RU 
PL 
EN PRIVACY POLICY
GENERAL INFORMATION
This Privacy Policy of LITARALEX limited liability company (ul. Ludna 2/604, 00-406 Warsaw) (hereinafter: “we”, “us”, “our”) applies to the website https://litaralex.com/ (hereinafter: the Website), as well as to the social media accounts managed by LITARALEX (hereinafter: the Accounts), and contains information about the rules for processing information that may directly or indirectly identify you (“personal data”) and other important information for users of the Website and the Accounts.
The privacy of users visiting the Website and the Accounts is particularly important to us. Data provided by users, as well as data collected automatically, is used solely for the purposes set out in this Privacy Policy.
PERSONAL DATA PROTECTION
Pursuant to Article 13(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter “GDPR” or “RODO”), we provide below information on the rules for processing personal data at LITARALEX.
Please read this Privacy Policy carefully, as it contains important information about the following:
- Who processes your personal data?
- How do we collect your personal data?
- For what purposes and on what legal basis do we process your data?
- How long do we store your data?
- When may we transfer your personal data to third parties?
- What rights do you have?
WHO PROCESSES YOUR DATA?
The controller of personal data is LITARALEX limited liability company with its registered office in Warsaw, registered with the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, under KRS number 0001210297 (hereinafter: the Controller, LITARALEX).
For all matters related to the processing and protection of personal data, you may contact the Controller:
– by email:
– by post: LITARALEX Sp. z o.o., ul. Ludna 2/604, 00-406 Warsaw.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We obtain your personal data:
1. Directly from you, including via contact forms – first name, last name, contact details (e-mail, phone number, messenger username, etc.), company name, the content of your inquiry, and personal data of a client (or their representative) in connection with concluding and performing an agreement.
Providing data is voluntary. If you do not provide data, this will not result in negative consequences. You may use the Website and the Accounts on social media anonymously as long as you only view materials and do not interact with them.
2. From your social media and messenger profile (when you interact with our plugins or profile).
In this case, we receive:
- all data marked in your profile as publicly available;
- data you knowingly provide by configuring your privacy settings.
Social media providers may also provide us with anonymous statistical reports generated based on users’ activity.
Additionally, we obtain data processed in the form of cookies.
FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
We respect your privacy and aim to limit the scope of personal data we collect to the minimum necessary to achieve the purposes of processing.
|
Purpose of processing |
Legal basis |
Consequences of not providing data |
|
Enabling contact with the Controller via the contact form. |
Article 6(1)(f) RODO, i.e. the Controller’s legitimate interest in conducting correspondence and answering questions. The legal basis for sending commercial information to an email address or phone number is consent expressed by ticking the relevant checkbox or providing an email address for contact. |
Inability to respond to an inquiry or request. |
|
Informing potential clients about the services provided. |
Article 6(1)(f) RODO, i.e. the Controller’s legitimate interest in informing about professional activity as the implementation of LITARALEX’s legitimate interest, i.e. informing potential clients about the services provided. The legal basis for sending commercial information to an email address or phone number is consent granted when completing the contact form (as indicated above) or in another form. |
Inability to receive information about the services provided. |
|
Participation in an event organized by the Controller. |
Article 6(1)(a) RODO, i.e. consent to receive commercial information. The legal basis for sending commercial information to an email address or phone number is consent given when completing the event registration form. |
Inability to participate in the event. |
|
Scheduling a consultation or ordering services, i.e. pre-contractual steps taken at the user’s request or before concluding an agreement with LITARALEX. |
Article 6(1)(b) RODO – to the extent necessary for concluding and performing an agreement. |
Inability to schedule a meeting or obtain legal assistance. |
|
Providing services to the user under a separate agreement. |
Article 6(1)(b) RODO to the extent necessary for performance of the agreement. |
Inability to perform the agreement. |
|
Any of the actions described above or any other action by the user or the Controller that may result in civil-law claims. |
Article 6(1)(f) RODO, i.e. the Controller’s legitimate interest in establishing, pursuing, or defending against claims. |
Inability to establish, pursue, or defend against claims. |
|
Activities related to receiving and verifying a whistleblower report. |
Article 6(1)(c) GDPR – a legal obligation in connection with the Act of 14 June 2024 on the protection of whistleblowers (Dz. U. 2024, item 928) for the purpose of performing tasks related to handling internal reports; Article 6(1)(a) GDPR – if the reporting person has consented to disclosure of their identity for the purpose of providing their first and last name to persons concerned by the report or involved in clarifying the report; Article 9(2)(g) GDPR in connection with the whistleblower protection act, if the report contains special category personal data. |
Leaving the report without consideration. |
|
Use of necessary cookies. |
Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest in ensuring the proper operation and display of the Website. |
Improper operation and display of the Website. |
|
Use of cookies to inform about professional activity. |
Article 6(1)(a) RODO, i.e. consent of the data subject. |
Inability to receive service offers. |
|
Use of cookies for analytical purposes. Sending an information bulletin (newsletter) containing information about the services, events, and educational materials of the Controller. |
Article 6(1)(a) RODO, i.e. consent to receive the information bulletin (newsletter) containing information about the services, events, and educational materials of the Controller. |
Inability to receive the information bulletin (newsletter). |
HOW LONG DO WE STORE YOUR DATA?
