Privacy policy

Privacy policy


Personal data of the service Users is controlled by Getit sp z o.o. with its registered office in Warsaw at ul. Skierniewicka 10 a, Tax ID No (NIP): 5252133967, KRS No: 0000045032
(hereinafter referred to as: “Controller”).

If you have any questions or claims regarding the exercise of your rights or requests concerning the processing of personal data, you can contact the Controller by e-mail at:
or by writing to the Controller’s registered address.

The Controller may process personal data of Users in the following cases:

a. for the purpose of ongoing contact (e.g. via the contact form, by e-mail or by phone)– the Controller may process Users’ data such as name, surname, e-mail address, other data required by the contact form, as well as other details which you decide to provide in the content of a message addressed to the Controller. In this case, the personal data is processed for the purpose of: 1/ responding to your message or addressing the matter (including a question and/or issue concerning the Controller’s business, its products and/or other correspondence exchanged with you) raised by you when contacting the Controller via the contact form, by e-mail or by phone. Then the basis for the processing of personal data is a legitimate interest of the Controller – Article 6(1)(f) of the GDPR), which is to provide proper service to Users, including answering questions or addressing other matters raised by Users when contacting us using the contact form, by e-mail or by phone; 2/ archiving, after the end of exchange of correspondence or information between you and us (which constitutes a legitimate interest of the Controller pursuant to Article 6(1)(f) of the GDPR); 3/ identification of the sender and handling/answering their request/question submitted via the contact form, by e-mail or by phone (in the pursuit of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).

As regards data which is not necessary to establish contact or handle a request/answer a question, the legal basis for the processing is your consent (Article 6(1)(a) of the GDPR). The provision of data is voluntary, however, it is necessary in order to correspond or exchange information with the Controller. Your personal data will be processed until you make a reasoned objection


b. for the purpose of conducting a complaint handling procedure concerning the services provided by the Controller electronically – the Controller may process the data provided by you in the content of a complaint, such as: name and surname, e-mail address, contact address, telephone number. These data is processed by the Controller due to the need to comply with a legal obligation (pursuant to Article 6(1)(c) of the GDPR). The provision of this data is voluntary, however, it is necessary in order to receive a response to a complaint or to exercise the rights arising from the complaint. The Controller will process this personal data for the time necessary to carry out the complaint procedure. Once the above activities are finished, the Controller may process the personal data provided by you in order to archive the documentation and demonstrate the course of the complaint procedure in the future on the basis of a legitimate interest the Controller (Article 6(1)(f) of the GDPR) until the expiry of the limitation period for your claims in this regard or until you make a reasoned objection.


c. for the purpose of the establishment, exercise or defence of claims and rights (if any) – on the basis of a legitimate interest of the Controller (Article 6(1)(f) of the GDPR) until the expiry of the limitation period for such claims.


d. for the purpose of sending you the Newsletter– the Controller may process your data in the form of an e-mail address on the basis of a legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which is to inform you about the Controller’s products, news, activities and interesting events, as well as to analyse whether you are familiar with the Controller’s Newsletter and which of the information contained therein is the most avidly read by you. The Newsletter is sent pursuant to Article 10 of the Act of 18 July 2002 on the provision of services by electronic means and Article 172 of the Act of 16 July 2004 – Telecommunications Law. Your personal data will be processed until you object to the processing of your personal data or withdraw your consent to receive the Newsletter. The provision of data is voluntary, however, the provision of an e-mail address is necessary if you wish to receive the Newsletter. You may at any time resign from receiving the Newsletter, by contacting the Controller by e-mail at:
or by clicking on the opt-out link at the bottom of each message in which the Newsletter is sent.


e. for the purpose of managing the website and analysing data collected automatically – on the basis of a legitimate interest of the Controller (Article 6(1)(f) of the GDPR) for the duration of the website’s operation, but no longer than until your object to the processing of personal data.


f. for the purpose of maintaining profiles on social networking sites and on internet portals – as the Controller has profiles (including fanpages) on social networking sites (e.g. Facebook, Instagram, Linkedin) – the Controller may process data provided by you when visiting these profiles and browsing the materials presented there, e.g. comments, online identifiers, “likes”. In such a case, the data is processed mainly in order to enable activity on the Controller’s profiles and on sites where the Controller presents its materials and products, in order to effectively run the Controller’s profiles, present information about various actions taken by the Controller, initiatives, services or other activities and in connection with the promotion of the Controller’s products and services, as well as for statistical and analytical purposes, and possibly for the purpose of exercise or defence of claims. The legal basis for the processing of your personal data is a legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the promotion of the brand, presentation of the Controller’s materials, taking care of the quality of the services provided and the products offered, as well as in the establishment, exercise or defence of claims (if necessary). The data in the aforementioned scope will be processed by the Controller for the period of running the profiles and presenting the materials and, thereafter, for a period required by generally applicable laws. The period of storage of such personal data may be each time extended by the period of limitation of claims, if the processing is necessary for the Controller’s exercise or defence of such claims. This information does not apply to the processing of personal data by administrators of social networking sites and internet portals.


