SMN GROUP

Privacy Policy

SMN GROUP Sp. z o.o. · Version 1.1 · effective from 10 May 2026

Effective date: 10 May 2026
Document version: 1.1

1. Data Controller

The Controller of personal data processed in connection with the use of the smngroup.pl website (the "Website") is:

SMN GROUP Spółka z ograniczoną odpowiedzialnością (Limited Liability Company)
ul. Karoliny 4, 40-186 Katowice, Poland
KRS (National Court Register): 0001179459 (District Court of Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register)
NIP (Tax Identification Number): 9542889747
REGON (Statistical Number): 542028510
Share capital: PLN 5,000.00

Contact details for personal data protection matters:

  • E-mail: rkapcia@smngroup.pl
  • Phone: +48 796 542 794
  • Mailing address: ul. Karoliny 4, 40-186 Katowice, Poland

In the remainder of this document, the Controller is referred to as "SMN GROUP" or "we".

2. Data Protection Officer

SMN GROUP has not appointed a Data Protection Officer (DPO). Pursuant to Article 37(1) GDPR, the conditions for the mandatory appointment of a DPO do not apply — SMN GROUP is not a public authority, does not process special categories of data on a large scale, and does not regularly and systematically monitor data subjects on a large scale.

For all matters concerning the processing of personal data, please contact the Controller directly at: rkapcia@smngroup.pl.

3. Scope of this Privacy Policy

This Privacy Policy sets out the rules for processing personal data of natural persons (the "User") who:

  • visit the smngroup.pl website (and its English-language version available at smngroup.pl/en/),
  • contact SMN GROUP via the B2B contact form,
  • contact SMN GROUP by e-mail or telephone,
  • download informational materials made available on the Website (company one-pager, materials for local governments).

SMN GROUP operates under several operating brands (SMN GROUP, Sales Makers, Twojprad+), which are internal sales and communication channels within a single legal entity — SMN GROUP Sp. z o.o. The operating brands available at sales-makers.pl and twojpradplus.pl publish their own privacy policies tailored to the specifics of their channels (B2C, direct sales), however the Data Controller remains the same company.

4. Purposes and Legal Bases of Processing

4.1. Handling business inquiries (B2B contact form)

  • Scope of data: name, company name, e-mail address, nature of inquiry, message content
  • Purpose: responding to business inquiries, conducting commercial correspondence, presenting our offering
  • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller in handling inquiries directed to the company); to the extent that the inquiry aims at concluding a contract — Article 6(1)(b) GDPR (pre-contractual activities)
  • Retention period: until the correspondence is concluded and for the period necessary to pursue any potential claims, no longer than 3 years from the last contact (in line with the general limitation period for business-related claims — Article 118 of the Polish Civil Code)

4.2. E-mail and telephone contact initiated by the User

  • Scope of data: contact details provided by the User and data resulting from the message content
  • Purpose: conducting correspondence
  • Legal basis: Article 6(1)(f) GDPR (legitimate interest — handling contact initiated by the User)
  • Retention period: as in section 4.1

4.3. Contract performance and management of business relationships

  • Scope of data: contact details of persons representing the counterparty, data arising from contractual and accounting documents
  • Purpose: conclusion and performance of contracts, settlements, accounting documentation
  • Legal basis: Article 6(1)(b) GDPR (contract performance), Article 6(1)(c) GDPR (legal obligations, in particular tax and accounting regulations)
  • Retention period: for the duration of the contract and for the period required by law, in particular:
    • accounting documentation: 5 years from the end of the year in which the tax obligation arose (Article 86 § 1 of the Polish Tax Ordinance Act, Article 74(2) of the Polish Accounting Act)
    • pursuit of claims: up to 3 years from the termination of the contract (or another period resulting from the specific basis of the claims)

4.4. Server logs and Website security

  • Scope of data: IP address, browser information, operating system, date and time of visit, pages visited, source of entry (referrer)
  • Purpose: ensuring Website security, error diagnostics, protection against abuse
  • Legal basis: Article 6(1)(f) GDPR (legitimate interest — system security)
  • Retention period: in accordance with the policy of the hosting provider cyber_Folks S.A. — typically up to 30 days, data may be stored longer in the event of identified security incidents

Conscious decision: SMN GROUP does not use analytics tools (Google Analytics, Plausible, Matomo, Hotjar and similar) or marketing tools (Meta Pixel, LinkedIn Insight Tag, Google Ads). We do not profile Users or target advertising.

