About us

Waryński S.A. Holding Group with its registered office in Warsaw at ul. Jana Kazimierza 3, 01-248 Warsaw, hereinafter referred to as the “Company”, hereby informs that the personal data are acquired and processed in the manner and under the principles specified in this Policy. Additional information may be received under the address: iod@www.warynski.pl.

General provisions

The Company attaches special importance to the protection of privacy of our customers, vendors and employees. One of its key aspects is protection of rights and freedoms of natural persons in connection with the processing of their personal data.

We ensure that your data are processed in compliance with the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter referred to as the “GDPR”), the Polish Act on personal data protection as well as the specific provisions (included in particular in the Polish Labour Law or Accounting Act).

The Company is the personal data controller within the meaning of Article 4(7) of the GDPR and we also use services of processors referred to in Article 4(8) of the GDPR – they process personal data on behalf of the controller (these are e.g. accounting firms, IT enterprises).

We implement appropriate technical and organisational measures in order to ensure a level of security appropriate to a possible risk of breach of rights or freedoms of natural persons of varying likelihood and severity. We also establish policies and procedures and organise regular training for raising the knowledge and competencies of our employees in this area.

For what purpose do we use your personal data?

As an employer, we process the data of employees and persons who cooperate with us on a different basis than the employment relationship. The contact details received from vendors (e.g. their employees) serve for concluding contracts and performing them efficiently. We also process data of persons who contacted us for the purpose of answering the questions they sent or for the purpose of handling notifications.

We make available your data to third parties on the basis of your consent or if we are obliged to do so under the laws.

What are the principles of and the basis for processing of your data?

If you leave a comment on our website, you will be able to choose the option to save your name, email address and the webpage address in the cookies, thanks to which the above information will already be conveniently filled in when you are writing successive comments. These cookies expire after one year.

If you visit the login page, we create a temporary cookie to check whether your browser accepts cookies. This cookie does not contain any personal data and will be removed once you close the browser.

During the logging, we create additionally a few cookies needed to save your login information and selected screen options. Login cookies expire after two days and screen option cookies after one year. If you select the option “Remember me”, the logging will expire after two weeks. If you log out of your account, login cookies will be deleted.

If you modify or publish an article, an additional cookie will be saved in your browser. This cookie does not contain any personal data but it simply indicates the identifier of the just edited article. It expires after 1 day.

We make all effort to protect the interests of the data subjects and in particular we ensure that the data are:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date; we take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction.

We process your data usually based on consent, which may be withdrawn at any moment. Another case is a situation where it is necessary to process your data for performing a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

In certain situations processing is necessary for compliance with a legal obligation to which we, the controller, are subject. Such obligations arise e.g. from the provisions of the labour law or the accounting act.

Processing may be necessary also for the purposes of the legitimate interests pursued by us, for example exercise of claims in respect of the economic activity we pursue.

What rights do you have?

Articles on this website may contain embedded contents (e.g. videos, images, articles, etc.). Embedded contents from outside websites behave as if the user visited the specific website directly.

Websites may collect information about you, use cookies, add additional external tracking systems and monitor your interactions with the embedded material, including tracking of your interactions with the embedded material if you have an account and are logged in that website.

We take appropriate measures to provide any information and any communication relating to personal data processing to you in a concise, transparent, intelligible and easily accessible form, using clear and plain language in connection with your right:

  • to information provided when obtaining personal data,
  • to information provided at request – about whether data are processed and other issues specified in Article 15 of the GDPR, including the right to a data copy,sprostowania danych;
  • to rectification;
  • to be forgotten;
  • to restriction of processing;
  • to data portability;
  • to object;
  • not to be subject to a decision based solely on automated processing, including profiling,
  • to information about a data breach.

For the purpose of contact related to the exercise of a given right, please send a message to the address: ido@www.warynski.pl

How will we contact you?

If you leave a comment, its content and metadata will be stored for an indefinite period. Thanks to that we are able to recognise and approve successive comments automatically, without sending them for moderation each time.

For users who registered on our website (if there are any), we store also personal information entered in the profile. Each user may view, correct or delete their personal information at any moment (except for the username, which cannot be changed). Website administrators may also browse through and modify such information. We provide information in writing or in a different manner, including, as appropriate, in the electronic form. At your request, we may provide information orally, if we confirm your identity in different manners. If you submit your request electronically, such information will be submitted electronically as well if possible, unless you specify a different preferred form of communication.

When will we fulfil your request?

We try to provide information without undue delay, as a rule within one month of receiving the request. If necessary, we will extend this period by two successive months due to the complexity of the request or the number of requests. However, in each case we will inform you within one month about the steps taken and (as appropriate) about the extension of the period and provide the reason for such a delay.


If we cooperate with entities that process personal data on our behalf, we use services of only such processors that provide sufficient guarantees of implementation of appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

We carefully verify the entities to which we entrust the processing of your data. We conclude detailed agreements with them and perform periodic inspections of compliance of processing operations with the content of such agreements and with the laws.

How do we care for the processing of your data?

In order to meet the requirements of law, we have prepared detailed procedures covering such issues as, among others:

  • data protection by design and by default,
  • data protection impact assessment,
  • notification of breaches,
  • maintenance of a record of processing activities,
  • retention of data,
  • exercise of rights of data subjects.

We regularly check and update our documentation to be able to prove that we meet the legal requirements in accordance with the accountability principle specified in the GDPR but we also try to incorporate best market practices to the documentation in the interest of data subjects.

Retention of data

We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. After the elapse of this period we anonymise the data (remove the features that enable the identification of a given person) or erase them. Personal data erasure is complete and permanent. We ensure the following in the retention procedure:

  • the period for which the personal data are stored is limited to a strict minimum,
  • determination of the time limits for erasure of personal data and criteria of determination of this time limit or periodic review.

The period of data processing is specified first of all based on the laws (e.g. period of storage of employee documentation, accounting documents) and on the legitimate interest of the controller (e.g. marketing activity). The retention policy covers both the data processed in the printed form and in the electronic form.


We warrant that every person acting under our authority and having access to your personal data processes them only upon our instruction, unless different requirements arise from the law of the EU or a member state.