In accordance with the provisions of the Data Protection Act, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation), hereinafter referred to as “GDPR”, Yellow Boson S.A. informs you that the controller of your personal data is: Rzymowskiego 53, 01-001 Warsaw, KRS No. 0000746465, NIP 5213838356, REGON 381139441. For any questions relating to the processing of your personal data, you can contact the data controller at:

Your personal data may be processed in accordance with the purpose for which it was collected, based on the following criteria:

article 6(1)(a) GDPR for one or more of the above purposes for which you have consented to the processing of personal data – to the extent included in the consent, unless the processing of personal data is based on another of the following grounds (e.g. consent to receive newsletters, registration for stationary events/trips organised by Yellow Boson S.A., e.g. training, and the provision of certificates/certificates of attendance);

6(1)(b) RODO for the purpose and to the extent necessary for the conclusion and performance of the contract to which the data subject is a party (only applicable in the case of the conclusion of a contract with Yellow Boson S.A. or the performance of acts at the request of the data subject prior to the conclusion of the contract), in particular the provision of services related to the shipment of the ordered goods, the preparation of accounting and customs documents, the processing of payments, the processing of complaints;

6(1)(c) of the VAT Act to fulfil the statutory obligations of the administrator, including obligations under the tax laws or other special laws (e.g. requirements for licensing and installation of gas appliances, requirements for filing documents, obligation to issue and keep accounting records);

6(1)(a) and (f) of the GDPR in order to respond to your request, call you back or deal with the matter with which you have contacted the controller, e.g. via a contact form, Facebook chat or email, for information and marketing activities, including direct marketing of the controller’s products and services, including via automated calling systems (in particular sending marketing and sales information about products, competitions, events, training, etc.), as well as invitations to events organised by the controller. direct marketing of products and services of the Controller, including via automated calling systems (in particular sending marketing and sales information about products, competitions, events, training, etc.), as well as invitations to events organised by the Controller.), as well as invitations to the Administrator’s events, advertising for the Administrator’s fan page), providing technical support for the Administrator’s products and services, checking your solvency and creditworthiness, e.g. when deciding whether to enter into a cooperation or grant a credit limit, as well as for securing payments due (guarantee agreements and other legal forms of security);

article 6(1), para. (f) RDPO for analytical and statistical purposes in accordance with the legitimate interest of the Administrator, which consists in particular in the need to carry out business and market analyses and to collect information on the preferences of business partners, inter alia. in order to develop or improve the products and services offered, to ensure the correct presentation of the content of the Operator’s website or profile on social networks, to ensure security and the possibility of rectifying any technical malfunctions, to control and analyse traffic on the website or Facebook fan page, to create personalised offers and advertisements, to display on the operator’s website data about the entities with which the operator cooperates, including indicating their location on a map, to record third-party visits to the company’s premises as part of preventive measures, e.g.. E.g. to prevent the spread of the COVID 19 epidemic;

6(1)(f) RDPO to protect the rights of Yellow Boson S.A., including the assertion or defence of claims, in particular the assertion of unpaid claims in the context of collection and legal proceedings.

If justified by the processing purpose mentioned above, your personal data may be transferred to third parties with whom the controller cooperates, such as: Providers of IT systems, hosting services, cloud services or other services related to IT systems and software, entities involved in the maintenance and technical operation of the controller’s website or email, monitoring and analysis of website traffic, administrators of social networks used by the controller, such as: Facebook, Instagram, LinkedIn, Twitter, companies providing services to Yellow Boson S.A.: e.g. accounting, legal, marketing, financial, accounting, tax, auditing, training, archiving, etc., postal service providers and couriers, banks for payment processing, debt collection companies, regional technical and commercial consultants, commercial agents, subcontractors (e.g. installation of photovoltaic systems), financial institutions offering financing to the company’s clients for the purchase of goods or services from Yellow Boson S.A.. (banks, leasing companies) and to bodies that are legally entitled to receive your data. As a general rule, your personal data will be kept for as long as necessary to fulfil the purpose for which it was collected, but at least for as long as required by the obligations imposed on the controller by law or until the expiry of the limitation period for any claims where the processing of personal data is necessary to enable the controller to bring, exercise or defend such claims. Subject to the foregoing, data processed on the basis of consent shall in principle be processed until consent is withdrawn or the activity to which the consent relates ceases, unless the controller has a compelling legitimate interest in the further processing which overrides the interests, rights and freedoms of the data subject.

The provision of personal data is mandatory where required by law and voluntary where necessary for the above purposes.

You can revoke your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out prior to the withdrawal, nor the possibility for the controller to process the data on another basis. Please revoke your consent in writing or by e-mail to:

In the cases provided for by law, you have the right to request information about the content of your personal data at any time, the right to rectification, erasure or restriction of processing, the right to object to processing and the right to data portability. You also have the right to lodge a complaint with the competent supervisory authority for the protection of personal data, i.e. the President of the Office for the Protection of Personal Data, if you believe that the processing of your personal data violates the provisions of the Personal Data Protection Act.

In order to provide its services at the highest level, the Administrator uses cookies. Using the Administrator’s website means that cookies are stored on your device. By using the Administrator’s website, you also consent to the processing of personal data transmitted electronically. When you visit the website for the first time, you will be asked to agree to the administrator’s use of cookies. You can change the settings of your web browser or mobile device, including the settings for cookies, at any time and define the conditions for storing cookies and the extent of their use.

The administrator uses two types of cookies:

– performance cookies (which collect information about how visitors use the website, e.g. the most frequently visited pages or error messages, etc.)

– functional (storage of user settings, e.g. language, consent, etc.), e.g.

via cookies – are used to compile statistics for the website;

o cookies – used to determine how users use the website;

o Session cookies – this is temporary information that is stored in the browser’s memory until the session ends.

Third party websites, sometimes linked to the Administrator’s website, may use cookies other than those mentioned above, in particular to enable logging and the provision of advertising that corresponds to the user’s preferences and behaviour. Examples of such cookies are:

– on – including user preferences and number of clicks;

– and – to allow you to log in, and cookies that advertisers use to personalise content and advertising formats.

Most web browsers allow you to: delete cookies from your computer’s hard drive (via the browser settings), block all cookies from being sent, or set a warning before a cookie is stored. However, please note that changing the settings of these files by restricting their use may affect some of the features available on the websites that use them, for example by preventing you from logging into your email account. If you do not change these settings, you agree to the use of cookies.