logo
  1. Privacy Policy and Cookies

Privacy policy of the computer application called "myULMA"


  • I. General provisions

      1. This Privacy Policy ("Policy") applies to the IT application “myULMA” („Application”) provided by “ULMA Construccion Polska” S.A. with its registered office in Koszajec, entered into the Register of Entrepreneurs of the National Court Register under the KRS No.: 0000055818, with the NIP No.: 5270203299 and the REGON No.: 01120152000000 on the basis of remote access through the Internet, enabling Users to access the Content.

      2. Any capitalized terms used in the Policy and not defined separately therein will have the meaning given to them in the Regulations for the Provision of Services via the Application available here.


  • II. Personal Data Controller

      1. To ensure an adequate level of security of the data processed by entities linked by capital and organizationally as well as to ensure the high quality of services provided, the management of personal data is carried out on the basis of co-administration by the following entities:

        1.1. Construccion Polska S.A. with its registered office in Koszajec, address: Koszajec 50, 05-840 Brwinów, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register under the KRS No.: 0000055818, the NIP No.: 5270203299, the REGON No.: 011201520, with share capital fully paid up: PLN 10,511,264.00 (hereinafter also as: "ULMA Polska").

        1.2. 2. ULMA CyE, S. Coop. with its registered office in Oñati (Guipúzcoa) (Spain), Paseo de Otadui 3, Apdo. 13E, 20560, the NIP No.: F20023065, being the parent company of ULMA Construccion Polska S.A. (hereinafter: "ULMA CyE").

        (hereinafter referred to as: «Controllers» o «Co-Controllers»).

    ULMA Cye, as the parent entity of ULMA PL and its subsidiaries, consolidates the business activities of companies operating within the capital group, providing support services in marketing, human resources, management and IT, including the provision of the myULMA application IT environment, and decides on technical means of data processing.

    The Parties concluded an agreement in which they determined the scope of their responsibility in connection with the joint control of personal data, according to which:

      1. ULMA Cye is responsible for the selection of proper technical and organizational means to ensure a level of security corresponding to the identified risks of violating the rights or freedoms of Website Users.

      2. ULMA Construccion Polska S.A. is responsible for the fulfilment of information obligations towards data subjects and acts as a contact point in matters related to the protection of personal data of Website Users.


    ULMA Polska acts as a contact point. You may contact the Controller at: rodo@ulmaconstruction.pl.


  • III. The origin and scope of the data

    We have received your data from you or from the entity you represent, in connection with the contract concluded between this entity and the Controller. This data may have been provided to us, particularly, by entering it into the myULMA application, for the purpose of using it or in connection with its use. As a rule, we process the following data about you: name and surname, position/function, e-mail address or telephone number (if any) and data identifying the entity on behalf of which you act. We may also process data regarding your profession or business activity, your share in a civil law partnership, employment with the Contractor or cooperation with the Contractor of ULMA Construccion Polska S.A. We may also process the PESEL number for members of the authorities, and in the case of proxies, also other data visible on the power of attorney.

    Your personal data has been made available to us by your employer or a person (company) with whom you cooperate in connection with concluding a contract with us, including the participation of a contractor in the process of collecting offers or other mode of concluding contracts or selecting contractors, as well as the performance of such a contract.


  • IV. Purposes of data processing and legal grounds

    Your personal data will be processed in order to:

      1. conclude, implement and settle the Agreement concluded with ULMA Polska (including the license agreement on the basis of which it is possible to use the myULMA application), including for contact purposes related to the implementation and performance of the provisions thereof, in particular in connection with the use of the myULMA application (Article 6(1)(b) of the GDPR — the requirement of data to perform the Agreement),

      2. ensure the proper operation of the myULMA application and its development (Article 6(1)(f) — justified interest of the Controller);

      3. in order to fulfil the legal obligations of the Controller and for purposes arising from legitimate interests pursued by the Controller (Article 6(1)(c)),

      4. Direct marketing during the term of the Agreement concluded with the Controller (Article 6(1)(f)),

      5. In order to pursue other legitimate interests by the Controller, including the possible determination and pursuit of claims or defence against claims (Article 6(1)(f)).

      6. In the case of consent (which can be revoked at any time), by checking the appropriate box in the registration process in the myULMA application, it is possible to accept to receive information related to myULMA


  • V. Data recipients

    Personal data will be accessed by the Controllers' employees, subcontractors and service providers (i.e. providers of IT services, technical support), who need to have access to such data in order to perform their duties.


