Chi siamo

Information on the Controller of Personal Data


This notice concerns the rules for the collection and processing of personal data by the WhitePress Group, which is the Controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter also referred to as GDPR).

I. General information

Controller - jointly WhitePress Sp. z o.o. with its registered office in Bielsko - Biała (43-300), at ul. Legionów 26/28, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Bielsko - Biała, 8th Commercial Division of the National Court Register, under KRS number 0000651339, NIP: 9372667797, REGON: 243400145, and other companies from the WhitePress Group.

WhitePress Group - the controlling company and the companies controlled by it, comprising: WhitePress Sp. z o.o. (Poland), WHITEPRESS S.R.L. (Romania), WhitePress Kft. (Hungary), WhitePress s.r.o. (Slovakia), WhitePress s.r.o. (Czech Republic), WhitePress BV (the Netherlands), WhitePress Publishing LTD (United Kingdom), WHITEPRESS REKLAM TEKNOLOJİLERİ ANONİM ŞİRKETİ (Turkey).

GDPR or Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

II. Purposes of processing and legal basis for processing personal data

Your personal data is processed by the Controller for:

  • necessary for pre-contractual action and for the performance of the contract, if a contract has been concluded, on the basis of Article 6(1)(b) of the GDPR;
  • fulfilment of legal obligations, including in particular tax law and the Accounting Act, on the basis o Article 6(1)(c) of the GDPR;
  • to assert or defend against possible claims, and as part of the Controller's legitimate interest, on the basis of Article 6(1)(f) of the GDPR;
  • your consent to the processing of your personal data, on the basis of Article 6(1)(a) GDPR.

The Controller may process the following categories of your personal data - name, surname, address, telephone number, e-mail address, TAX no., personal no. and other data provided to the Controller.

III. Recipients of data

Your personal data may be made available to other entities authorised by law or by contracts concluded with the Controller, including the Controller's business and commercial partners - such as advertisers, telecommunications companies, postal operators, carriers, companies printing correspondence or handling the correspondence received, companies archiving documents, partners providing technical services (e.g. development and maintenance of IT systems and websites), technical contractors, entities providing legal or accounting services.

IV. Information on transfers of data to third countries

Your data may be transferred to WhitePress Group companies based outside the European Economic Area. In accordance with Article 47 of the GDPR, the WhitePress Group uses uniform, approved, binding internal data protection rules to guide the processing of personal data within each Group company. In accordance with the Regulation, the application of uniform internal data protection policies and procedures enables the transfer of data between members, even when the company is located outside the EEA.

Due to the Controller's use of modern technological tools and solutions, your personal data may be transferred to a third country (i.e. a country outside the European Economic Area) or an international organisation in a situation where the servers of the providers of such tools and solutions are located outside the EEA (e.g. in the USA). In such a situation, your personal data may be transferred to a third country, however, only where the Controller and the data processor meet the conditions set out in Chapter V of the GDPR.

In the case of data transfers to the USA, the data protection guarantee, based on a decision of the European Commission, is the approved EU-US Data Privacy Framework (Data Privacy Framework), the content of which is available at

For more information on the possible transfer of your data to a third country or international organisation, please contact the Controller.

V. Period of retention of personal data

Personal data will be processed (including stored) until the legal basis for their processing expires (respectively: the performance of a contract, the fulfilment of obligations under specific legislation or the withdrawal of consent to data processing) or the expiry of the data retention period resulting from the applicable legislation, but not lessthan until the expiry of claims to which you or the Controller are entitled in connection with the legal relationship under which your personal data are processed.

VI. Your rights

We would like to inform you that under the GDPR you have the right:

  1. access to their data and receive a copy of their data;
  2. rectification (amendment) of your data;
  3. request the deletion of data by the Controller;
  4. request the restriction of data processing by the Controller;
  5. to object to the processing of data;
  6. lodge a complaint with the supervisory authority responsible for personal data security - Data Protection Authority or with the supervisory authority of another European Union Member State;
  7. to withdraw consent to the processing of your data, insofar as the processing is based on your consent, whereby the withdrawal of consent shall not affect the processing activities undertaken by the Controller prior to the withdrawal of consent.

VII. Contact with the Controller

Contacting the Data Protection Officer of the WhitePress Group, including in order to exercise your rights, is possible via email, by sending an email to: .

VIII. Information on profiling and automated decision-making

Your personal data will not be processed by the Controller by automated means, including profiling, and no automated decision-making will be carried out by the Controller in relation to your data.