Privacy Policy

    1. Personal Data Administrator – EBIS Ltd. with registered office in Kraków, Armii Krajowej 25, 30-150 Krakow, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Krakow – Śródmieście in Krakow, XI Economic Division of the National Court Register under KRS number: 0000459760, 

    NIP: 6762464669, REGON: 122843907, the share capital of PLN 51,000.00.

    1. Website – the website operated by the Administrator at: www.msfabric.pl 
    2. User – an individual using the Website.
    3. Personal data – any information about an identified or identifiable individual (”data subject”); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
    4. GDPR – regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

    This Privacy and Cookies Policy informs you of the principles governing the processing of personal data on the Website belonging to the Data Administrator and the use of cookies that may be used or made available during the User’s use of the Website.


    In connection with the use of the Website by the User, information is collected about User activity on the Website, including data recorded in the form of cookies and server logs. As a rule, the Administrator does not process Users’ personal data in connection with the use of cookies, as the information obtained by means of these files does not make it possible to identify and determine the identity of a User (the Administrator only processes statistical, anonymised data).


    In case of any questions concerning the Administrator’s processing of Users’ personal data, please feel free to contact us at the e-mail address gdpr@ebisgroup.com or at the telephone number +48 12 307 06 35.


    When using certain Website functions, the User may be asked to provide personal data. The extent of mandatory and optional data is determined in each case according to the needs of the particular service the User intends to use. The Administrator collects Data through the Services directly from the data subjects. 

    If the User uses the Website solely to read its content, the Administrator may collect certain information about the User using cookies, which the Administrator informs the User each time. Information on cookies used on the Website is contained in point XI of this Privacy Policy. 

    The provision of data is voluntary but necessary to use the Website functionalities provided, including contact forms. If you do not accept the conditions of this Privacy Policy, you will not be able to use the Website functionalities offered, and you should refrain from submitting your data using the forms when you do not accept the provisions of this Policy.


    The Administrator will only collect and process Users’ personal data by the provisions of this Privacy Policy. Any data provided by the User will only be used by the Administrator for the following:

    • for marketing purposes, where the User agrees to receive commercial or marketing communications from the Administrator (including, for example, newsletter services) – the legal basis for data processing is Article 6(1)(a) GDPR;
    • to provide customer service and to contact the User, including to inform about any changes concerning the offer, products and services offered by the Administrator – the legal basis for data processing is Article 6(1)(b) or (f) GDPR;
    • to process personal data to comply with legal obligations – the legal basis for data processing is Article 6(1)(c) GDPR; 
    • to perform any contractual obligations towards the Administrator’s business partners, which is our legitimate interest in processing the data – the legal basis for processing the data is Article 6(1)(f) GDPR; 
    • for analytical, developmental, improvement purposes (including to improve user experience), administration, maintenance, technical support and security of the Website, which is our legitimate interest in processing the data – the legal basis for processing the data is Article 6(1)(f) GDPR;
    • for the possible establishment, investigation or defence of claims, enforcement or analysis of potential violations of the terms and conditions of use of the Website or other actual or alleged unlawful activities, protection of the rights, property or security of the Website, Users, customers and employees of the Administrator and other third parties, which constitutes our legitimate interest in processing the data – the legal basis for processing the data is Article 6(1)(f) GDPR; 
    • to use the contact form provided by the Administrator on the Website, including to handle enquiries and requests made through the contact channel provided by the User – the legal basis for data processing is Article 6(1)(f) GDPR; 
    • the legal basis for data processing is Article 6(1)(f) GDPR for marketing purposes, including for profiling for marketing purposes.
    • for the use of our partners’ tools that support the operation of the Website and the use of such tools to enable the functionality of the Website by paragraph XIII of this policy – the legal basis for the processing of your data is Article 6(1)(f) GDPR and, where required by applicable law, Article 6(1)(a) GDPR, i.e. your consent.


    The Administrator may disclose users’ personal data to: 

    • to companies cooperating with the Administrator insofar as the provision of such data is necessary in connection with the Administrator’s interests; 
    • to persons authorised by the Administrator, i.e. employees and associates, who need to have access to personal data to perform their duties; 
    • Users’ personal data may be transferred to our partners and external entities providing services to the Administrator and processed by them to enable them to perform the services commissioned by the Administrator, including IT service providers, administrative, postal or courier services, as well as accounting, marketing and legal services; 
    • to public authorities or entities entitled to obtain the data under applicable law, e.g. courts, law enforcement agencies or state institutions, when they make a request based on the relevant legal basis. 
    • In the event of a data security breach, specific personal data may be subject to disclosure to authorities competent to protect them.