  • VI. Data storage period

    Personal data will be stored until the lapse of periods specified in the applicable laws, i.e. until the lapse of limitation periods applying to tax liabilities related to accounting documentation, which may, where appropriate, be extended by the limitation period for any claims arising from the contractual relationship. If the data is processed for marketing purposes as part of business cooperation, the cessation of its processing will also take place in the event of an objection to its processing for this purpose.


  • VII. Rights of the data subject

    You have the right:

      to request access to your personal data, the rectification, erasure or restriction of the processing of your data, as well as the right to data portability;

      where the basis for the processing of personal data is the legitimate interest of the Controller – to object at any time to the processing of the personal data on grounds relating to your particular situation,

      to lodge a complaint to the supervisory body, i.e. the President of the Personal Data Protection Office.


    Providing the data indicated in the contract concluded with the Controller or data required to fulfil the obligations arising from the law is mandatory, and failure to provide it will result in the inability to conclude or perform the contract. For other data, their provision is voluntary.

    Personal data will not be used for automated decision-making, including profiling.

    Personal data will not be transferred outside the European Economic Area and the territory of the European Union; however, it may be transferred to other Member States of the European Union, in particular to Spain.


  • VIII. Cookies

    The Controller may place information on the User's end device (e.g. computer, tablet, mobile phone) in the form of cookies ("Cookies"). Cookies are encrypted in such a way that unauthorized persons do not have access to them.

      a. General information about "Cookies"

        1. Cookies are IT data that the web browser and the Application may send to the server each time the Application is used and which are stored on the end device of the Licensee or the User.

        2. Cookies include data such as:

          2.1. the time of its storage on the User's end device;

          2.2. a unique number that has been generated to identify the web browser used by the User to connect to the Application;

          2.3. a unique number identifying the User's end device;

          2.4. the public IP address of the end device from which the request came (it may be directly the User's end device);

          2.5. name of the User's end device — identification carried out by the HTTP protocol, if possible;

          2.6. User name provided in the authorization process;

          2.7. the number of bytes sent by the server,

          2.8. request arrival time;

          2.9. the first line of the HTTP request;

          2.10. HTTP response code;

          2.11. information about the User's browser;

          2.12. error information.

        3. More details about Cookies can be obtained:

          3.1. on the websites: wszystkoociasteczkach.pl and youronlinechoices.com;

          3.2. in your web browser menu in the "help" section.

      b. Types of cookies

        1. The Application uses Cookies, which contain information that allows ULMA to:

          1.1. adapt the Application and the services provided by it to the needs of Licensees and Users;

          1.2. improve the operation of the Application;

          1.3. develop the features of the Application;

          1.4. analyse the traffic and activities of Users within the Application.

        2. Cookies are intended in particular to:

          2.1. optimize the Application;

          2.2. ensure an even load on the servers;

          2.3. handle sessions of using the Application by Users;

          2.4. collect anonymous statistics that help ULMA to better understand the expectations of Users and develop the Application;

          2.5. ensure proper operation of selected Application functions;

        3. As part of the Application, ULMA uses the following types of Cookies:

          3.1. in terms of time for which Cookies are installed:

            3.1.1. "permanent" — remaining on the User's device as long as their lifetime is set or until they are manually deleted. They enable e.g. determining which Users are new and which have already used the Application;

            3.1.2. "session" — temporary files that remain on the User's device until they leave the Application (log out). They enable e.g. determining whether the data should be collected against the current session of using the Application, or whether a new session of using the Application has started.

          3.2. in terms of the purpose for which ULMA uses Cookies:

            3.2.1. basic — installed if the User has given the consent in the settings of the software installed on the end device. Basic Cookies are divided into the following types:

              3.2.1.1. technical — necessary for the Application to work properly and used by ULMA to properly display its pages — depending on the device used, or to remember whether the user has consented to displaying certain content, etc.;

              3.2.1.2. analytical — necessary for ULMA to analyse the functioning of the Application and its use by Licensees and Users, including measuring the effectiveness of marketing activities without identifying personal data and to improve the functioning of the Application;

            3.2.2. marketing – they are saved on the device only with the User's consent. These Cookies enable to direct advertising messages to Users tailored to their preferences, including based on the Users' behaviour as part of using the Application.

      c. Data storage period (Cookies)

      Data collected by Cookies are stored for the period of:


      type of Cookies storage period
      session 1 day
      CookieConsent 1 year
      XSRF-TOKEN 1 day