Skip to content

Privacy Policy

Gobarto SA is committed to protecting the privacy of all individuals whose data we handle, including our associates, contractors, and their employees. This policy outlines how we process the obtained data in full compliance with applicable national and European laws, while also ensuring its security.

In the interest of transparency, detailed below are the data protection principles that govern all aspects of how personal data is processed at Gobarto SA, established in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”).

  1. Who is responsible for the processing of your personal data?
    The controller of your personal data is Gobarto SA, with its registered office at ul. Wspólna 70, Warsaw, Poland, entered in the Register of Entrepreneurs managed by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000094093, NIP (Tax Identification Number): 6991781489, REGON (National Business Registry Number): 411141076, with a share capital of PLN 278,002,290 (hereinafter: the “Controller” or the “Company”).
  2. Who can you contact regarding the protection of your personal data?
    For all matters related to the protection of personal data, you can contact us via email at: dane.osobowe@gobarto.pl, or in writing at the Controller’s registered address as indicated in Section 1.
  3. What categories of data subjects does the Controller process?
    As part of its business operations, the Company processes the personal data of natural persons who are, among others, bidders, clients, suppliers of goods and services, as well as other individuals submitting inquiries via the contact form on the website www.gobarto.pl under the “Contact” tab.
  4. What categories of personal data does the Controller process?
    The Controller may collect and process the following personal data: first and last name, telephone number, email address, as well as any other personal data provided via the contact form, such as a residential address.
  5. For what purposes and on what legal bases does the Controller process your personal data?
    Your personal data will be processed on the basis of:
    Article 6(1)(f) of the GDPR (i.e., the legitimate interest of the Controller) for the following purposes:
    a) To review and respond to your message;
    b) To establish, secure, pursue, and defend against any potential claims.
    Article 6(1)(c) of the GDPR, for the purpose of fulfilling the Controller’s legal obligations.
  6. How long does the Company store your personal data?
    Your personal data will be stored for the entire period required to review and respond to your message, and thereafter for the period necessary to establish, secure, pursue, or defend against any potential claims, as well as to fulfil any legal obligations of the Controller.
  7. What rights do you have in connection with the processing of your personal data by the Controller?
    You have the following rights:
    a) The right to access personal data, including the right to obtain confirmation of whether the Controller is processing it, details about such processing, and the right to receive a copy of your data (the first copy is provided free of charge);
    b) The right to rectification of personal data if the Controller’s personal data is inaccurate or incomplete ;
    c) The right to request the Controller to delete personal data;
    d) The right to request the Controller to restrict the processing of personal data;
    e) The right to data portability, i.e., the right to receive the data provided to the Controller and to transmit it to another controller, where technically feasible;
    f) The right to object to the processing of personal data at any time;
    g) The right to lodge a complaint with the Polish supervisory authority, i.e., the President of the Personal Data Protection Office (by writing to the address: Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland, or electronically via the UODO Electronic Inbox, following the instructions available at: www.uodo.gov.pl).
  8. To whom does the Controller disclose your personal data?
    Your personal data may be shared with:
    a) Entities authorized by law to process the data, including public authorities;
    b) Employees and associates of the Controller who, within a specific and limited scope of authorisation, may have access to your personal data in connection with their professional duties;
    c) Entities that support the Controller in exercising its rights and obligations and in providing services, including providers of transport, legal, archiving, postal, and courier services; providers of security services for persons and property; advisory service providers, as well as banks, debt collection agencies, and companies providing IT services, solutions, or systems, or offering assistance and technical support for the IT systems in which your data is processed.
  9. Does the Controller transfer your personal data to third countries?
    The Controller does not intend to transfer personal data outside the European Economic Area (EEA, comprising EU member states, Norway, Iceland, and Liechtenstein). However, if such a transfer becomes necessary, it will be carried out in compliance with GDPR safeguards, ensuring an appropriate level of data protection.
  10. Does the Company use your personal data for automated decision-making?
    The Controller will not use your personal data for automated decision-making, nor will your data be subject to automated profiling.
  11. How does the Controller ensure the security of your personal data?
    To protect your personal data, the Controller has implemented a range of technical and organisational measures designed to prevent accidental or unlawful destruction, loss, modification, and unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Appropriate personnel, organisational, technical (IT), and physical safeguards are in place to ensure your personal data is kept secure.

Changes to the Privacy Policy
The Company reserves the right to change the content of this Privacy Policy. You will be notified of any changes through the posting of an updated version on the Company’s website (www.gobarto.pl), or via our usual channels with clients and suppliers, primarily by email.