Privacy policy


  1. The controller of personal data collected, in particular, through a website operating at (hereinafter referred to as: Site), i.e. the entity deciding on how your personal data will be used, is PGE Baltica Sp. z o.o. with its registered office at ul. Mokotowska 49, 00-542 Warsaw (hereinafter referred to as: the Controller). You may contact the Controller by phone: 22 340 50 60 and by e-mail address: The controller shall be responsible for the security of the personal data provided
    and for the processing thereof in accordance with the provisions of law.
  2. The Controller has appointed the Data Protection Officer (hereinafter referred to as: DPO) who can be contacted in matters related to the processing of personal data and the exercise of rights of users in accordance with the provisions of law on personal data protection:
  3. Your data shall be processed pursuant to the provisions of Regulation (EU) 2016/679
    of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: the GDPR), and other generally applicable provisions of law on personal data protection.
  4. While visiting the Site, the following shall be collected:
  5. The purpose and scope of the personal data used by the Controller have been further specified in the Privacy Policy.


  1. The following information shall apply to all uses by the Controller of the personal data provided by you, as specified in sections III and IV.
  2. Your data shall not be used to decision-making based solely on automated processing of personal data, including profiling within the meaning of Article 22 of the GDPR.
  3. Subject to all data security guarantees, personal data processed through the Website may be transferred - in addition to persons authorized by the Controller - to other entities, including
    the following:
  4. The Controller informs that your data, as a rule, will not be transferred to countries outside the European Economic Area (hereinafter: "EEA"), i.e. countries other than European Union Member States and Iceland, Norway and Liechtenstein. However, taking into account the IT services provided to the Controller by PGE Systemy S.A., performance of specific tasks or activities by the indicated entity may result in the transfer of data outside the EEA. More information on possible data transfer and the method of its protection can be obtained from PGE Systemy S.A
  5. The Controller hereby informs that in connection with the processing of personal data obtained through the Site, each data subject shall have the right to submit an application concerning:
  6. Each and every data subject has the right to lodge a complaint with the supervisory authority (President of the Office for Personal Data Protection, if they believe that the processing of personal data is carried out against the provisions of law.
  7. The data was obtained by the Controller directly from you. The Controller may also process:
  1. data of third persons provided by the user while using the services described in this privacy policy,
  2. personal data obtained from entities with which the Controller cooperates on the basis
    of concluded agreements (e.g. business data of employees to be contacted for purposes related to the performance of the agreement),
  3. personal data obtained from entities and third parties cooperating with the Controller, whereas the data have been rendered available to the Controller on the basis of your consent,
  4. data obtained from publicly available sources, e.g. from the National Court Register, Central Register and Information on Economic Activity, websites, social media.



  1. The Controller shall process personal data, in particular first and last name and contact telephone number or e-mail address and other information provided by you, to the extent necessary
    to handle requests and execute an inquiry, including communication and answering
    questions asked via the contact telephone number and e-mail address provided on the Site
    (legal basis - Article 6 (1) (f) of the GDPR) - "legitimate interest".
  2. The Controller shall have the right to process personal data for the period necessary to execute the inquiry, including to respond to communication sent or the request/question submitted during the telephone conversation.
  3. The provision of data is voluntary, however it is necessary in order to respond to the submitted question or for the proper handling of the request and the execution of the inquiry. Failure
    to provide personal data may result in the inability to provide an answer or execute an inquiry.


  1. The Controller shall process your personal data in order to carry out:
  2. Providing data to receive marketing communication via the selected communication channel is voluntary, however necessary to receive commercial information. Failure to provide personal data will result in the unavailability of marketing content to be received.
  3. The Controller shall have the right to process personal data for the period necessary to execute the aforementioned purposes. Depending on the legal basis, this shall be respectively:
  1. time until the objection is made,
  2. time until the consent is withdrawn.
  1. Withdrawal of consent may take place in particular by contacting the Controller or the DPO
    (via the contact channels indicated herein above). Withdrawal of the consent shall not affect
    the lawfulness of the use of data during the period when such consent was in force.


  1. Using the Site involves sending queries to the server, which are automatically recorded in event logs.
  2. Event logs shall record user session data. In particular, these are: IP address, type and name
    of the device, date and time of visit to our Site, information about the web browser
    and operational system.
  3. The data recorded in event logs shall not be associated with the particular individuals.
  4. The contents of event logs shall be made accessible to persons authorized by the Controller
    to administrate the Site.
  5. Chronological recording of information about events shall only be construed as an auxiliary material used for administrative purposes. The analysis of event logs enables, in particular,
    the detection of threats, ensuring adequate security of the Site and the generation of statistics
    in order to better understand how the users use the Site.
  6. User session data are used to diagnose problems with the functioning of the Site and to analyze possible security breaches, to manage the Site and to generate statistics (legal basis - Art. 6 (1) (f) of the GDPR) - "legitimate interest".
  7. The Site uses cookies for its operation. For more information on this issue, please refer
    to the "Cookies Policy" available at


  1. This privacy policy is for information purposes only and applies in particular to the website operating at
  2. The Site may contain links to other websites, including websites of companies from the PGE Capital Group cooperating with the Controller of partners, service providers and other external entities (e.g. LinkedIn, Facebook, Twitter, PGE purchasing platform, YouTube).
    The Controller recommends that each user, after switching to other websites, should read privacy policies in force there.
  3. The Controller reserves the right to introduce changes to the applicable privacy policy,
    in particular in the case of:
  4. The Controller shall notify users of changes in the content of the privacy policy by posting a notice on the Site.
  5. This privacy policy applies from 1.12. 2022.
  6. For information regarding the processing of personal data by PGE Polska Grupa Energetyczna S.A. and selected companies of the PGE Capital Group please consult:

Klauzula informacyjna dla podmiotów zainteresowanych współpracą z PGE Baltica Sp. z o.o. oraz ich przedstawicieli (osób kontaktowych)