Contact
pl

Privacy Policy

The purpose of this document is to outline the rules and actions regarding the collection, processing, and protection of personal data by ES Group with regards to the requirement of the EU General Data Protection Regulation (GDPR).We assure that we apply technical and organizational measures with the utmost care so that your personal data are protected in the best possible way. We protect your data against unauthorized access, as well as other cases of disclosure, loss or unauthorized modification.In our privacy policy, we use various terms as defined by the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization. Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail. You can find the corresponding definitions for these terms in Article 4 of the GDPR.

§1 Controller of your personal data
The entity responsible for the processing of personal data is:
ES GROUP INTERNATIONAL LIMITED
Floor 5, Smithson Tower, St. James’s Street,
London, England, SW1A 1HJ
(hereinafter referred to as: the “Controller”)
You can contact our data protection officer at:
Sascha Wilms, mip Consult GmbH (external DPO)
dpo@engstone.com

§2 Personal data we process
We process personal data that we receive from you while using our website and, if applicable, during our business relationship.
In the case of purely informational use of our website, i.e., if you do not submit information to us through a form, we only collect the personal data that your browser transmits to our server. When you access our website, we collect access data, which is technically necessary for us to present our website to you and to ensure stability and security.
The access data includes:

  • the IP address, date and time of the request, time zone,
  • content of the request (i.e. name of the specific website accessed),
  • access status/HTTP status code,
  • amount of data transferred in each case,
  • referrer URL (previously visited page),
  • operating system and its interface, language and version,
  • type of browser software,
    notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data that you send us in the message (hereinafter referred to as “contact data”).

§3 Legal basis of processing your personal data
We process your access data to safeguard our legitimate interests or those of third parties. We pursue the following legitimate interests:

  • Ensuring IT security, in particular the security of the website.
  • Assertion of legal claims and defense in case of legal disputes.

As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis for processing this personal data.

§4 Recipients of your personal data
Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.
We may share your personal data with the following categories of recipients and data processors:

  • entities rendering accounting and tax services for our company,
  • entities providing legal services for our company,
  • entities servicing and managing our IT system,
  • entities providing courier or postal services for our company,
  • banks if it is necessary to make settlements,
  • insurance companies which adjust claims,
  • state authorities or other entities authorized under legal regulations – to perform duties imposed on us.

§5 Period of data storage
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.
Applicant data will be deleted after six months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after five years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.
We are legally obliged to store personal data in the context of performing contracts and complying with fiscal obligations. The according retention periods to the records apply.

§6 Transfer of personal data to third countries or international organizations
Your personal data provided will be processed within and outside of the European. When transferring data outside the EU, we ensure that the recipients of the data are certified in accordance with EU adequacy decisions or based on standard contractual clauses where for recipients’ countries without any adequacy decision by the EU. If we base the data transfer on the EU standard data protection clauses, we will take additional security measures to protect your personal data and to achieve an appropriate level of protection for your personal data. You have the option of receiving a copy of the EU standard contractual clauses. If necessary, we will obtain your express consent before transferring your personal data to recipients’ countries without an EU adequacy decision.

$7 Cookies and similar technologies
We use cookies and similar technologies (“Cookies”), such as web storage or web beacons, on our website. These technologies can store information on your device or access information that is stored on your device. Cookies are stored in the browser on your device.
Cookies are either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read Cookies information directly on subsequent visits to this page or transmit the Cookies information to the server via a script on the website. If Cookies are set, they generally collect and process certain user information such as browser and location data and IP address values to an individual extent. Some of these Cookies are essential for the functioning of our website, and do not need your prior consent. Other Cookies help us to improve our website by providing us with insights into how you use the website; those Cookies need your prior consent.
You can prohibit the storage of Cookies individually via our cookie consent management and via the settings of your browser (you can find out how to set the cookie handling on the browser’s help page).
If you do not want cookies to be stored on your computer, You can either

  • revoke your consent in our cookie banner when you visit our site or – if you have already given your consent, make changes in the cookie settings,
  • use the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. Please note that deactivating cookies can lead to functional restrictions on this website.

For more information on Cookies used, to modify your preferences and revoke your consent, click on the following button to open the consent management

§8 Your rights as a data subject
In connection with the processing of your personal data by us, you have the following rights:

  • The right to information about personal data processing: you have the right to obtain from us information about the purposes and grounds for personal data processing, the scope of data stored, entities to which they are transferred, and the planned date of data erasure.
  • The right to access your data and receive their copy: you have the right to receive a copy of the data processed which concern you.The right to rectify (correct) personal data: you have the right to request that we remove incompatibilities or errors regarding your data and demand them to be supplemented or updated – if they turn out to be incomplete or out-of-date.
  • The right to restrict processing of personal data: you have the right to demand that we cease to perform certain operations on your personal data.
    The right to erase personal data: you have the right to demand that we erase data whose processing is no longer necessary for the purposes for which they have been collected (the so-called “right to be forgotten”).
  • The right to data portability: you have the right to obtain from us personal data concerning you which you provided to us based on a contract or your consent, in a structured, commonly used machine-readable format. You can request us to forward your data directly to another controller (if it is technically possible).
  • The right to object to the processing of personal data. You have the right to object to the processing of your data based on a legitimate interest for purposes and when processing is necessary for us to perform a task carried out in the public interest or to exercise public authority entrusted to us. We will stop processing your data for these purposes, unless we demonstrate that the basis for processing of your data is superior to your rights, or that your data are necessary to us to establish, exercise or defend claims. Objections do not require a particular form and no costs are incurred.
  • The right to revoke consent to the processing of personal data: if personal data are processed based on your consent, you have the right to revoke your consent at any time (revocation of your consent will not affect the lawfulness of the processing carried out prior to the revocation of your consent).

The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.
To exercise your rights referred to hereinabove, all correspondence should be sent via post or e-mail to the above mentioned address or email. Before complying with your rights, we will have to ensure that you are really you, i.e., identify you accordingly.
If you believe that we are processing your personal data in violation of the provisions of the GDPR or other legal acts regulating personal data protection, you have the right to lodge a complaint to the President of the Office for Personal Data Protection.

§9 Automated individual decision-making, including profiling
In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

§10 Information on source of data/voluntary provision of data
Providing personal data by you is voluntary. However, if you do not provide the data which are necessary, for example, to render certain services by us or provide you with a response to your request, it may prevent us from taking specific actions. In the situation of performing a contract, we obtained your data from our contractor who indicated you as a contact person and provided us with data regarding your name, surname, e-mail address and telephone number. If we have obtained your data from another source, we will provide you with relevant additional information in this regard.

§11 Third-Party Links
Data Controller expressly declares that the linked pages were free of illegal content at the time the links were created. Data Controller has no influence whatsoever on the current and future design and content of the linked pages. For this reason, Data Controller hereby expressly distances itself from all contents of all linked pages that were changed after the link was created. The operators of the linked pages are solely responsible for their content.

§12 Minor’s (Children) Privacy
This Website is not intended for children, and we do not knowingly collect personal data relating to children.

§13 Amendments
This Privacy Policy was last updated on July 14, 2025. It can change over time, for example to comply with legal requirements or to meet changing business needs. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way. Please come back regularly to check for any changes made.

Skontaktuj się z nami