The Privacy Policy

This Privacy Policy is intended to set out the principles for processing and protection of your personal data. 

The Privacy Policy refers to the GDPR, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). This document sets out what data and on what basis we process, and how we look after its security and your rights.

The Controller of your personal data is: Bisonte sp. z o.o. with its registered office in Kraków at ul. Przyszłości 2C, 30-237 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków- Śródmieście in Kraków, 11th Economic Department of the National Court Register, under KRS number: 0000588519,  NIP (tax identification number): 6772395579, and REGON (statistical number): 362970531, with a share capital of PLN 500,000.00 (“the Controller”).   

The Controller can be contacted:   

  1. by telephone: 502 341 902  
  2. at the e-mail address:;  
  3. in writing to the correspondence address: Bisonte sp. z o.o., ul. Przyszłości 2C, 30-237 Kraków.  

Depending on the circumstances, we process your personal data for the purpose of: 

  1. conclusion and performance of an agreement with the Controller, including in connection with the use of the Controller’s services, in particular:
    • conclusion of an agreement with the Controller; 
    • use of the services offered by the Controller; 
    • correspondence regarding the performance of the concluded agreement; and correspondence with a view to concluding a new agreement, as the processing is necessary for the performance or conclusion of the agreement (Article 6(1)(b) of the GDPR);
  2. fulfilment of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), which includes:
    • the establishment, asserting or defence against claims;  
    • acquisition and storage of data of potential counterparties and customers;  
    • collecting opinions and suggestions about the services offered by the Controller;   providing users who access the Controller’s website with information on the services provided by the Controller; 
      undertaking marketing activities by the Controller in relation to its customers and potential customers (including marketing activities based on cookies) 
  3. complying with the Controller’s legal obligations, as the processing may be necessary to meet the requirements of the applicable legislation, in particular tax and accounting legislation (Article 6(1)(c) of the GDPR). 


In order to ensure the integrity and confidentiality of personal data, the Controller has implemented procedures which allow access to personal data only to authorised persons and only to the extent necessary for the performance of their duties. The Controller shall apply organisational and technical solutions to ensure that the processing of personal data is carried out only by authorised persons. Among other things, the Controller has implemented appropriate procedures to secure key IT resources containing personal data with passwords of a high degree of complexity and to notify of personal data breaches, and makes reasonable efforts to ensure possibility of backups of personal data.  

To obtain detailed information about the safeguards applied by the Controller in respect of the protection of personal data (including the safeguards applied when personal data is transferred outside the EEA), you may contact the Controller by means of the contact details provided in clause  II above.  


We will process your data for: 

  1. conclusion and performance of the agreement in accordance with clause III, sec. 1 – until the termination or expiry of the contract or until the statute of limitations for claims arising under the agreement;  
  2. undertaking marketing activities – until you lodge an effective objection or for 5 years from when the data was collected; 
  3. compliance with our legal obligations under the relevant legislation – until our data retention obligations under the legislation cease; 
  4. the acquisition and storage of counterparties’ data – until you object or for 5 years from when the data was collected.  

Under the GDPR, you have the right to  

  1. request access to and receive a copy of your data; 
  2. rectify (amend) your data; 
  3. erase data – where there is no legal basis for the personal data to be processed;  
  4. restrict data processing – if the personal data processed by the Controller are incorrect or processed unfoundedly, or if their erasure is not possible due to the existence of a valid legal grounds for processing; 
  5. data portability – the right to receive, in a structured, commonly used and machine-readable format, personal data provided on the basis of consent or on the basis of an agreement, or to have such data sent directly to another entity; 
  6. lodge a complaint to the supervisory authority – if your data are processed unlawfully, you can lodge a complaint with the President of the Office for Personal Data Protection.  

In order to exercise your rights, you may contact the Controller using the contact details provided in clause II above.  

You may, at any time, object to the processing of your personal data processed by the Controller in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), through the means of communication indicated in clause II. 

The data are provided on voluntary basis, but such provision is necessary in order for the Controller to achieve the aforementioned aims, to which the processing relates on the appropriate legal basis in a given case. 


The website uses cookies in order to provide you with the best possible service, including in a manner tailored to your individual needs. In particular, these files allow us to recognise the basic parameters of your device (such as device type, screen resolution, country from which you access the site) and thus to display the website adapted to your needs. The Controller also uses cookies to collect general and anonymous statistical data by means of the analytical and marketing tools of Google Analytics (the controller of cookies: Google Inc. with headquarters in the USA). You can change your cookie settings yourself at any time, specifying the conditions under which cookies are stored and accessed by your device. You can change your settings through your browser settings.