Privacy policy

I. Genereal Condition

  1. Website (hereinafter referred to as the “Website”) is administered by Columbus Energy S.A. with its registered seat in Krakow, ul. Jasnogórska 9, 31-358 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Krakow – Śródmieście in Krakow, XI Commercial Division of the National Court Register under the following KRS number: 0000373608, NIP: 9492163154, [email protected] (hereinafter referred to as the “Administrator”).
  2. In the case of using the Website, data of the Website users (hereinafter referred to as the “Users”),  may be collected and used including their personal data.
  3. User data may be collected as a result of: its voluntary provision by the Users (e.g. when filling in the contact form, signing up for the newsletter or using the functionality allowing to provide a telephone number to the Administrator) and the use of cookies – both own and from third parties.
  4. In addition, information about the User’s IP address, the time of the inquiry arrival and sending a reply, the address of the website from which the User was redirected to the Website and the type of software used by the User (type of operating system and browser) may be collected. This information is used for the purposes of administering the Website and producing statistics and analyses.
  5. The Administrator takes care of the safety of Users’ data by applying appropriate organizational and technical measures.
  6. The security of personal data during the transmission is ensured by the SSL transmission protocol used by the Administrator. The protocol encodes data before sending it from the User’s browser and decodes after secure access to the Website server.
  7. The new version of the Privacy Policy has been in force since October 2022.


II. Personal data

  1. The Personal Data Controller of the Users’ personal data is Columbus Energy S.A. with its registered seat in Krakow, ul. Jasnogórska 9, 31-358 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków — Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0000373608, NIP: 9492163154, [email protected].
  2. The Personal Data Controller has appointed a Data Protection Officer.
  3. The Officer can be contacted regarding data protection matters, including the exercise of the rights of Users. Contact with the Officer is possible via the e-mail address [email protected] or by post at Columbus Energy S.A., ul. Jasnogórska 9, 31-358 Krakow.
  4. The Personal Data Controller by means of the Columbus Installer App may process personal data for the following purposes:
    • sending a newsletter to the User – on the basis of Art. 6 sec. 1 letter a of the GDPR, i.e. the User’s consent to send a newsletter; the consent is given by providing an e-mail address and clicking on a confirmation button to subscribe to the newsletter;
    • contacting the User, if they wrote a message to the Personal Data Controller, completed the contact form or left their phone number using the Focus SiteCall tool – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to contact the User
    • direct marketing of the Personal Data Controller’s products and services – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to promote the Personal Data Controller’s products and services;
    • statistics and analysis of Users’ behaviour on the Website – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to make arrangements regarding the use of the Website by Users in order to optimise it to the needs of these Users.
  5. The Personal Data Controller may share personal data with its subcontractors (entities that are used for the purpose of data processing) such as:
    • Aut O’Mattic Ltd. with its registered seat in Ireland – provider of a plugin for Jetpack WordPress used, among others, to analyse data and keep statistics of the Website;
    • Benhauer sp. z o.o. with its registered seat in Poland – a provider of SALESmanago service used to automate marketing processes;
    • Facebook Ireland Ltd. with its registered seat in Ireland – a service provider related to the display of advertisements to Users – Facebook Pixel, to the extent that personal data is processed for the purpose of providing matching, measurement and analysis services (e.g. to provide the Personal Data Controller with analyses and campaign reports);
    • Google LLC with its registered seat in the USA and Google Ireland Limited, a provider of Google services, such as: GSuite – a package of services such as e-mail and virtual disk; Google Analytics – a tool for analysing the Website; Google Ads – a service related to the display of advertisements to Users;
    • Hotjar Limited with its registered seat in Malta – a service provider for analysing User’s traffic on the Website;
    • Zapier Inc. with its registered seat in the USA – provider of Zapier tool used to manage the organisation of work in the Personal Data Controller’s/Administrator’s enterprise.
    • Alfavox sp. z o.o. with its registered seat in Poland – provider of customer experience system service and contact center system used to offer telephone contact to Users.
  6. With regard to personal data contained in the event data concerning the activities of individuals on the User’s websites and applications, which integrate Facebook’s business tools for which the Personal Data Controller and Facebook jointly determine the means and purposes of the processing, the Personal Data Controller and Facebook Ireland are joint controllers of personal data in accordance with Article 26 of the GDPR. More information can be found at this link: https://www.facebook.com/legal/terms/businesstools_jointprocessing.
  7. The joint personal data controller together with the Personal Data Controller is also Criteo SA with its registered seat in France. Criteo SA is the provider of Criteo tool for retargeting and displaying personalised ads to Users. More information can be found at this link: https://www.criteo.com/blog/gdpr-need-know-criteo/.
  8. The following categories of entities may also be the recipients of the User’s personal data: employees and associates of the Personal Data Controller, hosting providers, marketing and advertising agencies, entities providing IT system management and maintenance services, legal advisors. Such entities are provided with Users’ personal data by the Personal Data Controller in accordance with applicable law (for example, pursuant to data processing entrustment agreements, if their conclusion is required in accordance with the GDPR).
  9. The Personal Data Controller does not transfer personal data outside the European Economic Area with the exception of using the services of the following entities: Google LLC, Facebook Ireland Ltd., Zapier Inc.
  10. In the case of Google LLC, LLC Facebook Ireland Ltd. and Zapier Inc., data is transferred to the USA. The transfer of data outside the European Economic Area takes place on the basis of standard contractual clauses (Article 46 sec. 2 of the GDPR). The text of Google’s Standard Contractual Clauses is available at this link: https://privacy.google.com/businesses/processorterms/mccs/. Information on the transfer of data to the USA by Facebook Ireland Ltd. together with information on standard contractual clauses is available at this link: https://www.facebook.com/legal/EU_data_transfer_addendum. Information on the transfer of data to the USA by Zapier Inc. together with information on standard contractual clauses is available at this link: https://cdn.zapier.com/storage/files/46ac3128100f09a5eeda6ceb7bdb61aa.pdf
  11. Personal data processed for the purpose of:
    • sending the newsletter to the User is processed until the User withdraws the consent
    • contacting the User is processed for a period of 3 years from the date of their collection
    • direct marketing of the Personal Data Controller’s products and services – will be stored until:
      • the objection to their processing for such purpose, unless the Personal Data Controller demonstrates the existence of valid legitimate grounds for data processing, overriding the interests, rights and freedoms of the data subject; in this case, the data will be stored until such valid legitimate grounds for processing exist, or
      • the withdrawal of the consent to receive commercial information or to use telecommunications terminal equipment and automated calling systems for direct marketing purposes;
    • statistics and analyses of Users’ behaviour on the Website – is processed for a period of 3 years from the date of their collection.
  12. In order to exercise their rights, the Data Users may contact the Personal Data Controller or the Data Protection Officer.
  13. The User may also contact the Personal Data Controller or the Data Protection Officer in order to obtain information on why the Personal Data Controller has decided that they may process User’s personal data on the basis of legitimate interests.
  14. Providing personal data when using the Website is voluntary. However, if the User fails to provide it, it will not be possible to contact them, send them offers or newsletters.
  15. The Personal Data Controller does not take decisions towards Users that are based solely on automated processing, including profiling, and produce legal effects on Users or similarly significantly affect them.

