I. GENERAL PROVISIONS

1.1. This privacy policy (hereinafter referred to as the “Policy”) applies to the website at the subdomain www.products.pcc.eu and other websites operated by or on behalf of PCC Rokita SA on which it has been posted (hereinafter referred to as the “Website”). The rules for using the Website are set out in the Terms and Conditions available at https://www.products.pcc.eu/pl/regulamin-serwisu/.

1.2. The Policy does not regulate the rules for the processing of personal data and information about Users on external websites to which the Website contains links. PCC Rokita SA urges you to read the privacy policy set out on those websites after you have moved to them.

1.3. The Website Policy is for informational purposes only, which means that it does not impose any obligations on persons using the Website (hereinafter referred to as “Users”).

1.4. All words, expressions and acronyms appearing on this website and beginning with a capital letter (e.g. Electronic Service) should be understood in accordance with their definition contained in the Website Regulations available on the Website, unless the provisions of the Policy define them differently.

II. PERSONAL DATA ADMINISTRATOR

2.1. The administrator of Users’ personal data is PCC Rokita SA, ul. Sienkiewicza 4, 56-120 Brzeg Dolny, NIP 917-000-00-15, REGON 930613932, , contact e-mail address: iod.rokita@pcc.eu – hereinafter referred to as the “Administrator”.

2.2. The User’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”). Personal data constitutes the data referred to in Article 4 of the GDPR (hereinafter: “Personal Data”).

2.3. In order to comply with legal requirements, the Controller selects and applies appropriate technical and organisational measures to ensure the protection of the Personal Data being processed and secures the data against unauthorised access and processing in violation of applicable regulations.

III. PURPOSE AND SCOPE OF PROCESSING OF PERSONAL DATA, THE LEGAL BASIS FOR ITS PROCESSING AND ITS RECIPIENTS

3.1. The Controller shall take particular care to protect the rights and freedoms of data subjects and, in particular, shall ensure that the Personal Data collected by it is processed:

1. lawfully, fairly and in a transparent manner in relation to the data subject;
2. for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
3. adequately, appropriately and in a manner limited to what is necessary for the purposes for which it is processed;
4. in the most up-to-date version obtained by the Controller and, where necessary, kept up to date;
5. in a form that allows the identification of the data subject for no longer than is necessary for the purposes for which they are processed;
6. in a manner that ensures appropriate security of Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

3.2. The Controller processes the User’s Personal Data:

1. first and last name;
2. company name;
3. e-mail address;
4. telephone number;
5. User’s IP address.

3.3. The User’s Personal Data is processed for the purpose of:

1. creating a Profile;
2. use of specific Electronic Services;
3. marketing the Administrator’s own products and services;
4. marketing the products and services of entities belonging to the PCC Group (a full list of companies can be found at: https://www.pcc.eu/pl/pcc-na-swiecie/), including providing information on the financial situation and securities issues carried out by entities from the PCC Group;
5. ongoing contact with the User;
6. pursuing or defending against possible claims;
7. ensuring the functioning and servicing of communication conducted via Chat and the Virtual Assistant available on the Website.

3.4. The basis for the processing of Personal Data is:

1. with regard to the purpose indicated in points a. and b. above, Article 6(1)(b) of the GDPR, i.e. the performance of a contract or the taking of steps at the request of the User prior to entering into a contract;
2. with regard to the purposes indicated in points c., e., f., g. above, it is Article 6(1)(f) of the GDPR, i.e. the legitimate interests pursued by the Controller;
3. with regard to the purpose indicated in point d. above, it is Article 6(1)(f) of the GDPR, i.e. the legitimate interests pursued by entities from the PCC Group.

3.5. In accordance with the Terms and Conditions, the User should not provide any Personal Data within the Chat and Virtual Assistant. If Personal Data is provided contrary to the provisions of the Terms and Conditions, such data may be processed only to the extent necessary to handle communication.

