Privacy policy

Privacy policy in the capital group of Metfence Sp. z o.o.


This Privacy Policy describes the rules for the processing of personal data in order to meet the requirements of Regulation PE and RE 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (GDPR), by


METFENCE OF A LIMITED LIABILITY COMPANY with its registered office in Warsaw, entered in the register of entrepreneurs kept by, XIII Commercial Division of the National Court Register in Warsaw, KRS Number 0000754579


NIP 5223139418 REGON 38163642900000


Address UL. LEGIONOWA 9/2, 01-343 Warsaw, hereinafter referred to as the Administrator


Personal data and their processing.


Personal data means information about an identified or identifiable natural person. The processing of personal data is every action on personal data, irrespective of whether it is done in an automated manner or not, e.g. collecting, storing, fixing, ordering, modifying, browsing, using, sharing, limiting, deleting or destroying. This privacy policy applies to all cases in which METFENCE is the administrator of personal data and processes personal data. This applies to both cases in which the administrator processes personal data obtained directly from the data subject, as well as cases in which we have collected personal data from other sources.


The scope of personal data processed


We collect and process only personal data of our customers and users of our services, which are necessary for the implementation of legal services and other services provided by Metfence. In the case of data processing based on the legitimate interest of the administrator, we try to analyze and balance our interest and potential impact on the data subject and the rights of that person under the provisions on the protection of personal data. We do not process personal data based on our legitimate interest if we come to the conclusion that the impact on the data subject would prevail over our interests.


Personal data of clients and potential clients.


The administrator processes personal data of its clients and potential clients, ie people who ask for the offer of products or services provided by Metfence. Personal data of clients and potential clients are processed in paper form and in IT systems such as CRM, accounting programs, programs for handling cases managed by law firms and programs for electronic mail services. We only collect personal data necessary to provide the service or answer the customer’s request. The data of persons who are not natural persons as well as representatives and employees of these persons may also be collected. The collected personal data includes, among others: name and surname, employer’s name, position of the contact person, telephone number, e-mail address or other business contact details. In addition, in the case of customers, we also process payment data, including data necessary to make online payments such as credit card numbers, bank account numbers.


The basis for the processing of personal data


The processing of personal data of individuals who are our clients is based on the following grounds:

in order to execute the concluded contract (ordered service)

justified interest of the data controller (direct marketing of own products, recovery of security documentation for defense against potential claims or for claims)

consent, consent to e-mail marketing or telemarketing.

obligations arising from the law (eg tax law or accounting regulations).

The processing of personal data of natural persons who are potential customers is based on:

justified interest of the data controller (direct marketing of own services)

consent (including, in particular, consent to e-mail marketing or telemarketing, answering an inquiry)


Personal data of users visiting our websites


Pursuant to art. 18 of the Act of 18 July 2002 on the provision of electronic services, we collect and process only the data of users visiting our websites and those using services provided electronically (including the Services), which are necessary to provide these services.


Cookies policy


To a limited extent, we may collect personal data automatically via cookies located on our websites. Cookies are small text files saved on a user’s computer or another mobile device while using the websites. These files are used, among others using various functions provided on a given website or confirming that a given user has seen certain content from a given website. Among the cookies you can distinguish those that are necessary for the proper operation of websites, include in particular:

  • maintaining a user session;
  • saving the state of the user’s session;
  • enabling authorization using the Login Service;
  • saving information allowing for anonymous login of the user.

Another category of cookies are files that are not necessary to use the Services, but make it easier to use them. They are used to enable the use of additional functions such as setting the preferred language, currency, font size and other such features that facilitate working with the application.

The User may manage cookies used by the Administrator or by any other external suppliers, changing the settings of his web browser.

We use cookies to monitor the traffic on our websites using the Google Analytics service. Generally, cookies do not identify the certain user, only the definite computer, laptop or mobile devices which are used by a randomly generated identifying tag. So data processing is based on the anonymous data collection, including e.g.:

  • collecting aggregate statistics that allow us to understand how users use our website and enable us to continuously improve our products;
  • determining the number of anonymous users of our websites.
  • to monitor how often the selected content is shown to users;
  • collecting information about the location of users entering our websites.

The user is able to block the Google Analytics service  any time from within his browser. More information about cookies can be found in the “Help” section in the browser’s menu.


Period of personal data processing:


The period of personal data processing by the administrator results from the law or reasonable administrator’s interest adequate to the purpose of personal data processing.

The processing periods for individual categories of data are as follows:


1) if the administrator processes personal data on the basis of consent, the processing period lasts until the user withdraws the consent;


2) in the case when personal data are processed on the basis of a justified interest of the data controller, the processing period lasts until the cessation of the abovementioned interest (eg the period of prescription for civil claims) or the moment of opposition of the data subject, further such processing – in situations where such an objection is in accordance with the law;


3) if the administrator processes personal data because it is necessary due to the applicable law, the periods of data processing for this purpose are determined by these provisions


4) traffic data collected as part of the Google Analytics service is stored for a period of 14 months.


5) in the absence of specific legal or contractual requirements, the basic storage period for records and other documentary evidence drawn up during the performance of the contract is a maximum of 10 years.


Recipients of personal data


Personal data may be transferred by the administrator to third parties only if it is permitted by law. Data transferred and processed by recipients on the basis of entrustment agreements, which contain all necessary provisions regarding security and security measures.


Recipients of personal data of customers or users of our Services may be:


  • entities providing hosting services
  • entities implementing marketing campaigns
  • other subcontractors, providing services in the field of software delivery, software or hardware maintenance services,
  • entities providing accounting and tax services.
  • business information office (to the extent that the law permits the transfer of data)
  • law offices and debt collection companies
  • auditors and statutory auditors,
  • entities from the Metfence capital group.


Transmission of data to third countries.


We may transfer personal data to countries outside the European Economic Area only with the consent of the data subject or if the interest of that person as well as in the cases provided by law so require. In particular, personal data may be transferred for the purpose of the performance of a contract to which the personal data subject is a party.


Rights of data subjects and methods of their implementation

Access to personal data

Individuals have the right to access data which we store as a data controller. This right can be exercised by sending an email to:

Change of personal data


Changes, including updated personal data, processed by the Administrator can be made by sending an e-mail to the e-mail address: or – if applicable – to contact us via the appropriate registration page on our website or change of personal data stored in the relevant applications in which the registration was made.

Withdrawal of consent


In the case of processing personal data on the basis of consent, individuals have the right to withdraw this consent at any time. We inform you about this at almost the moment of collecting consents and we allow withdrawal of consent as easily as it was given. In the absence of different information, that is, if we have not provided another address or contact number to withdraw your consent, please send us an email to the address


The right to limit the processing or object to the processing of personal data


Individuals have the right to limit the processing or object to the processing of their personal data at any time, due to their special situation, unless processing is required by law.


An individual may object to the processing of his personal data when:


  • the processing of personal data takes place on the basis of a legitimate interest or for statistical purposes, and the opposition is justified by the specific situation in which it was found,
  • personal data are processed for direct marketing purposes.


The right of objection can be used from May 25, 2018.


In turn, in relation to the request to limit the processing of data, we suggest that it is entitled, for example, when a person notices that his or her data is incorrect. Then, you may request to limit the processing of your data for a period that allows us to check the correctness of this data.