Privacy Policy

Privacy Policy

This privacy policy has been developed with the security of your personal data in mind. The protection of personal data and all the information being processed or produced is a priority for Zakłady Mechaniczne „Tarnów” S.A. We are active in many fields, and our tools and software are used by multiple processes, enterprises and entities. We make every effort to provide top quality services. We feel responsible for the security of the personal data we process in doing our business. Our principal objective is to fulfil the information obligation related to the processing of personal data at the highest level and in line with the current regulations, that is the Personal Data Protection Act of 10 May 2018 (Polish Journal of Laws 2019, item 1781) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). This policy is to inform you on the legal grounds for personal data processing, the methods of collecting and using personal data, and the rights of data subjects.

What do we mean by personal data and their processing?

Personal data are all information concerning an identified or identifiable living natural person. Individual pieces of information which, when combined, may allow the identification of a given person, also constitute personal data. By personal data processing we mean any operation which is performed on personal data, whether or not by automated means (such as collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, deletion or destruction).

When does this privacy policy apply?

This privacy policy always applies when Zakłady Mechaniczne „Tarnów” S.A. is the controller of personal data that have been received, collected, transferred or entrusted. This concerns any event in which Zakłady Mechaniczne „Tarnów” S.A. processes personal data obtained directly from a data subject, as well as the events where personal data have been obtained from other sources. Zakłady Mechaniczne „Tarnów” S.A. pursues its information obligations as required by Article 13 and Article 14 of the GDPR.

Who is the controller of your personal data?

Zakłady Mechaniczne „Tarnów” S.A., with its registered office przy ul. Kochanowskiego 30, 33-100 Tarnów, entered into the register of entrepreneurs maintained by the District Court for Kraków Śródmieście with its registered office in Kraków, 12th Commercial Division of the National Court Register, under KRS number 0000036320, share capital (paid in full): PLN 32 173 350,00, Tax Identification Number (NIP): 873 000 68 35, National Business Register Number (REGON): 850323251.

The information concerning the processing of personal data may be obtained from the Data Protection Officer, who is available at +48 538 624 903 and via e-mail: lp.wo1675207895nrat.1675207895tmz@r1675207895otkep1675207895sni1675207895

What data do we process?

We process the personal data that you provide or make available in the browsing history on our website while you use it or while we supply our services to you. We also automatically analyse your activity on our websites. The personal data we collect are provided on a voluntary basis, but they are necessary for us to provide our services, such as the inquiries sent via the contact form or the newsletter we send. We only collect such data which are essential to provide the services specified in the forms that are made available on our websites, which include:

  • contact details (such as the address of residence, address for correspondence, phone number or e-mail);
  • financial information, including information regarding transactions (such as data related to financial transactions);
  • technical data and information regarding your searches on the website, which may be personal data (such as IPs, cookie identifiers, browsing history details, etc.).

What is the purpose of processing your personal data and the legal basis and reason for such processing?

  • The conclusion and performance of a contract with a client or counterparty – Article 6(1)(b) and (f) of the GDPR
    Throughout the term of the contract and, after its expiry, until the time of limitation of claims arising therefrom, we contact the employees or associates of our clients and contracting parties for legitimate purposes in connection with the actions taken to conclude or perform the contract.
  • Processing claims and complaints – Article 6(1)(b) and (f) of the GDPR
    After the implied warranty period or after settling a complaint. When processing a complaint, the Controller contacts the client’s employees or associates for a legitimate purpose.
  • Assertion of or defence against legal claims – Article 6(1)(f) of the GDPR
    Throughout the proceedings for the asserted claims, that is until they are finally concluded or, for enforcement proceedings, until the claims have been finally satisfied. In pursuing or defending against legal claims, the Controller may process the data of the employees or associates of its clients or contracting parties for legitimate purposes.
  • Archiving of documents (contracts and accounting documents) – Article 6(1)(c) of the GDPR
    Throughout the periods prescribed by law, and where the law does not prescribe such periods, then for the time when their archiving falls within a legitimate objective of the Controller, governed by the time limit for asserting claims.
  • Maintaining statistics – Article 6(1)(f) of the GDPR
    Until the time of conducing another processing operation listed in this table. We do not retain personal data for statistical purposes only. The statistics concerning the actions carried out by the Controller allow for streamlining its operations.
  • Conducting marketing operations without any means of electronic communication – Article 6(1)(f) of the GDPR
    Until you file an objection, that is until you show us in any way that you do not wish to stay in touch with us and receive information on our operations. Carrying out marketing operations to promote our activities.
  • Conducting marketing operations using means of electronic communication – Article 6(1)(a) of the GDPR

