Privacy policy

This Privacy Policy sets out the rules for processing your personal data by "Metalbud" Sp. z o.o. based in Podlas (address: Podlas, ul. Tomaszowska 90, 96-200 Rawa Mazowiecka).

  1. Personal Data Controller

The Perspnal Data Controller of your personal data is "NOMA" Sp. z o.o. with headquarters in Podlas, ul. Tomaszowska 90, 96-200 Rawa Mazowiecka, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register, under the number: 0000039826, with the following NIP: 8351148991, and REGON: 750034969 and share capital in the amount of PLN 30,033.300.00 (hereinafter referred to as Personal Data Controller).

The Personal Data Controller can be contacted at the following e-mail address:  or by mail to the address of the Personal data Controller's office indicated above.

2. Legal basis and purpose of personal data processing

The Personal Data Controller processes personal data in accordance with the relevant regulations, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repeal Directive 95/46 / EC (General Data Protection Regulation, hereinafter referred to as: GDPR).

Depending on the situation, the Personal data Controller processes your personal data for the following purposes and on the basis of the following provisions of the GDPR:

  1. In order to conclude and execute the contract concluded with you or to take, at your request, actions aimed at concluding the contract (e.g. sending an offer) - pursuant to art. 6 par. 1 letter b) of GDPR - not longer than until the claims have expired in connection with the contract;
  2. In order to implement the legitimate interests of the Personal Data Controller, i.e.:
    • Promote and advertise of the Personal Data Controller’s products and services, entities belonging to the Personal data Controller’s capital group or third parties which are directly related to the subject of the contract concluded between you and the Personal Data Controller,
    • Inquire into any possible claims of the Personal Data Controller,
    • Archive in order to protect the Personal Data Controller's legal interest,
    • Provide you with security in connection with recording the image using industrial cameras while staying in the Personal Data Controller's premises,
    • Reply to your queries addressed to us not related to the contract concluded with the Personal Data Controller,
    • Ensure the security and proper functioning of the Personal Data Controller's website, including cookies - for more information about cookies, see section 7 of the Privacy Policy.

Processing in order to implement the legitimate interests of the Personal Data Controller is carried out on the basis of art. 6 par. 1 letter f) of the GDPR, no longer than until the attainment of the purposes set out above, except for the processing of personal data regarding promotion and advertising of products and services - then no longer than until you raise your objection.

3. In order to fulfill the obligations imposed on the Personal Data Controller by relevant regulations, e.g. tax law provisions, the Accounting Act - pursuant to art. 6 par. 1 letter c) of the GDPR - no longer than during the period of limitation for claims regarding public claims;

4. In order to send the newsletter you ordered - pursuant to art. 6 par. 1 letter a) of the GDPR - no longer than until the consent is withdrawn;

5. To promote and advertise products and services of entities cooperating with the Personal Data Controller, if they do not fall within the scope defined in section 2 above (in the case of persons who have given their consent) and only to the extent specified by such consent) - based on
Art. 6 par. 1 letter a) of the GDPR - no longer than until the consent is withdrawn.

3. Rights of persons whose personal data is processed

Providing personal data to the Personal Data Controller is voluntary but necessary to achieve the goals set out above in this Privacy Policy. It will not be possible to achieve these goals
in the case of your refusal to provide personal data.

Due to the fact that the Personal Data Controller processes your personal data, you have the following rights:

  1. The right to access your personal data;
  2. The right to request the rectification of your personal data if it is incorrect and to supplement it when incomplete;
  3. The right to demand the removal of your personal data (the so-called "right to be forgotten")in any of the following cases:
    • When you have withdrawn the consent on which the processing is based and there is no other legal ground for processing;
    • When your personal data is no longer necessary for the purposes for which it was collected or
      otherwise processed;;
    • When your personal data has been processed unlawfully;
    • When you object to the processing of data and there are no overriding legitimate grounds for processing this data;
    • When the data was collected in connection with the provision of information society services specified in art. 8 sec. 1 of the GDPR.
    • When personal data must be removed in order to comply with the legal obligation provided for in European Union law or Polish law.

The Personal Data Controller will not, however, have to delete your personal data to the extent to which its processing will be necessary (i) to exercise the right to freedom of expression and information; (ii) to comply with a legal obligation requiring processing under the European Union law or Polish law or to perform a task carried out in the public interest; (iii) to determine, assert or defend claims; (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, as long as it is probable that the right to request the deletion of the data will prevent or significantly impede the purposes of such processing.

4. The right to limit the processing of data in cases where:

  • You question the accuracy of personal data - for a period allowing the Personal Data Controller to check the correctness of this data;
  • The processing is unlawful and you oppose the removal of personal data, requesting instead to limit its use;
  • The Personal Data Controller no longer needs personal data for processing, but it is are needed to establish, assert or defend claims;
  • You have objected - pending the determination of whether the legitimate grounds on the part of the Personal Data Controller take priority over the grounds of your objection.

5. The right to raise objections to processing due to reasons related to your special situation - regarding data processing carried out in order to implement the legitimate interests of the Personal Data Controller.

6. The right to withdraw consent - at any time with regard to the situation where your personal data is processed on the basis of your consent. Withdrawal of consent does not affect the legality of the processing which was carried out on the basis of consent before its withdrawal.

7. Right to data transfer - if your data is processed on the basis of consent or under a contract and the processing takes place in an automated manner, you have the right to obtain your personal data that was given to the Personal Data Controller from the Personal Data Controller in a structured, commonly used machine-readable format. You also have the right to request the transfer of such personal data to another personal data controller, if technically possible.