3.6. Personal Data is stored by the Controller for the period necessary to achieve the purposes for which it is processed, including for the duration of the contract, and in the case of processing Personal Data on the basis of the Controller’s legitimate interest or for marketing purposes – until an objection is raised, unless the Administrator is required by law to process such data for a longer period or it will be stored for a longer period in the event of potential claims, for the period of their limitation specified by law, in particular the Civil Code.

3.7. The recipients of Personal Data processed by the Controller may be entities:

1. entities authorised to process it under applicable law;
2. supporting the Administrator in sending e-mails, and in the case of marketing activities – also in marketing campaigns;
3. providing support and operation of ICT tools and systems (e.g. data storage);
4. entities providing IT and technological tools supporting the functioning of the Chat and Virtual Assistant, to the extent necessary to ensure the operation of these functionalities;
5. carrying out shipments;
6. providing ongoing legal services;
7. providing scanning, printing, correspondence handling, archiving and document destruction services;
8. conducting audits;
9. from the PCC Group supporting the Administrator in the above activities.

3.8. Each User has the right to:

1. access their Personal Data;
2. rectify their Personal Data;
3. request the deletion of their Personal Data;
4. request the restriction of the processing of their Personal Data;
5. object to the processing of their Personal Data;
6. transfer your Personal Data to another controller (to the extent that the basis for processing is the User’s consent or the performance of a contract and the data has been provided by the User and is processed by automated means);
7. lodge a complaint with the President of the Personal Data Protection Office.

3.9. Tools based on automatic information processing, including Chat and Virtual Assistant, are not used to make automated decisions with legal effects on Users within the meaning of Article 22 of the GDPR.

IV. COOKIES

4.1. The Controller uses cookies (small text files) which are stored on the User’s end device in order to facilitate the User’s use of the Website.

4.2. Cookies collect various types of information, which, as a rule, do not constitute personal data (they do not allow the User to be identified). Some information, depending on its content and use, may be assigned to a specific person, e.g. by linking it to the data provided during the User’s registration, and thus be considered Personal Data. The provisions regarding Personal Data apply accordingly to this type of information.

4.3. Cookies enable, among other things:

1. maintaining the User’s session after logging in, so that there is no need to log in separately on each subpage of the Website;
2. remembering information once provided so that the User does not have to fill in the form again each time;
3. adapt the Website to the User’s usage patterns and increase its accessibility for the User;
4. keeping statistics on visits to the Website.

4.4. The information obtained through cookies includes, among other things, the name of the internet service provider, the User’s IP address, and the country of origin from which the User connects to the Website.

4.5. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until they log out, leave the website or turn off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

4.6. In many cases, the web browser allows cookies to be stored on the User’s end device by default. The User may at any time delete cookies stored on their end device or block the possibility of their placement in the web browser settings (including on a mobile phone or other device that allows access to the Internet).

4.7. Detailed information on how to block/delete cookies is available in the “Help” section of the web browser menu used by the User. For example, in Google Chrome, cookie settings can be changed from: Settings → Privacy and security → Cookies and other site data; in Safari: Preferences → Privacy; and in Microsoft Edge: Settings → Privacy, search and services → Cookies and site data. The access paths may vary depending on the browser version used.

4.8. Cookies are not harmful to the User or their device. Restrictions on the use of cookies may affect some of the functionalities available on the Website, enable or significantly impede the proper use of the Website, including the inability to maintain a login session, therefore the Administrator recommends not disabling them in browsers.

4.9. The cookies used by the Administrator serve primarily to optimise the User’s experience when using the Website. However, the Administrator cooperates with other companies in the field of their marketing (advertising) activities and for the purposes of analysing website statistics (including demographic and interest reports using Google Analytics). For the purposes of this cooperation, the browser or other software installed on the User’s device also stores cookies from entities conducting such marketing activities (so-called third-party cookies). The cookies used by these entities are intended to ensure that the User is only presented with advertisements that correspond to their individual interests and needs. In the Administrator’s opinion, displaying personalised advertising is more attractive to the User of than advertising that is unrelated to their needs. Without these files, this would not be possible, as it is the companies cooperating with the Administrator that provide advertising content on the websites visited by the User after leaving the Website.

