To comply with applicable provisions on personal data protection, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), and with the Personal Data Protection Act of 10 May 2018, we have revised our Privacy Policy. The revision is to give you full knowledge and convenience in using the website of Exalo Drilling S.A., with its registered office in Piła (hereinafter: ‘Company’ or ‘Controller’), and to provide clear and transparent information about the manner we process your personal data and about the rights you have in this regard.

Please read our revised Privacy Policy, which describes the manner of collecting, using and transferring the personal data of our newsletter subscribers and of the persons contacting the Company via the electronic contact form, as well as the method of using cookies.

I. Protection of personal data
    1. Exalo Drilling S.A., with its registered office in Piła at pl. Staszica 9, 64-920 Piła, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 9th Commercial Division of the National Court Register, under the KRS number 0000428139, is the controller of your personal data.

    2. You may contact the Controller in all matters concerning personal data protection by writing to the address stated above, or contact the Data Protection Officer appointed by the Controller by sending an e-mail to or calling at (+48) 607 449 872.

    3. The personal data of newsletter subscribers and persons contacting us via the electronic contact form may be accessed only by persons authorised by the Controller and only insofar as necessary to ensure effective and satisfactory customer service.

    4. The controller only processes the personal data provided in the forms (Contact Form, Newsletter Form). The personal data marked with an asterisk in the Contact Form are obligatory to accept and handle your inquiry, and if you do not provide them, we will be unable to handle the inquiry and send our reply. The provision of other personal data is voluntary.

    5. Purpose and legal grounds of personal data processing:

a) data provided in the Contact Form – these data are processed by the Controller to identify and communicate with the sender in the scope defined in the form. The Controller's processing of the personal data is legally based on the consent of the information provider (Article 6(1)(a) of the GDPR);
b) data provided in the Newsletter Form – these data are processed by the Controller to send to subscribers, by electronic means, notifications on interesting offers or contents, which may include commercial or advertising information or information promoting the Controller. The Controller's processing of the personal data is legally based on the consent of the information provider (Article 6(1)(a) of the GDPR).

     6. The Controller will process personal data only for the period of cooperating with a specific User, until the User withdraws the consent. The period of processing may be extended from time to time by the period when the Controller pursues any claims or defends against such claims.

    7. The Controller will not transfer or sell the data, nor will it exchange them with third parties for any purpose, including marketing purposes. The data may only be transferred to ‘Trusted Partners’, that is third-party companies acting by order of the Controller, such as IT service providers. Data transferred to third parties (‘Trusted Partners) are only used to render the website handling services. Please note that such entities process personal data under a contract made with the Controller and in line with the rules of personal data processing. In addition, the Controller may make the data available to entities authorised to obtain them pursuant to applicable law, as well as to offices and authorities entitled to process data under specific provisions of law.

    8. Rights of data subjects:

a) right of access – the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and obtain their copies;
b) right to rectification – the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her, and to have incomplete personal data completed;
c) right to erasure (‘right to be forgotten’) – the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where the data subject withdraws consent on which the processing is based according to Article 6(1)(a) of the GDPR and there is no other legal basis of the processing. The consent may be withdrawn by activating the links located at the end of correspondence, which read as follows:
- for the Contact Form: “UNSUBSCRIBE if you do not wish to communicate with us”;
- for the Newsletter Form: “UNSUBSCRIBE if you do not wish to receive such messages”;
d) right to restriction of processing – the data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
e) right to data portability – if data are processed by automatic means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided;
f) right to lodge a complaint – the data subject shall also have the right to lodge a complaint with a supervisory authority (President of the Data Protection Authority – UODO) if the data subject considers that the processing of personal data relating to him or her infringes the provisions of law.

    9. The provision of data is voluntary but required to pursue the purpose of processing. If you do not provide the data marked as required for rendering services, the services cannot be rendered.

    10.  This Privacy Policy is verified and updated (if required) on an ongoing basis.

II. Cookies 

What are cookies
Cookies are small text files sent by the server and saved on the device used for viewing websites. They allow us to store the information sent between the website and the web browser. Having them, we can store the data of forms and website settings, handle site visit counters, use surveys or save a chosen language version. Properly configured cookies are safe and allow to read information only via the server which opened it.
Why our website uses cookies
Thanks to cookies, the user may suit the viewed websites to their needs. Cookies allow to differentiate website visitors and view contents intended for particular users. With cookies, the user receives fully customised contents. Storage of the information sent in cookies is not related in any way to the collection of personal data or the saving of other confidential information.
Which types of cookies may be used by
The website may use three types of cookies. Session (temporary) cookies are files generated while viewing the web pages, which are stored until the end of browser session. Without them, some applications or functionalities may not operate properly. Permanent cookies, which are saved on the device when we visit the website, so that on each next visit the user can be recognised, and their preferences can be memorised. Third-party cookies allow optimising marketing communications, counting the website traffic and customising the contents (such as advertisements) received from external sources.
How to modify cookie settings
The mechanism of storing and sending cookies depends on configuration of the web browser installed in the device used for browsing the Internet. Automatic support of cookies can be blocked in each browser settings, but this may restrict the use of