Privacy Policy

We, Vendo Spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Warsaw, Poland, value your privacy, therefore we want to provide you with the most precise information possible regarding the rules of processing your personal data by us.
This privacy policy is addressed to people visiting our website or profiles on social media or other websites, as well as people who contact us via the above-mentioned channels for various purposes: starting cooperation, submitting a complaint, or obtaining an answer to another question, etc.
When we write ‘GDPR’, we mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1. The data controller

The controller of your personal data is Vendo spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Warsaw (postal code 00-003), Poland, at 15 Jasna Street, National Court Register No. 0000929844 (hereinafter: ‘Vendo’). 

In addition to using the contact form on our website, you can also contact us by post (ul. Jasna 15, 00-003 Warszawa), or via e-mail to the following address: 

Vendo has not appointed a data protection officer.
2. The purposes and legal basis for the processing 

Vendo will process your personal data:

a) in order to maintain the website, as well as to make available the content and functionalities collected on it (such as contact forms, newsletter) and thus provide electronic services, on the basis of article 6(1)(b) of the GDPR,

b) in order to enable you to contact us (including via the contact form on our website), answer the question and conduct further correspondence - both by e-mail and via other channels, such as social media, if you choose this form of communication. Processing for this purpose is based on article 6(1)(f) of the GDPR, i.e. the legitimate interest of Vendo, consisting in conducting correspondence addressed to Vendo in connection with the conducted activity, as well as pursuant to article 6(1)(a) of the GDPR, in terms of additional data not required by Vendo and provided by you voluntarily,

c) for the possible conclusion or performance of a contract with Vendo - if you are a (potential or current) customer or contractor and you contact Vendo in connection with the conclusion or performance of the contract, processing then takes place on the basis of article 6(1)(b) of the GDPR (in the case of a client/contractor who is a natural person conducting individual business activity or in the case of a partner in a civil partnership) or pursuant to article 6(1)(f) of the GDPR, i.e. the legitimate interest of Vendo, which is the necessity of processing in the form of taking action in order to conclude or perform a contract with a customer/contractor (in the case of persons acting on behalf of a customer/contractor who is both a natural person and a legal person or other organizational unit, i.e. employees, associates, representatives of such a client/contractor, members of the client's/contractor’s management board, etc.),

d) for the purpose of sending the newsletter, if you wish to receive it, pursuant to article 6(1)(b) of the GDPR,

e) in order to consider any complaints, as well as to establishment, exercise or defence of legal claims, pursuant to article (6)(1)(f) of the GDPR, i.e. the legitimate interest of Vendo consisting in conducting the complaint procedure, as well as to possible establishment, exercise or defence of legal claims in court and out of court;

f) in order to conduct marketing activities, pursuant to article 6(1)(f) of the GDPR, i.e. Vendo's legitimate interest in promoting its own products and services. Sometimes, however, the basis for data processing may not be Vendo's legitimate interest for this purpose, e.g. in the case of cookies that interfere with your privacy, and then the basis for processing will be your consent (article 6(1)(a) of the GDPR).

g) to run Vendo’s profiles (fanpage) on social media and other websites, in particular to respond to reactions and comments. Processing is based on article 6(1)(f) of the GDPR, i.e. Vendo's legitimate interest in ensuring continuity of business communication;

h) for the purposes resulting from your consent, pursuant to article 6(1)(a) od the GDPR. The purpose of processing for which we need your consent will be indicated in its content. We can use this basis for the processing of your personal data, for example in connection with the use of cookies and other technologies that may interfere with your privacy more and are not necessary for the maintenance of our website.
3. Your rights

You have the following rights related to the processing of personal data:

a) the right to withdraw consent to the extent that the basis for processing was the consent (article 7(3) of the GDPR). You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent does not entail any negative consequences,

b) the right to access data (article 15 of the GDPR),

c) the right to request the rectification of your personal data (article 16 of the GDPR),

d) the right to request the deletion of your personal data (‘the right to be forgotten’) (article 17 of the GDPR),

e) the right to request the restriction of the processing of your personal data (article 18 of the GDPR),

f) the right to transfer your personal data (article 20 of the GDPR),

g) the right to object to the processing of data due to a special situation to the extent that the basis for the processing of personal data is the premise of a legitimate interest (article 21 of the GDPR).

You can exercise all the rights described above by writing to Vendo on the data indicated in point 1.

In addition, if you believe that Vendo is processing your data in an unlawful manner, you have the right to lodge a complaint with the competent supervisory authority, which is currently in Poland the President of the Personal Data Protection Office
4. Obligation to provide the data  

Providing data for most of the purposes referred to in point 2 is voluntary, but at the same time necessary to use some services. For example: if you want to contact us using the contact form provided by us, or receive a newsletter from us, you will have to provide your data.

Failure to provide data will result in the inability to perform the activities for which the data is processed. Providing data is not a statutory requirement, but it may be a contractual condition or a condition for concluding a contract (in the case of processing related to the possible conclusion or performance of a contract with Vendo).
5. The period of the data storage

Your personal data will be processed for no longer than it is necessary to achieve the specific purpose described in this policy. This means that your personal data in connection with the correspondence, as well as in connection with the possible process of concluding or performing the contract, will be processed for the period of limitation of potential claims, or for the period resulting from legal provisions, if applicable.

Personal data processed in connection with complaints will also be stored until the claims are time-barred.

