GDPR Information clause

With reference to the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation) in force since 25 May 2018, in order to duly protect your personal details and inform you about personal data processing, we hereby declare as follows:

  1. The controller of your personal data is SumiRiko Poland sp. z o. o., company with its registered office in Wolbrom (32-340), ul. 1 Maja 100, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków – Śródmieście in Kraków, XII Commercial Division of the National Court Register, insert no. 0000099563, NIP /Tax Identification Number/: 6371873808, REGON /Business Registry Number/ 357045888 (hereinafter: “Controller” or “Company”).
  2. Should you need any information or have doubt as to the processing of your personal details by the Controller, contact us as by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or by traditional mail at the address of the Company’s seat.
  3. Your personal information will be processed to allow us to establish and maintain business contacts, also in relation to due performance of contracts and services, answer your questions asked through the contact form on the Company’s website or, if necessary, pursue objectives resulting from legitimate interests of the Controller.
  4. Your personal data can be processed based on the legal grounds listed below:
  • performance of a contract or provision of a service, or in order to take steps prior to entering into or performing a contract (Art. 6(1)(b) of the General Data Protection Regulation),
  • your consent to the processing of your personal data (Art. 6(1)(a) of the General Data Protection Regulation),
  • legitimate interests pursued by the Controller (Art. 6(1)(f) of the General Data Protection Regulation), in particular in order to ensure safety of our services and IT networks. In exceptional cases the Company may process personal data in order to seek, determine or defend claims.
  1. Your personal data can be received by:
  • duly authorised employees of the Controllers, data processors working on behalf of the Controller,
  • entities cooperating or related through capital, persons or organisation with SumiRiko Poland sp. z o. o. in Wolbrom,
  • third persons, as necessary to comply with their statutory obligations or execute orders of public authorities,
  • insurance companies,
  • third parties rendering services for the Controller.
  1. Your personal data can be transferred to recipients in countries outside of the European Economic Area, in particular, to entities related to the Company, based in Japan. In such case, the Company will transfer the personal data based on a decision of the European Commission confirming that appropriate safeguards with respect to the protection of personal data have been used. If personal data is transferred to a recipient in a third party, for which no decision has been issued, the Company shall apply appropriate safeguards, including Standard Contractual Clauses drawn up by the European Commission.
  2. Your personal data will be stored throughout the term of the business relationships and for a subsequent period, until all claims connected with the contract expire or until the end of their limitation period or, where personal data is processed based on your consent, until effective withdrawal of the consent or until the purpose of processing is no longer applicable. 
  3. You have the right to access your data as well as to correct (adjust) it, remove, restrict its processing, transfer your data / have it transferred and object to the processing of your data; where the processing is performed based on your consent, you can withdraw your consent at any time, without prejudice to the lawfulness of processing made prior to the withdrawal.
  4. Should you wish to exercise any of your rights, contact us using the contact details presented in section 2 of this document. We will take the necessary steps as soon as we have received your request, within 1 month at the latest.
  5. The data submission is voluntary, but may be necessary for the conclusion of performance of the contract or for performing other actions connected with the provision of the service or answering questions asked to the Controller.
  6. If you do not provide your personal data where voluntary, we may be unable to conclude the contract with you or render services.
  7. Your personal information will be processed in paper or by electronic or automated means, i.e. through traditional mail, email, phone, fax or otherwise.
  8. Your personal data will not be subjected to automated decision-making, including profiling.
  9. If you enter the Company’s website multiple times, a data packet named “cookies” will be saved on your computer. We use cookies in order to improve your experience with the website and create general website traffic statistics with the use of Google Analytics. Cookies do not violate the general principle of confidentiality and do not have negative impact on your terminal equipment. If you do not want to accept cookies, you can set your browser to automatically refuse them.
  10. If you believe that the processing of your personal data violates the General Data Protection Regulation, you can lodge a complaint to the President of the Personal Data Protection Office.