Privacy Policy

Privacy Policy
  1. Who we are

The Data Controller for your personal information is C&F S.A. (C&F), with its main office at 50, Domaniewska Street in Warsaw, Poland. If you wish to exercise your rights or learn more about what C&F does with your data, email us at or via traditional mail at the above address.

  1. What data we process
    1. data you gave us directly: your name, email address, the name of your organization, phone numbers, website addresses etc. that you entered in our contact forms or by contacting us about our offerings, or in face-to-face contact with our representatives;
    2. data from publicly available sources, like your company’s website or your LinkedIn profile;
    3. data that is collected automatically, generated or stored in systems administered by C&F, such as your login to our systems; also, data generated by the servers of our websites;

We never process any other data, nor do we collect more data than is necessary to pursue legally justified goals.

  1. Why we process your data
    1. multi-channel marketing of our products and services;
    2. the carrying out and financial settling of our mutual contracts;
    3. fulfilling C&F’s legal duties, including those related to ensuring secure personal data processing.
  1. Legal basis for data processing

Personal data can only be processed within limits set by the law, which in our case is the GDPR. When C&F processes your data, one or more of the following is true:

  1. you gave us express permission to do so;
  2. the processing is necessary to carry out a contract that you are a party of, or to complete activities necessary before such a contract can be signed;
  3. the processing is necessary to protect your interests;
  4. the processing is necessary for C&F to fulfill duties imposed on it by the law;
  5. the processing is necessary to pursue C&F’s legally justified goals, which includes the marketing of our products and services.
  1. How long we process your data

We only process your data for as long as it is necessary and legally allowed, and in particular:

  1. until you expressly retract your consent, or until it expires if it was given for a specified period;
  2. until you protest against your data being processed by us;
  3. until any other legal basis for the processing expires;
  4. in all other cases – no longer than for 3 years, unless before than time you assure us of your continued interest in our products and services.
  1. Who can access your data

Whenever we allow anyone access to your data, we always do it in compliance with the law and with the principle of least privilege, which means that your data can only be accessed by those among our staff or collaborators who:

  1. are legally allowed to do so, that is a legal basis exists that enables them to access that data, or:
  2. must have access to that data in order to fulfill their professional duties.

We never allow access to your data to anyone else.

  1. Your rights
    1. you have the right to be informed in detail about what information about you we process and for what purposes;
    2. you have the right to correct any information we have about you that is inaccurate, and to complete any that is incomplete;
    3. you have the “right to be forgotten”, that is, you can request that we erase all information we have about you (unless there is a legal basis that stops us from doing so, in part or in whole);
    4. you have the right to request that we restrict processing your data, under certain conditions.