Privacy Policy

We collect and store all personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons
with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “GDPR”.

Therefore, caring for the protection of the privacy of Users of the website https://www.multipress.pl/ hereinafter referred to as the “Website”, in this document the Controller provides information on the legal bases for the processing of personal data provided by Users in connection with their use of the Website and the Controller’s services, the methods of collecting, processing and protecting personal data, as well as the rights of Users.

Personal Data Controller

The Controller of personal data is Drukarnia Multipress Sp. z o.o. S.K., with its registered office in Morawica (32-084), Morawica 349, entered in the register of entrepreneurs under KRS number 0000579640, holding tax identification number NIP 6792494327.

Controller’s contact details

e-mail: marketing@multipress.pl
tel.: +48 12 261 40 31

What data we process

We process personal data that you provide to us when using our services, or personal data that may be collected by us in connection with your use of our Website, for example personal data provided when using the contact form. Such data includes in particular: the Client’s first name and surname, company name, telephone number, e-mail address, IP address, correspondence data, data included in contact forms, and data related to order fulfilment.

As a rule, the Controller obtains data directly from the data subject.

In the case of data concerning contractors or persons representing contractors, the data may also come from public registers, such as CEIDG or KRS, or from entities represented by a given person.

Principles on which we process your data

We exercise due diligence to protect the interests of data subjects, and in particular we ensure that such data is:

processed lawfully, fairly and in a transparent manner in relation to the data subject;

collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;

adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;

accurate and, where necessary, kept up to date; we take steps to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed;

processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss or destruction.

Purpose and legal basis of data processing

Your personal data is processed:

for the purpose of concluding and performing an agreement, documenting transactions and verifying the credibility of a contractor — the legal basis for processing is the necessity of processing for the performance of an agreement, Article 6(1)(b) GDPR; with regard to data provided optionally, the legal basis for processing is consent, Article 6(1)(a) GDPR;

for the purpose of fulfilling statutory obligations imposed on the Controller, arising in particular from tax and accounting regulations — the legal basis for processing is a legal obligation, Article 6(1)(c) GDPR;

for the purpose of possible establishment, exercise or defence of claims — the legal basis for processing is the legitimate interest of the Controller, Article 6(1)(f) GDPR, consisting in the protection of its rights;

for analytical and statistical purposes — the legal basis for processing is the legitimate interest of the Controller, Article 6(1)(f) GDPR;

for the purpose of providing electronic services consisting in making the Website available, enabling the use of its functionalities and handling the contact form — the legal basis is the necessity of processing for the performance of an agreement for the provision of electronic services or taking steps at the request of the data subject prior to entering into an agreement, Article 6(1)(b) GDPR, and, with regard to technical data connected with the functioning of the Website, the legitimate interest of the Controller, Article 6(1)(f) GDPR;

for the purpose of preparing internal summaries for the Controller, storing data for future proceedings and archiving — the legal basis for processing is the legitimate interest of the Controller, Article 6(1)(f) GDPR;

for the purpose of ensuring IT security — the legal basis for processing is the legitimate interest of the Controller, Article 6(1)(f) GDPR;

for the purpose of responding to an enquiry sent via the contact form or by e-mail — the legal basis is the legitimate interest of the Controller consisting in handling correspondence and communication with persons interested in the offer, Article 6(1)(f) GDPR, and if the contact is aimed at entering into an agreement — Article 6(1)(b) GDPR;

for the purpose of using the Website and ensuring its proper operation — the legal basis for processing is the legitimate interest of the Controller, Article 6(1)(f) GDPR;

for the purpose of sending commercial information or direct marketing by e-mail based on your consent, where such consent has been given, Article 6(1)(a) GDPR. Commercial information is sent electronically only after obtaining the consent required under the Electronic Communications Law and the GDPR.

Criteria for determining the period for which personal data will be stored

The data processing period may also result from legal provisions where such provisions constitute the basis for processing. Personal data is processed for the period necessary to achieve the processing purposes indicated above, i.e.:

a) with regard to the performance of an agreement — until the completion of the service. After that time, the data is processed if this is permitted or required under applicable law and during the pursuit of the Controller’s legitimate interests, for example processing for the purpose of pursuing claims, settlements, handling complaints, and storing data for the period specified, for example, by tax regulations;

b) with regard to the fulfilment of legal obligations imposed on the Controller — until such obligations have been fulfilled;

c) with regard to the pursuit of the Controller’s legitimate interests — until an effective objection is lodged;

d) with regard to consent granted — until the enquiry has been processed and answered, or until consent is withdrawn.

After the expiry of the processing period, the data is irreversibly erased or anonymised.

Data recipients

Your personal data may be transferred to the following categories of recipients:

persons authorised by the Controller, employed by the Controller or cooperating with the Controller under civil-law agreements;

entities processing your personal data on our behalf and participating in the performance of our activities:

– for the purpose of storing personal data on a server;

– for the purpose of using IT support and website management, in connection with which the entity providing support may have access to your personal data collected within the Website;

– for the purpose of providing advisory, audit, legal, tax and accounting services, as well as to state authorities or other public entities, in order to meet legal requirements.

