Marma Polish Films Sp. z o.o.

Because maintaining the confidentiality of the information you provide is as important to us as it is to you, this Privacy Policy sets out the purpose and method of processing data and defines our obligations with regard to the data entrusted to us.

This Privacy Policy defines the rules for processing and accessing information on the website https://www.marma.com.pl on the devices you (as Users) use to receive services provided electronically.

§ 1
Definitions

1. "Controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller may be designated or the specific criteria for its designation may be provided for by Union or Member State law.
2. "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
5. "Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
6. "Cookies" means IT data, in particular small text files, stored on the devices through which the User accesses the Website.
7. "Website" means the website operated by the Controller at the domain https://www.marma.com.pl.
8. "Device" means an electronic device through which the User accesses the Website.
9. "User" means an entity for which, in accordance with the Terms and Conditions and applicable law, services may be provided electronically or with which an agreement for the provision of electronic services may be concluded.
10. "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

§ 2
Personal Data Controller

1. The Controller of your personal data is: Marma Polskie Folie Sp. z o.o., with its registered office in Warsaw at ul. Postępu 15c, 02-676 Warsaw, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000114206, NIP (Tax ID) 8130140614, REGON (Statistical ID) 690252610, acting as the owner of the brand and the website https://www.marma.com.pl (hereinafter "Marma").
   Contact details of the Controller:
   • Correspondence address: Al. Pod Kasztanami 10, 35-030 Rzeszów, with the note "Personal Data"
   • E-mail address: iodo@marma.com.pl
2. The Controller has appointed a Data Protection Officer, Mr. Mariusz Zajkiewicz.
   Contact details of the Data Protection Officer:
   • E-mail: iodo@marma.com.pl

§ 3
Purpose and legal basis for processing personal data

Your personal data will be processed for the following purposes:

1. performance of the contract for the provision of electronic services – in accordance with Article 6(1)(b) of the GDPR,
2. marketing of products and services – the legal basis for processing is Article 6(1)(a) of the GDPR (consent),
3. handling complaints, claims and inquiries and responding within the framework of these activities – on the basis of Article 6(1)(c) of the GDPR,
4. potential establishment, investigation, enforcement of claims or defence against claims, which constitutes the legitimate interest of the Controller (e.g., debt collection, court and enforcement proceedings) – on the basis of Article 6(1)(f) of the GDPR,
5. preventing abuse and fraud – in order to ensure security in the provision of services – on the basis of Article 6(1)(f) of the GDPR,
6. storing your preferences and settings such as login, password, IP address, date and time of logging in – in this case the legal basis for processing is Article 6(1)(f) of the GDPR in conjunction with Article 399 of the Polish Electronic Communications Law.

§ 4
Scope of personal data collected

1. In the process of registration and further use of the website https://www.marma.com.pl, we ask you to provide your personal data for the purpose of providing services via our website.
2. To provide our services, we need your personal data in the form of: name, surname, e-mail address.
3. The User of the website acknowledges that providing his/her personal data constitutes the beginning of processing by the Controller and is voluntary, however, failure to consent to the processing may result in the Controller not being able to provide electronic services to the User via the website.

§ 5
Retention period of personal data

1. The User's personal data will be stored:
   1. for the duration of the contract until the end of the provision of services, and after the end of the provision of services, for a period of 5 years in connection with obligations arising from generally applicable law (e.g., tax law),
   2. for the time necessary to pursue claims by the Controller in connection with its business or to defend against claims, in accordance with generally applicable law, taking into account the limitation periods specified in generally applicable law,
   3. if consent has been given for the processing of data for a specific purpose – until the consent is withdrawn,
   4. for accountability purposes, i.e., to demonstrate compliance with personal data processing regulations – for the period during which the Controller is obliged to retain the data or documents containing them in order to document compliance with legal requirements and to enable control by public authorities.

§ 6
Cookies

1. Upon your first visit to the website https://www.marma.com.pl, you will receive information about the use of cookies. Cookies are IT data, in particular text files, which are sent by the website to your browser. The browser then sends them back to the website upon subsequent visits to maintain session continuity. They also allow the storage of specific data so that it does not have to be re-entered when returning from another website.
2. Cookies are used on the following legal basis:
   • Article 399 of the Polish Electronic Communications Law (obligation to inform the User about the purposes of storing and gaining access to personal data, as well as the possibility for the User to determine the conditions for storing or gaining access to personal data),
   • Article 6(1)(f) of the GDPR (legitimate interest of the Controller),
   • Article 6(1)(a) of the GDPR (User's consent for more advanced marketing activities such as profiling using third-party cookies).
3. By remaining on the website, you accept the use of cookies, and failure to change your browser settings may be treated as consent, where permitted by law.
4. At the same time, the installation of cookies is necessary for the proper provision of services on the Website (more details in the Terms and Conditions).
5. The User may at any time change the settings of his/her browser with regard to the handling and storage of cookies.
6. The following types of cookies are used on the Website:
   • "Necessary" cookies enabling the use of services available on the Website, e.g., authentication cookies used for services requiring authentication on the Website and necessary to ensure security (e.g., used to detect fraud in the authentication process on the Website);
   • "Functional" cookies enabling the "remembering" of selected User settings and personalisation of the interface, e.g., with regard to the chosen language or region from which the user is logged in, font size, appearance of the website, etc.;
   • "Performance" cookies enabling the collection of information about how the Website is used;
   • "Advertising" cookies enabling the delivery of advertising content more tailored to the User's interests.

§ 7
User rights and obligations

1. The User who has provided his/her personal data to the Controller has the right to:
   • access to his/her data and to receive a copy thereof;
   • rectification (correction) of his/her data;
   • erasure of data (the right to be forgotten);
   • restriction of processing of personal data;
   • data portability to another controller;
   • object to the processing of data, as well as to processing for the purposes of direct marketing;
   • withdraw consent at any time and in any manner if the Controller processes the User's data based on consent, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal;
   • lodge a complaint with the President of the Personal Data Protection Office if the User considers that the processing of personal data violates the GDPR.
2. A complaint may be submitted to:
   President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
3. In exercising the rights referred to in paragraph 1, the User may contact the Controller with a request to carry out specific actions. The request should be sent to the e-mail address: iodo@marma.com.pl.
4. In the event that the User permanently deletes personal data necessary for the Controller to provide services via the website, the User will lose the ability to use those services.

§ 8
Data recipients

1. Recipients of your personal data will be entities providing and supporting the Controller's ICT systems.
2. To the extent justified by the purpose of processing, we will also transfer personal data to entities acting on our behalf, in particular:
   • providers of IT services and solutions,
   • entities providing accounting services,
   • entities providing legal, financial, insurance and administrative services, and
   • auditors.

§ 9
Final provisions

1. Matters not covered by this Privacy Policy shall be governed by the relevant provisions of Polish law.
2. The Controller reserves the right to make changes to this Privacy Policy as a result of changes in legal regulations.
3. The Controller reserves the right to change the Privacy Policy due to technological developments, possible changes in personal data protection law and the development of the Website. Any changes will be communicated to users in a visible and comprehensible manner.

This Privacy Policy takes effect on 30 March 2026.

Full text of information clauses:

For persons submitting an inquiry via the form

For persons taking part in recruitment