In the case of a newsletter, the data will be stored for the duration of the newsletter service, which can be done by clicking on the unsubscribe link in the footer of each newsletter. It is possible, however, that Vendo will also process the data longer, if a claim arises that justifies the longer processing of data

In the case of processing related to marketing activities, the data will be processed until an effective objection is made.

In the case of processing based on your consent, personal data will be processed until it is withdrawn, and sometimes also for a shorter period, e.g. in connection with the expiry date of certain cookies (you can read more about it in the Cookies policy).

Personal data processed by Vendo in connection with the running of social media profiles will be processed until they are deleted (in the case of comments and reactions, and in the case of correspondence, they will be processed until the above-mentioned time, i.e. until the claims are time-barred).
6. Profiling 

Due to the tools used by Vendo, your personal data may be profiled, i.e. automatic evaluation of certain factors relating to you. Vendo performs profiling in order to appropriately select communication materials and materials promoting the activities of Vendo. Profiling for this purpose is performed based on the legitimate interest of Vendo (article 6(1)(f) of the GDPR), consisting in selecting appropriate content and information and promotional materials based on your profile.

However, your personal data will not be processed in an automated manner that may affect your rights or have a similar effect on you.

Profiling is also beneficial for you, as you will receive information and materials in line with your preferences.
7. The recipients of the data 

We work with external service providers to provide certain services. These service providers may use or transfer your personal data. The recipients of the personal data provided by you may include, in particular:

a) entities operating IT systems or providing IT tools;
b) companies providing marketing services;
c) entities cooperating with us in handling legal matters.

In addition, we may disclose selected information to competent authorities (e.g. offices, courts, bailiffs and other institutions) or third parties who submit a request for such information based on an appropriate legal basis and in accordance with applicable law.

8. Social media and other sites

On the Vendo website you will find links to our social media profiles such as Twitter. You can also find us on Github, where our employees and associates share the results of their work.

Remember that while we are able to control the content posted directly on our website and the way in which your personal data is processed, we have no control over how the providers of the above websites process your data.

Familiarize yourself with the information below to know the risks of using the above-mentioned websites, as well as where to look for relevant information.


You can find our Twitter profile directly from the search engine or by using a plug-in on our website.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900 San Francisco, CA 94103, United States.

Information on how Twitter will process your personal data can be found here: If you want to know how Twitter uses cookies, you will find the necessary information here:


We are also available on Github. 

If you want to learn more about the Github privacy and cookie policy, look here:


You can find our page on LinkedIn directly from the LinkedIn search engine, or by using a plug-in on our website.

Your personal data provided on the LinkedIn portal may also be available to the administrator of this portal, i.e. LinkedIn Ireland Unlimited Company (address: Wilton Place, Dublin 2, Ireland) on the terms available at The LinkedIn cookie policy can be found here   

Remember that Vendo has no influence on the way LinkedIn will process your data, as well as the possible transfer of your personal data by LinkedIn outside the European Economic Area.

It cannot be ruled out that this data will be transmitted to LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, in the United States.

Facebook, including joint controllership 

We use the tools provided by Facebook in many ways. First of all, we run a fanpage on Facebook, which you can visit from the plug-in on our website, or by searching for it directly from the search engine.

Facebook also provides us with some of the tools that we use in accordance with our Cookie Policy.

In accordance with Facebook's privacy policy, the data will be processed by the administrator of this portal - i.e. Meta Platforms Ireland Limited (address: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) on the terms available at You can read about Facebook's cookies policy here:

Remember, however, that Vendo has no influence on the way Facebook will process your data, as well as any possible transfer of your personal data by Facebook outside the European Economic Area. It cannot be ruled out that this data will be sent to Meta Platforms Inc. in United States.

Facebook, based on its own provisions and regulations, may collect and process the information contained in cookies of people visiting the fanpage. Based on the data collected in this way, Facebook can create anonymous statements and statistics (e.g. regarding the number or profile of fanpage visitors), which can be made available to Vendo as the fanpage operator.

In this regard, Vendo and Meta Platforms Ireland Limited are joint controllers of your data in accordance with Article 26 of the GDPR with regard to data processing for statistical purposes.

Detailed information on mutual agreements between Vendo and Facebook (including information on the purpose of joint administration, responsibilities) is available at:

9. Transfers of personal data to third countries or international organizations

Due to our presence in social media, as well as the use of services from some of our suppliers and the use of cookies (if you consent to this), certain information about you and your activity, including information that may be personal data, may be used and transfer outside the European Economic Area.

Some of the entities (such as Twitter) are based in the United States, other entities (such as Facebook and LinkedIn) are based in the European Economic Area, but it cannot be excluded that they will transfer the data to maternity companies in the United States.

We inform you about this because the Court of Justice of the European Union (CJEU), in its judgment of 16 July 2020 in the case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd. and Maximilian Schrems, annulled the European Commission's implementing decision ( EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield. Thus, the CJEU recognized the United States as a country that does not ensure an adequate level of personal data protection (in line with European Union standards). In the case of data transfer to the United States, there is a risk that the data may be processed by the US authorities / services for the purposes of control and supervision, possibly without the possibility of pursuing legal claims.

Any transfer of personal data to the United States will be based on standard contractual clauses pursuant to article 46(2)(c) of the GDPR (in connection with Vendo contracts with suppliers of some IT solutions), or on your consent, e.g. if you consent to cookies, it will also be consent to the possible transfer of your personal data to the United States, pursuant to Article 49 (1)(a) of the GDPR in connection with article 6(1)(a) of the GDPR).