Privacy Policy

  1. This Privacy Policy defines the rules for processing personal data obtained through the website agachem.eu, hereinafter referred to as the “Website”.
  2. The owner of the Website and simultaneously the Data Controller is Agachem S.C., ul. Zalesicka 137, 97-300 Piotrków Trybunalski, NIP: 7712896864, hereinafter referred to as the “Controller”.
  3. Personal data collected by the Controller via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
  4. The Controller takes special care to respect the privacy of Clients visiting the Website.

§ 1 Type of data processed, purposes and legal basis

  1. The Controller collects information regarding natural persons performing a legal transaction not directly related to their business activity, natural persons conducting business or professional activity in their own name, and natural persons representing legal entities or organizational units that are not legal entities but are granted legal capacity by law, conducting business or professional activity in their own name, hereinafter collectively referred to as “Clients”.
  2. The Controller processes Clients’ personal data for the purpose of using the contact form service on the Website, which is necessary for the performance of a contract or to take steps prior to entering into a contract – processing basis under Art. 6(1)(b) of the GDPR.
  3. In the case of using the contact form service, the Client provides the following data:
    1. e-mail address
    1. name
    1. telephone number
  4. While using the Website, additional information may be collected, in particular: the IP address assigned to the Client’s computer or the external IP address of the Internet service provider, domain name, browser type, access time, and operating system type. Navigation data may also be collected from Clients, including information about links and references they choose to click or other actions taken on the Website for purposes related to the provision of services, as well as for technical, administrative, analytical, and statistical purposes – in this respect, the basis for processing is also Art. 6(1)(f) of the GDPR, i.e., necessity for the purposes of the legitimate interests pursued by the Controller, which is ensuring IT security, managing the Website, and improving the functionality of the Website and the services provided.

§ 2 Data recipients

  1. The Client’s personal data are transferred to service providers used by the Controller in running the Website. The service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either operate under the instructions of the Controller regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (controllers).
    1. 1.1. Processors: The Controller uses providers who process personal data solely on the instructions of the Controller. These include, among others, providers of hosting services, accounting services, marketing systems, Website traffic analysis systems, and marketing campaign effectiveness analysis systems.
    1. 1.2. Controllers: The Controller uses providers who do not act solely on instructions and determine the purposes and methods of using Clients’ personal data themselves. They provide electronic payment and banking services.
  2. Location: Service providers are located mainly in Poland and other countries of the European Economic Area (EEA).
  3. Upon a lawful request, the Controller discloses personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Data retention period

  1. Clients’ personal data are stored:
    1. 1.1. Where the basis for personal data processing is consent, the Client’s personal data are processed by the Controller as long as the consent is not revoked, and after the revocation of consent, for a period corresponding to the limitation period for claims that may be raised by the Controller and that may be raised against him. Unless a specific provision states otherwise, the limitation period is six years, and for claims concerning periodic benefits and claims related to conducting business activity – three years.
    1. 1.2. Where the basis for data processing is the performance of a contract, the Client’s personal data are processed by the Controller as long as it is necessary for the performance of the contract, and after that time for a period corresponding to the limitation period for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims concerning periodic benefits and claims related to conducting business activity – three years.

§ 4 Cookies mechanism, IP address

  1. The Website uses small files called cookies. They are saved by the Controller on the terminal device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiration time”, and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adjust the products offered by the Controller to the individual preferences and actual needs of people visiting the Website.
  2. The Controller uses two types of cookies:
    1. 2.1. Session cookies: after the browser session ends or the computer is turned off, the saved information is removed from the device’s memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from Clients’ computers.
    1. 2.2. Persistent cookies: they are stored in the memory of the Client’s terminal device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from Clients’ computers.
  3. The Controller uses own cookies for the purpose of:
    1. 3.1. analysis, research, and audience auditing, and in particular to create anonymous statistics that help to understand how Clients use the Website, which enables improving its structure and content.
  4. The Controller uses external cookies for the purpose of:
    1. 4.1. presenting a map indicating the location of the Controller’s office on the information pages of the Website using the maps.google.com website (external cookies administrator: Google Inc. based in the USA).
  5. The cookies mechanism is safe for the computers of Clients visiting the Website. In particular, it is not possible for viruses or other unwanted or malicious software to penetrate Clients’ computers through this channel. Nevertheless, in their browsers, Clients have the option to limit or disable cookies’ access to computers. If this option is used, the use of the Website will be possible, except for functions which by their nature require cookies.
  6. The Controller may collect Clients’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e., it changes with each connection to the Internet, and for this reason, it is commonly treated as non-personally identifiable information. The IP address is used by the Controller to diagnose technical problems with the server, create statistical analyses (e.g., determining from which regions we record the most visits), as useful information for administering and improving the Website, as well as for security purposes and possible identification of unwanted automated programs browsing the Website content that burden the server.

