Contact us Calculate relief
LSSE
Personal Data Processing Policy

Personal Data Processing Policy

PERSONAL DATA PROCESSING POLICY AT LSSE S.A.

Respecting the right to privacy of persons who have entrusted their personal data to Legnickiej Specjalnej Strefie Ekonomicznej S.A., including users of the contact form, newsletter subscribers, as well as our contractors and their employees, we hereby declare that the collected data are processed in accordance with the currently applicable legal provisions and under conditions that ensure their security.

This policy is informational in nature and sets out the principles of personal data processing by Legnicką Specjalną Strefę Ekonomiczną S.A., established in particular on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE (the General Data Protection Regulation, hereinafter “GDPR”).

The controller of personal data, i.e. the entity that determines the purposes and methods of processing your data, is:

Legnicka Specjalna Strefa Ekonomiczna Spółka Akcyjna
ul. Rycerska 24, 59-220 Legnica,
telephone: 76 727 74 70, e-mail address: sekretariat@lsse.eu

(hereinafter referred to as “Administrator” or “LSSE S.A.”).

The controller has appointed a Data Protection Officer, whose functions are performed by:
Kinga Smilgin – Data Protection Officer,
Bogdan Spętany – Deputy Data Protection Officer.
Contact details: rodo@lsse.eu or inspektor@cbi24.pl

Detailed information regarding the processing of personal data by LSSE S.A. is included in the information clauses (download links) for the following persons:

  • those contacting us via the contact form on the page https://lsse.eu/kontakt,
  • newsletter subscribers,
  • persons authorized to represent a party to the agreement with LSSE S.A. and their employees/collaborators/ subcontractors/ advisors/ partners,
  • natural persons who are a party to an agreement with LSSE S.A.,
  • participants in events organized by LSSE S.A.,
  • participants in proceedings for the award of a public contract to which the provisions of the Public Procurement Law apply,
  • participants in proceedings for the award of a contract to which the provisions of the Public Procurement Law do not apply,
  • whistleblowers,
  • persons to whom the report pertains and third parties identified in the report,
  • trainees and interns,
  • candidates for employment,
  • employee of LSSE S.A.,
  • beneficiary of ZFŚS,
  • in the area of LSSE S.A.’s video monitoring,
  • recipients of public information,
  • recipients of invoices issued by LSSE S.A.,
  • for contractors in connection with the processing of personal data in KSeF.

Legal bases for the processing of your data:

When collecting your personal data, LSSE S.A. always informs you of the legal basis for its processing under the GDPR, i.e.:

  • Article 6(1)(a) GDPR – means that we process personal data on the basis of the consent obtained,
  • Article 6(1)(b) GDPR – means that we process personal data because they are necessary for the performance of a contract or for taking steps at the request of the data subject prior to entering into a contract,
  • Article 6(1)(c) GDPR – means that we process personal data for the purpose of complying with a legal obligation,
  • Article 6(1)(f) of the GDPR (RODO) – this means that we process personal data for the purpose of pursuing the legally justified interests of the Administrator.

Retention period of your data:

LSSE S. A. retains your data for the period necessary to conduct correspondence or maintain contact, as well as to perform the contract, and for the period specified in the applicable law in this respect, and no longer than is necessary for the purposes arising from the legally justified interests pursued by the Administrator or by a third party, i.e., inter alia, for the purpose of pursuing claims arising from the conducted business. Where the processing is based on the consent of the data subject to the processing of their personal data, such data are retained until the consent is withdrawn.

Rights of data subjects:

Natural persons have certain rights with respect to their personal data, and LSSE S.A., as the Data Controller, is responsible for the implementation of those rights in accordance with applicable law. For any questions or requests regarding the scope or exercise of these rights, and to contact us for the purpose of exercising a specific data protection right, please contact us by e-mail: rodo@lsse.eu or inspektor@cbi24.pl

You are entitled to the following rights:

right of access to data – you may request that the Administrator provide access to your personal data that it processes. The Administrator may provide a copy of the processed data or make available a place for their inspection;

right to rectification – you may request that the Administrator rectify personal data that it processes which are outdated, inaccurate or incomplete;

right to erasure – you may request that the Administrator erase your personal data in situations where:

  • personal data are no longer necessary for the purposes for which they were collected or processed,
  • you determine that the Controller is processing personal data unlawfully and that such processing will be legally justified,
  • personal data must be erased in order to comply with a legal obligation provided for in European Union law or in Polish law

(In all of these cases, your personal data will be erased by the Administrator without undue delay. However, the request will not be complied with where further processing of your personal data is necessary to enable the Administrator to comply with a legal obligation arising from EU or Polish law, or where it serves a legitimate interest of the Administrator, namely for the establishment or pursuit of claims);

right to restriction of processing – you may request that the Administrator restrict processing in situations where:

  • you contest the accuracy of your personal data – for a period enabling the Administrator to verify the accuracy of those data,
  • You consider the processing unlawful, but you refuse erasure of the data and instead request restriction of processing,
  • The Controller has no need to process your personal data, but you require them to prepare, pursue or defend claims,
  • You object to the processing of your personal data pursuant to Article 21(1) GDPR pending a determination as to whether the Controller has lawful grounds that override your grounds;

the right to object to processing – where personal data are processed for purposes arising from the legitimate interests of the Administrator, you may object to their processing. In such a case, the Administrator will cease processing them unless it demonstrates grounds for further processing for the establishment, exercise or defense of claims, or unless it demonstrates that the Administrator’s interest in processing your data overrides your rights. In the event you have given marketing consent, you may at any time request that your personal data no longer be processed for that purpose. In such a case, the Administrator will promptly cease processing them for that purpose;

the right to data portability – where your personal data are processed in an automated manner on the basis of your consent or in connection with the performance of a contract concluded with the Administrator, you may request to receive your data in a structured, commonly used electronic file format (e.g., Excel), so that you can transfer those data to another entity. You may also request that such a file be transmitted to another data controller designated by you;

the right to withdraw consent – where data are processed on the basis of your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal;

Right to lodge a complaint – you have the right to lodge a complaint with the supervisory authority responsible for personal data protection, namely the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa).

The most recent update of this document took place on 08.07.2025.