Privacy policy



EFMMA SP.Z.O.O. limited liability company in Warszawa [Warsaw, Poland] (National Business Registry Number: 386756233, Taxpayer Identification Number: 5272933582, National Court Register: 0000853762 with head office in Warsaw, Poland, address: 00-805 Warszawa, ul.Chmielna 132/134,  hereinafter referred jointly or separately to as “the Joint Controllers”, hereby inform that they process your personal data, such as: first name, surname, contact data (e-mail addresses, phone numbers etc.) information about previous cooperation and – if you run a business or work to an entity running a business – also following information about this entrepreneur: Personal Register Number (PESEL), National Business Registry Number (REGON), Taxpayer Identification Number (NIP), National Court Register Number (KRS) and  information on the legal, financial and market position of the firm. You can contact the Joint Controllers anytime  in writing (to the address of their registered offices), or electronically to the following e-mail address:

The Joint Controllers process your personal data provided by you in order to :

  • conclude or to perform concluded with you (or with the entrepreneur you act on behalf of) a supply of goods or services agreement/agreements related to the business conducted by the Joint Controllers;
  • implement all the legal obligations resulting from the conclusion and performance of such agreements by the Joint Controllers, e.g. tax or reporting obligations;
  • protect the legitimate interests of the Joint Controllers or a third party in connection with the conclusion or performance of such an agreement, e.g. in order to pursue claims from you resulting from an improper performance of the agreement or committing a tort or offence while performing the agreement, or to defend against such claims.

Providing the above personal data is voluntary, but regarding at least some of the data it may be necessary to conclude or properly perform an agreement with you or the entrepreneur, you act on behalf of , providing the data.

Your personal data will be processed for the maximum of the period during which claims related to the concluded agreement may be disclosed, i.e. for 4 years from the end of the year in which the agreement expired, 3 of which is the longest possible period of prescription of claims, an additional year reserved in the event of last-minute claims and delivery problems, and calculating from the end of the year is to determine one date of data deletion for the agreement ending in a given year. If, however, any claims are made during this time, you will be informed of the further processing of your data in order to pursue or defend such claims and of the anticipated period of further processing. If you withdraw your consent to the processing of your personal data before the conclusion of the agreement or if the agreement is not concluded within 12 months of the last message from you in this matter, your personal data processed for the purpose of the conclusion of this agreement will be immediately deleted by the Joint Controllers.

Your data may be transferred by the Joint Controllers to the following groups of recipients:

  1. public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that result from legal provisions and administrative powers vested in them, for example the supervisory body that controls the correctness of personal data processing by the Joint Controllers, the state, city or municipal police in connection with any prohibited or unlawful acts committed by you;
  2. employees and contracted parties of the Joint Controllers to the extent that they have been authorized by the Joint Controllers to correspond with you or to perform on behalf of the Joint Controllers the agreement concluded with you or the entity you act on behalf of;
  3. partners and subcontractors of the Joint Controllers, to whom the Joint Controllers entrusted the individual business processes, including the activities related to the conclusion or performance of the agreement, the performance of obligations arising therefrom, or pursuing claims or defending against claims arising in connection with its conclusion or performance, such as companies providing IT services, accounting offices, tax advisors, law offices, online booking portals, etc., to the extent that these data are necessary for their proper provision of services to the Joint Controllers.


Due to the processing of your data by the Joint Controllers, you have the right to:

  1. access your personal data, including the right to obtain a copy of this data;
  2. request the correction of personal data – if the data is incorrect or incomplete;
  3. request to delete your personal data (so-called “right to be forgotten”) – if:
  • the data is no longer necessary for the purposes for which it was collected or otherwise processed,
  • you effectively opposed the processing of your data by the Joint Controllers;
  • the data is processed unlawfully,
  • the data must be removed in order to comply with the legal obligation;
  1. requests to limit the processing of personal data– if:
  • you question the accuracy of your personal data,
  • the data is processed unlawfully, and you oppose their removal, requesting their limitation instead,
  • the Joint Controllers no longer needs your data for his purposes, but you need them to establish, defend or pursue the claims,
  • you effectively opposed the processing of your data – until it is determined whether the Joint Controller’s legitimate grounds prevail over the grounds of objection;
  1. objections to the processing of personal data, if there are reasons related to your particular situation and the processing of data is based on the necessity for purposes arising from the legitimate interest of the Joint Controllers;
  2. file a complaint to the supervisory body – if you decide that the processing of your personal data by the Joint Controllers violates the legal norms.

Your personal data will not be used for automated decision making, including profiling, and will not be transferred to countries outside the European Economic Area or international organizations.