acquired by Etteplan, a rapidly growing and developing engineering services company. Read more here.

Privacy policy


In the interest of clarity and precision, we use the following definitions throughout this Privacy Policy:

Privacy Policy: this Policy as fulfilment of our information obligations to you under Articles 13 and 14 of the GDPR.

Data: Personal data, i.e. any information about an identified or identifiable person to whom the data relates – in relation to them the obligation to provide information is fulfilled by making the information contained in the Privacy Policy available on an ongoing basis.

You:  You, and therefore the person whose Data we process in accordance with the Privacy Policy.

We/Controller Etteplan Tech Poland S.A. with its registered office in Katowice, 2 Jana III Sobieskiego Street, National Court Register (KRS) number 0000895281, REGON: 24319612400000, Tax Identification Number (NIP): 9542741996 entity providing access to the Privacy Policy, which is also the data controller.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Customer: an entity with whom the Controller has entered into or is negotiating to enter into an agreement pursuant to which the Controller will provide it with its services.

Potential Customer: an entity which may be interested in our services and is approached by our marketing team to provide information regarding our services and process.

Representative: a person who contacts the Controller on behalf of the Customer or Potential Customer or another entity with whom the Controller cooperates or communicates.

[Data and effects of refusal to provide data]

This policy applies to the processing of Data collected from:

  1. Customers (if they are natural persons) or their Representatives in connection with the services we provide, such as in the course of entering into a contract or during the performance of a contracted project. [In this context, providing Data may be a condition of entering into a contract, and failure to do so may prevent performance of the contract].
  2. Potential Customers (if they are natural persons) or their Representatives in connection with marketing activities which may result in collecting data from publicly available and legitimate sources. [If you don’t wish to be approached by us please object]
  3. Subscribers to our newsletter. [Without receiving the necessary Data we will not be able to send you the newsletter].
  4. Persons contacting Us, in particular by telephone, e-mail or the contact form located at [Failure to provide data may result in not receiving a response to the message].
  5. Persons accessing the website These Data may be collected via cookies (for more information, see Cookie Policy). [Consent for cookies is voluntary].

Data may include, but is not limited to: the identifiers of the devices through which you access our site or which you use in the course of the relationship between us and you or the Customer you are a Representative of, contact information such as name, surname, e-mail address, registered or correspondence address, professional position, possibly other data, necessary for the purposes indicated below.

[Purposes, legal basis and duration of processing of Data].

We process your personal data for the purposes set out below. For each purpose, we have indicated the legal basis for the processing and the criteria for the period of processing for that purpose.

Processing data to provide services and ongoing contact with Customers. Providing resources and services to Customers. Article 6 (1) (b) (f) of the GDPR – conducting a binding contract and legitimate interest of the Controller, which is the delivery of resources and services to Customers as well as providing communication. Until the termination of cooperation with a given Customer and the statute of limitations for claims.
Direct marketing Article 6 (1) (a) (f) of the GDPR – consent for marketing activities or prior to consent legitimate interest of the Controller, which is a right to develop business opportunities which does not overdrive data subjects rights and freedoms 1 year since collecting data unless data subject withdraws consent or object to processing or there is another legal ground for processing
Newsletter delivery. Providing marketing and advertising materials and information about Controller’s activities. Article 6 (1) (a) of the GDPR –consent for marketing activities which is newsletter delivery Until data subject withdraws consent
Website usage statistics.  Analysis of website utilisation statistics

Article 6 (1) (a) (f) of the GDPR – the consent for analytical and third party cookies or legitimate interest for Necessary (functional) cookies – which are necessary for the proper functioning of our website and systems and enable you to navigate our website and use its features.




The cookies we use are installed for varying periods. Some expire when you close your browser, while others remain active for days, months, or even years, primarily so that your choices are not lost. After this period, they are deleted. More information about this period of processing can be found in the Cookie Policy.
Administration of concluded contracts with service providers and clients. Protection of Controller’s rights and enforcement of claims Article 6 (1) (f) of the GDPR – legitimate interest of the Controller. The legitimate interest of the Controller, in this case, is the proper implementation of contracts concluded with service providers or customers, as well as the defence of rights and enforcement of claims of the Controller. Until the statute of limitations on claims.
Invoicing. Invoicing and financial reporting. Issuing invoices/payment documents to clients, bookkeeping. processing is necessary to comply with Controller’s legal obligation to issue VAT invoices and financial reporting 5 years counted from the end of the fiscal year.


We only process Data for as long as it is necessary. After the purpose for which the Data was processed has been fulfilled, the Data will be deleted or anonymised, unless we are required or authorized by law to retain some or all of the Data.

[Data recipients]

In some situations, we transfer your Data to third parties. Their recipients may be:

  • entities to whom we outsource Data processing services, these will include our subcontractors, accounting entities, law firms;
  • Public authorities, including the Police, the National Tax Administration, other law enforcement agencies, in connection with their proceedings under the relevant provisions of law.

We ensure that our processors are fulfilling all obligations and requirements stemming from art. 28 GDPR.

[Cross border]

We do not transfer any data outside EU. We choose data storage centres located only in EU.

[Your rights]

  • Access:

You have a right to be informed about Your personal data processing, including the source of Your data collection, purpose of its processing and how long it will be stored.

  • Rectification:

You have a right to access and change Your personal data.

  • Erasure (“right to be forgotten”):

You have a right to demand to erase your data however we reserve the right to refuse permanent deletion for a legitimate reason, in particular but not limited to if current business affairs are not yet finished.

  • Restriction on processing:

You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR.

  • Portability:

If You need to export/import data we will help you.

  • Right to withdraw consent:

You always can withdraw Your consent for processing Your data for marketing by sending us an email.

  • Right to object

In case You don’t want us to reach out for Your consent for further processing please object by sending us an email.

  • Lodge a complaint

You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how we processes Your personal data.

[Automated Decision Making]

We do not make decisions by automated means, including profiling.

[Information Update]

This Privacy Policy is up-to-date information about the processing of your Personal Data. Its content may change in order to be consistent with the facts regarding our processing of your Data.


If you have any concerns about our processing of your Data, please contact us by sending an email to: