Privacy Policy

What is GDPR?

GDPR (Personal Data Protection Regulation), applicable throughout the European Union as of 25 May 2018, stands for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

The GDPR regulation applies to personal data held by the Controller, i.e. in particular the data of: suppliers of goods and services (including subcontractors), customers, employees and job applicants.

Who is the Controller?

The Controller is. the entity deciding on the purposes and methods of processing your personal data, here Jacek Witt, who runs a company under the name MERIDIAN Konsorcjum Doradcze, with its registered office in Gdynia at ul. Łopianowa 11/3, 81-589 Gdynia.

How can you contact the Controller to get more information
about the processing of personal data?

The Controller has established a Personal Data Protection Coordinator, who can be contacted by e-mail: The Coordinator can be contacted for all matters concerning the protection of personal data.

For what purpose is personal data processed?

Personal data is processed by the Controller for the following purposes:

verification and employment of the employee, on the basis of his/her consent to the processing of personal data (see Article 6(1a) of the GDPR Regulation and Article 9(2a) for special categories of personal data),

performance of the provisions of the employment contract and civil law contracts (based on Article 6(1b) of the GDPR Regulation),

fulfilment of a legal obligation incumbent on the Controller, including towards employees and co-workers in relation to the payment of their taxes, the payment of social, health and other insurance contributions required by law, as well as the execution of bank transfers (based on Article 6(1c) of the GDPR Regulation),

disclosure of an employee’s, co-worker’s or third party’s image, such as a customer’s, on the basis of their consent (see Article 6(1a) of the GDPR),

establishing contact with a person who leaves his or her personal data in the contact form on the website (pursuant to Article 6(1f) of the GDPR Regulation, as necessary for the purposes resulting from the legitimate interests pursued by the Controller),

taking steps to conclude a contract, or in connection with the performance of a contract
with a customer, to which the owner of the personal data is a party (pursuant to Article 6(1b) of the GDPR),

taking steps to conclude a contract, or in connection with the performance of a contract
with a supplier (of a service or a product/goods), including but not limited to subcontractors (based on Article 6(1b) of the GDPR),

direct marketing, including the organisation of conferences, training sessions, and similar events, as well as the sending of emails (based on Article 6(1f) of the GDPR Regulation, as a legitimate interest of the Controller),

pursuing or safeguarding possible claims (based on Article 6(1f) of the GDPR Regulation, as a legitimate interest of the Controller).

For how long may the Controller process personal data?

The Controller processes personal data for the period of:

10 years in the case of employment contracts,

6 years in the case of civil law contracts, including with persons conducting a business activity,

performance of the contract with the customer and after its termination for as long as this results from mutual arrangements and guarantee periods,

contacts with a potential customer for as long as there is reasonable hope of concluding a contract with that customer and selling the services,

until any claims become statute-barred.

In other cases, personal data shall be processed until the owner of the data objects or revokes the consent previously given.

What rights does the person have whose personal data is processed by the Controller?

In relation to the processing of personal data, the person whose data is processed has the right to:

access and rectify the content of the data,

request erasure or restriction of processing,

object to data processing,

data portability,

withdraw consent to processing at any time,

lodge a complaint with the supervisory authority, i.e. the Personal Data Protection Office (, in case of the Controller’s shortcomings.

Does the Controller process special categories of personal data (“sensitive data”)?

The Controller does not process special categories of personal data, i.e. data revealing racial or ethnic origin, political opinions, religious beliefs, sexual orientation, trade union membership or genetic data.

However, under Article 9(2h) of the GDPR, information on the employee’s and job applicant’s health status, resulting, for example, from an occupational physician’s examination or the result of a Covid-19 test, as well as biometric (image) data, i.e. photos and video, are processed on the basis of the data owner’s consent (Article 9(2a) of the GDPR).

Is there an obligation to provide personal data?

The provision of personal data is not mandatory. It is a voluntary act and occurs only with the consent of the data owner, but failure to do so prevents the fulfilment of the purposes listed above, including the conclusion and performance of the contract.

To whom may the Controller make the data available?

Your personal data may be made available to entities cooperating with the Controller in the pursuit of the purpose of processing, including, subcontractors, grant-giving entities and organisations, certification bodies, organisers of events, i.e. conferences or training sessions, as well as an external accounting office, attorney-at-law and banks.

The Controller reserves the right to disclose selected information to competent authorities or third parties who request such information on an appropriate legal basis and in accordance with the provisions of applicable law.

Does the Controller transfer personal data outside the EU?

The Controller transfers personal data to countries where the servers of Google LLC and Microsoft Corporation are located.

Does the Controller process personal data in an automated manner?

The Controller does not automatically process personal data (“profiling”) and does not monitor or collect information, apart from cookies, about the activity on the website.


As the protection of the privacy of the users of the website is of great importance to us, we provide below a ‘cookies’ policy document explaining the principles of processing, i.e. collecting as well as using information about the users of the website.

Cookies are IT data, in particular text files, which are stored in the final device (computer, laptop, smartphone) of the website user (usually a web browser). They do not serve to identify users and their identity is in no way established based on cookies.

Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number. Servers may read cookies from this end device on each subsequent visit.

Two basic types of cookies are used in our website. ‘Session’ cookies, which are temporary files stored in the memory of your browser until you close it. ‘Permanent’ cookies are also used, which remain in your browser’s memory for a longer period of time. They facilitate the use of more frequently visited pages. How long they are stored depends on your browser settings.

We use the following types of cookies on our website:

essential – files enabling you to use the services available on the website, without which the website does not work properly,

functional – they ‘remember’ the settings selected by the User and personalise the interface, such as regards the selected language or region, font size, appearance of the website, etc,

performance – they enable collection of information on the manner of use of the website, help to correct errors occurring on the website, etc,

advertising – they provide advertising content more tailored to the interests of the recipient, so that the same advertisement is not shown over and over again.

It is worth remembering that, in many cases, your web browser, or other browsing software, allows cookies to be stored by default. You can manage cookies yourself at any time by changing your browser settings. It is possible to manage cookies at the level of individual sites selected by the user. Detailed information on the possibility and methods of using cookies is available in the settings of your software (web browser).

The Administrator of the Website informs that restrictions on the use of cookies may affect some of the functionalities available on the Website.