g. Additionally, in other cases (apart from those listed above), about which the Controller will inform Users on an ongoing basis – Users’ personal data may be processed on the basis of: 1/ freely-given consent (Article 6(1)(a) of the GDPR); 2/ applicable laws – where the processing is necessary for the Controller’s compliance with a legal obligation (Article 6(1)(c) of the GDPR); 3/ the necessity of the processing for purposes other than those mentioned above and arising from legitimate interests pursued by the Controller or by a third party (Article 6(1)(f) of the GDPR).
To the extent required by applicable legal provisions concerning personal data, you have the following rights:

a. right of access to personal data (Article 15 of the GDPR): You have the right to obtain from the Controller confirmation as to whether or not your personal data is being processed and, where that is the case, you have the right to access the personal data and obtain information int. al.: about the purpose of its processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data has been or will be disclosed, including recipients in third countries or international organisations


b. right to rectification and erasure of data (Article 16 of the GDPR): You have the right to request that the Controller rectify your personal data due to its incorrectness or incompleteness.


c. right to erasure of personal data, i.e. the so-called right to be forgotten (Article 17 of the GDPR) – in cases provided for by the applicable law, you have the right to request that the Controller erase your personal data and communicate your request to the entities to whom the Controller has transmitted your data.


d. right to restriction of processing (Article 18 of the GDPR): in certain cases you have the right to request restriction of the processing of personal data, i.e. when: a) you have contested the accuracy of the personal data – for a period enabling the Controller to verify the accuracy of the data; b) the processing is unlawful and you oppose to the erasure of the personal data and request the restriction of its use instead; c) the Controller no longer needs the personal data for the purposes of processing, but you need this data for the establishment, exercise or defence of claims; d) you have objected to processing pursuant to Article 21(1) of the GDPR – pending the verification whether the legitimate grounds of the Controller override the grounds for your objection.

e. right to data portability (Article 20 of the GDPR): You have the right to receive the personal data you have provided to the Controller and to have the data transmitted to another personal data controller selected by you. The right to data portability applies where the Controller processes personal data on the basis of your consent (Article 6(1)(a) of the GDPR) or a prerequisite for the performance of an agreement (Article 6(1)(b) of the GDPR) and the processing is carried out by automated means. Where technically feasible, you may also request that the Controller transmit your personal data directly to another authorised controller.


f. right to object (Article 21 of the GDPR): if the Controller is processing your data on the basis of its legitimate interest, you have the right to object at any time to the Controller’s processing of your personal data on grounds relating to your particular situation. Your objection in this regard must contain a justification (except cases provided for by law). Then the Controller may not process your data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, exercise or defence of claims. However, if your personal data is processed by the Controller for the purposes of direct marketing, including e.g. sending the Newsletter – after receiving your objection (without the need for its justification), the Controller must unconditionally cease further processing of your data for such purpose.

g. right to withdraw consent (Article 7 of the GDPR): if the processing of personal data is based on your consent (Article 6(1)(a) of the GDPR), you have the right to withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


h. right to lodge a complaint with a supervisory authority (Article 77 of the GDPR): if it is found that the processing your personal data violates applicable laws, you have the right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office.

In order to exercise you rights (except for the right referred to in item h above), you need to contact the Controller by e-mail at: or by writing to the Controller’s address.

Your personal data may be transferred to entities processing personal data on behalf of the Controller, including IT service providers, providers of telecommunications, hosting, courier and legal services, as well as to entities providing statistical analysis services, advertising and marketing services (including mailing services), marketing agencies or entities ensuring the maintenance of the Controller’s website and providers of training and advisory services in the field of personal data protection.
In principle, the Controller does not transfer Users’ personal data outside the European Economic Area (EEA), however, if necessary, the Controller may transfer the data outside the EEA only when an adequate level of protection consistent with the GDPR is ensured, inter alia by: the use of appropriate safeguards in the form of standard contractual clauses adopted under a decision of the European Commission, as well as personal data processing agreements which comply with the GDPR requirements; cooperation with processors in countries for which the European Commission has issued a valid and relevant adequacy decision regarding the protection of personal data; the use of binding corporate rules approved by the competent supervisory authority.

Marketing tools

1/ Google Analytics – the Controller’s website uses the Google Analytics analytical tool. This tool uses its own cookies and, with the aid of a special code, analyses statistics and verifies website traffic. This is to improve and enhance the Controller’s website. Google Analytics collects, among other things, anonymous information on the website views or on the time spent on the website by Users. As part of the Google Analytics service, the Controller may use e.g. the following advertising functions: (1) remarketing using Google Analytics; (2) reports on display in the Google advertising network; (3) Google Analytics demographics and interest reports; (4) integrated services that require Google Analytics to collect data for advertising purposes, including through the use of advertisement identifiers and cookies. By means of your browser settings, advertisement settings, mobile apps advertising settings and any other available methods (e.g. NAI consumer opt-out function), you may opt out of our advertising functions. Information about data collection and processing by Google is available at:

