Privacy policy

Last update 01.11.2020

While respecting the right to privacy of persons who have entrusted Rohhe Ltd. (further as “Rohhe”) with their personal data, including the users of our services, our contractors and their employees, we would like to declare that we process the acquired data in accordance with national and European laws and under conditions that guarantee their safety.

In order to ensure the transparency of the processing, we present Rohhe’s applicable personal data protection rules established on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, further as “GDPR”).

The controller of your personal data, i.e. the entity that decides on the purposes and means of processing, is Rohhe sp. z o.o. based in Tarczyn, ul. Al. Krakowska 19A (post code: 05-555). You can also contact us by email at:

Rohhe is a manufacturing and trading company. In carrying out our business functions, we process personal data for the following purposes:

Purpose of processing
Legal basis and data retention period Legitimate interest (point of Art. 6(1) of GDPR), if any
Activities aimed at concluding and performing a contract with a customer or contractor Point b of Art. 6(1) (regarding
customers); point f of Art. 6(1) of GDPR (regarding persons cooperating with us on behalf of the customer/contractor)
For a period of time specified by the contract, agreed by the parties or necessary for the performance by the controller of obligations requiring data processing
Need to contact employees/co-workers of customers and contractors in connection with actions taken to conclude or perform a contract.
Handling complaints, requests and claims



Points b, c and f of Art. 6(1) of GDPR
For the duration of the contract or until the warranty expires or the claim is settled


Need to contact employees/co-workers of customers in connection with the handling of complaints, requests and claims


Determination, redress and defence of claims


Point f of Art. 6(1) of GDPR
For a period of time until the expiration of the statute of limitations for claims resulting from the contract – in accordance with applicable law


The processing of data of customers or contractors and their employees/co-workers in connection with determination, redress and defence of claims


Maintenance of billing, accounting and financial reporting


Point c of Art. 6(1) of GDPR
For a period of time until the expiration of data retention obligations under the law, in particular the retention of accounting documents (as a rule, for 5 years after the year in which the legal event that put an obligation to issue an accounting document occurred)


Keeping statistics


Point f of Art. 6(1) of GDPR
For the duration of any other processing operation indicated in this table. We do not store personal data solely for statistical purposes


Improvement of business operations through lessons learned from statistical activities


Conducting marketing activities (including by means of electronic communication)


Point f of Art. 6(1) of GDPR
In the case of marketing using a telephone number or e-mail address, the data controller will obtain consent for the communication channel in accordance with the Electronic Services Act or the Telecommunications Law.
Until you file an objection, i.e. show us in any way that you do not want to stay in touch with us or receive information about the activities we undertake, or until the statute of limitations for claims


Conducting marketing activities promoting products and services


Data processing as part of Rohhe’s Facebook profile


Point f of Art. 6(1) of GDPR
Data is co-administered by Rohhe and Facebook.
Data will be processed until you object to the processing


Conducting ongoing correspondence using tools provided by Facebook, including Messenger, and conducting other marketing activities


Processing of cookies


Point f of Art. 6(1)of GDPR
Data will be processed for the periods indicated in the Cookie Policy or until you object to the processing.
The objection can be made only by changing the settings of the end user’s browser which will prevent the collection of information using cookies


Adaptation of website content to users’ needs, including for marketing purposes, optimization of use of websites


Management of human resources – employees and co-workers


Points a, b, c and f of Art. 6(1) of GDPR; Point b of Art. 9(2) of GDPR
In accordance with current legislation requiring the archiving of labour law documents, i.e., personnel files are kept for 50 or 10 years.
A 10-year retention period for documentation regarding employment relationship and personnel files of an employee is applied to all employees employed after 1 January 2019.In the case of employees employed after 31 December 1998 and before 1 January 2019, documentation regarding employment relationship and personnel files will be kept for 50 years from the day of expiry or termination of employment, and in the case of above-mentioned employees for whom the employer submits an information report referred to in Art. 4(6a) of the Social Insurance System Act of 13 October 1998, the documentation and file retention period shall be shortened to 10 years from the end of the calendar year in which the report was submitted.

