Privacy Policy

Introduction

This Privacy Policy defines the rules for the processing and protection of personal data of users of the norfi.pl website, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

Data Controller

The controller of your personal data is NORFI Polska sp. z o.o., ul. Partyzantów 11, 41-200 Sosnowiec, tel. +48 32 263 33 88 , e-mail: info@norfi.pl.

Data Protection Officer

The Controller has not appointed a data protection officer. In all matters related to data processing, please contact us at info@norfi.pl or in writing to the registered office address.

1. Purposes, Scope, and Legal Basis of Personal Data Processing

Personal data is processed lawfully for the following purposes:
– Realization of inquiries from contact forms and conducting correspondence.
– Execution of contracts and pre-contractual activities undertaken at the request of the data subject.
– Conducting recruitment processes and sending a newsletter (based on consent).
– Fulfillment of legal obligations incumbent on the Controller.
– Statistical analysis, website optimization, and ensuring IT security.
– Operation of Google Maps interactive maps to indicate the company’s location.

Scope of data: name and surname, e-mail address, telephone number, IP address, and other data voluntarily provided by the user. Legal basis: Art. 6(1)(a) (consent), (b) (contract), (c) (legal obligation), and (f) (legitimate interest of the Controller) of the GDPR.

2. Recipients of Personal Data

Data may be transferred to the following categories of recipients:
– Hosting and IT service providers.
– Cloud service providers (Nextcloud) and analytical providers (Google LLC).
– Courier and postal companies.
– Entities providing accounting or marketing services.
– NORFI group companies located within the EU/EEA (e.g., NORFI Absaugtechnik GmbH).
– Entities authorized to receive them under the law.

With the exception of Google services, data is not transferred outside the EEA or sold to third parties.

3. Data Retention Period

Personal data will be stored for the period necessary to achieve the following purposes:
– Correspondence: until the communication is finished or consent is withdrawn.
– Contracts: for the duration of the contract and the time necessary for the expiration of claims and tax obligations.
– Recruitment: until the end of the recruitment process or for the period indicated in the consent.
– Newsletter: until the user withdraws consent

4. Nextcloud Cloud

The Controller uses its own cloud solution based on Nextcloud software, installed on the Controller’s server or the server of a processor acting on its behalf.

Scope of data processing: In the context of using the Nextcloud cloud, the following personal data may be processed:
– Name and surname.
– E-mail address.
– Data contained in files sent or stored by the user, IP address.
– Technical data related to logging in and using the system.

Purpose of processing:
– Ensuring secure file exchange.
– Implementation of cooperation with clients and contractors.
– Archiving documents.
– Fulfillment of contractual or pre-contractual obligations.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in secure data management). Data stored in Nextcloud is not transferred to third countries.

5. Google Tools

The norfi.pl website uses the following Google LLC tools:

a) Google Analytics An analytical tool that helps analyze how the website is used.

– Scope: IP address (with anonymization), device and browser data, statistical data.
– Purpose: Analysis of visit statistics and website optimization.
– Basis: Art. 6(1)(a) GDPR (consent via cookies).

b) Google Tag Manager A tag management system that allows other scripts to run but does not process personal data itself.

c) Google Search Console Used to monitor website visibility in search results. It collects technical and statistical data rather than personal data.

Transfer of data outside the EU: In connection with Google services, data may be transferred to the United States. Google uses Standard Contractual Clauses approved by the European Commission.

6. Cookies (Extension)
The website uses first-party and third-party cookies (e.g., for traffic analytics and Google Maps). Detailed information is in the Cookie Policy. Consent can be changed at any time in browser settings or via the cookie banner.

7. Rights of Data Subjects

You have the right to: access your data, rectify it, erase it, restrict processing, data portability, object, and withdraw consent at any time. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

8. Is Providing Data Mandatory?

Providing data is voluntary but necessary to receive a response to an inquiry, conclude or perform a contract, participate in recruitment, or receive a newsletter. Lack of data will prevent these actions.

9. Automated Decision-Making

The Controller does not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

10. Contact

In matters related to personal data protection, you can contact the Controller at the e-mail address indicated on the norfi.pl website.

Last updated: February 4, 2026