III. Cookies

  1. As part of the activity of the Website, cookies are used in the Users’ end devices. The use of cookies should be understood as storing and accessing cookies by the Personal Data Controller (Administrator).
  2. Cookies are IT data, in particular text files, which are stored in the User’s terminal device and are intended for the use of websites. Cookies usually contain the name of the website from which they originate, the duration of their storage on the terminal device, content (e.g. action identifiers) and a unique number.
  3. Cookies are used to:
    • adjust the content of the Website to the User’s preferences and optimize the use of the Website; in particular, these files allow to recognise the User’s device and properly display the Website, adapting it to the User’s needs and preferences;
    • adapt the advertisements displayed to the User to their preferences;
    • create statistics and analyses on the use of the Website.
  4. The Website uses two main types of cookies: session cookies (session cookies, session storage) and “persistent” (persistent cookies, local storage). Session cookies are temporary files that are stored in the User’s terminal device until the session expires (e.g. leaving the Website, removing them by the User, or disabling the software). “Persistent” cookies are stored in the User’s terminal device for the time specified in the parameters of cookies or until they are deleted by the User.
  5. The use of cookies does not cause configuration changes in the User’s end device and software installed on such device.
  6. The default settings of web browsers usually allow the storage of cookies in the end devices of Website Users. However, these settings may be changed by the User.
  7. The User has the possibility to specify the conditions for the use of cookies using the software settings (web browser) installed on their terminal device.
  8. The User also has the possibility to change the set conditions for the use of cookies. The change may consist of a partial or complete limitation of the possibility of saving cookies on the User’s terminal device.
  9. Blocking or deleting cookies may cause difficulties in using the Website, e.g. because some of its options will not be available to the User.
  10. The Personal Data Controller informs that in accordance with the provisions of the Telecommunications Act, the consent of the end user to store information or access information already stored in the telecommunications terminal equipment of the end user may also be expressed by the user by means of software settings installed in the terminal equipment used by them. Therefore, in the event that the user does not want to give such consent, they should change the settings of the web browser.
  11. Detailed information on changing browser settings regarding cookies and their deletion can be obtained on the official website of a specific browser. In particular, the above information can be found at the following websites:

