Print Flow attaches particular importance to respect for privacy and the protection of personal data. The data is used only and exclusively to the extent that Print Flow has a legal basis for their processing.
In connection with the entry into force on 25 May 2018 of Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / WE („RODO”), we have adjusted to the requirements of the GDPR, the applicable documents in Print Flow regulating the terms of service and privacy policy, specifying the detailed rules of data processing when using Print Flow Sp. z o.o.
All information regarding the rules for the processing of personal data can be found in the „Privacy Policy” tab.


§1. Personal Data Controller

1. The controller of personal data is Print Flow Sp. z o.o. with its registered office in Poznań, Poland (correspondence address: Print Flow Sp. z o.o., ul. Romana Maya 1, 61-371 Poznań, Poland), entered into the Register of Entrepreneurs kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under the number 00000000768524 (hereinafter referred to as the „Controller”).

2. The Controller attaches great importance to the protection of privacy and confidentiality of the personal data processed, and in particular the Controller selects and applies with due diligence appropriate technical and organisational measures to ensure the protection of the personal data processed. Full access to the databases is available only to persons duly authorised by the Controller.

3. The Controller may be contacted by traditional mail at the address specified in Section 1 above or by e-mail at

§2: Basis for Processing Personal Data

1. Providing personal data to the Controller is voluntary; however, failure to provide such data or lack of consent to its use may hinder or make it impossible to take action in order to communicate, provide an offer or conclude an agreement.

2. Personal data shall be processed by the Controller in accordance with the law, including in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) for the purpose of:

a. performance of activities related to the performance of a concluded contract or taking pre-contractual activities, in particular the provision of an offer at the request of the data subject (pursuant to Article 6(1)(b) GDPR);

b. fulfilment of the legal obligation incumbent upon the Controller (pursuant to Article 6 (1)(c) GDPR);

c. marketing of own products or services, including personalised ones (pursuant to Article 6(1)(f) GDPR);

d. pursuing or securing claims (under Article 6(1)(f) GDPR).

3. The legal basis for the processing of personal data may be: (a) consent granted, (b) agreement, or (c) legitimate interest of the Controller (pursuant to Article 6(1) GDPR).

4. Personal data is collected by the Controller from persons who (a) expressed their written or oral interest in establishing a business relationship with the Controller, (b) granted their direct or indirect (e.g. by providing their business card) consent to the processing of their personal data for the purposes of presenting a commercial offer by the Controller, (c) participate in the performance of the agreement concluded with the Controller, (d) represent the Controller’s business partners.

5. The Controller may process the data of persons provided by the persons specified in Section 4 in order to contact the Controller or purchase products or services offered by the Controller. The person providing the Controller with the data of third parties should have the appropriate consent of third parties to provide their data to the Controller. In such a case, the Controller shall make every effort to duly fulfil the information obligation (in accordance with Article 14 GDPR); however, the Controller shall not be liable for unauthorized transfer of data of third parties. i.e. without their due consent.

§3. Scope of Personal Data Processing

1. Personal data is processed only to the extent necessary to perform proper communication (name and surname, position, e-mail address, telephone number, company and company address), including sending information about the Controller and its services, sale of products or services provided by the Controller, and for the purpose of performing the agreement.

2. Personal data may be made available to entities entitled to receive it under the applicable laws, including the competent judicial authorities.

3. Personal data may be made available to authorized employees of the Controller, entities processing data at the Controller’s request, i.e. carriers, postal operators, entities providing accounting services, partners providing technical services (development and maintenance of IT systems, mailing), debt collection companies, entities providing legal services, trusted cooperating entities – subcontractors, in order to provide a specific service.

4. In justified cases, data may be made available or entrusted to entities from the Print Flow Sp. z o. o. if there is an important legal basis for it – consent e.g. in the case of marketing activities, agreement or justified interest, in particular to subsidiaries, affiliated entities, on the basis of a personal data co-processing agreement or personal data processing agreement.

5. Personal data may be subject to profiling operations, including the use for automatic decision making which may produce legal effects, only with the data subject’s consent.

6. Personal data shall not be transferred to a third country.

7. If, in the context of the processing, personal data is transferred to recipients in third countries (outside the EEA), e.g. in the United States, such a transfer of data may take place on the basis of an adequacy decision by the European Commission, i.e. for organisations participating in the Privacy Shield programme, or on the basis of standard contractual clauses in accordance with the European Commission decision or on the basis of the explicit consent of the data subject.

§4 Retention of Personal Data

1. Personal data processed in order to perform the agreement and fulfil the Controller’s legal obligation shall be stored for the duration of the agreement, and after its expiry for the period necessary to: a. perform after-sales service (e.g. complaint handling); b. secure or enforce claims; c. fulfil the Controller’s legal obligation (e.g. resulting from tax and accounting regulations).

2. Personal data processed for the purposes of marketing of own products or services offered by the Controller on the basis of a legitimate legal interest shall be processed until an objection is raised or the scope is changed by the data subject.

3. Personal data processed on the basis of a separate consent shall be stored until the consent is revoked.

§5: Control of the Processing of Personal Data

1. Anyone whose personal data is processed by the Controller has the right of access to the content of the processed data and the right to correct or delete data, limit its processing, the right to transfer data, the right to object to data processing on the basis of the Controller’s legitimate interest or to the processing for the purpose of direct marketing, the right to withdraw consent at any time without affecting the lawfulness of the processing. The Controller shall stop processing personal data and delete it unless it is required by the law to process it further.

2. The exercise of the rights referred to in Section 1 above shall be performed by enabling contact with the Controller in the manner specified in Article 1.

3 of these Rules. 3. Persons whose data is processed by the Controller have the right to lodge a complaint to the supervisory authority – the Office for Personal Data Protection when they consider that the processing of their personal data violates the provisions of law.

4. If you wish to assert your rights in accordance with Article 15-22 GDPR, you can use our contact form on our website. It also enables you to request information about your data, together with the blocking, correction and deletion of such data. If in your opinion we have a data or security leak, you can also report it via email or contact form. PRINT FLOW will check your concern, contact you in the event of questions, or provide you with the relevant answer. PRINT FLOW will never ask you for a password or any other confidential identifying feature. At most we will require from you onlu confirmation that you are in charge to represent company which personal data protection you are interested in.