Hereby, in the interests of the security of your personal data, and of the rights which you are entitled to,
complying with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of
27 April 2016 on the protection of individuals with regards to the relation to the processing of personal data and
on the free movement of such data and repealing of Directive 95/46/EC (in the text, as “GDPR”), I would like to
update and complement the information and the details of the processing of your personal data.ADMINISTRATOR


The controller of personal data is Biznes Up Egberss Kocel Sikorski, headquartered in Oblaczkowo 11c, 62-300
Wrzesnia, entered in the register of Entrepreneurs of the National Court Register under the number 0000749000,
hereinafter as: “Administrator”.


This clause is addressed to:

  1. Recipients/Suppliers of goods/services which are contractors to the administrator, irrespective of their legal form (hereinafter referred to as “third party”);
  2. Persons providing work/services in the name of or on behalf of the third party, on the basis of the legal relationship between the administrator and the third party, i.e. their employees, contractors, subcontractors, service providers, agents or prosectors of third party (hereinafter and collectively referred to as “persons involved”).


The personal data of the third party have been obtained directly from them.

Personal data of persons involved have been obtained either directly from that person or from the third party
or other persons involved.

Where the personal data of the persons involved have been obtained directly from those individuals, that
person shall retain the full control over the scope of the data to be disclosed.

In the event that the personal data of the persons involved were obtained from the third party or other
persons involved, this only is the data that is necessary for identification and verification of identity (contact
information) such as: Name, surname, telephone number, professional license number, vehicle registration
number, function, position, e-mail address, company (name).


BaseArticle 6 (a) 1 (a) GDPR Consent of the data subject
Target Business Contacts – Marketing with prior consent
To gain and maintain business contacts, i.e. the marketing actions for which separate
consent is required (e.g. in the case of marketing by telecommunications equipment, e.g.
computers connected to the network or phones).

For processing by the administrator of any correspondence received as a result of the use
of the contact form located on (hereinafter referred to as “site), fromemail, or other source and to respond or maintain any correspondence

Effective use of the website
This site uses cookies. They are small text files sent by the administrator’sserver and stored
by the software browser on user’s device. Cookies allow efficient use of the website. More
information on Cookies can be found under Privacy Policy on our website.

Cookies allow to match the content of the website, in particular advertising content, to the
expectations of a particular user. For more information on cookies, see our Privacy policy

Cookies also allow the making of viewing/popularity statistics of the website. These
statistics allow for more effective promotion of the site both on and outside of the page
(e.g. on the Internet). For more information on cookies, see our Privacy policy.

Use of third-party services
Third party Cookies are, in case of some service providers, necessary for the use of their
services (e.g. Google Analytics). For more information on cookies, see the Privacy policy on
the website.
The period of processing of personal data continues until the consent is withdrawn or until
the data is no longer required (e.g. when the purpose for which the data was obtained has
been reached), whichever is earlier. Consent may be withdrawn at any time, even before
it is agreed, and its revocation does not affect the legality of the processing of the data
before the revocation of the consent and will result in a lack of feedback from the
Legal BasisArticle 6 (a) 1 (b) GDPR
Conclusion and execution of the contract and taking action at the request of the Person
who is a data subject.
TargetThird party’s identification
The personal identification and the possibility of the identification of the third party

Conclusion and execution of the contract
The need ofsigning off, executing and settling of the contract with the third party, including
maintaining contact e.g. by telephone or by email.

To prove the fulfilment of the Administrator’s obligations and determination, investigation
and defense of claims
To confirm the fulfillment of the Administrator’s obligations under the agreement with the
third party and to obtain payments from the third party (e.g. payment request).
Storage PeriodThe storage period lasts for the duration of the contract with the other party, as well as
the time after its completion, i.e. the time of the limitation period for raising concerns or
claims under applicable law, and also for the time required by separate regulations (e.g. to
prevent a fraud), depending on which of these periods will be longer and to the extent
Legal BasisArticle 6 (a) 1 (c) GDPR
indispensability to fulfil the legal obligations incumbent on the administrator
TargetAccounting records (including tax)
Creation, collection and storage of accounting records, including tax related to the
conclusion and execution of the contract with the third party.
In addition to the legal basis indicated above, the following acts are also the basis:
• Act of 26 July 1991-on income tax on private persons-including article 24a paragraph 1
• Act of 11 March 2004-on the tax on goods and services-including article. 106a-106n, 112
and 112a;
•Ordinance of the Minister of Finance on the keeping of the tax register of incomes and
expenses of 26 August 2003, including currently § 5 and § 14 paragraph. 2 (5).
Storage PeriodThe period of personal data processing lasts for the period of performing duties resulting
from legal provisions, that constitute their source (e.g. until the tax liability expires).
Legal BasisArticle 6 (a) 1 lit f) GDPR
The legitimate interests of the controller or of the third party
legal interest
Business Contacts – Marketing without prior consent
Current direct marketing and sales of services, as well as building and strengthening
business relationships, including presenting and promoting the offers of the administrator
(including the Internet), unless these activities require separate consent.
The legal interest in this area is the marketing and sale of services, and the building and
taking care of business relationships necessary for the proper prosper of the administrator

Execution of the contract through the person involved
Cooperation with the person involved within the contract concluded with the third party.
E.g. the provision of services with the authority of the delegated person to manage on
behalf of the third party, as well as the provision of services personally by the person
involved to the administrator.
The legal interest in this regard is the willingness to properly execute the obligation under
the contract with the third party.

