Skip to main content

Privacy policy

By using our services or working with us, you may provide us with your data.

We understand that this is a great responsibility.

The following are details of the data being processed.

1. Controller / contact

The controller of your personal data within the meaning of Regulation 2016/679 EU of the European Parliament and of the Council of April 27, 2016. (hereinafter: “GDPR“) is. Mashav Management Sp. z o.o. with its registered office in Warsaw, at ul. Zielna 37, Building C, XII floor, 00-108 Warsaw, Poland („Controler”).

The controller of your personal data may be another Mashav group company. Each time we inform you about who is the controller of your personal data in a particular situation as part of our obligation to inform you when collecting your data.

If you need any further information concerning the processing of your personal data, please contact us by:

2. Purpose / bases of processing / data retention period

Purpose of processing

Legal bases and data retention period

If you contact us – support inquiries:
– via contact form
– via email

Article 6(1)(f) GDPR as the realization of the Controller’s legitimate interest in responding to requests and inquiries.

Personal data will be kept for the duration of the preparation and response to the addressees of the message. However, no longer than for a period of 3 years.

If you have entered into a contract with us or are preparing to enter into a contract with us – the conclusion and execution of a contract with a customer or contractor.

Art. 6(1)(b) GDPR processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract.

Personal data will be kept for the duration of the contract, and after the end of the contract until the expiration of the deadlines for claims arising from it, in general 3 years, to a maximum of 6 years.

If you have entered into a contract with us or are preparing to enter into a contract with us – the conclusion and execution of a contract with a customer or contractor.

Article 6(1)(f) GDPR as the realization of the Controller’s legitimate interest in servicing the contract.

The source of data collection is therefore your employer.

Personal data will be kept for the duration of the contract, and after the end of the contract until the expiration of the deadlines for claims arising from it, in general 3 years, to a maximum of 6 years.

If you are a recruitment applicant and respond to our recruitment advertisement.

Art. 6(1)(c) GDPR – fulfillment of the employer’s legal obligation as a personal data controller.

Art. 6(1)(a) GDPR – your consent to the processing of personal data beyond the regulations of the Labor Code.

We will keep the data collected in the current recruitment process until the end of the recruitment process. If you give us consent to process your personal data for future recruitment, your data will be maintained for a period of 6 months.

You will find more about this in each case in the recruitment advertisement.

If we’re in a dispute or enforcing a claim.

Article 6(1)(f) GDPR as the realization of the Controller’s legitimate interest in asserting or defending against claims.

Personal data will be kept for the duration of the proceedings in the scope of the asserted claims, i.e. until their legal conclusion, and in the case of enforcement proceedings until the final settlement of the asserted claims.

If you enter our premises, i.e., access control, including monitoring on the premises of the data controller for the purpose of increasing the security of the occupants and protection of property and maintaining the confidentiality of information.

Article 6(1)(f) GDPR as the realization of the Controller’s legitimate interest in conducting access control for persons on the Controller’s premises.

Personal data will be kept until an objection is raised, but no longer than one year.

Video recordings are processed only for the purposes for which they were collected, and stored for a period not exceeding 3 months from the date of the recording, unless the recording is evidence in a proceeding, in which case until the proceeding is finally concluded or until an objection is raised.

3. Data recipients

Recipients of personal data, i.e. entities to which the Controller may transfer personal data, may be:

  • state authorities or other entities authorized to access the data to the extent and for the purpose specified in specific legislation,
  • Polish Post Office and courier companies,
  • Banks in the case of the need to conduct settlements,
  • entities providing services to the Controller in support of its operations within the scope of the services provided, i.e., among others, IT service providers, auditing entities, entities providing accounting services, entities providing legal services – whereby such entities process data on the basis of an entrustment agreement and only in accordance with the Controller’s instructions,
  • entities within the Mashav group company.
4. Your rights

Each person whose data is processed in situations provided by law has the following rights to:

  • access your data and receive a copy of it,
  • rectify (amend) your data,
  • deletion of personal data,
  • restrict data processing,
  • data portability,
  • raise an objection,
  • withdraw consent to data processing, whereby such withdrawal shall not affect processing prior to the date of withdrawal.

Each person whose data is processed in situations provided by law also has the right to file a complaint with the President of the Office for Personal Data Protection. For more information on how to file a complaint, please visit: https://uodo.gov.pl/pl/p/skargi.

5. Transfer of data outside the EEA

The Controller does not transfer personal data outside the European Economic Area.

6. Obligation to provide data

Providing personal data is generally voluntary, however, it is necessary to, among other things: obtain an answer to a query sent to the Controller, conclude and perform a contract with the Controller. The Controller’s obligation to process data is a statutory requirement for recruitment processes.

Cookies Policy

Our website www.mashavenergia.com also uses cookies.

What are cookies?
  1. Cookies are IT data, in particular text files, which are stored on the final device of the service user. Cookies usually contain the name of the website from which they originate, the length of time they are stored on the end device, and a unique number.
  2. Cookies do not change the settings of the user’s device, do not use to install or uninstall any computer program. It is impossible for unwanted or malicious software to get into the user’s device through this way.
Purpose of collecting cookies

Website www.mashavenergia.com uses only basic, necessary cookies needed for its proper operation (e.g. to remember the selected language).

Types of cookies

The website uses two types of cookies:

  1. Session cookies – are stored on the user’s device and remain there until the session of a particular browser ends. The stored information is then permanently deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the user’s device.
  2. Permanent cookies – are stored on the user’s device and remain there until they are deleted. Ending the session of a given browser or switching off the device does not delete them from the user’s device. The mechanism of permanent cookies does not allow to collect any personal data or any confidential information from the user’s device.
Managing cookies

Activities related to collecting and sending cookies are handled by web browsers and are invisible to the site user. Changing the conditions for collecting or receiving cookies is possible by configuring the settings in web browsers. But this applies only to files other than those required.

Configuration of settings in web browsers

The user can change the use of cookies at any time. The options for managing and deleting cookies vary depending on the browser you’re using. Failure to change the cookies settings on the user’s browser means acceptance of their use.