    In the case of cooperation with the Administrator’s partners or third-party suppliers – the locations of such third-party suppliers may be either within countries that are members of the EU or outside the European Economic Area (EEA). 

    Where our partners or suppliers are based outside the EEA, the Administrator shall ensure that data transfers outside the EEA are carried out per applicable laws. The level of data protection in countries outside the EEA may differ from that guaranteed by European law. We may transfer data to our partners outside the EEA, in particular, based on decisions issued by the European Commission or standard data protection clauses (e.g. when the transfer occurs in connection with the Administrator’s use of the Google Analytics tool).

    All third parties must comply with the Controller’s guidelines and implement appropriate technical and organisational measures to protect Users’ personal data. Data recipients may act as our processors (in which case they are fully subject to our instructions for processing personal data) or as independent controllers (in which case you should additionally read the personal data processing rules these entities apply).


    The User of the Services has the following rights in relation to the personal data processed by the Administrator: 

    • The right of access to the User’s personal data; 
    • The right to rectify the User’s personal data if it is inaccurate or incomplete; 
    • The right to the erasure of personal data; 
    • The right to object to processing the User’s personal data. The right to object applies when the Administrator’s data processing is based on the Administrator’s legitimate interest, e.g. for profiling the data for marketing purposes. Upon receipt of an objection, the Administrator will cease to process the data for these purposes unless there are compelling legitimate grounds that override the interests, rights and freedoms of the User or the User’s data are necessary for the Administrator to establish, assert or defend claims possibly;
    • If the User has given their consent to the processing of personal data, e.g. in the case of a newsletter subscription or consent to receive commercial information, the User may withdraw their consent to further data processing at any time. Consent may be withdrawn at any time by contacting the Administrator at the e-mail address in Section IV of this Privacy Policy. The withdrawal of consent does not affect the lawfulness of data processing carried out by the Administrator before the withdrawal of consent by the User; 
    • The right to portability of the User’s personal data;
    • The right to restrict the processing of the User’s personal data;
    • The right to complain to a supervisory authority.


    The Administrator shall store and process the Users’ personal data for the period necessary for fulfilling the purposes of processing indicated in point VI of this Privacy Policy or by mandatory legal provisions, i.e., for example, until the User withdraws their consent or until the completion of the contract when the parties conclude a contract using the functionality of the Website or until contact is made or questions sent via the contact forms are answered. 

    Once the purpose of the processing has been achieved, the Administrator shall delete or anonymise the personal data, and where it intends to process the data for analytical purposes, it undertakes to use the data to the extent adequate and necessary for the specified purposes of the processing and, in particular, in a manner that prevents the identification and identification of the data subjects (e.g. by using pseudonymisation mechanisms).


    The Administrator shall apply appropriate and adequate technical and organisational measures to ensure the proper security and integrity of the User’s personal data, using proven technological standards to prevent unauthorised access to the User’s personal data or other threats to personal data.

    1. The Website uses cookies, which are short text information stored in your browser.
    2. When you reconnect to the Website, the Website recognises the device on which the page is opened. The files can be read by the system used by the Administrator and by the service providers used to create the Website.
    3. Some cookies are anonymised, which makes it impossible to identify the User without additional information.
    4. By default, the Internet browser allows the use of cookies on your devices, so the first time you visit the Website, a message asks you to agree to the use of cookies.
    5. The Administrator may use its cookies (i.e. the cookies referred to in points 6(a) – 6(c) below) or the cookies of the Administrator’s partners (as regards the cookies referred to in particulars b and c below).  
    6. The Website uses the following cookies:
    1. essential – cookies used to provide Users with the services and functionalities of the Website that the User intends to use. Necessary cookies come exclusively from the Administrator and are installed by him on the User’s terminal equipment;
    2. functional cookies – cookies enable the Website to remember and adjust the User’s choices, e.g. about language preferences;
    3. creation of statistics / analytical cookies – these cookies are used to analyse how users use the Website (how many open the Website, how long they stay on it, which content is most interesting, etc.). This allows us to continuously improve the Website and adapt its operation to users’ preferences
    1. If you do not wish cookies to be used when browsing the Website, you should change your browser settings as follows:
    1. completely block the automatic handling of cookies or
    2. request notification whenever cookies are placed on your device. You can change your settings at any time.
    1. Disabling or restricting the use of cookies may result in significant difficulties in using the Website, e.g. in the form of longer page loading times, restrictions on the use of functionalities, etc.
    2. Certain events triggered by persons using the Website and information about them are recorded as logging on the server. The data stored in this way is used solely for proper administration of the operation of the Website, ensuring its correct operation and the uninterrupted functioning of its various functionalities.
    3. The following information may be saved as server logs:
    1. brand and model of the device on which the Website is opened;
    2. hardware identifier;
    3. type and version of the operating system;
    4. date and time of login,
    5. the IP address of the device.
    1. Logs of individual user activities may also be recorded as logins. In such a case, the logs are available in the tools designed to handle particular functionalities of the Website.
    2. The data indicated in para. 10 above are not associated with specific users; their use only covers the activities noted in para. 9 above.

