Privacy Policy for the website www.hamiltonmay.com



  1. The controller of personal data collected through the website www.hamiltonmay.com is Hamilton May Hamilton Group sp. z o.o. registered in the Entrepreneurs Register by the competent court under the KRS number: 0000377283, registered office: Kraków 31-117, ul. Napoleona Cybulskiego 2, mailing address: Kraków 31-117, ul. Napoleona Cybulskiego 2, Tax Identification Number (NIP): 6762436153, National Business Registry Number (REGON): 121453950, email address: [email protected], hereinafter referred to as the "Controller."
  2. Personal data processed by the Controller through the www.hamiltonmay.com website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, and the Personal Data Protection Act of 10 May 2018.


  1. The Controller processes personal data through the www.hamiltonmay.com website in the following cases:
    • when a user uses the contact form. Personal data is processed based on Article 6(1)(f) of the GDPR as a legitimate interest of the Controller
    • when a user subscribes to the Newsletter to receive commercial information electronically. Personal data is processed after giving separate consent, based on Article 6(1)(a) of the GDPR.


  1. Administrator przetwarza następujące kategorie danych osobowych użytkownika:
    • First name and last name
    • Date of birth
    • Address (residence)
    • Email address,
    • Phone number

  1. User's personal data is stored by the Controller:
    • In the case where the processing of data is based on the performance of a contract, for as long as it is necessary to perform the contract, and after that time for a period corresponding to the statute of limitations. If a specific provision does not state otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity - three years.
    • In the case where the processing of data is based on consent, until the consent is withdrawn, and after the withdrawal of consent for a period corresponding to the statute of limitations for claims that may be raised against the Controller. If a specific provision does not state otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity - three years.
  2. Additional information may be collected during the use of the website, including: the IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, browser type, access time, and the type of operating system. Navigational data, including information about links and references that users decide to click on or other actions taken on the website, may also be collected. The legal basis for such actions is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which aims to facilitate the use of electronically provided services and improve the functionality of these services.
  3. Providing personal data by the user is voluntary. Personal data will also be processed in an automated manner, including profiling, if the user gives consent based on Article 6(1)(a) of the GDPR. Profiling may result in assigning a profile to a specific person for the purpose of making decisions, analyzing, or predicting their preferences, behaviors, and attitudes.
  4. Podanie danych osobowych przez użytkownika jest dobrowolne. Dane osobowe będą przetwarzane także w sposób zautomatyzowany w formie profilowania, o ile użytkownik wyrazi na to zgodę na podstawie art. 6 ust. 1 lit. a) RODO. Konsekwencją profilowania będzie przypisanie danej osobie profilu w celu podejmowania dotyczących jej decyzji bądź analizy lub przewidywania jej preferencji, zachowań i postaw.
  5. The Controller takes special care to protect the interests of the data subjects, ensuring that the data collected by them are:
    • Processed lawfully
    • Collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes
    • Relevant, adequate, and not excessive in relation to the purposes for which they are processed
    • Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data were processed.


  1. User's personal data is transferred to service providers that the Controller uses to operate the website. Depending on contractual arrangements and circumstances, service providers to whom personal data is transferred either follow the Controller's instructions regarding the purposes and methods of processing of such data (data processors) or determine the purposes and methods of processing themselves (data controllers).
  2. User's personal data is stored exclusively within the European Economic Area (EEA).


  1. The data subject has the right to access their personal data, rectify them, erase them, restrict their processing, data portability, object to processing, and withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  2. Legal grounds for user requests:
    • Access to data – Article 15 of the GDPR.
    • Rectification of data – Article 16 of the GDPR.
    • Erasure of data (the right to be forgotten) – Article 17 of the GDPR.s
    • Restriction of processing – Article 18 of the GDPR,
    • Data portability – Article 20 of the GDPR.
    • Objection – Article 21 of the GDPR,
    • Withdrawal of consent – Article 7(3) of the GDPR.
  3. To exercise the rights mentioned in point 2, the user can send an appropriate email message to: [email protected].
  4. If a user exercises their rights resulting from the above-mentioned rights, the Controller will fulfill the request or refuse to fulfill it immediately, but no later than within one month from the receipt of the request. However, due to the complexity of the request or the number of requests, the Controller may extend this period by an additional two months, informing the user in advance within one month of receiving the request about the intended extension and the reasons for it.
  5. If the data subject believes that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the President of the Personal Data Protection Office.


  1. The Administrator's website uses "cookies.".
  2. The installation of "cookies" is necessary for the proper provision of services on the website. "Cookies" contain information necessary for the proper functioning of the site and also allow for the development of general statistics of visits to the website.
  3. The following types of "cookies" are used on the site: session and persistent.
  4. "Persistent" cookies are stored on the user's end device for the time specified in the parameters of the "cookies" files or until they are deleted by the user.
  5. The Controller uses its own cookies to better understand how users interact with the site's content. The cookies collect information about the user's use of the website, the type of page from which the user was redirected, and the number of visits and the duration of the user's visit to the website. This information does not record specific personal data of the user but is used to compile statistics on the use of the site.
  6. The user has the right to decide on access to "cookies" on their computer by selecting them in the browser window. Detailed information on the possibilities and methods of handling "cookies" are available in the software settings (web browser).


  1. The Controller applies technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data covered by protection, in particular, it ensures that data is protected against unauthorized access, taken by an unauthorized person, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.
  2. The Controller provides appropriate technical means to prevent the acquisition and modification of personal data by unauthorized persons, transmitted electronically.
  3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish law apply.
Manage cookies

Accept cookies

Thank you for visiting our website. Your privacy is of utmost importance to us, and data security is our priority. We use cookies to customize content to individual preferences and provide higher-quality services. Please consent to the use of cookies and familiarize yourself with our privacy policy.