We use information saved by cookies and similar technologies to ensure our website works properly, and for statistical purposes. You can change cookies settings in your Web browser. Using this website without changing cookies settings means that they will be stored in your device’s memory. Click here to read more.


Processing of personal data in the BURY Group

pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (General Data Protection Regulation), so-called GDPR.

This Policy applies to the principles for personal data processing used by the related companies that belong to the BURY Group, i.e.:  BURY Ltd. based in Mielec,  4 Wojska Polskiego Street, 39-300 Mielec, BURY GmbH & Co KG, 1-7 Robert-Koch-Street, 32584 Löhne, Germany; BURY-Tlaxcala S. DE R.L. DE C.V., 104 Avenida Virgen de la Caridad Huamantla, Tlaxcala CP. 90500 (hereinafter: The „Companies”) - as independent administrators of personal data, manners and purposes in which data is processed, as well as the rights of natural persons associated with the collection and use of such data.

In connection with the conducted business activity, the Companies collect and process personal data in accordance with the relevant provisions, in particular in accordance with the GDPR regulations.

Each of the Companies ensures the transparency of data processing, in particular one always informs about the processing of data at the time of their collection, including about the purpose and legal basis of processing.

The companies ensure that the data is collected only to the extent necessary for the indicated purpose and processed only for as long as it is necessary.

While processing data, the Companies ensure their security and confidentiality as well as access to information about processing to the data subjects.

In order to ensure the integrity and confidentiality of data, the Companies have implemented procedures allowing access to personal data only to authorized persons and only to the extent that it is necessary due to the duties they perform. In addition, the companies undertake all necessary measures to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data at the request of the Company.

Personal data controller

The controller of Your personal data is:

  • BURY limited liability company with headquarters in Mielec, 4 Wojska Polskiego Street, 39-300 Mielec – in relation to the personal data processed by BURY limited liability company based in Mielec;
    Contact with the controller is possible via the following e-mail address rodo@bury.com or the address for letters: 4 Wojska Polskiego street, 39-300 Mielec.
  • BURY GmbH & Co KG, Robert-Koch-Straße 1-7, 32584 Löhne, Germany – in relation to the personal data processed by BURY GmbH & Co KG;
    Contact with the controller is possible via the following e-mail address datenschutzbeauftragter@bury.com or the address for letters: 1-7 Robert-Koch street, 32584 Löhne, Germany
  • BURY-Tlaxcala S. DE R.L. DE C.V., 104 Avenida Virgen de la Caridad Huamantla, Tlaxcala CP. 90500 – in relation to the personal data processed by BURY-Tlaxcala S. DE R.L. DE C.V.
    Contact with the controller is possible via the following e-mail address gdpr.mx@bury.com or the address for letters 104 Avenida Virgen de la Caridad Huamantla, Tlaxcala CP. 90500.

(hereinafter referred to collectively as „Controller”, „Company” or „we”)

As part of this Policy, we would like to inform You about:
all forms of the use of information identifying natural persons, hereinafter "personal data" ("processing") in relation to natural persons who are:
a) customers, including potential customers of the Company,
b) partners, associates, employees, statutory representatives, proxies or representatives of these customers, and
c)other persons whose data we process for purposes of performing the contract between the customers and the Company, including for the purpose of issuing or processing invoices 

(collectively referred to in this Policy as "Country" or "Customers").

as well as:

  • about the purpose and manner in which the Company collects, uses and stores Your personal data;
  • on what legal basis this personal data is processed, and
  • what are Your rights and our obligations in relation to the processing of Your personal data.

Types of personal data

Data provided by Customers
In connection with the cooperation between You and the Company, as well as cooperation through intermediaries, including related entities within the BURY Group, we may process personal details you provide, such as:
a) name and surname, company, address of business activity and mailing addresses,
b) numbers held in the relevant registers (e.g. TIN or REGON numbers),
c) PESEL number,
d) contact details, such as e-mail address or telephone or fax number,
e) position occupied by You within Your organization,
f) Bank account number.

In the case of concluding a contract directly between You and the Company, the provision of the data specified above is voluntary, but necessary for the purpose of concluding the contract and cooperation between the Customer and the Company. In the event that You do not enter into a contract directly with the Company, the provision of personal data may be Your official duty.

The consequence of failure to provide data is the inability to implement cooperation between the Company and the Customer.

Data collected from other sources
We may obtain Your personal data from publicly available sources, such as business registers CEIDG or KRS, REGON register in order to verify information provided by Customers. The scope of data processed will in this case be limited to data available to the public in the relevant registers.

We can also collect Your personal data from the entities in which You are employed or which You represent. In this case, the scope of data processed shall include information necessary for the performance of the contract between the Company and such entity, e.g. information about changing contact details or changing the official position.

