City Security Privacy Policy and Cookies

About us

City Security S.A. with its registered office in Warsaw (00-236), ul. Śwętojańska 5/7, 00-236 Warsaw, entered in the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, XIII Commercial Department of the National Court Register, under KRS number: 0000412576, NIP no. 5252529889. Hereinafter referred jointly with its related Polish companies as the "Group". The company has established Data Protection Inspectorate, available at Persona data is gathered and processed in the manner and under provisions described herein.

General provisions

The Group pays great attention to protect the privacy of its customers, contracting parties and employees. One of its key issues is protection of rights and freedom of natural persons, with relation to protection of personal data.

We make sure the processing of your data takes place in line with the General Data Protection Regulation 2016/679/EC (hereinunder referred to as the "Regulation"), Act on the Protection of Personal Data.

In line with Par. 4 point 7 of the Regulation, the Group companies are administrators of the personal data. The Group also cooperated with processing entities, referred to in Art 4 point 8 of the Regulation, which process personal data by and on behalf of the administrator.

As the Group, we ensure that proper technical and organisational measures are implemented to secure an adequate level of safety against any breach of law or freedom of natural persons, concerning various occurrence possibility and importance of its implementation. We are also preparing policies and procedures, and organise regular trainings that aim at increasing the level of knowledge, awareness and skills of our lawyers in this area.

How is your personal data used?

As an employer we process personal data of our employees and people hired on other basis than an employment contract. The contact details gathered from our contracting parties (e.g. concerning their employees) are used to conclude contracts and execute them in a proper manner. We are also performing marketing operations and within those activates we aim at  reaching the widest group of potential customers to provide them with the most recent information on our products and services.

Third parties that gain access to your personal data get it only upon your consent or when we are obliged to do so by provisions of law. 

What are the rules and basis for your personal data processing?

We pay due diligence to secure interest of the subjects of data, in particular we make sure the data is: 

  • processed according to the law, in a diligent manner and in a way that is clear to people the data refers to;
  • collected for particular, clear and legitimate purposes and not furtherly processed in a manner that infringes the purposes;
  • processed in an accurate and proper manner, and limited to the necessary purposes the data is processed for;
  • correct and when necessary updated; we exercises due care to delete or correct personal data which, with regards to the purpose of its process, is incorrect;
  • stored in a form enabling identification of the person the particular data refer to, for the period which does not exceed the necessary time of storage;
  • processed in a manner securing an adequate safety of the personal data, including protection against prohibited and unlawful process and accidental loss or damage

Your data is usually processed upon gaining your consent, which may be withdrawn at any time. Other cases in which your personal data may be processed include contract execution, which you are a party to, or actions taken at your request, before a contract is concluded. 

In some situations processing is necessary to fulfil legal obligations vested in the administrator. Such obligation may result out of, e.g. provisions of Labour Law or the Accounting Act.

Processing may be also necessary to secure our legitimate interests, for example vindication of claims resulting out of our business activities. 

What are your rights?

We try to put all the information in a clear, understandable and easily accessible manner, provide you, in a clear and straightforward language, with all necessary information and to contact you with regard to the act of processing your personal information and implementation of the legal rights:

  • to information given while gathering your personal data,
  • to information provided upon request - including whether the data is processed and concern other issued stipulated in Art. 15 of the Regulation, including the right to the copy of data,
  • to correct data;
  • to be forgotten;
  • to limit the processing activities;
  • to transfer data;
  • to object;
  • not to fall under the decision vesting on automated process (including profiling),
  • to inform on breach to the data protection.

Information on implementation of the law can be acquired at

How will you be contacted?

The information we provide is expressed in writing or in other forms, including - in relevant cases - electronic way. Upon your request, the information may be provided verbally, only if we can confirm your identity in a different form. When you send the request in an electronic form, if possible, the information will also be delivered in an electronic way, unless you point out other preferable form of communication.

What is the time limit for responding to your request?

We try to answer your request without unnecessary delay. It is usually within a month from receiving your request. If necessary, the period is extended to the next two months due to a more complex nature of the request or the number of requests. In each case however, within a month from the request, we will inform you on actions taken and (in relevant cases) on extending the period, stating the reason of the delay.

Subcontractors/ processing entities

If we cooperate with entities processing personal data by and on our behalf, we use only those processing entities which provide an adequate guarantee to implement proper technical and organisational measures so the processing activities fulfil requirements of the Regulation and secure the rights of people who the data concern. The entities, which are chosen to process your data, are carefully checked. Detailed contracts are concluded with such companies and they are periodically controlled with relation to consistency of the processing operations with provisions of the contracts and rules of law. 

How do we take care of your data?

In order to meet the law requirements, we draw detailed procedures that include such issues as, i.a.:

  • data protection in the designing phase and a default data protection,
  • evaluation of effects on data protection,
  • breach notification,
  • preparation of a log book on data processing activities,
  • data retention,
  • implementation of the rights of people the data refers to.

Our documentation is regularly checked and updated to demonstrate implementation of law requirements pursuant to the settlement rule set forth in the Regulation. We try to incorporate the best market practices, for the reason above, and also out of concern about people who the data concern. 

Data retention

Personal data is stored in a form enabling identification of the person the particular data refers to, for the period which does not exceed the necessary time of storage for the purposes it is processed for. Upon lapse of such time, the data is made anonymous (lack of features enabling identification of the particular person) or is removed. Removal of personal data is full and permanent. In the retention procedure we ensure:

  • limitation of the period, the data is stored for, to the necessary minimum,
  • determination of the time limit for the personal data to be removed and criteria establishment of the removal or a periodical revision.

The period of data protection is determined as the first one, on the basis of law (e.g. time limit for storing employment documentation) and for justifiable interest of the administrator (e.g. marketing operations). The retention policy includes also data under process both, in a paper and in an electronic form. 


We make sure each and every person acting on our behalf and being able to access your personal data processes it exclusively upon our request, except for other requirements arising out of EU laws or laws of a member state. Cookie Files Cookie files are small files saved on your computer, in which settings and other information on websites you have visited are stored. The Cookie files may include settings of a website or be used to track users interaction with the website. We use the Cookie files, among others, to: adjust content of our website to your preferences and to optimise usage of the website, and to  keep your session (after logging in). Thanks to that, user does not need to log in and provide password on each subpage. It also supports and executes activities and helps to ensure safety.