1. The controller of personal data collected via the website is Nord Capital Sp. z o.o., registered office: Rekowo Górne, ul. Pucka 4, 84-123 POŁCHOWO, POLAND, entered into the register of entrepreneurs under the KRS (National Court Register) number: 0000047601, NIP (Taxpayer Identification Number): 9581319327, REGON (National Business Registry Number): 191888394, e-mail address:, phone: +48 58 625 75 00, fax: +48 58 625 75 01, hereinafter called the “Controller”, which is also the Service Provider. , place of business: Rekowo Górne, ul. Pucka 4, 84-123 POŁCHOWO, POLAND.
    2. Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, and the Personal Data Protection Act of 10 May 2018.



  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The controller processes personal data via the website in the case of:
  2. TYPE OF THE PROCESSED DATA. The Controller processes the following categories of user’s personal data:
  3. THE PERIOD OF STORAGE OF PERSONAL DATA. Users’ personal data is stored by the Controller:
    1. if the basis for data processing is the performance of the contract, as long as it is necessary to perform the contract, and after that time for the period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years.
    2. if the basis for data processing is consent, as long as the consent is not revoked, and after revoking the consent for a period of time corresponding to the period of limitation of claims that may be pursued by the Controller and which may be pursued against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years.
  4. When using the website, additional information may be downloaded, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
  5. Positioning data may also be collected from users, including information about links they choose to click on or other actions taken on the website. The legal basis for this type of activity is the Controller’s legitimate interest (Article 6 (1) letter f of the GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.
  6. Providing personal data by the user is voluntary.
  7. Personal data will also be processed in an automated manner in the form of profiling, provided that the user agrees to it pursuant to art. 6 (1) letter a of the GDPR. The consequence of profiling will be assigning a profile to a given person in order to make decisions about him or her or to analyse or predict his or her preferences, behaviours and attitudes.
  8. The controller takes special care to protect the interests of data subjects, and in particular ensures that the data collected is:
      1. processed in accordance with the law,
      2. collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,
      3. factually correct and adequate in relation to the purposes for which they are processed and stored in a form that enables identification of persons to whom they relate no longer than it is necessary to achieve the purpose of processing.



  1. Users’ personal data is transferred to service providers used by the Controller in order to run the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are subject to the Controller’s instructions as to the purposes and methods of processing this data (processors) or define the purposes and methods of processing on their own (controllers).
  2. Users’ personal data is only stored in the European Economic Area (EEA).



  1. The data subject has the right to access the content of his or her data, the right to modify it, delete it, restrict its processing, the right to transfer it, the right to object, the right to withdraw consent at any time without affecting the lawfulness of any processing performed on the basis of the consent prior to its withdrawal.
  2. Legal basis for user requests:
    1. Access to data – Article 15 of the GDPR
    2. Modifying data – Article 16 of the GDPR.
    3. Deleting data (the so-called right to be forgotten) – Article 17 of the GDPR.
    4. Restriction of processing – Article 18 of the GDPR.
    5. Transfer of data – Article 20 of the GDPR.
    6. Objection – Article 21 of the GDPR.
    7. Withdrawal of consent – Article 7 (3) of the GDPR.
  3. In order to exercise the rights referred to in point 2 you can send an e-mail to the following address:
  4. If the user wants to exercise on of the above-mentioned rights and sends a request, the Controller shall fulfil the request or refuse to fulfil it immediately, but not later than within one month after receiving it. However, if, due to the complicated nature of the request or the number of requests, the Controller will not be able to fulfil the request within a month, he or she will fulfil it within the next two months, informing the user about the extended period and its causes in advance within one month from receiving it.
  5. If the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.



  1. The Controller’s website uses cookies.
  2. The installation of cookies is necessary for the proper provision of services on the website. The cookies files contain information necessary for the proper functioning of the website, and also provide the opportunity to compile general statistics of website visits.
  3. The site uses the following cookies files: session cookies
    1. Session cookies are temporary files that are stored on the user’s terminal equipment until logging out (leaving the site).
  4. The Controller uses his own cookies to better understand the user’s interaction with the content of the website. The files collect information about how the user uses the website, the type of website from which the user was redirected, and the number of visits and the time of the user’s visit to the website. This information does not record specific personal data of the user, but is used to compile statistics related to the use of the website.
  5. The user has the right to decide on the scope of the access cookies files have to his or her computer by selecting appropriate files in the browser. Details on the possibilities and methods of managing cookie files are available in the software settings (of the web browser).



  1. The Controller takes technical and organisational measures to ensure protection of the processed personal data that is appropriate to the risks and categories of the protected data, and particularly secures the data from being disclosed to unauthorised persons, taken by unauthorised persons, processed in breach of applicable provisions and from change, loss, damage or destruction.
  2. The Controller provides the following technical measures to prevent the acquisition and modification by unauthorised persons of the personal data sent electronically.
  3. In matters not covered by this Privacy Policy, the appropriate provisions of the GDPR and other relevant provisions of Polish law shall apply.