The retention period for personal data depends on the purpose of processing. Data is processed no longer than necessary to achieve the purpose for which it was collected. Data collected for the purposes of:
- informing about professional activity is processed:
– until an objection to processing is raised, or
– until consent is withdrawn for receiving commercial information or for using end-user telecommunications devices and automated calling systems for direct marketing purposes,
– in the case of receiving a newsletter – until consent to receive it is withdrawn;
- other purposes carried out under the Controller’s legitimate interest – until those purposes are achieved or an objection is raised;
- participation in an event organized by us – until an objection is raised to processing for legitimate interest purposes or until consent is withdrawn if consent was the basis for processing;
- consultations – until the consultations are completed;
- concluding and performing an agreement – for the duration of the agreement and in accordance with applicable legal requirements;
- processing data as a result of a whistleblower report – up to 3 years after the end of the calendar year in which follow-up actions were completed, or after completion of proceedings initiated by those actions;
- establishing, pursuing, or defending against claims – until claims are satisfied or the limitation period expires, as determined under the Civil Code.
WHEN MAY WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?
In certain cases, we may transfer your personal data to third parties. We do so only in the situations described in this Privacy Policy. In each case, we strive to transfer personal data securely and, where required by law, based on an agreement between us and each recipient (in particular, a data processing agreement). We also make reasonable efforts to ensure that each recipient understands GDPR principles and complies with them in accordance with law and/or the relevant agreement.
We transfer your personal data to third parties as follows:
1. As required by law.
We may transfer your personal data where required by applicable law, a court decision, or another binding legal act, as well as when we have reasonable grounds to believe that disclosure is necessary to protect our rights, initiate or conduct legal proceedings. We may also transfer your personal data if we consider it necessary to prevent fraud or other actions contrary to applicable law.
2. To our legal successor.
We will transfer your personal data to our legal successor in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event.
3. To achieve the purposes stated above.
In some cases, to achieve processing purposes, we cooperate with partners who assist us in various aspects of our activities.
In each case, we carefully select partners and monitor that they apply appropriate legal, organizational, and technical measures to protect personal data from unauthorized access. However, despite careful due diligence, it is important to understand that we cannot guarantee absolute compliance with data protection laws in all cases.
We transfer your personal data to the following categories of recipients:
- Hosting providers and IT service suppliers (data processors).
They provide us with infrastructure, technical support, data storage, and system maintenance. We enter into appropriate data processing agreements with them requiring personal data to be handled in accordance with applicable law.
- Marketing and communication partners.
Subject to your consent, we may send you notifications, marketing messages, and newsletters. For these purposes, we engage partners providing marketing automation tools and mass mailing services.
- Analytics and advertising tool providers (independent data controllers).
To analyze website traffic, improve website performance, and conduct marketing activities, we may transfer data related to the use of cookies and similar technologies to providers of analytics and advertising tools. These providers act as independent data controllers. Data is transferred to such systems only where you have consented to the use of the relevant cookies.
- Social media platforms.
If you interact with our social profiles or social media plugins, certain information may be transferred to social platform operators as part of the functioning of embedded modules and tools.
WHAT RIGHTS DO YOU HAVE?
As a data subject, you have certain rights related to the processing of personal data. We undertake to protect these rights and ensure that you can exercise them effectively, but please note that applicable law, in particular the GDPR, imposes certain limitations on the exercise of some rights.
Below is information about your rights as a data subject under the GDPR:
- Right of access
You have the right to obtain confirmation from us as to whether your personal data is being processed and, where that is the case, access to personal data and other additional information.
After receiving your request, we will provide you with a copy of the personal data we process in the format you requested (or in a commonly used electronic format).
Please note that in some cases we may charge a reasonable fee based on administrative costs. If, for any reason, we cannot fulfill your request, we will provide an explanation and inform you of your rights to challenge the decision.
- Right to restriction of processing
You have the right to restrict processing of your personal data if:
- you contest the accuracy of personal data,
- processing is unlawful and you object to erasure of the personal data,
- we no longer need the personal data for processing purposes, but it is required by you for the establishment, exercise, or defense of legal claims, and
- you have objected to processing pending verification whether the legitimate grounds of the Controller override your interests.
We will not process your data (other than for storage purposes) unless based on your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest.
- Right to erasure of personal data
You may request deletion or destruction of your personal data in certain circumstances, such as:
- personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent where consent was the legal basis;
- you object to processing, etc.
Please note that we may retain your personal data where necessary to comply with our legal obligations or resolve disputes.
After receiving your erasure request, we will assess whether the conditions for erasure are met and, if so, without undue delay we will delete or anonymize your personal data in our systems and notify any third parties to whom the data was disclosed.
- Right to rectification
You have the right to request that the Controller rectify your personal data if it is incomplete or inaccurate.
After receiving your rectification request, we will verify the accuracy and completeness of your data and make any necessary corrections or updates.
- Right to data portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to transmit that data to another controller.
Please note that this right applies where we process your personal data based on your consent or on the basis of an agreement.
After receiving your portability request, we will provide a copy of your personal data in the requested format where technically feasible.
- Right to object to processing of your personal data
Where we rely on legitimate interest and there is something in your particular situation which prompts you to object to processing on this ground.
After receiving your objection, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.
- Right to withdraw consent
If the processing of personal data is based on your explicit consent, you have the right to withdraw your consent at any time.
If we have no other legal grounds for processing, we will cease processing as soon as we receive your request to withdraw consent.
- Right to lodge a complaint
If you believe that our processing of your personal data violates applicable law, you have the right to lodge a complaint with a supervisory authority.
As we are registered under the laws of the Republic of Poland, the supervisory authority responsible for personal data protection is the Personal Data Protection Office (Urzęd Ochrony Danych Osobowych (www.uodo.gov.pl)). You always have the right to submit a complaint related to data protection to a supervisory authority at any time. You may also contact your local data protection authority.
Please note that these rights are subject to certain limitations and exceptions provided by law. To exercise any of these rights or obtain additional information, please contact us using the provided contact details (email or legal address).
We will respond to your request as soon as possible, but no later than one (1) month. Please note that this period may be extended by a further two (2) months where necessary, depending on the complexity and number of requests. In such a case, we will inform you of the extension within one (1) month of receiving your request and explain the reasons for the delay.
WHERE DO WE STORE AND TRANSFER YOUR DATA?
Your personal data is processed primarily within the European Economic Area (EEA).
However, due to the use of certain analytics, marketing, or communication tools that rely on cookies or similar technologies (e.g., tools provided by Google, Meta, LinkedIn, or Microsoft), subject to your consent, personal data may be transferred outside the EEA — in particular, to the United States of America.
Such transfers are carried out in accordance with GDPR requirements and only where valid mechanisms ensuring an adequate level of protection are in place, such as:
- Standard Contractual Clauses (SCC),
- or a European Commission adequacy decision regarding the USA (EU–U.S. Data Privacy Framework), if the relevant provider is certified under that framework.
These providers act as independent controllers of personal data.
DO WE USE AUTOMATED PROCESSES?
The processed data will not be used for automated decision-making or profiling (Article 22 GDPR).
AGE RESTRICTIONS
We do not knowingly collect or request personal data from persons under the age of 16. If you are under 16, please do not provide us with any personal data. If we learn that we have collected personal data of a child under the age of 16, we will delete such personal data as soon as possible. If you believe we may have any personal data of a child under 16, please contact us at the email address provided in the contact details.
LINKS TO OTHER WEBSITES
Our Website, as well as the social media Accounts managed by LITARALEX, may contain links to websites or services operated by third parties that are not under our control. If you click a link to a third-party website or service, you will be redirected to that website or service. We recommend reviewing the privacy terms of each website or online service you visit. We do not control and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.
INFORMATION SECURITY
The Controller uses technical, organizational, and physical safeguards to ensure data security and to prevent unauthorized access, loss, or destruction.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time due to the implementation of new technologies, changes in legal requirements, or for other reasons. Your continued use of the Website and the social media Accounts managed by LITARALEX after the effective date of the updated Privacy Policy will be governed by the updated Privacy Policy. If we make any material changes and your explicit consent is required for continued processing of your personal data, we will request your consent or renewed consent (if it was previously obtained).
Published on 27 February 2026