Rights

Data subjects have the following rights:

the right to information about the processing of personal data — on this basis, upon such request, the Controller provides information on the processing of personal data, including in particular the purposes and legal bases of processing, the scope of data held, the entities to which personal data is disclosed and the planned date of its erasure;

the right to obtain a copy of data — on this basis, the Controller provides a copy of the processed data concerning the person making the request;

the right to rectification — on this basis, the Controller removes any inconsistencies or errors concerning the processed personal data, and supplements or updates it if it is incomplete or has changed;

the right to erasure — on this basis, it is possible to request the erasure of data whose processing is no longer necessary for any of the purposes for which it was collected;

the right to restriction of processing — on this basis, the Controller ceases to perform operations on personal data, except for operations to which the data subject has consented and except for storage, in accordance with the adopted retention rules, or until the reasons for restricting data processing cease to exist;

the right to data portability — on this basis, to the extent that data is processed in connection with an agreement concluded or consent granted, the Controller provides the data supplied by the data subject in a machine-readable format. It is also possible to request that such data be sent to another entity, provided that this is technically feasible both for the Controller and for that other entity;

the right to object — the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(f) GDPR, namely the legitimate interest of the Controller, including profiling based on those provisions. In such a case, the Controller may no longer process such personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.

In order to exercise the rights referred to above, you may contact the Controller by sending an appropriate written message or e-mail to the Controller’s address indicated at the beginning of this Policy.

Information on the right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you consider that the Controller violates your rights concerning personal data.

Profiling and automated decision-making

The Controller does not make decisions concerning Users which produce legal effects or similarly significantly affect Users, based solely on automated processing of data, including profiling, as referred to in Article 22 GDPR.

Where marketing activities are carried out, the Controller may use statistical analyses and analytical tools that do not produce legal effects concerning the User.

Information on whether providing personal data is a statutory or contractual requirement or a condition for entering into an agreement, whether the data subject is obliged to provide such data, and what the possible consequences of failure to provide the data are

Providing data is voluntary; however, failure to provide certain information, as a rule marked as mandatory on the Controller’s pages, will result in the inability to perform a given service, achieve a specific purpose or take specific actions.

Providing by the User data that is not mandatory or excessive data that the Controller does not need to process is based on the User’s own decision, and in such a case the processing is carried out on the basis referred to in Article 6(1)(a) GDPR, namely consent. The User consents to the processing of such data which the Controller does not require and does not wish to process, but which the User has nevertheless provided to the Controller.

Cookies

Like most websites, the Website uses technology that stores and accesses information on the User’s computer or another device connected to the network, in particular by using cookies, concerning Users’ Internet activity, for the purpose of market and statistical analyses and improving the quality of the information presented, without significantly affecting their decisions, unless the User gives separate consent to this.

Cookies are IT data, in particular text files, stored on the terminal device of the Website user and intended for using the Website pages. Such files usually contain the name of the website from which they originate, the period for which they are stored on the terminal device, and a unique number used to identify the browser through which the connection with the website is made.

Cookies other than necessary cookies are installed only after obtaining the User’s prior consent. The User may withdraw or change his or her consent at any time through the settings available on the Website.

The entity placing cookies on the user’s terminal device and accessing them is the Controller.

Cookies are used for the purpose of:

adapting the content of the Website to the user’s preferences, including optimising the use of websites; in particular, these files allow the Website user’s device to be recognised and the website to be displayed appropriately, adjusted to the user’s individual needs;

creating statistics that help understand how Website users use the websites, which enables improvement of their structure and content.

We use the following types of cookies:

Necessary

Necessary cookies are required to enable the basic functions of this website, such as secure login or adjusting consent preferences. These cookies do not store any data enabling user identification.

Functional

Functional cookies help perform certain functions, such as sharing website content on social media platforms, collecting feedback and other third-party functions.

Analytical

Analytical cookies are used to understand how users use the website. These cookies provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance

Performance cookies are used to understand and analyse key website performance indicators, which helps provide visitors with a better user experience.

The legal basis for using cookies other than necessary cookies is the user’s consent expressed in accordance with Article 399 of the Electronic Communications Law and Article 6(1)(a) GDPR.

As a rule, web browsers allow cookies to be stored on the user’s terminal device by default. Website Users may change cookie settings at any time. These settings may be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform the User each time they are placed on the Website user’s device.

The Controller informs that changes to the user’s web browser settings may limit access to certain functions of the Website.

Detailed information on the possibility and methods of handling cookies is available in the software settings of the web browser.