5. Recipients of Personal Data

5.1. Data processors under Article 28 GDPR

Processor Role Server location DPA status
cyber_Folks S.A. (cyber-folks.pl) Hosting of the Website and management of the rkapcia@smngroup.pl mailbox Poland Data Processing Agreement concluded with the hosting provider (in line with the standard cyber_Folks S.A. documentation)
Web3Forms (web3forms.com) Intermediation in the transmission of contact form data (transit) United States (Amazon Web Services, US-East region) Standard Contractual Clauses approved by European Commission Decision 2021/914

Data sent through the contact form is transmitted by Web3Forms to the rkapcia@smngroup.pl mailbox hosted at cyber_Folks S.A. — Web3Forms does not retain form data long-term (retention: 30 days on the free plan or 12 months on the extended plan, in line with the web3forms.com privacy policy).

5.2. Professional service providers

Data may be transferred to entities providing accounting, legal and consulting services to SMN GROUP — only to the extent necessary for the performance of these services, on the basis of appropriate data processing agreements (Article 28 GDPR) or under professional confidentiality obligations.

5.3. Public authorities and courts

Data may be disclosed to public authorities (courts, prosecutors, tax authorities, law enforcement) only on the basis of applicable legal provisions and to the extent required by these provisions.

5.4. Internal processing across operating brands

SMN GROUP operates under several operating brands (SMN GROUP, Sales Makers, Twojprad+). All brands function within a single legal entity — SMN GROUP Sp. z o.o. — and constitute internal sales and communication channels.

User data submitted through the smngroup.pl Website may be used internally by all SMN GROUP operating brands to the extent necessary to fulfil the purposes set out in section 4 — on the basis of Article 6(1)(f) GDPR (legitimate interest of the Controller). The data is not transferred to third parties within the meaning of GDPR, as it does not leave the Controller.

6. Transfer of Data to Third Countries (outside the EEA)

Data sent through the contact form is transmitted via the Web3Forms infrastructure located in the United States (US-East region, Amazon Web Services). After initial processing (forwarding to the Controller's mailbox in Poland), the data is deleted from Web3Forms servers in line with their retention policy (30 days / 12 months depending on the plan).

The transfer of data to the USA takes place on the basis of Standard Contractual Clauses (SCC) approved by European Commission Decision 2021/914.

The User has the right to receive a copy of the safeguards applied by contacting the Controller.

7. User Rights

In connection with the processing of personal data, the User has the following rights:

Right Legal basis Description
Right of access Article 15 GDPR To obtain information about the data being processed and a copy of it
Right to rectification Article 16 GDPR To request correction of inaccurate or incomplete data
Right to erasure ("right to be forgotten") Article 17 GDPR To request deletion of data in cases specified by GDPR
Right to restriction of processing Article 18 GDPR To request the suspension of operations on data in specific situations
Right to data portability Article 20 GDPR To receive data in a structured format; applies to data processed on the basis of consent or contract
Right to object Article 21 GDPR To object to processing based on legitimate interest (Article 6(1)(f)), including direct marketing (absolute right of objection)
Right to withdraw consent Article 7(3) GDPR To withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal — applies to data processed on the basis of consent

To exercise any of the above rights, please contact us at rkapcia@smngroup.pl. A response will be provided within one month of receiving the request (with the possibility of extension by 2 months in complex cases — Article 12(3) GDPR).

Right to lodge a complaint with the supervisory authority

The User has the right to lodge a complaint with the supervisory authority, which in Poland is:

President of the Personal Data Protection Office (PUODO)
ul. Stawki 2, 00-193 Warsaw, Poland
https://uodo.gov.pl

8. Voluntary Nature of Providing Data

Providing personal data by the User is voluntary, however in some cases it is necessary to fulfil specific purposes:

  • In the contact form: failure to provide name, e-mail address or message content will make it impossible to respond.
  • In the context of a contract: failure to provide data identifying the party will make it impossible to conclude the contract.

