Privacy Policy

Last updated: 23 March 2026

This Privacy Policy explains how we collect, use, and protect personal data when you use the kenro.org website.

1. Data controller

The controller of your personal data is:

Kenro Polska Spółka Akcyjna (Kenro Polska S.A.)
ul. Bobrowiecka 8
00-728 Warszawa
Poland

KRS: 0000823756 (District Court for the Capital City of Warsaw, 13th Commercial Division)
NIP (Tax ID): 5213887691
REGON: 385352456
Share capital: PLN 7,418,600.00

Data protection contact: kontakt e-mail

2. What data we collect

We may collect the following categories of personal data:

  • Contact data — name, email address, phone number, provided voluntarily via email correspondence;
  • Business data — company name, position, industry, provided voluntarily in the context of business inquiries;
  • Technical data — IP address, browser type, operating system, collected automatically to ensure proper website functionality;
  • Cookie data — language preferences, session information, collected with your consent.

Providing personal data is voluntary but necessary for us to respond to your inquiries or establish business cooperation.

3. Purposes and legal bases

We process your personal data for the following purposes:

  • Responding to inquiries — conducting correspondence and providing information about Kenro's offer and activities (Art. 6(1)(f) GDPR — legitimate interest in communicating with potential business partners);
  • Business cooperation — negotiating terms, entering into and performing contracts (Art. 6(1)(b) GDPR — performance of a contract or pre-contractual measures);
  • Investor relations — contact with investors and strategic partners (Art. 6(1)(f) GDPR — legitimate interest);
  • Legal obligations — fulfilling obligations under applicable law, including tax and accounting regulations (Art. 6(1)(c) GDPR);
  • Website analytics — ensuring proper website operation and analyzing traffic (Art. 6(1)(f) GDPR — legitimate interest);
  • Consent-based processing — where processing is based on your consent (Art. 6(1)(a) GDPR), e.g., for marketing communications.

4. Data retention

We retain your personal data for the period necessary to fulfill the purposes for which it was collected:

  • correspondence data — for the duration of correspondence and 3 years after its conclusion (limitation period for claims);
  • contract-related data — for the term of the contract and 5 years from the end of the calendar year in which the tax payment was due (accounting and tax obligations);
  • consent-based data — until consent is withdrawn;
  • technical and cookie data — as specified in the cookies section below.

5. Your rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15) — to obtain information about and a copy of your processed data;
  • Right to rectification (Art. 16) — to request correction of inaccurate or completion of incomplete data;
  • Right to erasure (Art. 17) — to request deletion of your data ("right to be forgotten");
  • Right to restriction (Art. 18) — to request restriction of processing in certain situations;
  • Right to data portability (Art. 20) — to receive your data in a structured format and transfer it to another controller;
  • Right to object (Art. 21) — to object to processing based on legitimate interest;
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, please contact us at: kontakt e-mail.

You also have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warszawa, Poland, uodo.gov.pl.

6. Data recipients

Your personal data may be shared with the following categories of recipients:

  • hosting and IT infrastructure providers (Cloudflare, Inc.);
  • email service providers;
  • accounting and legal service providers;
  • public authorities where required by applicable law.

We do not transfer personal data to third countries outside the European Economic Area, except where necessary for website operation (e.g., Cloudflare — based on Standard Contractual Clauses).

7. Cookies

The kenro.org website may use the following types of cookies:

  • Essential cookies — necessary for proper website functionality, including language preference storage (PL/EN). Legal basis: Art. 6(1)(f) GDPR;
  • Analytical cookies — collecting anonymous information about website usage. Legal basis: your consent.

You can manage cookie settings through your browser preferences. Disabling essential cookies may affect the proper functioning of the website.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • encryption of connections using HTTPS/TLS protocol;
  • hosting on Cloudflare infrastructure with built-in protection mechanisms;
  • access to data limited to authorised personnel only;
  • regular review of security procedures.

9. Changes to this policy

We reserve the right to update this Privacy Policy. We will inform you of any significant changes by posting a notice on our website. The current version is always available at kenro.org/en/privacy-policy/.

10. Contact

If you have questions about this Privacy Policy or the processing of your personal data, please contact us:

Kenro Polska S.A.
ul. Bobrowiecka 8, 00-728 Warszawa, Poland
Email: kontakt e-mail