Skip to main content

Privacy Policy

Last updated: February 27, 2026

Data Controller

The controller of your personal data is TW Tłuszcz Spółka jawna, ul. Czerwionki 5a, 59-940 Czerwona Woda, Poland, NIP: PL6151897675, KRS: 0000198790, email: [email protected], tel.: +48 602 522 703.

Purpose of data processing

The User's personal data is processed to ensure the security and availability of the website (Cloudflare), for diagnostics and threat detection (server logs), and to display the company location (Google Maps).

Types of data processed

The website uses "cookies" technology, i.e., text files placed on the User's device, solely for technical purposes necessary for the proper functioning of the website (session handling and protection against CSRF attacks).

Legal basis for processing

Personal data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest of the Controller — ensuring the security and availability of the website and displaying the company location).

Data retention period

Session cookies are deleted when the browser is closed. The Cloudflare cookie (__cf_bm) expires after 30 minutes. Server logs are stored for 14 days and then automatically deleted.

Your rights regarding personal data processing

  1. Right of access to your personal data and the right to rectification, completion, and updating.
  2. Right to request immediate deletion of personal data — without giving a reason.
  3. Right to restriction of data processing.
  4. Right to object to data processing.
  5. Right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office in Poland).
  6. Right to data portability — to receive your data in a structured format and to transmit it to another controller.

Right to object

As your personal data is processed on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to the processing of your personal data. You can submit your objection by sending a message to: [email protected]. Upon receiving the objection, the Controller will cease processing data for the contested purpose, unless there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject.

Security

The Controller has implemented internal procedures in accordance with GDPR requirements to ensure effective protection of the User's personal data.

Cookies

The website uses only essential cookies necessary for the proper functioning of the website:

  • Session cookies — used for User session handling and deleted when the browser is closed.
  • __cf_bm (Cloudflare) — bot protection cookie, expires after 30 minutes.

Server logs

The server automatically records technical information (logs), such as IP address, access time, browser type, and requested URL. Logs are stored for 14 days and are used solely for diagnostic and security purposes. Legal basis: Art. 6(1)(f) GDPR (legitimate interest — ensuring the security and continuity of the website).

Google Maps

A Google Maps map is available on the contact page. The map is loaded only after the User's conscious decision (clicking the "Load Google Map" button). After loading the map, the User's browser connects to Google LLC servers, which involves the transfer of IP address and browser data. Legal basis: Art. 6(1)(a) GDPR (User consent given by clicking).

Cloudflare (CDN and protection)

This website uses services provided by Cloudflare Inc. (USA) for DNS, content delivery network (CDN), DDoS protection, and SSL/TLS certificates. All network traffic passes through Cloudflare servers, which means Cloudflare processes users' IP addresses, HTTP headers (e.g., browser information), and traffic data. Cloudflare may also set technical cookies (e.g., __cf_bm). Cloudflare acts as a data processor on behalf of the Controller. Legal basis: Art. 6(1)(f) GDPR (legitimate interest — ensuring website security and availability). More information: Cloudflare Privacy Policy (https://www.cloudflare.com/privacypolicy/) and Data Processing Agreement (https://www.cloudflare.com/trust-hub/gdpr/).

Data recipients

Personal data may be disclosed to the following categories of recipients: Cloudflare Inc. (CDN, DNS, DDoS protection), mikr.us (hosting, servers in Finland — EU), Google LLC (Maps), and public authorities in cases provided by law.

Data transfer to third countries

Due to the use of Google services (Maps) and Cloudflare (CDN, DNS, DDoS protection), personal data may be transferred to the United States. The transfer is based on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCC) approved by the European Commission.

This website uses essential cookies necessary for the proper functioning of the website. Read more.