Privacy Policy

Privacy Policy


Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as ” GDPR “).

I. Scope and objectives

1. The following Policy will apply to the Eiffage Group companies in Poland, ie Eiffage Polska Budownictwo S.A. with a seat in Warsaw, Eiffage Polska Serwis sp. o.o. with a seat in Warsaw, Eiffage Immobilier Polska sp. o.o. with a seat in Warsaw,  hereinafter jointly referred as the “Administrator”.

2. The security of personal data means that they are protected against all threats in order to ensure business continuity, minimize risk and maximize return on business opportunities. This security is achieved through the use of numerous technical and organizational measures.

3. Maintaining the security of processing the personal data is understood as ensuring its confidentiality, integrity, availability and accountability, whereby:

a) a) confidentiality is understood as ensuring that only authorized persons have access to information,
b) b) integrity is understood as ensuring the accuracy and completeness of information and methods of its processing,
c) c) accessibility is understood as ensuring that authorized persons have access to information and related resources when it is needed,
d) Accountability is understood as ensuring that the performed activity can be clearly assigned to a specific entity.

4. The Administrator undertakes permanent actions aimed at ensuring the legality of processing and improving the security of personal data processed in his possession and entrusted to him for processing by other entities on the basis of contracts.

5. The purpose of the Policy is to define the rules and procedures that should be followed to comply with legal requirements and ensure the security of personal data.

6. The overall activities covered by the Policy should be treated as an action aimed at protecting the privacy of persons whose data is processed.

II. Obligation to inform and request data

1. While obtaining data, the Administrator informs the person about the processing of his data.

2. Every person whose data is processed by the Administrator has the right to:

a) demand the access to data and information about its processing,
b) receive a copy of the data,
c) correct data (updating and correcting),
d) delete data,
e) limit of data processing,
f) transfer of data,
g) object to the processing of data.

3. All matters related to the protection of personal data can be reported as follows:

a) by email:
b) by post: “Eiffage Polska Serwis Sp. z o.o. with a seat in Warsaw at Domaniewska 28, 02-672 Warsaw, “RODO”.

III. Providing and entrusting data processing

1. Administrator provides personal data in situations specified by law or to the other entities prior to your knowledge and consent.

2. Your personal data will be processed until you withdraw your consent to their processing, if the processing of your personal data, based on your consent (legal basis: Article 6 paragraph 1 letter a), or the GDPR).

3. The recipients of your personal data may be:

a) Employees and associates of the Administrator,
b) entities providing services to the Administrator, in particular IT, marketing and telecommunications services, to which the Administrator will entrust the processing of personal data.

4. Your personal data will not be transferred to third countries, i.e. countries with a seat outside the European Economic Area.

5. You have the right to request access to your personal data, rectification, deletion, restriction of their processing, as well as the right to transfer data.

6. You have the right to object to the processing of personal data for direct marketing purposes.

7. You have the right to withdraw your consent to the processing of data at any time without affecting the legality of the processing which was carried out on the basis of consent before its withdrawal.

8. You have the right to file a complaint with the supervisory body dealing with the protection of personal data (the President of the Office for Personal Data Protection).

9. Providing personal data is voluntary. The consequence of not providing this data will be the inability to process your personal data for direct marketing of products and services.

10. The Administrator carries out the automatic processing of personal data (profiling), including information about your activity on the website, in order to provide you with information about products and services that you may be most interested in purchasing. However, the decision to provide specific information is made by the Administrator’s employee, ie it is not only an automated decision.