If the retention period for selected documents is shorter, the data controller shall respect that shorter period.

Civil-law contracts shall be kept until the expiry of the statute of limitation for resulting claims

Dissemination of an employee’s/co-worker’s image on the basis of legal and copyright consent
Conducting recruitment Points a and c of Art. 6(1) of GDPR (regarding candidates for employees); Points a and b of Art. 6(1) of GDPR (regarding candidates for co-workers)
Up to 6 months from the end of the recruitment process, and in the case of consent given for further recruitment processes, no longer than one year



If the deadlines for the retention of documents indicated under the heading “Maintenance of billing, accounting and financial reporting” are longer than the deadlines appropriate for the redress of possible claims, the indicated longer deadlines shall apply.

In connection with its operations, Rohhe will disclose your personal data to the following entities:

  • state authorities or other entities authorized by law,
  • entities supporting us in our operations on our behalf, in particular: providers of external ICT systems supporting our operations, including Microsoft, entities auditing our operations, entity providing accounting services or entities cooperating with Rohhe within the framework of marketing campaigns, while such entities will process data on the basis of an agreement with Rohhe and only in accordance with our instructions,
  • payment service providers within the meaning of the Act of 19 August 2011 on payment services to banks, in case of the need to conduct settlements,
  • in the case of job candidates – also to online recruitment portals.

Every person whose data is processed by Rohhe is entitled to:

  • access their data and receive a copy of such data,
  • rectify (correct) their data,
  • remove their data,
  • limit the processing of their data,
  • transfer their data – if the legal basis for their processing is consent (Point a of Art. 6(1) or Point a of Art. 9(2) of GDPR) or contract (Point b of Art. 6(1) of GDPR),
  • file an objection against their personal data processing – if the legal basis for their processing is a legitimate interest (Point f of Art. 6(1) of GDPR).

More information on the rights of data subjects may be found in Art. 12-23 of GDPR.

Moreover, a person whose data is processed by Rohhe is entitled to file a complaint with the supervisory authority, namely President of the Office for Personal Data Protection. More information at:

The provision of data is necessary for the conclusion of contracts and the settlement of business operations, and for Rohhe to comply with legal requirements. This means that if you want to use the services we offer, become our contractor (supplier) or employee/co-worker, you need to provide your personal data.

If your employer or other entity has designated you as a contact person in connection with entering into/performance of a contract with Rohhe, your data will be processed to the extent disclosed by that entity (normally it is first and last name, position, email address and telephone number).

To the remaining extent (in particular, the processing of data by Rohhe for marketing purposes), the provision of data is voluntary.

As a general rule, personal data will not be transferred outside the European Economic Area (further as: “EEA”). However, given the provision of services by our subcontractors in the implementation of support for ICT services and IT infrastructure, Rohhe may outsource certain activities or IT tasks to recognized subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA.

According to the European Commission’s decision, recipient countries outside the EEA shall ensure an adequate degree of personal data protection in accordance with the EEA standards. For recipients in the territory of countries not covered by the European Commission’s decision, in order to ensure an adequate degree of such protection, the controller shall enter into agreements with recipients of personal data that are based on the standard contractual clauses issued by the European Commission in accordance with Point c of Article 46(2) of GDPR.

A copy of the standard contractual clauses may be obtained from the controller – their contact information is given above. The method used by the controller to secure your data is in accordance with the principles provided for in Chapter V of GDPR. You may request further information about the safeguards applied in this regard, obtain a copy of these safeguards, and find out in which locations they are shared.

Your personal data will not be used for the purpose of automated decision-making (including in the form of profiling) in such a way that such automated processing could result in any decisions that would produce legal effects or similarly affect any effects on customers, contractors, their employees/co-workers, as well as employees/co-workers of the controller or job applicants.