Privacy Policy

Privacy Policy


Privacy Policy


Personal data controller

DEKRA Certification Sp. z o.o. with its registered office in Wrocław, at ul. Legnicka 48 H, 54-202 Wrocław, is the controller of the personal data you provided (including contact details such as full name, email address, phone number, etc.),, tel. +48.71.780-47-77 (Data Controller).

Your data may also be co-controlled by DEKRA Certification Sp. z o.o. and other companies belonging to DEKRA Group, on the basis of an agreement concluded between the companies, however, we inform of each such case in a dedicated information clause.


Data protection officer

Any and all inquiries related to the processing of your data can be sent to our data protection officer, Hanna Korol, at

Purpose, legal basis and duration of data processing

Your personal data is processed by the Data Controller on various legal bases and for various purposes, including, in particular:


-     data obtained via contact forms – will be processed mainly on the basis of

Your consent (Article 6.1(a) of the GDPR) for the purpose relevant to the form and the consent clauses enclosed with the forms (e.g. a response to an inquiry sent using the contact form, chat with a consultant, a newsletter subscription, data processing for marketing purposes, etc.) for 3 years from the date of last contact regarding the subject matter of the inquiry or until you withdraw your consent.

-     data obtained for the performance of the agreement, e.g. via dedicated forms, telephone calls, email contact:

a)      processing is necessary in order to perform a service or to undertake action necessary before the performance of the service (Article 6.1 (b) of the GDPR) – data shall be processed for the duration of the service provision;

b)     processing for the purpose of fulfilling legal obligations incumbent on the Data Controller,

e.g. for tax purposes, accounting purposes (Article 6.1 (c) of the GDPR) – the data shall be processed until the date specified by relevant legal provisions;

c)   processing for the purpose of pursuing the Data Controller’s legitimate interests (Article 6.1 (f) of the GDPR), such as maintaining contact, direct marketing of the Data Controller’s own services through informing of any changes and new/similar services of DEKRA which you might be interested in. Determining claims, seeking redress or defence against any claims may also be the purpose of data processing. Data processed for the above-mentioned purposes shall be stored for a period necessary to achieve those purposes or until you file an objection against the processing of data due to your specific situation.

-    data obtained in the complaints submitted including e.g. through dedicated forms

-     Your data will be processed in order to examine and handle the claim you lodged,

which constitutes the fulfilment of legitimate interests of the Data Controller

consisting in due examination and handling of your notification (Article 6.1 (f) of the GDPR) – data shall be processed until the complaint is addressed, and then, for the period necessary to settle, pursue or defend against any further claims or until you file an objection against the processing of data due to your specific situation.

-     data of work candidates – shall be processed in accordance with the candidate’s consent for their processing (Article 6.1 (a) of the GDPR) as part of one or more (future) recruitment processes during the period anticipated in a given recruitment process or until the candidate’s withdrawal of the consent given.

Detailed information on the scope, purpose, basis and duration of personal data processing is provided each time when we acquire such data (e.g. in online forms, General Terms and Conditions of Service, etc.).

The provision of data is voluntary and does not result from any legal obligation. However, if you should refuse deny access to your data, we shall be unable to respond to your inquiry, send you offers, the newsletter or provide any other service you may wish to receive from DEKRA.


Rights in relation to the processing of data

You may exercise the right to access your data, have them rectified or erased, restrict the processing of the data, object to the processing of the data and the right to data portability, as well as the right to withdraw your consent to the processing of personal data at any time by contacting our data protection officer at:

Please also note that the withdrawal of the consent granted to us does not affect the lawfulness of data processing performed before the withdrawal of the consent.

Any person who considers their data is being processed unlawfully may also lodge a complaint about our actions with the President of the Personal Data Protection Office.


Data security

We ensure the confidentiality of personal data provided to us and undertake any security and personal data protection measures required by the provisions on personal data protection.

Personal data is collected with due diligence and appropriately protected against unauthorised access.


Transfer of data to third parties

Your personal data may be provided to other DEKRA Group companies, in particular, in situations when an inquiry addressed to the Data Controller concerns services of any of the companies or due to the performance of the agreements binding upon the companies and the Data Controller. Your personal data may also be transferred to other entities processing personal data at the request of the Data Controller on the basis of the agreements concluded (e.g. the providers of IT systems, IT services, marketing services, collection services).


Transfer of data outside the EEA

Your data may be stored on servers located outside the EEA, because we use an external CRM / mailing system provided by ZOHO, on the basis of a transfer agreement concluded with this entity and prepared on the basis of the so-called standard contractual clauses of EU. ZOHO company confirms the compliance with the European requirements in the area of secure data processing. You may obtain further information from the Controller and receive a copy of personal data transferred outside the EEA at any time.


Automated processing of data (profiling)

In the case of subscribers to DEKRA’s newsletters, we use the so-called regular profiling, i.e. we track the history of email open rate in order to send the subscriber useful information relevant to their interests at a later time.

Such profiling has no legal implications and does not affect your situation in any significant manner.

Automated decision-making is performed in the CRM system – an external DEKRA database used for the purposes of contact management, collection of information and planning of sales and marketing activities.

In other cases, your data shall not be processed in an automated manner, including profiling.


The use of cookies

Like most other websites, the websites of the Data Controller may also use cookies. They are used to identify your browser when you use the website, which tells us which website we should show you and allows us to customise the content offered by the Data Controller to your personal preferences. For more information on cookie files please refer to our Cookies Policy.


Date of entry into force: 23 May 2018

Last modification: 12 February 2021