To whom it may concern,

on 25 May 2018, the data protection legislation changed. As of this date, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), commonly referred to as the GDPR, apply. In view of the above, we kindly inform you that our organisation, with particular regard to the security of your personal data, has implemented appropriate data protection policies (under Art. 24 sections 1 and 2 of this General Regulation).

In fulfilment of the information obligation under Article 13 of the GDPR, in this message we provide you with the necessary information regarding our processing of your personal data. We encourage you to read the information below.

The Controller of your personal data is CD S.A., with its registered office in ul. Krucza 16/22, 00-526 Warsaw. The Data Protection Inspector was appointed in the organisation: Alicja Kutryba, e-mail address:

Your personal data is processed by us when:

•        you ask us to make an offer,

•        you register or log in via our website,

•        you commence to perform the order,

•        you decide to cooperate with us,

•        we send you marketing information.

We can process your personal data under the following legal bases (depending on the nature and stage of the relationship):

•        under Art. 6 section 1 letter a of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, i.e.: the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

•        under Art 6 section 1 letter b of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, i.e.: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

•        under Art 6 section 1 letter c of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, i.e.: the processing is necessary for compliance with a legal obligation to which the controller is subject;

Your personal data can also be processed on the basis of other prerequisites resulting from the General Regulation, i.e. the performance of the Controller’s legitimate interests, e.g.: establishing, pursuing and enforcing claims or responding to your questions, requests, complaints.

Your personal data can be shared with entities that process personal data on our behalf, but only for the proper performance of the cooperation undertaken with us and within the scope of the legal obligations incumbent upon us (e.g. postal, courier and forwarding service providers).

We retain your personal data for the duration of the cooperation established between us and after its termination for the period of time required by special regulations and due to formal and legal obligations incumbent upon us.

You have the right to:

•        access to your personal data, rectification, erasure or restriction of processing, to object to processing, and the right to data portability,

•        if your personal data is processed on the basis of your consent, you have the right to withdraw it, without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.


You can exercise your rights by submitting a request or declaration via the following communication channel:

•        By sending an email to:

•        By sending the letter to the following correspondence address: CD S.A., ul. Wapienicka 42, 43-382                Bielsko-Biała.

You also have the right to lodge a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Office, if you consider that the processing of your personal data breaches the law.

Your personal data will not be processed by us in a way that would result in automated decision-making, including profiling. This means that we do not use IT systems that collect information about our customers and, at the same time, make decisions independently, automatically, which could have legal consequences for our customer or similarly significantly affect you.

As a general rule, the Controller does not transfer personal data to third countries or international organisations, although communicating with the Controller via Facebook or liking a Fan page is considered a transfer of data to a third country due to the fact that the social network itself is operated by Facebook Inc. with its registered office in the USA. The owner of Facebook, who is also the recipient of the personal data, processes the data as a separate controller under its own rules as specified in its own privacy policy available at: The legal basis for the processing of personal data on account of liking the Fan page or communicating with the Controller via Facebook is the legally justified interest performed by the Controller. In this manner, the Controller achieves its  goals such as: promoting the brand by posting information on current events or promotions as well as informing users on an ongoing basis about its activities which allows for building and maintaining a community associated with the Controller. The criterion for the duration of data retention can be: removal by the author of posted content, objection to processing, time needed to answer a question via the portal. Facebook, as a separate controller, determines its criteria for data retention. The catalogue of rights specified by the Controller in the information clause is the same as that of the person communicating with the Controller via Facebook. The Controller does not perform profiling or automated decision-making processes. The provision of data in the case of liking the Fan page or communicating with the Controller via Facebook is voluntary. However, failure to provide data will result in not being able to view the Fan page, leave comments or messages on the Fan page.

Information about cookies.

1.        The website uses cookies.

2.        Cookies are IT data, in particular text files, which are stored on the Service User’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.

3.        The entity placing cookies on the Website User’s terminal equipment and gaining access to them is the Website Operator.

4.        Cookies are used for the following purposes: (a) creation of statistics which help to understand how Website Users use the websites which allows to improve their structure and content; (b) maintenance of the Website User’s session (after logging in) thanks to which the User does not have to re-enter its login and password on each subpage of the Website; (c) determination of the User’s profile in order to display its customised materials in advertising networks, in particular the Google network.

5.        The Website uses two main types of cookies: “session cookies” and “persistent cookies”. “Session cookies” are temporary files that are stored on the User’s terminal equipment until logging off, leaving the website or switching off the software (web browser). “Persistent cookies” are stored on the User’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the User.


6.        Browser software (web browser) usually allows cookies to be stored on the User’s terminal equipment by default. The users of the Website can change their settings in this respect. Your web browser allows you to delete cookies. It is also possible to automatically block cookies. For details, please refer to the help or documentation of your Internet browser.

7.        Restrictions on the use of cookies can affect some of the functionality available on the Website.

8.        Cookies can be placed on the Service User’s terminal equipment and also used by advertisers and partners cooperating with the Service Operator.

9.        We recommend reading the privacy policies of these companies to understand the use of cookies used in statistics: Google Analytics privacy policy

10.     Cookies can be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the user uses the Website. For this purpose, they can retain information about the user’s navigation path or the time spent on a particular page.

11.     With regard to the information about your preferences collected by the Google advertising network, you can view and edit the information resulting from the cookies using the tools:


If you have any further questions, you are welcome to contact us at the email address specified. We will regularly and systematically review the relevant data protection policies implemented by us, while exercising due diligence with regard to the processing of your personal data.