Privacy Policy

PRIVACY POLICY COSMOLD Sp. z o.o.

Data Controller

The personal data controller is COSMOLD Sp. z o.o., ul. Antoniego Hedy Ps. "Szary" 23, 27-400 Ostrowiec Świętokrzyski, Poland. KRS: 0001190558, NIP: 6612393347, REGON: 542564237. Contact: phone 720 811 811, e‑mail: rodo@cosmold.pl


Data Protection Officer / contact person

The company has not appointed a separate Data Protection Officer — for matters related to data protection please contact Mr. Rafał Grudniewski, rodo@cosmold.pl, phone 720 811 811.


Scope and sources of data

We process data obtained directly from the individuals whose data is concerned (clients, contractors, suppliers) as well as data obtained during cooperation or from public sources / partners. Example scope:

  • identification data: first and last name, company name, NIP, REGON;
  • contact data: e‑mail address, phone number, postal/delivery address;
  • data necessary to fulfill the order: 3D file specifications, production parameters, instructions, quantities, deadlines, account number/bank payment data to the extent necessary for settlements;
  • accounting and settlement data (invoicing);
  • data concerning complaints and after-sales service;
  • technical data and system logs (e.g. IP address, device data, server logs) necessary to ensure service operation and security;
  • other data voluntarily provided by the person in correspondence or form.


Purposes of processing and legal bases

Data are processed for purposes of:

  • contract performance or pre-contractual measures (Article 6(1)(b) GDPR): provision of 3D printing services, production, delivery, communication related to the order, invoicing;
  • fulfillment of legal obligations incumbent on the controller (Article 6(1)(c) GDPR): accounting and tax archiving, keeping documentation required by regulations;
  • pursuit of legitimate interests of the controller (Article 6(1)(f) GDPR): pursuing claims, defending against claims, ensuring system security, service analysis and development, maintaining business relations, marketing of contractors (until objection is raised);
  • based on consent (Article 6(1)(a) GDPR): sending commercial information electronically (newsletter, offers) — when consent is required.


Special categories of data

COSMOLD generally does not process special categories of personal data (e.g., health data, political opinions). If processing such data becomes necessary, it will be based on a separate legal basis and with additional safeguards.


Data recipients

Data may be disclosed to the following categories of recipients:

  • courier and logistics service providers;
  • IT service providers, hosting providers, CRM/ERP system operators, payment platforms;
  • subcontractors performing production orders;
  • accounting offices, tax advisors, law firms;
  • public authorities and authorized entities when required by law. When transferring data outside the European Economic Area (EEA), appropriate legal safeguards are applied (e.g., standard EU contractual clauses, Commission decisions, other legal mechanisms).


Data retention period

Data will be stored for the time necessary to achieve the purposes for which they were collected and then for the period required by law (e.g., accounting and tax documentation: according to applicable regulations — usually 5 years or another period specified by law). Additionally, data may be stored for a period enabling pursuit/defense of claims in accordance with applicable limitation periods.


Rights of data subjects

Data subjects have the right to:

  • request access to their data;   
  • rectify (correct) data;
  • delete data (right to be forgotten) — to the extent provided by law;
  • request restriction of processing;
  • data portability (if processing is based on a contract or consent and is carried out in an automated manner);
  • object to data processing — including processing for direct marketing purposes;
  • withdraw consent at any time (without affecting the lawfulness of processing before consent withdrawal);
  • lodge a complaint with the President of the Personal Data Protection Office (PUODO), if you consider that processing violates the GDPR.


Automated decision-making and profiling

Data are not used for automated decision-making under Article 22 GDPR nor for profiling resulting in significant legal effects for individuals, unless the person is informed separately.


Voluntariness of data provision

Providing data is voluntary; however, some data are necessary to conclude and perform the contract (e.g., invoicing data, delivery address). Failure to provide such data will prevent order execution.


Cookies and similar technologies

COSMOLD websites may use cookies and similar technologies to ensure website functionality, analytics, and, with user consent, marketing. Detailed rules regarding cookies are provided in the cookie policy (if applicable) or in the browser settings.


Security measures

The administrator implements appropriate technical and organizational measures to ensure an adequate level of personal data security (e.g., access control, encryption where applicable, backup systems, incident management procedures, employee training). Despite the application of safeguards, the risk cannot be completely excluded — the administrator acts to minimize threats.


Privacy policy changes

The policy may be updated. In the event of significant changes, users will be informed appropriately (e.g., e‑mail, website announcement).