To prove the fulfilment of the Administrator’s obligations and determination, investigation
and defense of claims
Confirming the fulfilment of the administrator ‘s obligations and obtaining of the payment
payable-not only to the third party but also to the person involved (e.g. recovery order, call
for compensation for damages or fulfillment of the payment).
The legal interest in this area is the possibility for the administrator to assert claims and to
demonstrate the fulfilment of his duties.
Storage PeriodThe period of execution of the contract with the third party, as well as after its termination,
i.e. for the duration of the limitation period of raising claims under the applicable laws; for
the time required by the separate laws (e.g. fraud prevention); Through the time needed
to reach the target; or until the opposition is taken into account, whichever is longer, to
the extent necessary.
ObjectionThe data subject to this objective shall have the right to object in accordance with article
21 of THE GDPR. The controller may no longer process the personal data indicated, unless
it demonstrates the existence of valid legitimate grounds for processing, overriding the
interests, rights and freedoms of the data subject, or grounds for establishing, investigating
or defending claims


The recipients of the data controller (i.e. the data of the third party or the person involved) may be:

  1. Persons authorized by them on the basis of a separate authorisation (in particular persons employed by the Administrator);
  2. The persons whom the Administrator entrusted with the processing of personal data based on art. 28 GDPR (e.g. the accounting office; an information system administrator; legal service providers; transport operators; hosting services providers; payment services providers (including intermediately payments), credits providers, insurance providers, platform services providers, communication services providers;
  3. Persons authorized or processing as a result of further authorization or sub delegation;
  4. Entities, that would not qualify under the categories of persons under 1)-3) but they act, after disclosure of data, as a separate administrator (e.g., entities placing externally third-party cookies on the site, providing they are personal data).


According to the GDPR, the data subject has the right to:

  1. Access to data and the receipt of copies;
  2. Rectification (correction) of data;
  3. erasure of data;
  4. restriction of data processing;
  5. Movement of their date;
  6. Revocation of the consent (where consent was the basis for processing);
  7. Complaint to the relevant supervisory authority.

Ad 3-The Administrator may refuse to delete personal data despite of such request, if there is one of the
exceptions mentioned in the GDPR, eg. where data processing is necessary for the establishment, exercise
or defense of claims.
Ad 3 and 4-the right to erasure of data and the right to request restriction of processing are only applicable
in the cases specified in the GDPR.
Ad 5- the right to data transfer is only granted in cases where the legal basis for processing is the consent or
performance of the contract (when this processing takes place in an automated manner).
Ad 6 – consent to the processing of data can be revoked at any time without affecting the lawfulness of
Ad 7-in Poland, the authority competent to start proceedings is the President of the Office for Personal Data
Protection, address: 2 Stawki street, 00-193 Warsaw. For the other Member States of the European Union,
the supervisory authorities are on the website:


Basis for processingStatutory requirement/
Contractual requirement/
Condition of conclusion of
to provide
Consequences of non-disclosure
consentnonenone• the lack of functionality of certain
services on the website;
• no response to inquiry /problem;
• lack of advertising content and
current offersfrom the administrator
of the contract
• the condition of
concluding the contract;
• contractual requirement
Yes• failure to conclude a contract;
• failure to perform the contract.
legal obligation• statutory requirementYes• failure to conclude a contract;
• failure to perform the contract;
• statutory and contractual
legal interest of the
lacklack• Non-conclusion of the contract and
failure to perform the contract in the
form of a purpose, performance of
the contract and in the form of
performance of the administrator’s
obligations and determination,
investigation and defense of claims


Your personal data, only linked with cookies-will be processed in an automated manner, however, this will never
cause any legal effects on the site or in a similar manner significantly affect its situation (no automated decisionmaking).

Profiling of personal data on the website involves the processing of data (including by automated ways) by using
them to evaluate certain information about a person, in particular to analyse or forecast personal preferences
and interests.

The data in question may be transferred to third countries from the list of EU-US Privacy Shields agreements (e.g. Google). You can find the security information for the relevant agreement here: Google is also certified in accordance with ISO/IEC 27001:2013. You
will find more about this certificate here:


As a good practice, it is highly desirable that the third party should provide this information clause to the person
involved, as part of its information obligation (mainly the obligation to indicate the categories of recipients).The
transmission by the controller of this information clause to the persons involved may prove to be impossible or
may require disproportionate effort. Therefore, as part of good practice, the third party should convey this
document to the person involved.


In all matters relating to the subject matter of this information clause, including the clarification of possible
doubts or ambiguities, and above all in order to exercise its powers, please contact the person responsible for
the security of personal data at the administrator, i.e.: Biznes Up Egberss Kocel Sikorski with headquarters in
Obłaczkowo 11c, 62-300 Wrzesnia,

Looking for development for my business

I would like to introduce a successor or investor

I need staff, I create a new department, etc.

I would like my products to be recognizable on the market

I’m looking for new markets for my company in Poland and abroad

I am looking for innovative solutions in agriculture

I am looking for innovative solutions in agriculture

Agro Up