is voluntary, however, failure to provide such data may result in the inability to perform the agreement or to continue cooperation.
  6. Examples of purposes for which the Controller collects the User’s personal data:
    1. conclusion and implementation of the agreement,
    2. settlement of possible claims and archiving,
    3. ongoing contact in connection with concluded agreements,
  7. The personal data provided by the User may be disclosed by the Controller to entities and persons authorised to do so, guaranteeing the safety of the data received, as well as to other entities on the basis of applicable regulations.
  8. Entities entrusted with the processing of personal data under a separate contract shall be obliged to observe the principles of confidentiality and security of personal data, in particular not to disclose the data to unauthorised persons, and to apply physical and technical security measures appropriate to the manner in which the data are processed. Upon request, the Controller shall provide the User with detailed information on the entity entrusted with data processing, the scope of the entrusted data and the date of their transfer. Furthermore, in this procedure, the Controller shall also provide access to up-to-date and detailed information on the technical measures used or made available by it to prevent unauthorised persons from acquiring and modifying personal data sent by the User electronically.


  1. Every data subject shall have the right to:
    1. access data,
    2. rectify data,
    3. delete data,
    4. restrict data processing,
    5. object to the processing,
    6. lodge a complaint with the supervisory authority.
  2. Withdrawal of consent or objection to the processing of personal data is made by sending an email to, a registered letter to the Controller’s address or by telephone at 573 901 661.
  3. Once consent has been revoked or an objection raised, the User’s personal data will no longer be used for these purposes. The User may change/supplement their personal data by sending an e-mail to
  4. The User has the right to lodge a complaint related to the processing of personal data by the Controller to the President of the Office for Personal Data Protection.