Privacy Policy

Last updated: 8 January 2026

§ 1. Data controller

The data controllers are the partners of the civil law partnership, Marek Kiwer and Paweł Kordyś, operating within the civil law partnership under the name THE BIG THING S.C. M. KIWER, P. KORDYŚ, with its registered office in Kraków, ul. Oboźna 31/3, 30-011 Kraków, NIP: 6772435706, acting as joint controllers pursuant to Article 26 of the GDPR. 

We have not appointed a Data Protection Officer.

This Privacy Policy forms an integral part of the terms and conditions of use for the website www.bigthing.pl. By using our services, you are entrusting us with your information. This document is intended to help you understand what data we collect, for what purpose, on what legal basis, and how we protect it.

We are committed to protecting your data and comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (‘GDPR’), the Personal Data Protection Act and telecommunications legislation.

If you have any questions regarding this Policy or the protection of personal data, please contact us at: biuro@bigthing.pl.

§ 2. Privacy Policy

We respect your privacy and take the utmost care to ensure that your data is processed in a transparent, secure and compliant manner. We use your data only to the extent necessary to provide our services.

At the request of the data subject, we provide full information on how their data is processed, the purposes of processing, the recipients, the legal bases and the rights they are entitled to under the GDPR.

We must also inform you that, as the Data Controller, we may disclose your personal data to state authorities, courts, law enforcement agencies or other entities authorised to obtain such data under the law, to the extent necessary to fulfil the legal obligations incumbent on the Data Controller.

§ 3. Scope of data collection and processing

Personal data that you provide voluntarily when contacting us by email or during our collaboration:

Details of parcel recipients provided by customers for the purpose of processing shipments:

Technical and operational data:

Payment details:

Data collected in connection with event-related activities:

Email correspondence

In addition, we collect data from analytics and marketing tools provided by third-party suppliers (only with your consent).

Providing personal data is voluntary, but necessary for us to contact you and provide our services.

§ 4. Purposes and legal basis for data processing

We process your data solely for legitimate purposes:

1. Contact and correspondence –
Article 6(1)(f) of the GDPR (the controller’s legitimate interests).

2. Provision of event services, parcel delivery and B2B projects –
Article 6(1)(b) of the GDPR (performance of a contract).

3. Accounting and tax
settlements – Article 6(1)(c) of the GDPR (legal obligation).

4. Relationship marketing aimed at existing B2B
customers, e.g. ongoing communication regarding the business relationship
– Article 6(1)(f) of the GDPR and Article 10(3) of the UŚUDE.

5. Website statistics and analytics (Google Analytics / GA4)
– Article 6(1)(a) of the GDPR (consent).

6. Remarketing and marketing activities (Meta Pixel)
– Article 6(1)(a) of the GDPR (consent).

§ 5. Data recipients

Your personal data may only be disclosed to organisations that help us provide our services, including:

The administrator specifies only the categories of recipients, not their full names.

§ 6. Transfer of data outside the EEA

When using Google and Meta services, data may be transferred outside the EEA.
This is carried out on the basis of Standard Contractual Clauses (SCCs), in accordance with the requirements of the GDPR.

§ 7. Data retention period

We retain data only for as long as is necessary to fulfil the purposes for which it was collected, in particular:

§ 8. Rights of data subjects

You have the right to:

If you require further information regarding the protection of personal data or wish to exercise your rights, please contact us by post at our correspondence address. 

§ 9. Cookies and analytics tools

This website uses cookies for the following purposes:

YouTube videos are embedded in ‘youtube-nocookie’ mode, but they may load cookies once played — consent is required.

Users can manage their consent via the cookie banner or their browser settings.

Analytics and marketing tools are only activated once consent has been given via the cookie banner.

§ 10. Plugins and external content

The website may contain:

Displaying this content may involve the transfer of data to third-party service providers. It is only activated with the user’s consent.

§ 11. Data security

We implement appropriate technical and organisational measures to ensure the security of the personal data we process. These include, amongst other things, connection encryption (SSL), the use of server security measures, access control, authorisation for data processors, and the conclusion of data processing agreements with subcontractors processing data on behalf of the Controller.

§ 12 Policy changes

The policy is updated periodically to ensure it remains in line with the law and actual business processes. 

Last updated: 8 January 2026