We can also obtain Your data from the internal databases maintained by our related companies within the capital group. This applies to data which enable contact with a specific Customer who was the recipient or supplier of products of one of the entities related to the Company.

Legal basis for data processing

We may process personal data if we have an important legal basis. Therefore, we process personal data only if:

a) processing is necessary to fulfill contractual obligations towards You, if you are the Party to an agreement concluded with the Company or You place orders for products or services of the Company, or you fulfill the Company orders for Your products or services;
b) processing is necessary in order to fulfill our legal obligations, e.g. the obligation to issue an invoice or other document required by law, or explicitly we are obliged to do so by law;
c) processing is necessary for the legitimate interests of the Company or a third party and does not unduly affect Your interests or fundamental rights and freedoms, e.g. for the purpose of:

  • concluding and performing contracts with Customers being organizational units without legal personality or legal persons;
  • determination or pursuance of civil law claims by the Company as part of its operations, as well as defense against such claims;
  • verification of Customers in public registers;
  • contact with Customers, including keeping internal records of Customers to enable contact with Customers;
  • exchange of data concerning Customers in a group of entities related to the Company.

Periods of data processing

Personal data is processed only for a specific purpose and to the extent necessary to achieve it and for as long as it is necessary.

Your personal data will be kept for the duration of the contract concluded with the Company, and after the termination of the contract - for the period necessary to safeguard potential claims, and fulfill the obligations under the law, and in the case of withdrawal of consent to the processing of personal data or submission of objection - until the withdrawal of consent or the submission objection accordingly. For situation where the processing of personal data is carried out on the basis of legal provisions, data shall be stored for a period resulting from specific provisions, e.g. for 5 years from the end of the calendar year in which the tax payment deadline has expired.

Transmission of personal data

Transmission of personal data within a group of entities related to the Company

We may transfer personal data to our employees and associates, as well as to other entities associated with the Company. This refers to the following situations:

  • providing and servicing systems and IT solutions used to process Customer data by related entities;
  • providing contact details about Customers to the related entities;
  • providing Customer data to related entities in the framework of cooperation between these companies and the implementation of mutual benefits in the field of sales of products and services, such as transport, storage, logistics, legal services.

Transmission of personal data to other recipients

Data may be transferred to recipients and other third parties in connection with the implementation of the objectives listed above, to the extent that they are necessary for them to perform its tasks by the Company, if required by law or if the Company has a different legal basis. The recipients or other third parties may be deemed to be:

  • entities which process personal data at the request of the Company, such as the suppliers of IT systems or entities providing document archiving services;
  • all public administration institutions, authorities of other EU Member States, courts, bailiffs, if required by applicable national or Union law or at their request;
  • courier or postal service providers;
  • transport and forwarding companies;
  • companies providing legal services;
  • debt collection companies;
  • receivables insurance companies;
  • other entities.

Transmission of data outside the European Economic Area

Your personal data may be subject to cross-border transmission to countries outside the European Economic Area ("EEA") and countries where there are no provisions specifying the special protection of personal data. The company has taken steps to ensure that all personal data are adequately protected and that the transmission of personal data outside the EEA is lawful.
In the event of transmission of personal data outside the EEA to a country which, according to the European Commission, does not ensure an adequate level of personal data protection, the transmission shall take place on the basis of a contract that takes into account EU requirements for the transmission of personal data outside the EEA, such as standard contract clauses approved by the Commission European.

Customer rights

You are entitled to:

  • access your personal data processed by the Company. If you believe that any pieces of information concerning You are incorrect or incomplete, You can submit a request for rectification.
  • withdraw Your consent if the Company has obtained such consent for the processing of personal data; basically, we do not process personal data on the basis of the consent (as we usually act on the basis of other legal bases).
  • request for the removal of Your personal data in cases determined by the provisions of the GDPR;
  • request to limit the processing of Your personal data in cases determined by the provisions of the GDPR;
  • express the opposition to the processing,
    Natural persons have the right to limit the processing or submit the objection to the processing of their personal data at any time, due to their special situation, unless the processing is required by law.
    In this case, we shall not continue to process personal data or we shall restrict processing if we are able to demonstrate the legally justified bases for processing or establishing, exercising or protecting our rights.
  • transmit data, i.e. receipt of personal data provided to the Company in a structured, commonly used and readable machine format, and to request transferring of such personal data to another controller of personal data, without any obstructions on the part of the Company and subject to its own confidentiality obligations.
  • submit a complaint to the competent supervisory authority.

The above rights are not absolute; regulations provide for exceptions to their application.

To use the above rights, please send an e-mail or contact the Company by correspondence to the appropriate addresses of the Administrator indicated above in the section "PERSONAL DATA ADMINISTRATOR".

Policy updates

This Policy has been updated on May 25, 2018 and may be subject to further changes. If it is required by law, we shall inform You of any significant changes via our website or other customarily used channels of communication with Customers.