I. What is the subject of the Privacy Policy?

This Privacy Policy sets out the rules for the processing of personal data obtained via the website available at www.securitymasters.uk/1 and related services.


Personal data collected by Security Masters Sp. z o.o. through the Service are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). Security Masters exercises particular care to respect the privacy of Users visiting the Service.

From the content of our Privacy Policy, you can learn what personal data we collect, how we use it, and what rights you have in connection with the processing of your personal data. If you have any questions or concerns regarding our privacy practices, please contact our Data Protection Officer at iod@securitymasters.pl


II. Who is the data controller?

The owner of the Service and, at the same time, the data controller is Security Masters sp. z o.o., with its registered office at Al. Jana Pawła II 27, 00-867 Warsaw, entered in the National Court Register under number: 0001084202, NIP: 5273095404, REGON: 527558257 (hereinafter referred to as the "Company" or the "Controller"). You can contact us at kontakt@securitymasters.pl or by correspondence sent to our registered office address.


III. Contact regarding data protection

In matters related to the processing of your personal data, you may contact our Data Protection Officer directly, Mr. Piotr Janiszewski, at: iod@securitymasters.pl or by correspondence sent to our registered office address with the note "personal data protection".


IV. How and to what extent do we collect your personal data?

We process personal data that is provided to us directly by users in connection with the use of our website or through contact via available forms, email messages, or other means of communication. Personal data may also be processed in cases where its collection is related to our business activities, including establishing or performing business relationships and cooperation with contractors.

When a user uses the website solely for informational purposes, without taking actions that require the provision of personal data, we process only technical information automatically transmitted by the user's web browser to our server. This data includes, in particular, the IP address, date and time of access, information about the end device, and the browser used, and is processed solely for the purpose of ensuring the proper functioning of the website, its security, and the statistical analysis of how the website is used. More information about the purposes for which we collect cookies and the types of cookies we collect is described in our Cookie Policy


V. For what purpose and on what basis do we process your personal data?

Depending on the nature of our relationship, the type of interaction undertaken, and the purpose for which you provide us with your data, your personal data may be processed for various purposes and on various legal bases. Below, we present a detailed overview of these purposes together with the corresponding legal bases for processing and retention periods, so as to clearly and understandably indicate in what situations and on what basis we process your personal data.

  1. Correspondence handling
  2. Purpose and legal basis for processing: Your personal data will be processed for the purpose of communication (in the case of persons representing other entities, also for business communication), responding to submitted enquiries, and for purposes related to the internal organisation of work at Security Masters on the basis of our legitimate interests (Article 6(1)(f) GDPR). Data may also be processed for the purpose of defending, establishing, and pursuing claims (Article 6(1)(f) GDPR).

    Providing personal data is voluntary but necessary for communication. If the personal data was not provided directly by you, it may have been provided by an entity cooperating with us, for example your employer or principal.

    Data retention period: Personal data will be processed for the period necessary to achieve the purposes of processing, until the expiry of the limitation period for claims, or until an effective objection to the processing of personal data is raised.

  3. Handling contact forms and enquiries
  4. Purpose and legal basis for processing: If you use the contact form available on our website, your personal data to the extent indicated in the form will be processed in order to respond to your enquiry/submission and for further communication regarding that matter. The legal basis for data processing is our legitimate interest (Article 6(1)(f) GDPR).

    Providing data is voluntary.

    Data retention period: Personal data will be processed for the period necessary to respond to the enquiry.

  5. Service maintenance and security
  6. Purpose and legal basis for processing: enabling the use of the website and providing additional functionalities, collecting statistical and analytical data, as well as ensuring the security of the use of the Service.

    Data contained in cookies concerning user activity on the website are processed depending on their type: in the case of cookies necessary to enable the use of the website, the legal basis is Article 6(1)(b) GDPR; in the case of other cookies, the basis is the user's voluntary consent. More information on the use of cookies can be found below in the cookie policy.

    Providing data is voluntary.

    Data retention period: Data is processed until the user withdraws consent to the use of cookies or until the purpose of processing expires.

  7. Sending marketing content
  8. Purpose and legal basis for processing: If you have given your consent to receive marketing content, your data is processed for the purpose of carrying out promotional activities and marketing communication. If consent has been given to marketing communication, including the provision of commercial information regarding our own products and services, the processing is based on our legitimate interests (Article 6(1)(f) GDPR). Providing data is voluntary.