9. Automated Decision-Making and Profiling

SMN GROUP does not make decisions concerning the User based solely on automated processing of data (including profiling) that would produce legal effects or similarly significantly affect the User (Article 22 GDPR).

10. Cookies

10.1. Current state

The smngroup.pl Website is built as a static site (Astro 4) with fonts served from our own server (self-hosted, without Google Fonts). SMN GROUP has consciously chosen not to use analytics or marketing tools:

  • No Google Analytics, Plausible, Matomo, Hotjar or similar traffic measurement tools
  • No Meta Pixel, LinkedIn Insight Tag, Google Ads, TikTok Pixel or similar marketing tools
  • No embedded maps (Google Maps, OpenStreetMap), iframes from YouTube, Vimeo or similar third-party services
  • No social media plugins embedded in the Website content (Like, Share or other plugins)

10.2. Cookies used by the Website

The Website may use only cookies necessary for the proper functioning of the site:

  • Session or configuration cookies of the hosting provider (cyber_Folks S.A.) — may be set by the server infrastructure to ensure stable handling of HTTP requests. These are technical cookies, they do not serve to identify or track the User.
  • Cookies arising from contact form submission — when sending the form, the User establishes a connection with the Web3Forms infrastructure (api.web3forms.com), which may set its own technical cookies solely in the context of this operation. These cookies are set on the web3forms.com domain (third-party cookies) and are subject to the Web3Forms privacy policy available at https://web3forms.com/privacy.

In accordance with Article 398(5) of the Polish Electronic Communications Act of 12 July 2024, cookies necessary for the functioning of the Website do not require User consent.

10.3. No marketing or analytics cookies

Due to the absence of analytics and marketing tools, the Website does not set cookies that would require User consent within the meaning of Article 398(1) of the Polish Electronic Communications Act. For this reason, the Website does not display a cookie consent banner.

If analytics or marketing tools are introduced in the future, SMN GROUP will update this Privacy Policy and implement a consent management mechanism in line with the Polish Electronic Communications Act.

10.4. Managing cookies in the browser

The User can manage cookies at any time through the settings of the browser used:

Disabling technical cookies may cause some functions of the Website to malfunction.

11. Data Security

SMN GROUP applies technical and organisational measures to ensure the protection of personal data, appropriate to the risks and categories of data being processed, in particular:

  • transmission of data via HTTPS protocol (SSL/TLS encryption),
  • restriction of access to data to authorised persons only,
  • conclusion of data processing agreements with processors,
  • verification of providers in terms of GDPR compliance,
  • regular software updates.

12. Links to External Services

The Website may contain links to other websites operated by SMN GROUP under its operating brands (sales-makers.pl, twojpradplus.pl) — data processing on these websites remains under the control of the same Data Controller, however each website publishes a separate privacy policy tailored to the specifics of the channel.

The Website may also contain links to websites operated by external entities (social media profiles, partner websites). The privacy policy of these entities may differ from this one. SMN GROUP is not responsible for the data processing rules of these entities — the User should review their privacy policies directly.

13. Changes to the Privacy Policy

SMN GROUP reserves the right to make changes to this Privacy Policy. Users will be informed of significant changes through an update of the effective date at the beginning of the document.

The currently binding version of the policy is available at: https://smngroup.pl/en/privacy-policy

The Polish-language version of this Privacy Policy is available at: https://smngroup.pl/polityka-prywatnosci. In case of any discrepancies between the Polish and English versions, the Polish version is binding as the original document.

14. Final Provisions

In matters not regulated by this Privacy Policy, the following provisions apply:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
  • Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws 2018, item 1000, as amended),
  • Polish Electronic Communications Act of 12 July 2024 (Journal of Laws 2024, item 1221),
  • Polish Act on Providing Services by Electronic Means of 18 July 2002 (consolidated text: Journal of Laws 2020, item 344, as amended).

Document version: 1.1
Document deployed to production: 10 May 2026

← Back to homepage