    The Website uses so-called social plug-ins that redirect to the Administrator’s profiles maintained on social networks and instant messengers (Facebook, LinkedIn, WhatsApp). Using the functionalities offered by these plug-ins, Users can access the page belonging to the Administrator (“Fanpage”) on the selected social network or instant messaging service and read information about the Administrator on the services or instant messaging services to which the redirection is made. 

    When using these plug-ins, data is exchanged between the User and the respective social network, instant messaging service or Website. However, the Administrator does not process this data, which is collected by the administrators of the indicated services when using the plug-ins. Therefore, the Administrator encourages the User to read these services’ regulations and privacy policies before using the respective plug-in. The use of certain functions of the indicated providers may involve the use of third-party cookies. 

    Personal data voluntarily provided on Fanpage will be processed by the Administrator to manage the given Fanpage communication with you, including answering your questions, interacting with you, informing you about the Administrator’s offer, organised events, creating a Fanpage community on the chosen platform, to which redirections in the form of social plug-ins lead. From the moment you click on the respective plug-in, your data is processed by the respective website/social network/Internet communicator, and its owner becomes a joint controller of your data by Article 26 of the DPA. About the data you voluntarily provide on social networking sites or instant messaging services, you have the rights set out in section VIII of this Policy. 

    For more information on the technologies used, please refer to the privacy policy of the respective provider:

    Facebook: http://www.facebook.com/policy.php 

    LinkedIn: https://pl.linkedin.com/legal/privacy-policy 

    Whatsapp: https://www.whatsapp.com/legal/privacy-policy/?lang=en 


    For certain functions on our Website, we use the services of external providers. The respective services are mostly optional functions you must expressly select or use. We have entered into contractual agreements with the individual providers to provide or integrate their services. Within our capabilities, we endeavour to ensure that the external providers also transparently inform you about the extent of the processing of your personal data and comply with the data protection laws.


    • Google Maps

    As part of our Website, we use the Google Maps service provided in connection with certain functionalities of the Website (redirection to the Administrator’s location or office premises). This is our legitimate interest within Article 6(1)(f) GDPR, which is also the legal basis for using Google Maps. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”).

    To use the Google Maps service, it may be necessary to store your IP address. This information will, in principle, be transmitted to Google’s servers in the USA, where it will then be stored. The Website Administrator does not influence this data transfer.

    • Google Analitycs

    Google Analytics primarily uses its cookies to report user interaction with the Website. In the case of this service, cookies are used for analytical and statistical purposes of the Administrator (information about User activity and use of the Website). 

    Google Analytics also supports an optional browser add-on which, when installed and activated, disables Google Analytics measurements on all pages viewed by the User: https://tools.google.com/dlpage/gaoptout/.  

    In some cases, data collected using the aforementioned tool may constitute personal data, i.e. information such as pseudonymised cookie identifiers, pseudonymised ad display identifiers, IP addresses, and other pseudonymised user identifiers. 

    The legal basis for the application of the indicated service to you is consent in accordance with Article 6(1)(a) GDPR in conjunction with the controller’s legitimate interest, i.e. Article 6(1)(f) GDPR.

    More information about the service is available at: https://support.google.com/analytics/answer/6004245#zippy=%2Cpliki-cookie-i-identyfikatory-google-analytics.


    The data provided by Users on the Administrator’s websites will not be subject to automated decision-making, but the Administrator stipulates that User data may be profiled for marketing purposes. The legal basis for such processing is our legitimate interest, i.e. Article 6(1)(f) GDPR.

    1. To the extent not covered by this Policy, the relevant generally applicable provisions shall apply, particularly the GDPR and the Act of 16 July 2004. Telecommunications Law.
    2. You will be informed of any changes made to this Policy by publishing the new text of the Policy on the Website and by displaying a message when you access the Website.
    3. This Policy is valid as of 01.07.2023.