Privacy policy

CRESTT Sp. z o.o. with its registered office in Warsaw

In this document we present the most important information on the principles for the processing of personal data in Crestt Sp. z o.o., we indicate and explain for what purposes we do it, on what legal basis, and how long we store it. We also inform what rights belong to persons whose data we process.

Who is the controller of your personal data

The controller of your personal data is Crestt Sp. z o.o. with its registered office in Warsaw, Rejtana Street 17, 02-516 Warsaw entered by the District Court for the Capital City of Warsaw Commercial Court, XIII Commercial Division of the National Court Register into the Register of Entrepreneurs under KRS number: 0000673872, NIP: 522-308-93-47 (“Crestt”).

You can contact us by post to the abovementioned address of the registered office or via e-mail to the following e-mail address:

Crestt as a data controller makes the utmost care to meet the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and in this way protect your personal data.

Purpose, legal basis and duration of processing of your personal data

As part of its activities Crestt may collect and process your personal data:

  • for purposes resulting from legitimate interests pursued by Crestt as a data controller:

  • in order to answer the question provided by you in the contact form on our website,

  • in order to protect against claims in relation to the conducted activities,

  • in order to inform about events organized by Crestt and Crestt’s activities,

(the legal basis: Regulation, article 6 paragraph 1 letter a and f)

In the above cases your data will be processed until the question provided in the contact form is answered, and then for 3 years to protect against possible claims.

In the event that a dispute is pending or proceedings are pending, in particular court proceedings, the processing period will be counted from the date of the conclusion of the dispute or the final termination of proceedings.

  • in order to perform contracts concluded by Crestt in the framework of our economic activity with our clients, suppliers and other entities cooperating with us:

(the legal basis: article 6 paragraph 1 letter b of GDPR)

In the above case, your data will be processed for the period of cooperation and for the period provided for by law in order to protect against possible claims.

  • in order to recruit people interested in working or cooperating with Crestt

(the legal basis: article 6 paragraph 1 letter a and b of GDPR)

In this case, your data will be processed during the recruitment period and if you consent – for the purposes of future recruitment for the period declared in a separate statement.

  • in order to fulfill the legal obligations incumbent on Crestt

(the legal basis: article 6 paragraph 1 letter c of GDPR)

We process only such of your data which are necessary to achieve the purposes described above. If Crestt wants to process your personal data for other purposes – not indicated above – you will be informed about it separately.

Transfer of personal data to other entities

The recipients of your personal data may be our contractors, service providers, other entities processing data on behalf of Crestt on the basis of a contract for entrusting the processing of personal data, as well as auditors, lawyers, advisers and consultants cooperating with us.

These entities operate on the basis of entrustment agreements and on a par with Crestt are obliged to protect personal data.

Personal data may be transferred to a third country (outside the EEA) if the Data Administrator’s service provider is established there. Due to the possibility of transferring the User’s data outside the EEA, the Administrator made sure that the suppliers guarantee a high level of personal data protection. Data may also be transferred to public authorities, but only if they are authorized to do so by applicable regulations. In no case does the transfer of data release the Administrator from responsibility for their processing.

The rights of persons whose personal data we process

You have the right to access your data, the right to obtain a copy of the data, and also the right to request rectification and – in certain cases – to delate or limit their processing.

Persons whose data we process on the basis of our legitimate interest may object, stating that they do not want us to process on this basis their personal data.

As a controller we will not disclose your data to unauthorized persons. Therefore, if Crestt has doubts that the person who for example asks for access to data or request their deletion, is actually the person whose data we process, we may ask them for additional information.

Data Protection Inspector

Please be advised that Crestt has appointed a Data Protection Officer, who can be contacted at the following email address

The right to lodge a complaint with PUODO

Where you consider that your rights were infringed, you are entitled to a complaint to the President of the Personal Data Protection Office.

Cookie files

  1. The website uses cookies.

Cookie files (so called “cookies”) are information technology data, in particular text files, which are stored on the Website User’s terminal device and are intended for the use of the Website’s pages. Cookies usually contain name of a website, from which they originate, time of their storage on the terminal device and a unique number.

  1. The entity placing cookies on the Website User’s terminal device and obtaining access to them is the Website Operator.

  1. Cookies files are used for the following purposes:

  • Creating statistics that help to understand how the Website Users use websites, which allows to improve their structure and content.

  • Maintaining the Website User’s session (after logging in), so that the User does not have to re-enter the login and password on each subpage of the Website.

  1. Within the framework of the Website two basic types of cookie files are used: “session” (session cookies) and “persistent” (persistent cookies). Session cookies are temporary files, that are stored on the User’s terminal device until logging out, leaving the website or disabling the software (web browser). Persistent cookies are stored on the User’s terminal device for the time specified in the cookie files parameters or until the User deletes them. Software for browsing websites (web browser) usually allows storage of cookie files on the User’s terminal device by default. The Website Users may change the settings in this regard. A web browser allows to remove cookie files. It is also possible to block cookie files automatically. Detailed information on this subject is included in the help or documentation of the web browser. Restrictions of the cookies files may influence on some functionalities available on the Website pages.

  2. Server logs.

Information about some of the behaviors of Users are subject to logging in the server layer. These data are used only to administer the website and to ensure the most efficient service of the hosting services provided. The browsed resources are identified by URLs. In addition, the following may be saved:

  • The time of request.

  • Date of response.

  • Name of the client’s station – identification realized by the HTTP protocol.

  • Information about errors which occurred during the execution of the HTTP transaction.

  • URL address of the webpage visited earlier by the user (referrer link) –if the Website was entered via a link.

  • Information about the user’s browser.

  • Information about the IP address.

The above data are used only for the purposes of server administration.

  1. The provision of data.

The data is made available to external entities only within legally permitted limits.

The data enabling the identification of a natural person are made available only with the consent of that person.

The operator may be required to provide collected by the Website to authorized bodies of the basis of their legitimate requests to the extent resulting from the request.

  1. Managing cookie files – how to give and withdraw consent in practice?

If the does not want to receive cookie files, they may change the browser setting. We inform that disabling cookie files that are necessary for the authentication processes, safety, maintain user’s preferences may hinder, and in extreme cases may prevent the use of websites.

Information on the settings of web browsers is available in its menu (help) or on the website of its producer.