§ 5 Rights of data subjects

Persons whose data are processed have the right to:

  1. The right to withdraw consent to data processing at any time:
    1. 1.1. The Client has the right to withdraw any consent they have granted.
    1. 1.2. Withdrawal of consent takes effect from the moment the consent is withdrawn.
    1. 1.3. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    1. 1.4. Withdrawal of consent does not entail any negative consequences for the Client, but it may prevent further use of services or functionalities that the Controller can legally provide only with consent.
  2. The right to object to data processing:
    1. 2.1. The Client has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
    1. 2.2. Opting out of receiving marketing communications regarding products or services via an e-mail message will mean the Client’s objection to the processing of their personal data, including profiling for these purposes.
  3. The right to erasure of data (“the right to be forgotten”):
    1. 3.1. The Client has the right to request the erasure of all or some personal data.
    1. 3.2. The Client has the right to request the erasure of personal data if:
      1. 3.2.1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      1. 3.2.2. they have withdrawn specific consent to the extent that the personal data were processed based on their consent;
      1. 3.2.3. they have objected to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or they have objected to the processing pursuant to Art. 21(2) of the GDPR;
      1. 3.2.4. the personal data have been unlawfully processed;
      1. 3.2.5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
      1. 3.2.6. the personal data have been collected in relation to the offer of information society services.
    1. 3.3. Despite a request to erase personal data in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary for the establishment, exercise, or defense of legal claims, as well as for compliance with a legal obligation requiring processing under Union or Member State law to which the Controller is subject. This applies in particular to personal data including: name, surname, and e-mail address, which data are retained for the purpose of handling complaints and claims related to the use of the Controller’s services, or additionally the residential/correspondence address and order number, which data are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
  4. The right to restriction of processing:
    1. 4.1. The Client has the right to request the restriction of processing of their personal data. Submitting a request, until it is considered, prevents the use of specific functionalities or services, the use of which would involve processing the data covered by the request. The Controller will also not send any communications, including marketing communications.
    1. 4.2. The Client has the right to request the restriction of the use of personal data in the following cases:
      1. 4.2.1. when they contest the accuracy of their personal data – then the Controller restricts their use for a period enabling the verification of the accuracy of the data, but no longer than 7 days;
      1. 4.2.2. when the processing of data is unlawful, and instead of erasing the data, the Client requests the restriction of their use;
      1. 4.2.3. when the personal data are no longer needed for the purposes for which they were collected or used, but they are required by the Client for the establishment, exercise, or defense of legal claims;
      1. 4.2.4. when the data subject has objected to the processing – pending the verification whether the legitimate grounds of the controller override those of the data subject.
  5. The right to request access to their personal data from the Controller and to receive a copy thereof:
    1. 5.1. The Client has the right to obtain confirmation from the Controller as to whether or not personal data concerning them are being processed, and where that is the case, the Client has the right to:
      1. 5.1.1. gain access to their personal data;
      1. 5.1.2. obtain information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, the envisaged period for which the personal data will be stored, or the criteria used to determine that period (when determining the envisaged period of data processing is not possible), the rights available to the Client under the GDPR, and the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling referred to in Art. 22(1) and (4) of the GDPR, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, and the safeguards applied in connection with the transfer of personal data outside the European Union;
      1. 5.1.3. obtain a copy of their personal data. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
  6. The right to rectification (correction) of data:
    1. 6.1. The Client has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement, by directing a request to the e-mail address in accordance with § 6 of the Privacy Policy.
  7. The right to data portability:
    1. 7.1. The Client has the right to receive the personal data concerning them, which they have provided to the Controller, and has the right to transmit those data to another controller of their choice. The Client also has the right to have the personal data transmitted directly from the Controller to another controller, where technically feasible. In such a case, the Controller will send the Client’s personal data in the form of a file in .csv format, which is a commonly used, machine-readable format that allows transmitting the received data to another personal data controller.
  8. The right to lodge a complaint with a supervisory authority:
    1. 8.1. The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of their rights to personal data protection or other rights granted under the GDPR.
  9. In a situation where the Client exercises a right resulting from the above rights, the Controller complies with the request or refuses to comply with it immediately, but no later than within a month after receiving it. If, however – due to the complex nature of the request or the number of requests – the Controller is unable to comply with the request within a month, the Controller will comply with it within the following two months, informing the Client beforehand within a month of receiving the request about the intended extension of the deadline and its reasons.
  10. The Client may submit complaints, inquiries, and requests to the Controller regarding the processing of their personal data and the exercise of their rights.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy may change, about which the Controller is not obliged to inform.
  2. Please direct questions related to the Privacy Policy to the e-mail address: biuro@agachem.eu
  3. Date of last modification: 11.06.2026

Copyright © 2026 Agachem, ul. Zalesicka 137, 97-300 Piotrków Trybunalski E-mail: biuro@agachem.eu Phone: 519 174 323 Privacy Policy