Polskie Bazy Firm
English
Polski English Українська
Database generator
Database generator
Language selection
Polski English Українська
Legal document

Privacy policy

This document explains how accounts, checkout, samples, dashboards, and security logs work. It must align with GDPR, the Polish Electronic Communications rules, e-services law, and local disclosure duties.

Personal Data Controller

The controller of your personal data processed on polskiebazyfirm.pl is Polskie Bazy Firm, iod@bazafirm.online. For data protection matters, contact us at iod@bazafirm.online.

What Data We Process and for What Purpose

User account data

We process your email address, password hash, role, and account verification date. Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract for the provision of electronic services). Account data is stored until the account is deleted.

Order and payment data

We process order history, filter snapshots, net/gross amounts, payment status, and Stripe session identifiers. Legal basis: Art. 6(1)(b) GDPR (performance of a sales contract) and Art. 6(1)(c) GDPR (tax obligation). We retain order and invoice data for 10 years from the end of the fiscal year.

Technical data and security logs

We collect IP addresses, User-Agent headers, event timestamps, and session identifier hashes. Legal basis: Art. 6(1)(f) GDPR (legitimate interest — system security and abuse detection). Security logs are retained for 24 months.

CSV sample data (sample downloads)

We process email address, filter hashes, download token, and timestamps. Legal basis: Art. 6(1)(a) GDPR (consent). Data is retained for 2 years from the sample download or until consent is withdrawn.

Marketing data and newsletter

We process your email address and communication preferences solely on the basis of your consent (Art. 6(1)(a) GDPR and Art. 10 of the Act on the Provision of Electronic Services). You may withdraw consent at any time (via the "Unsubscribe" link in the footer of each email or in the user panel).

Data Recipients

Your data may be disclosed to the following categories of recipients:

  • IT service providers (hosting, cloud, database infrastructure)
  • Payment operator Stripe Inc. (USA) — transfer based on Standard Contractual Clauses (SCC) and data processing agreement
  • Accounting office / tax advisor (to the extent necessary for bookkeeping)
  • Law firms (in the event of a legal dispute)
  • Public authorities — solely on the basis of applicable law
  • After purchasing a database: you become the controller of the contact data of companies contained in the database, in accordance with separate licence terms

Your Rights (Art. 15–22 GDPR)

You have the following rights, which you may exercise via the user panel or by email:

  • Right of access (Art. 15 GDPR) — you may check what data we process
  • Right to rectification (Art. 16 GDPR) — you may correct outdated data
  • Right to erasure (Art. 17 GDPR) — you may request account deletion
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR) — we will send you an export of your data
  • Right to object (Art. 21 GDPR) — particularly to marketing
  • Right to withdraw consent at any time

Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, tel. +48 22 531 03 00, email: kancelaria@uodo.gov.pl.

Controller Status After Database Purchase

After purchasing a company database, you become the controller of the personal data contained in that database to the extent that you use it for your own business purposes (e.g. cold outreach). The data originates from public registers CEIDG, KRS, and REGON, but its further use requires compliance with the GDPR. See our guide "How to Use a B2B Database Legally".

Cookies

Our Service uses cookies for essential functionality (session, security), analytics (optional, with consent), and marketing (optional, with consent). Detailed information is available in the Cookie Policy.

Document Versioning

This privacy policy is versioned. Each change receives a new version number and publication date. Previous versions are archived. We notify you of material changes 14 days in advance via email and a notice in the user panel.

  • Version: 2026-06-05-v1
  • Publication date: 5 June 2026
  • Last updated: 5 June 2026
Back to generator Terms and conditions Cookies policy
Custom database

Build a fresh lead database from the filters you actually need.

Choose industry, city, contact type and record count. You pay only for matching leads, from 0.19 PLN per lead.

CEIDG, KRS and REGON sourcesCSV/XLSX exportEmail and phone filters
from 0.19 PLN / lead
Generate your database