The protection of personal data is one of the key tasks carried out by KFE Holding Sp. z o.o. with headquarters in Warsaw, ul. Czerniakowska 71, 00-718 Warsaw, KRS number 0000255059. We will keep you informed about important changes in law, including the rights of the data subjects. The European Parliament published in 2016 the Regulation 2016/679 on the protection of personal data, called the RODO. It has been applicable in the European Union since May 25, 2018.


Frequently asked questions resulting from the so-called information obligation:

Can you have access to your data?
Yes. You can have full access to your personal data. You can also manage your consents to the processing of data to the extent to which personal data is collected on their basis.


Who is the administrator of your personal data?
The administrator of your personal data is KFE Holding Sp. z o.o. with headquarters in Warsaw, st. Czerniakowska 71, 00-718 Warsaw, KRS number 0000255059. You can identify us with the brands we own, ie: KomFort Builing in Europe, KomFort BASE, Legal Building, Mediren. In matters of personal data protection, you can contact the Administrator by email: and by phone: +48 22 465 90 09 or with the Data Protection Officer.


How can you contact the Data Protection Officer?
You can contact the Data Protection Officer appointed by the Administrator at the e-mail address:


For what purpose do we process your personal data?

We process all personal data for purposes related to cooperation, maintaining mutual relations or the will to establish cooperation in the future. In addition, we can process data for marketing and information purposes, e.g. on the ongoing operations of our company as part of the newsletter service.

The legal basis for the processing of your data is:

  1. Consent (Article 6 (1) (a) and (GDP)) - in a situation where we have not yet established business cooperation, and we want to inform you about our activities or offer;
  2. Obligation expressed in a legal provision (Article 6 (1) (c) of the GDPR) - when you make a complaint regarding services provided by our company or when regulations (in particular) of tax law impose on us obligations to store information for evidentiary purposes;
  3. Agreement concluded (Article 6 paragraph 1 letter b) of the GDPR - in a situation where we have established cooperation and based on a personal data processing agreement, e.g. we process your employees' data when it is necessary for the correct performance of the service;
  4. Legally legitimate interest we pursue (Article 6 (1) letter f of the RODO):
  • in a situation where you have already become our clients and as part of the ongoing cooperation, we would like you to be informed about the activities of our company and the offer (marketing of own products or services),
  • in a situation where we terminate the cooperation, we will continue to store certain information for possible fixing, defending, and seeking mutual claims (archival purposes)


Who is the recipient of your data?
Your personal data may be transferred to entities entrusted with processing personal data on the basis of contracts and entities authorized to obtain personal data on the basis of legal provisions. The personal data processed as part of our website are entrusted to the provider of hosting services for us. Your personal data should be forwarded we will also be our authorized employees and associates in order to perform their duties..


Will your personal data be transferred to a third country or an international organization?
We are not currently planning to transfer your personal data outside of the European Economic Area or to an international organization.


How long will your personal data be stored by us?

We will store your personal data by:

  • the period of time determined by the provisions of tax law (ie for a maximum of 5 years from the end of the year in which economic events took place);
  • or until you request a data removal (in cases when you can effectively use this right).

in other situations, not longer than it is necessary to achieve the assumed goal.


What rights do you have?

In connection with the processing of personal data by us, you have the right to:

  • access to the content of your data (Article 15 of the ECR),
  • to correct the data (Article 16 of the GDPR),
  • to delete data (Article 17 of the RODO),
  • to limit the processing of data (Article 18 of the RODO),
  • for data transfer (Article 20 of the RODO),
  • to object to the processing of data (Article 21 of the RODO),
  • the right not to be subject to decisions taken in the conditions of automated data processing, including profiling (Article 22 of the RODO).


Who can you complain to?
In the event that the processing of your data by the Administrator violates the provisions of the RODO, you have the right to lodge a complaint with the supervisory body - the President of the Office for Personal Data Protection.


Is the provision of personal data voluntary or optional?
Providing your data is voluntary, however, to provide services necessary. If you do not provide data, it may sometimes make it difficult or completely impossible to handle cases in a way that is in line with your expectations. In a situation where the processing of data takes place on the basis of art. 6 par. 1 lit. c RODO, ie the obligation expressed in legal regulations, providing data is obligatory.


Where do we get your personal information from?
We have collected your personal data directly from you (on the occasion of contracts concluded) or from widely available sources such as business registers: CEIDG or KRS. The scope of the data we have obtained in this way is: company name, basic address and contact details, and the subject of the business


Will your personal data be processed in an automated way?
Your personal data will not be subject to decisions made in an automated manner, including they will not be profiled.



An individual client and an institutional client (natural person conducting business activity, a civil partnership, a partnership company, general partnership) is entitled to submit an application in the scope of handling his rights resulting from the GDPR, and the Administrator is obliged to consider it according to the following rules:


The Customer may submit an application to the Administrator at any time, starting from May 25, 2018.

The administrator considers the application submitted by the Client or a person acting on his behalf: 

within one month from the date of receipt of the request,

in the case when the demand or number of client requests is complicated, the deadline for replying may be extended by another two months; within one month of receipt of the request, the Data Protection Officer will inform the Client by post about the extension of the deadline, stating the reasons for the delay,

in the event of failure to act in connection with the Customer's request, the Data Protection Officer shall notify the Customer without delay, no later than one month after receipt of the request, of the reasons for non-action and the possibility of lodging a complaint to the supervisory body and taking legal protection measures.


The customer may submit an application for the exercise of his rights and freedoms. The Customer's application should contain the address data as well as the type and details of the request.

The Customer may submit a completed application at the Administrator's office or send it via e-mail to the following address:


The deadline for processing the application starts from the day the Administrator receives the Customer's request..


The customer is entitled to file a complaint in the event of failure to meet the deadline for responding by the Administrator.

On behalf of the Administrator, the Data Protection Officer shall provide the Customer with a reply to the submitted application in writing, by registered letter with a confirmation of receipt or by e-mail if it is in accordance with the Client's request.


The administrator does not charge any fees or commissions for accepting and processing the application.


If you have questions about the application, please contact the Data Protection Officer at the following e-mail address:


Legal basis: Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (Journal of Laws EU L 119 of 4 May 2016)