Privacy policy


The data administrator is Regosteel Sp. z o.o. Sp. k. Contact with the Administrator is possible at the e-mail address: or ul. Ludwika Solskiego 24, 60-184 Poznań


In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures allowing access to personal data only to authorized persons and only to the extent that it is it is necessary because of the tasks they perform. The administrator uses organizational and technical solutions to ensure that all operations on personal data are registered and made only by authorized persons.

The administrator also takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data on behalf of the Administrator.

The administrator conducts risk analysis on an ongoing basis and monitors the adequacy of the data security applied to the identified threats. If necessary, the Administrator implements additional measures to increase data security.


E-mail and traditional correspondence

In the case of sending e-mail correspondence to the Administrator or by traditional means, not related to services provided to the sender or other contract concluded with him, the personal data contained in this correspondence are processed only for the purpose of communication and settling the matter to which this correspondence relates.

The legal basis for processing is the performance of the contract and the legitimate interest of the Administrator (Article 6 (1) (b) and (f) of GDPR *).

All correspondence is stored in a way that ensures the security of personal data and other information contained therein and is disclosed only to authorized persons.


As part of recruitment processes, the Administrator expects the transfer of personal data (e.g. in a CV) only to the extent specified in labor law. Consequently, the broader scope of information should not be shared. In the event that the submitted applications contain this type of additional data, the Administrator will assume that the candidate agrees to their processing for recruitment purposes.

Personal data of candidates are processed in order to fulfill obligations resulting from legal provisions related to the employment process, including in particular the Labor law - the legal basis for processing is the legal obligation incumbent on the Administrator (Article 6 (1) (c) of the GDPR * in connection with the provisions of the Labor law). If the Administrator does not conduct recruitment or has announced new ones, we may process your data only on the basis of the consent provided (Article 6 (1) (a) of the GDPR *).

Collection of data in connection with the implementation of services and orders

The administrator processes clients' personal data in connection with the services offered, for the purpose of their implementation and settlement. The administrator is obliged to keep accounting, which also carries tax obligations. In addition, the Administrator has the right to pursue activities, pursue claims and protect rights. The legal basis for the processing of your personal data is Article 6 (1) (b, c) and (f) of GDPR *.

Collecting data in business relations, contacts with contractors

In connection with the conducted activity, the Administrator collects personal data also in other cases - e.g. during business meetings, industry events, cooperation with business partners (e.g. data of persons responsible on the part of the partner for the performance of the contract). The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR *), consisting in creating a network of contacts in connection with the conducted activity.

Data processing as part of logistic services

In connection with the conducted activity, the Administrator collects personal data also for logistic purposes (e.g. data of drivers). The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR *), consisting in the correct handling of the order.

Data processing in information systems

Personal data is processed in an IT environment, which means that they may also be temporarily stored and processed in order to ensure the security and proper functioning of IT systems or websites. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR *), consisting in the proper functioning of the systems.

Data processing in the form of cookies

Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website - e.g. by remembering the User's visits to the Website and the activities performed by him.

Data processing in connection with sending the contact form

The administrator collects the data provided via the contact form. The legal basis for processing is your consent (Article 6 (1) (a) of the GDPR *).


In connection with the business that requires the processing of personal data, they are disclosed to external entities, including in particular: responsible suppliers for the supply and operation of IT systems, entities providing legal, accounting and auditing services, recruitment agencies. In addition, personal data may also be disclosed to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.


The administrator informs that he does not transfer personal data to countries outside the EEA.


The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from regulations, if they constitute the basis for processing. In the case of data processing on the basis of the Administrator's legitimate interest - e.g. for security reasons - the data is processed they are for a period enabling its implementation or for reporting an effective objection to data processing. If the processing is based on consent, the data is processed are for its withdrawal. In the event that the basis for processing is the necessity to conclude and performance of the contract, the data will be processed until its termination, and then for the period specified in generally applicable provisions.

The data processing period may be extended if the processing is necessary to establish, investigate or defend against any claims, and after this period, only in the event and to the extent that it will be required by law. After the expiry of the processing period, the data is irretrievably deleted or anonymized.


Due to the processing of your data by the Administrator, you have a number of rights:


Providing your personal data is voluntary, but necessary for the purposes indicated above. Failure to provide personal data will result in failure to achieve the purpose for which they were to be processed. Your data will not be subject to automated decision making, including in the form of profiling.

* GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)