Privacy Policy and Cookies Policy

Last updated: 12 April 2026

1. General provisions

1. This Privacy Policy and Cookies Policy sets out the rules for the processing of personal data and the use of cookies and similar technologies in connection with the use of the website available at kwtrade.pl.
2. This Policy is for information purposes and fulfills the information obligations arising from personal data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).

2. Data Controller

The controller of personal data processed in connection with the operation of the Website is:

KW trade Sp. z o.o.
registered office in Kraków,
ul. Mała Góra 91b, 30-864 Kraków, Poland,
Tax Identification Number (NIP): 6792654682,
REGON: 357234017,
KRS: 0000085319,
share capital: PLN 400,000,
hereinafter referred to as the “Controller”.

The Controller has not appointed a Data Protection Officer.

3. Scope and purpose of data processing

1. The Website is of an informational nature and presents the Controller’s product offering.
2. As part of the ordinary use of the Website, the Controller may process technical data relating to the user, in particular:
   • IP address,
   • date and time of connection to the Website,
   • information about the end device,
   • information about the operating system and web browser,
   • addresses of visited subpages,
   • information stored in server logs.
3. Such data may be processed for the following purposes:
   • ensuring the proper operation of the Website,
   • ensuring the security of the Website,
   • diagnosing technical errors,
   • preventing abuse,
   • ongoing administration of the Website.
4. As of the publication date of this Policy, the Website does not provide a contact form, account registration form, newsletter, or any other mechanisms enabling users to actively submit personal data through the Website.
5. In the future, the Controller may implement additional functionalities, including analytical tools, marketing tools, or contact forms. In such a case, this Policy will be updated accordingly.

4. Legal basis for data processing

Personal data is processed on the basis of:

1. Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest consisting in:
   • operating and maintaining the Website,
   • ensuring the security of IT systems,
   • detecting errors and abuse,
   • protecting against unauthorized access to the Website.
2. If additional functionalities such as forms, a newsletter, analytics, or marketing tools are implemented in the future, data may also be processed on other legal bases, depending on the purpose and nature of the processing.

5. Data recipients

1. Data may be disclosed to entities supporting the Controller in maintaining and operating the Website, in particular:
   • hosting and server infrastructure providers,
   • IT service providers,
   • entities providing technical support and security services.
2. The Website is hosted on the Controller’s own VPS server with Contabo.
3. Data may also be disclosed to entities authorized to receive it under applicable law.

6. Place of data processing

1. As a rule, data is processed within the European Economic Area (EEA).
2. As of the publication date of this Policy, the Controller declares that the infrastructure related to the core operation of the Website is located within the EU.
3. If external tools involving data transfers outside the EEA are implemented in the future, the Controller will update this Policy accordingly and implement safeguards required by law.

7. Data retention period

1. Data contained in server logs and other technical data related to the use of the Website is stored for the period necessary to ensure the operation, security, and administration of the Website, as well as for the period necessary to secure possible claims.
2. The detailed retention period may result from server infrastructure configuration, security requirements, and the Controller’s legitimate needs.
3. If additional services or tools are implemented, the data retention periods will be specified in an update to this Policy.

8. Rights of data subjects

Every person whose data is processed has the right to:

• access their data,
• rectify their data,
• erase their data,
• restrict processing,
• object to processing,
• data portability, where processing is based on consent or a contract and carried out by automated means,
• lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing of their data violates the law.

If, in the future, data is processed on the basis of consent, the data subject will also have the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out before its withdrawal.

9. Voluntary provision of data

1. Using the Website does not, as a rule, require the user to actively provide personal data.
2. However, certain technical data may be processed automatically in connection with the use of the Website and its infrastructure.

10. Automated decision-making and profiling

As of the publication date of this Policy, user data is not used for automated decision-making, including profiling, which produces legal effects concerning the user or similarly significantly affects the user.

11. Cookies and similar technologies

1. The Website may use cookies and similar technologies.
2. Cookies are small text files stored on the user’s end device while using the Website.
3. Cookies may be used, among other things, for:
   • ensuring the proper functioning of the Website,
   • maintaining security,
   • remembering technical settings,
   • compiling statistics, if such tools are implemented in the future.
4. As of the publication date of this Policy, the Controller does not declare the use of non-essential cookies for marketing purposes or advanced user behavior analytics.
5. If analytical, advertising, or other technologies requiring user consent are implemented on the Website in the future, the Controller will implement an appropriate consent management mechanism before such technologies are activated, and this Policy will be updated accordingly.

12. Managing cookies

1. The user may manage cookies through their web browser settings.
2. In particular, the user may:
   • block the automatic handling of cookies,
   • limit the storage of cookies,
   • delete stored cookies.
3. Restricting the use of cookies may affect certain functionalities of the Website.

13. External content – YouTube

1. Selected subpages of the Website may contain embedded video materials from YouTube.
2. Displaying such content may result in a connection to third-party servers and may involve the processing of the user’s technical data by the external provider in accordance with its own privacy rules.
3. When implementing and maintaining embedded video content, the Controller recommends using solutions that limit the scope of data processing as much as possible, including privacy-enhanced modes made available by the video provider, where available.
4. The Controller has no influence over the scope or manner of data processing carried out by external providers once a connection to their services has been established.

14. Links to external websites

The Website may contain links to external websites, including social media profiles. Visiting an external website is voluntary and takes place at the user’s own discretion. The Controller is not responsible for the privacy policies or practices of external providers or operators of such websites.

15. Data security

The Controller applies appropriate technical and organizational measures aimed at ensuring the protection of processed data, appropriate to the nature, scope, context, and purposes of processing, as well as to the risk of infringement of the rights and freedoms of natural persons.

16. Changes to the Policy

1. The Controller reserves the right to amend this Policy, in particular in the event of:
   • changes in law,
   • technological changes,
   • changes in the functionality of the Website,
   • implementation of new services, tools, analytical solutions, or marketing solutions.
2. The current version of the Policy is published on the Website.