Privacy policy

When does this Privacy Policy apply?

This Privacy Policy specifies the manner we process personal data and ensure the application of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR). The privacy policy applies to personal data that we process during and in connection with performance of our business activity. We declare that we attach special importance and care to protect the privacy of the collected information about the persons we deal with, in particular information that identifies the person (‘personal data’).

Who processes your personal data?

The controller of your personal data is Warmia i Mazury Sp. z o.o. with the registered office in Szymany 150, Szczytno (12-100), registered in the register of entrepreneurs kept by the District Court for Olsztyn, 8th Commercial Department of the National Court Register under the number KRS [National Court Register:] 0000399439, NIP [Tax Identification Number:] 7451842294 (hereinafter: ‘we’). Our contact details are:

e-mail:, phone: 48 89 544 34 34.

What are the contact details of our Data Protection Officer?

You can contact the Data Protection Officer appointed by us for matters related to the protection of your personal data by email at, or in writing to the address of our office, indicated above.

How do we collect your personal data?

We collect personal data using various forms of communication, depending on the situation and needs. This may occur, in particular, during:

– email or telephone contact, using the form on our website,

– we consider your individual case, for example as a result of your application, enquiry, appeal, complaint,

– correspondence with you, for example to consider your request, application, complaint, answer your questions and requests,

– Your visit to Warmia i Mazury, for example your image recorded by CCTV cameras located within the territory of Warmia i Mazury,

– using WiFi,

– browsing our website by you,

– your usage of the services we provide, entering into  a business relationship with us,

– seeking employment with us.

Personal data that will allow us to identify the person concerned or contact this person is collected when it is provided voluntarily as well as when the requirement to provide data is a statutory, contractual or it constitutes a requirement to conclude the contract. For example, we may collect such information to provide services to you or to answer questions or requests.

Data collected via the website:


We collect data through our websites as well.


We may collect personal data via the website when you ask us to put your data on our mailing list or make an inquiry via the contact form. Our website may collect general information, including the internet protocol address and the browser type of the device used to access. None of this information is used to identify a single user. We use it to monitor and improve IT services. We can also use ‘cookies’ (small files used to manage internet browsing sessions) that can show us whether your internet device has visited our site before. Many web browsers allow you to control the use of ‘cookies’. If ‘cookies’ are turned off, you may not be able to use all the features of our website.

CCTV monitoring

The area of ​​Warmia i Mazury Sp. z o.o. is subject to CCTV supervision, which allows us to record images in the form of a figure, the image of people, license plate numbers, vehicle make. The recordings from the monitoring are removed by us automatically after 30 days from the date they were acquired, unless there is a specific reason for their keeping. For example, a law enforcement agency may ask us to keep recordings of suspected crime or accident.

Other ways for collecting personal data

If you interact with us through any of our social media channels, we may collect details of this interaction and the social media account or username that you use.


More information about the collection and use of data by Facebook or Twitter and about the protection of privacy can be found on the following sites:

Data protection/privacy tips issued by Facebook:

Data protection/privacy tips issued by Twitter:

Why do we process your personal data?

We process your personal data only for the purposes for which they were provided to us and for purposes directly related to our business.

The main purposes for which we may use your personal data are:

  • ensuring security and protection of Warmia i Mazury,
  • performance of the contract, due implementation of services and settlements,
  • organizing and maintaining a fire protection system under the national rescue system, developing an action plan in a situation of emergency.

What are the legal grounds for processing your personal data?

Your personal data for the above purposes may be processed on the basis of:

  1. A) art. 6 clause 1:
  • letter a) i.e. your consent, or
  • letter b) i.e. a contract that you have entered into with us, or
  • letter f) i.e. our legitimate interest which may include, for example, due consideration of your complaint,
  1. B) 9 item 2 letter a) (i.e. your consent) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR)
  2. C) implementation of the National Civil Aviation Security Program and the National Quality Control Program that should be understood as the implementation of the principles of civil aviation security and ensuring the effective application of the provisions in the field of civil aviation security,
  3. D) demonstrating the correct implementation of tasks in the field of civil aviation security,
  4. E) issuing a one-time personal pass/training participation card,
  5. F) achieving the objectives set out in points b) – d) above, we are required under the provisions of law (the basis of art. 6 par.1 letter c) GDPR in connection with from art. 80, 186b, art. 188d of the Act – Aviation Law of 3 July 2002.

Who can we transfer your personal data to?

We can only transfer your data to three groups of entities:

  • persons authorized by us – our employees, associates who must have access to data to perform their duties,
  • processors – who we will order activities that require data processing to, for example, our contractors, subcontractors who we will have to provide your data to for the purposes of the proper consideration of your complaint or appeal,
  • entities authorized to obtain data on the basis of applicable law, e.g. courts or law enforcement agencies.

Do we send your personal data outside Europe?

We may transfer your personal data to other countries, including countries outside the European Economic Area (“EEA”) that may not have the same data protection provisions as the laws binding in Poland. While  transferring personal data to countries outside the EEA, we will take reasonable steps to ensure that your personal data is covered by the same level of protection as specified in this privacy policy and the provisions of the GDPR.

How long will we process your personal data?

We store personal data for the period necessary to achieve the purposes specified in this privacy policy unless a longer retention period is required or permitted by law. We comply with the rules and periods adopted by us in the personal data retention policy. The maximum storage period may vary depending on the type of data and the purposes of processing.

Which rights do you have regarding your personal data?

Pursuant to applicable law, you have the right to request access to data and to request rectification, supplementing inaccurate information, the right to delete data, the right to limit data processing, the right to transfer data and the right to object to the processing of personal data. If the request is manifestly unreasonable or excessive, in particular due to its repetitive nature, we may charge a reasonable fee, taking into account the administrative costs of providing information, conducting communication or taking the requested actions or refuse to take action.-

If you want to exercise your rights, please contact our personal data protection officer using the contact details specified above. If it is found that the processing of personal data violates the provisions of the GDPR, you also have the right to lodge a complaint to the President of the Office for Personal Data Protection.

If data processing is carried out pursuant to your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Do you have to provide personal data?

In most cases, you are not required to provide us with personal information about you. If you do not provide data, we may not be able to enter into a contract with you, ensure an appropriate level of service or process your authorization request.

How do we secure your personal data?

We use technical and organizational measures to protect your personal data against accidental or intentional loss, destruction or access by unauthorized persons. When sending personal data, the information is transferred in an encrypted form to prevent misuse by third parties. The security measures we use are constantly changed and adapted to the development of technology.

Projekt dofinansowany ze środków Europejskiego Funduszu Reginalnego