    Providing data is voluntary.

    Data retention period: Data is processed until the user withdraws consent to marketing communication.

  9. When you are our client or a collaborator of our client, or you have expressed an interest in learning about our offer
  10. Purpose and legal basis for processing: Your personal data will be processed for the purpose of concluding a contract and carrying out cooperation related to the concluded contract. In the case of persons with whom a contract has been concluded directly, the legal basis for such processing is the performance of the contract (Article 6(1)(b) GDPR). If the contract has not been concluded directly with you, the cooperation is carried out between us and the entity you represent. In the case of cooperation with employees of our clients, the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR). Data is also processed for communication purposes and for carrying out internal administrative activities on the basis of our legitimate interests (Article 6(1)(f) GDPR). Data is also processed in order to fulfil legal obligations imposed on Security Masters, which are related in particular to maintaining accounting records, tax law, and accounting rules (Article 6(1)(c) GDPR in conjunction with national law provisions). In addition, data may be processed for the purpose of pursuing, establishing, and securing claims on the basis of our legitimate interests (Article 6(1)(f) GDPR).

    Providing personal data is voluntary but necessary for communication. If the personal data was not provided directly by you, it may have been provided by an entity cooperating with us, for example your employer or principal.

    Data retention period: Personal data will be processed for the period necessary to achieve the purposes of processing, until the expiry of the limitation period for claims, or until an effective objection to the processing of personal data is raised.


VI. How is your personal data shared?

We will transfer your personal data to other recipients entrusted with processing personal data on behalf of and for Security Masters, for example service providers supporting customer service, the hosting and IT infrastructure provider (Zenbox sp. z o.o.), mailing system/CRM providers (ActiveCampaign LLC), the payment operator and bank (Paynow / mBank S.A.), software providers, courier companies, law firms, and other subcontractors. We entrust your data only to verified entities that care for its security.

Personal data may be transferred outside the European Economic Area (EEA) while ensuring the application of appropriate safeguards provided for in Chapter V of the GDPR. This applies mainly to cases in which we use services operated on servers located outside the EEA. In other cases, we do not transfer your data to third countries.


VII. Your rights - you decide

Depending on the legal basis for data processing, you have different rights. You can exercise them by contacting the Data Protection Officer at: iod@securitymasters.pl

A person whose personal data is being processed has the following rights:

  • to access their personal data and receive a copy of the personal data being processed - commonly known as a "data subject access request". This makes it possible to obtain a copy of the personal data held by Security Masters and to check whether it is being processed lawfully;
  • to request rectification, correction, or updating of the personal data we hold. This makes it possible to correct incomplete or inaccurate information about you;
  • to request erasure of data (the right to be forgotten) in the circumstances provided for in Article 17 GDPR - this makes it possible to request the deletion or removal of personal data if we have no justified reason for continuing to process it. If for any reason we must continue to process your data, we will inform you of this;
  • to request restriction of data processing in the cases indicated in Article 18 GDPR - this makes it possible to request the suspension of personal data processing, for example if the person to whom the data relates wants us to verify the accuracy of the data or the reason for its processing;
  • to object to data processing in the cases indicated in Article 21 GDPR. This right may apply where the processing of personal data is based on the legitimate interests of the Controller. You may object on grounds relating to your particular situation.
  • to data portability of the data provided, processed by automated means;
  • to withdraw consent, if the processing of personal data is based on consent (for example when documents related to recruitment are submitted voluntarily). The data subject may withdraw consent to the further processing of their personal data at any time without giving a reason. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

If you believe that your personal data is being processed unlawfully, you may lodge a complaint with the supervisory authority (UODO, ul. Stanisława Moniuszki 1A, 00-014 Warsaw, https://uodo.gov.pl/pl/p/dla-obywatela)


VIII. Final information:

This Privacy Policy is for informational purposes and may be subject to periodic updates, in particular in the event of changes in legal regulations, the methods of processing personal data, or the scope of our business activities. The current version of the Privacy Policy is published each time on the Controller's website.

It is recommended to review the content of the Privacy Policy regularly in order to obtain information about the current rules for processing personal data.

The Privacy Policy is effective as of the date of its publication.

Date of last update: 22.01.2026

Trust experts with global and corporate experience

PROTECT YOUR COMPANY