The method of disabling cookies in individual browsers can be found on the following pages:

Mozilla Firefox: http://support.mozilla.org/pl/kb/blokowanie-ciasteczek
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
Microsoft Edge: https://support.microsoft.com/pl-pl/windows/usuwanie-plik%C3%B3w-cookie-i-zarz%C4%85dzanie-nimi-168dab11-0753-043d-7c16-ede5947fc64d
Opera: http://help.opera.com/Linux/9.22/pl/cookies.html
Safari: http://support.apple.com/kb/ph5042

Google Analytics — website traffic analysis service

Our website uses Google Analytics, a website traffic analysis service provided by Google, if you give the relevant consent in the cookie settings on our website. Google Analytics uses cookies, i.e. text files that are stored on your computer and enable analysis of your use of the website. Information generated by the cookie about your use of the website is generally transmitted to a Google server in the United States and stored there.

On behalf of the website operator, Google uses this information to analyse your use of the website, to compile reports on website activity and to provide other services to the operator relating to website and Internet use. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data.

You may prevent cookies from being stored by selecting the appropriate settings in your web browser; however, please note that in such a case you may not be able to use all functions of this website in full. Furthermore, you may prevent the collection of data generated by the cookie and related to your use of the website, including your IP address, and the processing of such data by Google by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=pl.

Data collected by us at user and event level, linked to cookies, user identifiers and advertising identifiers, is automatically deleted after __ months. The retention period for the user identifier is reset to __ months with each new event, for example a page view, by that user on our website. This does not affect standard aggregated Google Analytics reports.

Additional information on the terms of use and data protection is available at https://www.google.com/analytics/terms/pl.html or https://policies.google.com/?hl=pl.

reCAPTCHA

In our contact forms, through which enquiries about services and information may be submitted to the Controller, we use the Google reCAPTCHA service.

The purpose of this tool is to detect hostile attacks on our websites by distinguishing data entered by a human from data entered automatically by a machine. Use of this functionality is necessary for the provision of services offered by the Controller through contact forms. The legal basis is therefore Article 6(1)(f) GDPR — the legitimate interest of the Controller consisting in protecting the Website against spam, abuse and automated attacks. It is necessary for the provision of services. Otherwise, the website would not be sufficiently protected against automated spying, abuse and spam. The use of this solution is therefore also in the interest of the recipients of the services. The data entered is transmitted to Google for this purpose and processed there. The IP address and possibly other data used by Google to provide the service are transmitted to Google.

The use of Google reCAPTCHA is inseparably connected with Google Fonts. When Google reCAPTCHA is used, fonts are loaded by Google’s server without the possibility for us or the user to prevent this. Google Fonts are fonts provided by Google. Google Ireland Limited is responsible for the European area. Detailed information on data protection related to Google Fonts is available at https://developers.google.com/fonts/faq/privacy?hl=pl.

As a rule, no personal data other than that necessary for the use of Google reCAPTCHA is processed via Google Fonts. The legal basis for using Google Fonts in connection with the use of reCAPTCHA is the legitimate interest in protection against automated spying, abuse and spam.

In exceptional cases, your data may also be processed in countries outside the European Union that do not guarantee an adequate level of data protection, i.e. in so-called third countries. In such a case, in order to ensure an adequate level of data protection when transferring personal data, we take additional measures in accordance with Article 44 et seq. GDPR, which ensure the fundamental permissibility of data transfer, for example by concluding EU Standard Contractual Clauses.

More information on Google reCAPTCHA and the privacy policy can be found at https://www.google.com/recaptcha/intro/v3.html or https://www.google.com/privacy?hl=pl.

The data controller for such data processing is Google Ireland Limited. The following data is transmitted to the data controller for the purpose of independently providing services and “defending against hostile attacks”: your web request, IP address, browser type, browser language, date and time of the request, and one or more cookies that may identify your browser.

Please note that the use of contact forms involves the use of Google reCAPTCHA security mechanisms.

If you do not agree to the use of Google reCAPTCHA, please do not complete contact forms in which Google reCAPTCHA is used. If you wish to use our services without Google reCAPTCHA, please send us an e-mail or letter at any time, and we will handle your enquiry in another way.

Transfer of data outside the European Economic Area

In connection with the Controller’s use of services provided by technology suppliers, in particular Google Ireland Limited, personal data may be transferred outside the European Economic Area, including to the United States.

Data is transferred only in cases provided for by the GDPR and with the application of appropriate safeguards referred to in Articles 44–49 GDPR, in particular on the basis of:

a European Commission adequacy decision,

Standard Contractual Clauses, SCCs,

other mechanisms provided for by the GDPR.

Amendments to the Privacy Policy

This Privacy Policy is reviewed on an ongoing basis and updated where necessary. With each amendment, a new version of the Privacy Policy will appear on the Website together with an appropriate notice and will apply in its new wording from the date of notification of the amendment by placing it on the Website.

In order to obtain information on the method of personal data protection, the Controller recommends that Users regularly read the provisions of the Privacy Policy.

Date of last update: 15 June 2026.