4.10. The cookies referred to in section 9 above may come from the following companies:

1. Google – information regarding Google’s privacy policy and data collection can be found at: https://policies.google.com/privacy?hl=pl;
2. Facebook – information regarding Facebook’s privacy policy and data collection can be found at: https://pl-pl.facebook.com/privacy/explanation.

For more information about the cookies used by these entities, please refer to their privacy policies.

4.11. The Administrator uses the following Google services on its website:

1. Google Analytics – a service that enables the collection of data for the purpose of analysing website visit statistics. Detailed information on how data is processed in Google Analytics can be found at: https://support.google.com/analytics/answer/6004245?hl=pl. Users can prevent their data from being collected by installing a browser add-on that blocks data transmission to Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=pl;
2. Google reCAPTCHA – a service that allows you to check, based on your behaviour, whether the data on the website (e.g. in a form) has been entered by a human or a machine. The analysis runs automatically in the background when you open the website without informing you. As part of the analysis, the mechanism takes into account various types of information (e.g. IP address, mouse movements, time spent on the website), and the collected data is sent to Google. More information about Google reCAPTCHA can be found on the website: https://www.google.com/recaptcha/intro/v3.html.

4.12. The website uses the following types of cookies:

1. necessary – necessary for the proper display of the website’s functions;
2. functional – saving the User’s preferences;
3. external – allowing the Website to improve its performance based on how the User uses it;
4. third-party – allowing the presentation of advertising content related to the Administrator on websites visited by the User after leaving the Website.

4.13. Data processing within the framework of cookies used on the Website, including third-party cookies, does not lead to automated decisions being made about Users that have legal effects or similarly significantly affect them within the meaning of Article 22 of the GDPR.

V. CONTACTING THE ADMINISTRATOR AND DATA PROTECTION OFFICER

5.1. The User may contact the Controller directly at any time by sending a relevant message in writing or by e-mail to the Controller’s address indicated at the beginning of the Policy.

5.2. The User may contact the Data Protection Officer directly at any time by sending a written message to the following address: PCC Rokita SA, Data Protection Officer, ul. Sienkiewicza 4, 56-120 Brzeg Dolny, or by e-mail to: iod.rokita@pcc.eu.

5.3. The Administrator stores correspondence with the User for the purpose of processing requests and ensuring efficient handling of enquiries, as well as for the purpose of resolving complaints and making any decisions on administrative interventions based on the requests. The addresses and data collected in this way will not be used to communicate with the User for any purpose other than processing the request.

VI. SECURITY

6.1. The Administrator uses technical and organisational measures to ensure the protection of the Personal Data being processed, appropriate to the risks and categories of data covered by the protection, and in particular protects the data against unauthorised access, removal by an unauthorised person, processing in violation of applicable regulations, and alteration, loss, damage or destruction.

6.2. The Administrator shall make available the following technical measures to prevent unauthorised persons from obtaining and modifying Personal Data sent electronically:

1. securing the data set against unauthorised access;
2. SSL certificate on the Website pages where User data is provided;
3. encryption of data used for User authorisation;
4. access to the Profile only after providing an individual Login and Password.

VII. CHANGE OF PRIVACY POLICY

7.1. The Administrator reserves the right to change the Policy in the future – this may occur, among other things, for the following important reasons:

1. changes in applicable regulations, in particular in the field of Personal Data protection, electronic communications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Administrator or User;
2. development of functionality or Electronic Services dictated by advances in internet technology, including the use/implementation of new technological or technical solutions affecting the scope of the Policy.

7.2. The Administrator shall each time post information about changes to the Policy on the Website. With each change, a new version of the Policy will appear with a new date.

7.3. This version of the Policy is effective from 21 January 2026.