Privacy Policy

Pursuant to Article 13(1) and 13(2) and Article 14 of the General Data Protection Regulation of 27 April 2016 (GDPR), please be advised that:


The Controller is Grow Poland sp. z o.o. with its registered office in Warsaw at ul. Cybernetyki 7, NIP 5252613354.

Our contact details are available on the website:


We process only the data that has been provided to us on at least one of the following bases:

  1. in connection with the performance of a contract or in order to take steps necessary for entering into a contract (Article (6)(1)(b) of the GDPR);
  2. in connection with the voluntary consent of the person whose data we process (Article (6)(1)(a) of the GDPR);
  3. in connection with the legitimate interest pursued by the controller (Article (6)(1)(f) of the GDPR), in particular, providing information on new products and services as well as to improve the quality and efficiency of services and for the processing of cookies.

Personal data shall be processed for the purpose of:

  1. entering into a contract;
  2. performing the obligations under the contract;
  3. performing the obligations under the law;
  4. marketing of own services (e.g. sending commercial information and newsletters);
  5. preparing statistics, statements, summaries as well as for historical and archiving purposes;
  6. with respect to recipients of invoices – in order to obtain payment of the invoice.

We do not use profiling as defined in the GDPR or make automated decisions based on such profiling.


Because we provide IT services including the integration of IT systems, we have access or the ability to access the databases processed by our customers and partners.

Please be advised that we meet the organisational and technical requirements for the protection of data to which we have access, and in particular we fulfill the requirements described in Article 32 of the GDPR.

The persons designated to work on databases act on the basis of our authorisation and at our request, have received training with respect to the protection of personal data and are obliged to keep confidential all the information to which they have received access in connection with the processing of personal data.

The personal data shall be processed only at a request of the entity providing the data to us, whereas such request shall also include an agreement obliging us to take steps that require the processing of the databases provided to us.
The data shall be processed solely for the purpose specified in the contract under which the data has been provided and to the extent and for the period necessary for the implementation of this contract.

If need be, we shall also take all reasonable steps to support the customer providing the data to us in the implementation of its obligations under Articles 32-36 of the GDPR.

In the performance of services, we use the help of other companies. In order to properly perform the order, we transfer the data obtained from our customers to our subcontractors, only to the extent necessary to perform the service.


The recipients of your data may be government offices and public authorities acting under the law and within the scope of their competence as well as the Polish Post and courier companies – for the purpose of dispatching correspondence. Your data may be provided to other institutions or companies performing the tasks based on our authorisation that require access to some of your personal data, insofar as these tasks are related to the contract concluded with us.

In addition, the recipients of your data may be the companies and entities indicated directly by you, to the extent described in the contract or business arrangements.


We process mainly the identification and contact details of the persons representing our customers as well as the data of the persons indicated on the invoices received under the contract, to the extent described therein. With respect to the persons who provided their data to us only in order to receive commercial information – we process only the data that has been provided by such persons (mainly an e-mail address).

As regards the data provided to us by our customers – the categories of the data being processed are specified in the contract or business arrangements with the customer.


On our websites we register cookies. These are small files created on a local disk of the computer of the persons visiting our pages to which we have access. These files provide statistical data and information on the activity of users of our websites, allowing us to improve the quality and efficiency of the website.

Cookies also store the data from forms or individual user settings.
Personal data can also be registered in the cookies – e.g. a static IP number or the data filled in by the users in the forms available on websites.

Cookies can be disabled in your web browser, as described in the browser documentation. Disabling cookies may limit some of the functionalities of our website. Further information on cookies can be found on the Internet (e.g. at:

The website of Grow Poland contain links to other websites. However, we cannot be held responsible for the practices used by these website with respect to the protection of personal data as well as the information collected by the controllers of these websites in connection with user activity. Each user should for their safety read the privacy policy of other sites.


We shall process the personal data for a period corresponding to the period of limitation for claims that may arise out of the contracts or steps taken in accordance with the regulations that apply in this respect.

If data has been received on the basis of a voluntary consent, we process such data until the consent has been withdrawn or the purpose for which consent was given has ceased to exist.
In the case of the data entrusted to us by the customer, the customer specifies the period of processing and if none is specified, the data shall be deleted or returned after the purpose for which the data was entrusted to us has been achieved. If we receive from the entity that has provided the data a request to cease the processing or return the data, we shall do so immediately.


Each person whose data we process has the right to access their data and the right to rectification, restriction of processing or erasure of data by contacting the controller at:

Such person may also object to the processing of their personal data.

Anyone who has given their consent to our processing of their personal data, has the right to withdraw this consent at any time without affecting the lawfulness of the processing carried out prior to its withdrawal. Such instruction shall not be effective with respect to the data that we are obliged to process in accordance with the contract, law in force or for the purpose of our legitimate interest.

Anyone who believes that our processing of personal data violates the law has the right to lodge a complaint with the President of the Office for Personal Data Protection (PUODO).