Due to other applicable regulations, in particular the Telecommunications Law and the Act on Electronically Supplied Services, these operations are carried out under your consent. Until you withdraw your consent, that is until you show us in any way that you do not wish to stay in touch with us and receive information on our operations, and once the consent is withdrawn, then for the purposes of proving that we properly satisfy the legal obligations imposed on the Company as well as related claims. Carrying out marketing operations to promote our activities, with the use of e-mails and phone numbers.
How long do we process personal data? What are the criteria that determine such periods?
The period of personal data processing depends on the purposes for which the data have been collected and on the legal provisions requiring the Company to fulfil certain obligations in this respect, and if we have your consent for the processing, then the period lasts until you withdraw or restrict your consent or take other actions to restrict it.
ZMT S.A. processes personal data for the period necessary to pursue the objectives of the processing. For instance, the Company retains data to perform a contract until the performance is completed and then in a legitimate interest in order to secure any claims or until the expiry of the obligation to retain such data, as required by the provisions of law. Such provisions may concern in particular the obligation to retain the accounting records (billing or tax documents) related to a contract, the obligation of retention imposed by the regulations on combating money laundering or terrorist financing, international tax obligations or automatic exchange of tax information with other countries.
In the event of court or out-of-court proceedings, the periods of data retention may be extended, for example due to an interruption or suspension of the claim limitation period.
Please note that the data may be processed or retained separately due to relevant purposes or legal grounds for the processing (for instance, if you withdraw your consent for processing your data for third-party marketing purposes, ZMT S.A. will not cease the processing of such data for other purposes provided for by law).

What rights do you have as a data subject?

In accordance with applicable regulations, you have the following rights related to the processing of your personal data by ZMT S.A:

  • the right of access to your data, including the right to obtain a copy thereof;
  • the right to demand rectification;
  • the right to erasure (the right to be forgotten);
  • the right to lodge a complaint with a supervisory authority competent for personal data protection; in Poland this is the President of the Personal Data Protection Office – (if you have any comments or doubts, please contact us first);
  • the right to restriction of processing;
  • the right to object (objection against the processing or direct marketing, including profiling, or a reasoned objection against the processing of data in a legitimate interest of the Controller).
    If the data are processed under a consent or within a service (if they are necessary to provide such a service), you may additionally use the following rights:
  • the right to withdraw consent. The withdrawal is, without prejudice to the lawfulness of the processing, made under your consent prior to such a withdrawal. If your data are processed under your consent or in order to perform a contract (if they are necessary to provide a service);
  • the right of data portability, that is the right to receive your personal data from the Controller, in a structured, commonly used and machine-readable format, in order to transmit those data to another controller.

To exercise the foregoing rights, you must contact us using the Contact tab, complete the appropriate form and send your message to lp.wo1675207895nrat.1675207895tmz@r1675207895otkep1675207895sni1675207895

If you demand rectification, erasure or restriction of the processing of your personal data, we will notify the recipients to whom the data have been disclosed, unless it proves to be impossible or would involve a disproportionate effort, and we will additionally identify those recipients upon your request.

To whom do we make the data available?

Your data may be transferred to the entities which process personal data on behalf of the Controller, such as PGZ GROUP companies, IT service providers, marketing agencies, and entities providing advisory, consulting, audit, training, organisational, legal, tax or accounting services. These entities process personal data under a contract made with the Controller and only according to their instructions. In such cases, the third parties are required to maintain the confidentiality and security of the information, and we verify whether they ensure adequate measures for personal data protection.
The list of PGZ Group companies is available on
Your data may also be made available to the entities authorised to acquire them under applicable laws, for example law enforcement authorities. To the extent allowed by applicable laws, we may also make your personal data available to entities involved in debt collection and trading in receivables.
Your personal data made available in the website browsing history are processed under a voluntary consent, by trusted entities, for marketing purposes (which cover automated analysis of your activity on the website, including the placement of Internet flags, such as cookies, on your devices and the readout of such flags); the said data may be made available to our trusted partners.

Data processing in cookies

To a limited extent, we may collect personal data automatically through the cookies installed on our website. Cookies are small text files that are recorded on your computer or another mobile device while you navigate websites. The files are used to provide various functionalities enabled on the website or to confirm that you have viewed specific content from that website. Amongst different types of cookies, we may distinguish those which are necessary for the website of the Company. These cookies are used to:

  • maintain your online session;
  • save the status of your session;
  • enable authorisation via the login service;
  • monitor the availability of services.

Another category of cookies are those files which are not required to use the website but make using it easier. They are used to:

  •  restore the last view on your next login to the product;
  • save your preferences for displaying a selected message or displaying it for a certain number of times;
  • restore your online session;
  • save the last category chosen in the product;
  • check whether data are properly saved in the cookies;

In addition, ZMT S.A. uses services provided by third parties, the list of which is subject to change and which use cookies for the following purposes:

  • to monitor the traffic on our website;
  • to gather anonymous, collective statistics, which allow us to understand how the visitors use our website and to continuously improve our products;
  • to determine the number of anonymous users of our website. This is required to analyse the use of ZMT S.A. websites;
  • to monitor how often a given piece of content is shown to the users;
  • to monitor how often the users choose a given service;
  • to analyse newsletter subscriptions;
  • to use our communications tool;

The contents originating from third-party suppliers may include third-party cookies. Therefore, we recommend that you read the policies applied by such third-party suppliers for using cookies to operate their websites.
You can manage the cookies used by the Company or third-party suppliers by modifying the settings of your web browser.
Full and detailed information is available in the settings of your web browser:

  • Internet Explorer
  • Mozilla Firefox
  • Chrome
  • Opera
  • Etc.

Please be informed that if you reject cookies, it may cause improper operation of our websites and, in certain cases, prevent you from using our products.

The information concerning the processing of personal data may be obtained from the Data Protection Officer, who is available at +48 538 624 903 and lp.wo1675207895nrat.1675207895tmz@r1675207895otkep1675207895sni1675207895

This document was published on: 09.01.2023