Have questions? +48 601 884 781
Filling machines
Filling machines
Bag in Box valves
Bag in Box valves Specialised valves
Bag in Box packaging
Chemicals and cosmetics Liquid egg products Alcoholic beverages Non-alcoholic beverages Oils Aseptic packaging Post mix Dairy products Soups and sauces Others

Privacy Policy

2026-03-03

1. General information

This Privacy Policy sets out the rules for the processing and protection of personal data in connection with the business activity conducted by BiBP Sp. z o.o., in particular in relation to the use of the website, B2B commercial activity, contract execution, marketing activities and recruitment processes.

This document fulfills the information obligation referred to in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

The Controller applies appropriate technical and organizational measures to ensure the security and confidentiality of personal data.

2. Data Controller

The controller of personal data is:

BiBP Spółka z ograniczoną odpowiedzialnością
ul. Staszica 19
32-640 Zator
Poland

Tax ID (NIP): 5492437589
REGON: 123070407
KRS: 0000502417
BDO: 000089601

Contact regarding personal data protection matters:
e-mail: ms@bibp.pl

The Controller has not appointed a Data Protection Officer.

3. Scope of processed personal data

The Controller may process the following categories of personal data:

  • identification data (name, surname),
  • contact details (email address, phone number),
  • business-related data (company name, job position),
  • data provided via contact forms,
  • data contained in email correspondence,
  • data included in recruitment documents (CV),
  • technical data (IP address, browser type, operating system),
  • analytical and statistical data collected through cookies and server logs.

Providing personal data is voluntary; however, in some cases it may be necessary to respond to inquiries or conclude a contract.

4. Sources of personal data

Personal data may be obtained:

  • directly from the data subject,
  • from employers or business partners (in B2B relationships),
  • from publicly available sources (e.g. company websites, LinkedIn),
  • from the Controller’s IT systems and server logs.

5. Purposes and legal bases of processing

Personal data are processed for the following purposes:

5.1 Handling inquiries and business communication

Legal basis: Article 6(1)(b) and Article 6(1)(f) GDPR
(legitimate interest of the Controller consisting in business communication)

5.2 Performance of contracts and business cooperation

Legal basis: Article 6(1)(b) GDPR

5.3 Direct marketing of the Controller’s own products and services

Legal basis: Article 6(1)(f) GDPR

5.4 Newsletter (if applicable)

Legal basis: Article 6(1)(a) GDPR (consent)

5.5 Recruitment processes

Legal basis: Article 6(1)(a), (b) and (c) GDPR

5.6 Website operation and IT security

Legal basis: Article 6(1)(f) GDPR

6. Legitimate interests of the Controller

The Controller’s legitimate interests include in particular:

  • conducting business activities,
  • marketing of own products and services,
  • ensuring IT and website security,
  • establishing, exercising or defending legal claims.

7. Data recipients

Personal data may be disclosed to entities cooperating with the Controller, including in particular:

  • IT service providers and hosting companies,
  • entities maintaining IT infrastructure,
  • providers of analytical and marketing tools (Google, Meta, LinkedIn),
  • Microsoft 365 service providers,
  • accounting offices,
  • legal and tax advisors.

Such entities process personal data on the basis of data processing agreements.

8. Transfers of personal data outside the EEA

Due to the use of global IT and marketing tools, personal data may be transferred outside the European Economic Area.

Such transfers take place in accordance with GDPR, based on:

  • Standard Contractual Clauses approved by the European Commission,
  • adequacy decisions,
  • the EU–US Data Privacy Framework (where applicable).

9. Data retention period

Personal data are stored:

  • for the duration of correspondence,
  • for the term of the contract and statutory retention periods,
  • until consent is withdrawn (where processing is based on consent),
  • until the expiration of limitation periods for potential claims.

10. Rights of data subjects

Data subjects have the right to:

  • access their personal data,
  • rectify personal data,
  • erase personal data,
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent at any time,
  • lodge a complaint with the President of the Polish Personal Data Protection Office.

11. Profiling and automated decision-making

Personal data are not used for automated decision-making producing legal effects concerning the data subject.

Data may be used for statistical and marketing analysis, which does not significantly affect the legal situation of the data subject.

12. Data security measures

The Controller applies appropriate technical and organizational measures to protect personal data, including in particular:

  • SSL encryption,
  • access control to IT systems,
  • IT infrastructure security measures,
  • internal data protection procedures.

13. Amendments to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy at any time.

The current version is published on the website.

Last update: 25.02.2026