IV. Tools used on the Website

  1. As part of the Website, the Personal Data Controller uses IT tools provided by third parties. The use of these tools may involve the use of cookies of such entities.
  2. The Personal Data Controller (Administrator) uses the following tools provided by Google on the Website: Google Analytics, Google Ads, Google Tag Manager.
  3. Thanks to the use of cookies, Google Analytics analyses the traffic and the way Users navigate the Website. The Personal Data Controller (Administrator) uses the data collected by Google Analytics for remakreting/retargeting, reporting impressions in the Google advertising network and for analysing demographic data and interests of Users. The Personal Data Controller (Administrator) can determine keywords, ads, ad groups, and campaigns that most effectively attract customers. The Personal Data Controller (Administrator) may also observe activity on the Website: scroll through the page, copy its elements, the time of activity of a given User and other events. All of this data is collected anonymously. This allows the mechanism of anonymisation of the User’s IP number. Users can prevent the use of their data in Google Analytics. More information on how to do this can be found at this link: https://tools.google.com/dlpage/gaoptout.
  4. Google Ads is used to display relevant ads to the User. Cookies are placed on the User’s device in order to remember the pages that they visit. On the basis of the collected information, personalised advertisements on the pages viewed by the User are displayed. The Personal Data Controller (Administrator) may order advertisements to the recipients of its choice, e.g. to all persons who visited the Website within 7 days. The Personal Data Controller (Administrator) orders the advertising on the basis of aggregate criteria, e.g. to specific target groups, never to a specific User. The settings for personalising ads can be changed in Google services at this link: https://adssettings.google.com/. As part of Google Ads, the Personal Data Controller (Administrator) uses extended conversion options. This feature allow to collect encrypted information collected on the conversion page (e.g. e-mail addresses from contact forms) and then adjusts it to the information about Google users logged in. The extended conversion complements existing conversion tags by sending encrypted conversion data from the Website to Google in a way that protects privacy. The extended conversion feature ensures the confidentiality and security of information by applying the highest industry standards – data is encrypted before sending it to Google (a one-way encryption algorithm called SHA256).
  5. Google Tag Manager is a system for managing tags and codes placed on the Website. As part of Google Tag Manager, Google may collect information about, for example, the ways the service and tags are used and the tags used. This data is used in accordance with Google’s privacy policy.
  6. Google’s privacy policy is available at this link: https://policies.google.com/privacy.
  7. Google may transfer data to third parties. More information about the use of cookies by Google can be found at this link: https://policies.google.com/technologies/cookies?hl=pl&gl=pl.
  8. The Personal Data Controller (Administrator) uses the business tools provided by Facebook, including Facebook Pixel, which is used for marketing activities.
  9. Facebook Pixel “tracks” visits and behaviors of Users who navigate the Website. Thanks to this, it is possible to target user-tailored advertising (remarketing/retargeting).
  10. The Personal Data Controller (Administrator) receives only statistical data from Facebook, without reference to specific Users. In this way, the Personal Data Controller (Administrator) checks the effectiveness of ads on Facebook and Instagram, investigates the market and keeps its own statistics.
  11. The Administrator collects data from Facebook Pixel only for statistical analysis, and orders ads only on the basis of aggregate criteria, never to a specific user.
  12. For more information on the principles of data processing on Facebook, please refer to this link: https://www.facebook.com/privacy/explanation, and the following link is available on Instagram: https://help.instagram.com/155833707900388.
  13. The Personal Data Controller (Administrator) uses tools related to the SALESmanago service provided by Benhauer sp. z o.o. on the Website.
  14. SALESmanago is used to automate marketing processes.
  15. The description of SALESmanago use and information about the collected cookies are available at this link: http://pomoc.salesmanago.pl/monitorowanie-kontaktow-zasada-dzialania-i-zakres zbieranych-informacji/.
  16. The Personal Data Controller (Administrator) uses the code related to the social network LinkedIN on the Website.
  17. The User’s browser may establish a connection to the social network LinkedIN and provide information about the visit to the Website. This applies only to Users who have a profile on the above-mentioned platforms and have given their consent to track their activity.
  18. Details about the processing of data by the social network LinkedIN can be found in the platform’s privacy policy at: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.
  19. The Personal Data Controller (Administrator) uses the tools provided by the Bing search engine operated by Microsoft on the Website.
  20. Privacy information is available at this link: https://privacy.microsoft.com/pl-pl/privacystatement.
  21. The Personal Data Controller (Administrator) may use the Hotjar tool provided by Hotjar Limited on the Website.
  22. The purpose of this tool is to analyse the User’s behavior when using the Website. Hotjar records how the User navigates the Website (including, for example, navigation or cursor movement). However, the Personal Data Controller (Administrator) does not collect any other data of the User using this tool. This tool is used by the Personal Data Controller (Administrator) only to analyse and optimise the functioning of the Website.
  23. More information about Hotjar’s privacy policy can be found at this link: https://www.hotjar.com/legal/policies/privacy/.
  24. It is also possible for a given User to disable the possibility of analysing their behaviour on the Website. More information on this subject can be found at this link: https://www.hotjar.com/legal/compliance/opt-out.
  25. The Personal Data Controller (Administrator) may use the Jetpack plugin provided by Aut O’Mattic Ltd on the Website.
  26. More information about privacy related to this plugin can be found at this link: https://automattic.com/privacy/.