8. The right to file a complaint regarding the processing of personal data by the Personal Data Controller to the competent supervisory authority (the President of the Office for Personal Data Protection), if you believe that the processing is carried out in violation of the GDPR.

4.  Personal data recipients

The Personal Data Controller may share your personal data with the following recipients:

  1. Entities from the Personal Data Controller's capital group,
  2. Entities cooperating with the Personal Data Controller for purposes related to the implementation of the contracts concluded with you, including suppliers, subcontractors, intermediaries,,
  3. Entities providing IT services,
  4. Entities providing marketing services,
  5. entities providing accounting, legal and debt collection services,
  6. Entities providing personal and property protection services to the Personal Data Controller.

In some cases, your personal data may be transferred outside of the EEA, which is usually necessary for undertaking activities related to the conclusion of a contract with you or related to the ongoing implementation of a contract already concluded with you. We make reasonable efforts to ensure that recipients of your data apply the necessary security standards. However, due to the global activities of the Personal Data Controller, sometimes some data and only to the extent necessary is transferred to countries outside the EEA, which do not guarantee legal standards that fully comply with the rules of the GDPR. All the other transfers outside of the EEA may be related to the use of the Personal Data Controller website or the Personal Data Controller’s profiles on social networking sites, whereby your personal data is processed in compliance with the necessary legal standards, i e. in accordance with the EU USA Privacy Shield Agreement or by applying standard contractual clauses in accordance with Commission Decision 2010/87 / EU on standard contractual clauses on the transfer of personal data to data processors established in third countries under Directive 95/46 / EC of the European Parliament and of the Council ( Journal of Laws UE L 39 p. 5 of 12/02/2010), issued on February 5, 2010.

5. The period of storage of personal data

The Personal Data Controller stores your personal data for a period not longer than necessary to achieve the objectives set out above in this Privacy Policy and to comply with the applicable law (or pending submission of personal data for purposes of direct marketing or withdrawal of consent - in this case your personal data can be processed only if there is another legal basis for the processing of your data, e.g. an obligation imposed by law on the Personal Data Controller, for which it is necessary to process your personal data). In any case, the processing of your personal data will not exceed 10 years.

6. Links to external websites

The Personal Data Controller's website may contain links or other references leading to external websites or social websites (e.g. YouTube) and Personal Data Controller profiles on such portals that do not belong to the Personal Data Controller. The Personal Data Controller has no influence and is not responsible for the manner of processing personal data by third parties owning external portals, while in relation to Personal Data Controller profiles within such websites Privacy Policy applies accordingly. A person who will benefit from the redirection will also have privacy policies and cookies published by the administrators of external websites. We encourage you to familiarize yourself with these policies.

The Personal Data Controller is not responsible for policies regarding the processing of personal data of other entities and organizations, providers of social media platforms (YouTube), operating systems, portals, services, including any data that is disclosed to other entities using social media features.

The Personal Data Controller will be able to access some of the data of the users of the portals mentioned above, like age, gender, location, activity on external websites within the Personal Data Controller profile; the data will not allow users to be identified. This data can be used to target advertising, which is the legitimate purpose of the Personal Data Controller.

Acceptance or non-acceptance of the use of the above data within the above-mentioned portals can be carried out in the account settings on social media platforms, e.g. in the case of YouTube in privacy settings after logging in to your Google account.

7. Cookies

The Personal Data Controller uses cookies i.e. information data, in particular small text files, saved and stored on devices through which you use the Personal Data Controller's website. Cookies used by the Personal Data Controller are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malicious software to get into your device. These files allow identification of the software used by you and individually customize the website. Cookies usually contain the name of the domain from which they originate, their storage time on your device and the assigned value.

The Personal Data Controller uses two types of cookies:

  • Session cookies - stored on your device and remain there until the end of the browser session. The information saved is then permanently deleted from the memory of your device.
  • Permanent cookies - stored on your device and remain there until they are deleted. Ending the browser session or turning off the device does not delete them.

You have the option of restricting or disabling cookies access to your device - in this case, the use of the Personal Data Controller's website will be possible, however, some of its features requiring access to cookies may not be available.


The Personal Data Controller uses own cookies for the correct configuration and full functionality of the website, in particular to:

  1. Adapt the content of the website to your preferences and optimize its use,
  2. Recognize your device and its location and display, respectively, the website, its functions and information provided, tailored to individual needs,
  3. Store your settings and personalize the interface, e.g. in the area of the chosen language or region, from which the user comes,
  4. Remember the history of visited pages on the site in order to recommend content,
  5. Remember the size of the font, the appearance of the website, etc.,
  6. Conduct correct operation of the partner program, enabling in particular verification of sources of redirections to the Personal Data Controller's website,
  7. Conduct analyses and research, and audience audits, and in particular to create anonymous statistics that help understand how you use the Personal Data Controller's website, which allows the improvement of its structure and content.

The Personal Data Controller also uses external cookies provided by Google Inc with its registered office
in the US, to collect general and anonymous static data via analytical tools Google Analytics. In order to block the collection of the above data by Google Analytics, you can, among other things, install the plugin for your browser available at the following link:

You can change your cookie settings yourself and at any time by specifying the conditions for storing and accessing your device. Changes to the settings referred to in the previous sentence can be made using web browser settings or through service configuration. These settings can be changed in particular in such a way as to block the automatic handling of cookies, in the settings of the web browser, or to inform about their every posting on your device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.

The user can delete cookies at any time using the features available in the web browser they use. Limiting the use of cookies may affect some of the functionalities available on the website.