In connection with its business activities, KC Consulting Sp. z o.o. (referred to as the “Controller”) collects and processes personal data in a manner consistent with applicable regulations, including in particular Regulation of the European Parliament and of the Council (EU) 2016/679 of April 7, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC.


  • collects personal data only to the extent necessary for the purpose indicated and processes it only for the period in which it is necessary,
  • ensures transparency in the processing of personal data,
  • in the process of personal data processing ensures their security and confidentiality as well as access to information about this processing for data subjects.

The Controller also ensures the confidentiality of all personal data provided to him. It ensures that appropriate security measures and personal data protection required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.

This Privacy Policy sets out how we process personal data and ensure the application of applicable law.

Personal Data Controller

The Controller of your personal data is KC Consulting sp.z o.o. with its registered office in Gostyń (63-800), ul. Strzelecka 1, entered into the Register of Entrepreneurs of the National Court Register under the number 0000429301, NIP: 6961876446, REGON: 302174315, whose registration files are kept at the District Court Poznań-Nowe Miasto in Poznań, 9th Commercial Department of the National Court Register.

Contact with the Controller

You can contact the Controller directly at: or by phone at +48 65 614 16 34.

Purpose of data processing

The purpose of processing your data may be:

  1. Taking action at your request to conclude a cooperation agreement,
  2. Answering your inquiries using the contact form,
  3. Direct marketing of our services,

Legal basis:

Depending on your activities, the legal basis for data processing may be:

  1. The contract or actions taken at your request, aimed at its conclusion (art.6 par.1 letter b RODO),
  2. a legal obligation incumbent on the Controller, e.g. related to accounting (art.6 par.1 letter c RODO),
  3. The Controller’s legitimate interest in processing:
  • to determine, pursue or defend any claims,
  • for direct marketing,
  • for analytical purposes.



The Controller’s website uses “cookies”.

Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system (own cookies) or the ICT system of third parties (third party cookies).

Some of the cookies we use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the site (persistent cookies).

Our Website, like most websites, uses so-called cookies. These files:

  • they are saved in the memory of your device (computer, telephone, etc.);
  • do not change the settings of your device.

On this Website, cookies are used for the purposes of:

  • statistics
  • marketing

To learn how to manage cookies, including how to turn them off in your browser, you can use the help file of your browser. You can read the information on this subject by pressing the F1 key in your browser. In addition, appropriate tips can be found on the following pages, depending on the browser you are using:

Cookies will not be processed by us for more than 15 minutes from the last visit to the Website.

By using the appropriate options of your browser, you can at any time:

  • delete cookies,
  • block the use of cookies in the future.

In these cases, we will no longer process them.

You can find more information about cookies on Wikipedia.

Data recipients

Your personal data may be processed by entities whose services we use and whose services involve or may involve the processing of personal data. These are in particular the following entities:

  1. hosting provider * – your personal data is stored on the server,
  2. email service provider * – your personal data is processed as part of electronic mail,
  3. cloud software providers, such as mailing, invoicing, accounting, CRM * systems – your personal data is processed as part of the software,
  4. virtual cloud service provider * – files containing your personal data may be stored in the cloud,
  5. courier companies and postal operator – these companies process your personal data for delivery to your parcel with a contract,
  6. accounting office – the office processes your personal data contained on invoices and other accounting documents,
  7. law office – the law firm may gain access to your personal data if it is necessary to provide legal services to us,
  8. entity providing website maintenance services – this entity may access your data in connection with technical work in those areas in which data is processed,
  9. entity providing marketing services – this entity may gain access to your personal data to the extent necessary to implement the marketing activities entrusted to it,
  10. Contractors and clients for whom we provide services related to recruitment, job placement and employee sharing,
  11. other subcontractors – we work with various subcontractors who may have access to your personal data if they provide services in the field related to such access.

* In connection with the above, your personal data may also be processed by entities outside the European Union. The right level of protection for your data, including through the use of appropriate safeguards, is ensured by the Participation of these entities in the EU-US Privacy Shield established by the European Commission implementing decision as a set of rules guaranteeing adequate protection of your privacy.

Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement and accounting obligations. In particular, all declarations, reports, reports and other accounting documents that contain your personal data.

In addition, if necessary, your personal data may be disclosed to entities, bodies or institutions authorized to access data on the basis of legal provisions, such as police, security services, courts, prosecutors.

Data processing period

The processing period for your personal data will vary depending on the type of data and the purposes of processing. The period of data processing may also result from the provisions where they constitute the basis for processing. In a situation where processing takes place on the basis of consent, the data is processed until its withdrawal. In the case of data processing on the basis of the Controller’s legitimate interest – e.g. for security reasons – the data are processed for a period enabling its implementation or for filing an effective objection to data processing. If the basis for processing is necessary to conclude and perform the contract, the data will be processed until its termination. The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after that period, only if and to the extent that this is required by law. After the processing period, the data is irreversibly deleted or anonymized.


The GDPR grants you the following potential rights related to the processing of your personal data:

  1. the right to access your data and receive a copy thereof,
  2. the right to rectify (amend) your data,
  3. the right to delete data (if you think there are no grounds for us to process your data, you have the right to request their removal).
  4. The right to limit data processing (you can request that we limit the processing of data only to their storage or performance of activities agreed with you, if in your opinion we have incorrect data or we process it unreasonably).
  5. the right to object to data processing (you have the right to object to data processing on the basis of a legitimate interest; you should indicate the specific situation that you think justifies our cessation of the objection processing. We will stop processing your data for these purposes, unless that we demonstrate that the grounds for our data processing prevail over your rights or that your data is necessary for us to determine, assert or defend claims),
  6. the right to transfer data (you have the right to receive from us in a structured, commonly used machine-readable format personal data that you provided us on the basis of a contract or consent; you can have us send this data directly to another entity),
  7. the right to file a complaint to the supervisory body (if you find that we are processing data unlawfully, you may file a complaint to the President of the Office for Personal Data Protection or other competent supervisory body).

The rules related to the implementation of the abovementioned rights are described in detail in art. 16 – 21 GDPR. We encourage you to read these regulations. For our part, we consider it necessary to clarify that the abovementioned rights are not absolute and will not be applicable to all processing of your personal data.

We emphasize that you always have one of the rights indicated above – if you believe that we have violated the provisions on the protection of personal data when processing your personal data, you have the opportunity to lodge a complaint with the supervisory body (the President of the Office for Personal Data Protection).

You can always ask us to provide information about what data we have about you and for what purposes we process it. All you have to do is send a message to We have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address provided above if you have any questions related to the processing of your personal data.

Voluntary submission of data

In most cases, you are not required to provide us with personal data. In some situations, the obligation to provide specific data results directly from the provisions of law, above all it concerns data necessary to fulfill tax obligations. However, if you do not provide your data, we may not be able to enter into a contract, provide an adequate level of service or answer your queries.

Data integrity and confidentiality

In order to ensure data integrity and confidentiality, KC Consulting Sp. z o.o. applies procedures enabling access to personal data only to authorized persons and only to the extent necessary due to the tasks they perform. The Controller applies organizational and technical solutions to ensure that all operations on personal data are recorded and carried out only by authorized persons. KC Consulting Sp. z o.o. he also takes all necessary steps to ensure that his associates and subcontractors also guarantee the use of appropriate security measures whenever they process personal data on behalf of the Controller. KC Consulting Sp. z o.o. carries out an ongoing risk analysis and monitors the adequacy of the data safeguards used for the identified threats. If necessary, the Controller implements additional measures to increase data security.