2/ Google Ads – in order to develop the website functionality, the Controller may use the Google Ads marketing tool. Thanks to this service, the Controller’s advertisements may be displayed on third-party websites and, on the basis of data collected during advertising campaigns, the Controller is able to assess the effectiveness of advertising measures of its choice. Google Ads uses cookies to measure the parameters of getting an advertising message across to the recipient. For example, if you visit a website by selecting a Google advertisement, Google Ads will store a cookie on your device, thereby remembering that you have visited the website. If you leave your contact details for the Controller (e.g. by subscribing to the Newsletter), this is feedback (an indicator) for the Controller regarding the effectiveness of a given advertising campaign or other targeted actions taken by the Controller. Apart from the Google Ads conversion, the Controller may also use remarketing features of Google Ads. It allows a user who has previously visited a website to be shown advertisements based on the user’s interests gathered from other Google-owned websites that the user has visited. The collected data is used by the Controller solely for statistical purposes. Advertising campaigns are ordered by the Controller only on the basis of aggregate criteria (specific target groups) and not on the basis of the criterion of a specific user of the website.

3/ Facebook Pixel – the Controller’s website may use the Facebook Pixel marketing tool provided by Facebook. Facebook Pixel is an analytical tool which, by means of a piece of code placed on the website, helps the Controller measure the effectiveness of advertisements based on an analysis of the actions taken by you on the website for statistical and market research purposes. Facebook Pixel also provides the Controller with comprehensive statistics on the use of its website. This allows the Controller to show Users advertisements of its products that are more relevant to the current interests of a specific User. Specific conditions regarding the processing of personal data and other privacy rules of Facebook are available at: Further information on the functionality of Facebook Pixel can be found at:

Social media

The Controller may place social networking plug-ins (for sites such as: Linkedin, Facebook and Instagram) on its website. Using the plug-in functionality may involve the use of cookies of such sites. The plug-in function is used by clicking a button with the appropriate icon, which redirects the User directly to the Controller’s profile on individual networking sites. If you are accessing a website and at the same time are also logged on such networking sites, information about your accessing the website is recorded on those networking sites. If you do not consent to the above-mentioned sites’ obtaining information about your visits in the Service, we advise that you log out of your accounts on such sites beforehand.

“Cookie” policy

Cookies are IT data, in particular text files, which are stored on the user’s end device and enable the use of the Service. Cookies usually contain the name of the website they originate from, the time period for which they are stored on the end device and a unique number.
The Service does not automatically collect any information except for the information included in cookies.
Cookies are placed on the website user’s end device and accessed by the Controller (this applies to own cookies).

Cookies are used to:
a. adapt the content of the Service pages to user preferences and optimise the use of the pages; in particular cookies enable the identification of the user’s device and proper display of the Service page adjusted to his/her individual needs;

b. create statistics which help us understand how the Service users use the pages, which lets us improve their structure and content.
The Service uses two types of cookies:
– session cookies, which are temporary files stored on the user’s end device until he/she logs out, leaves the website or closes the software (web browser),
– persistent cookies, which are cookies stored on the user’s end device for a period specified in the cookie parameters or until they are removed by the user.
The Service uses the following types of cookies:
– “necessary” cookies, which enable the use of the Service features, e.g. authentication cookies used for features that require authentication in the Service;
– security cookies, used e.g. to detect authentication abuse in the Service;
– “performance” cookies, which enable the collection of information on the manner of using the Service pages;
-“functional” cookies, which enable the “remembering” of the user’s settings and personalisation of the user interface, e.g. with regard to the selected language or region of the user’s origin; font size, the website appearance, etc.;
“advertising” cookies, which enable providing users with advertising content that is more tailored to their interests.
In many cases, the web browsing software (web browser) is set by default to store cookies on the user’s end device. The Service users can change cookie settings at any time. These settings can be changed, in particular in such a way as to block automatic support of cookies in browser settings or as to inform the Service user every time a cookie is placed on his/her device. Detailed information about the options and manners of handling cookies is available in the software (web browser) settings. Examples of editing options in popular browsers:
• Mozilla Firefox:
• Microsoft Edge:
• Google Chrome:
• Safari:
You can withdraw your consent to the use of cookies by changing the settings of your browser or the settings concerning ad tracking limitation on your device. The Controller informs that restrictions on the use of cookies may affect certain functionalities available on the Service pages.
Cookies placed in the Service User’s end device may also be used by advertisers and partners cooperating with the Service operator.
Third parties, including Facebook and Google, may use their cookies (third-party cookies), web beacons and similar technologies to collect or receive information from the Service and other places on the Internet and may use them to provide measurement services and ad targeting. More information about cookies can be found at or in the “Help” section of the web browser menu.
The Controller reviews the content of this Privacy Policy on an ongoing basis so that it is fully up-to-date. In the event of any changes or additions, which may result, in particular, from the need to adapt the content to changes in applicable legislation or applicable privacy standards or which are related to the expansion of the Controller’s offer or the Service functionality, the Controller will announce this in its Service (e.g. by a web push message) or, alternatively, by sending an appropriate e-mail message as soon as the change is published. Whenever you use the Service, we encourage you to visit the “Privacy Policy” tab.
Date of last update of the Policy: 05.11.2021.