Privacy Policy

Information on personal data processing in accordance with the GDPR

1. Data controller

The controller of your personal data is LAUR Spółka z ograniczoną odpowiedzialnością (limited liability company), with its registered office in Warsaw, Aleja Niepodległości 18 | piętro 6, 02-653 Warsaw, entered in the National Court Register (KRS) under number: 0001202317, NIP: 5214138810, REGON: 543106198 (hereinafter: the "Controller" or "LAUR").

2. Contact details

For matters related to personal data protection, you may contact us:

  • By phone: +48 572 608 908 or +48 737 947 001
  • By e-mail: office@laurgroup.com (including to exercise your GDPR rights) and contact@laurgroup.com (including messages from certain website forms, as routed by the site)
  • Mailing address: Aleja Niepodległości 18 | piętro 6, 02-653 Warsaw, Poland

3. Purposes and legal bases for data processing

Your personal data is processed for the following purposes and on the following legal bases:

  • Handling a request submitted via a form (contact form, consultation form, service inquiry on the home page, UDT training intake form) — Art. 6(1)(b) GDPR (taking steps prior to concluding a contract at your request); and where the form wording and consent checkboxes indicate a separate voluntary consent, Art. 6(1)(a) GDPR.
  • Performance of contractual services, including outsourcing, immigration advisory, and support relating to legalizing stay and work for foreigners, or related services for enterprises and individual clients — Art. 6(1)(b) GDPR.
  • Fulfilling legal obligations incumbent on the Controller, in particular under rules on legalization of stay and hiring non-EU nationals, employer documentation obligations, taxation, and accounting, as applicable (Art. 6(1)(c) GDPR).
  • Pursuing the Controller's legitimate interests — Art. 6(1)(f) GDPR, where applicable: IT security, documentation of communication, asserting or defending claims; this does not cover solely automated decisions with legal or similarly significant effects on you within the meaning of Art. 22 GDPR (see § 9).
  • Recruitment-related contact, where information is provided voluntarily through job inquiries, uploads, or dedicated forms — Arts. 6(1)(a) and/or (b) GDPR, as applicable; data may relate to staffing services performed for LAUR itself or delegated processing commissioned by employers, whereas LAUR is not acting as an employment agency within the meaning of the Polish Act of 20 April 2004 on promotion of employment and labour market institutions.
  • Cookies and similar technologies beyond strictly necessary cookies and strictly necessary storing of consent choices — solely on the basis of your consent (Art. 6(1)(a) GDPR and applicable privacy in electronic communications rules); see § 10.

4. Scope of processed data

The scope depends on how you contact us. In particular, we may process:

  • Contact page form — first name, last name, e-mail address, phone number (including the dial code “+…” and digits you enter), country of origin, and message content including any voluntarily provided detail.
  • Consultation booking form — similar identification and contact fields, plus questionnaire answers where that form collects them and an optional message field.
  • Service inquiry on the home page — name, phone, e-mail, selected service type and voivodeship, value set by the form slider (scope of the inquiry/order), optional tax ID (NIP), and data covered by any separate optional marketing consents if ticked.
  • UDT training application form on the UDT page — first name, last name, e-mail, phone (with country code as you type it), country selected from the list, optional message.

Submissions may be forwarded to the e-mail addresses configured on the web server, in particular office@laurgroup.com (including UDT applications) and contact@laurgroup.com (including contact and consultation routes), unless reconfigured and updated in this policy.

Further cooperation may require additional categories (e.g. passport data, address, employment history) strictly as needed for the service or legal process.

5. Data retention period

Your personal data will be stored for the following periods:

  • Data from the contact, consultation, home-page inquiry, and UDT forms: typically twelve (12) months from the last submission, unless a longer period is required by law, contract, or ongoing proceedings.
  • Data related to contract performance: for the duration of the contract and for any statutory period (e.g. tax rules may require retention for up to five years after the end of the tax year where applicable).
  • Data processed solely on the basis of consent: until consent is withdrawn, plus a short evidentiary period where legally justified.
  • Cookie consent preferences stored in the browser through the consent tool: until you change settings or clear site data, according to the tool's technical behavior.

6. Rights of data subjects

In accordance with the GDPR, you have the following rights:

  • Right of access to your personal data (Art. 15 GDPR)
  • Right to rectification of data (Art. 16 GDPR)
  • Right to erasure — "right to be forgotten" (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal
  • Right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw)

7. Data recipients

Your personal data may be shared with:

  • Business partners, including employers and other cooperating entities — only to the extent necessary to fulfill a contract or order (such as payroll, immigration dossiers, outsourced operations, legalization support) or on a documented assignment from LAUR plus an appropriate legal basis
  • Public administration bodies — to the extent required by law (voivodeship offices, labor offices)
  • Entities providing services to the Controller (hosting, IT, accounting) — based on data processing agreements

8. Data transfers outside the EEA

Personal data is not routinely transferred to third countries outside the European Economic Area for basic website inquiries, except where a specific service requires it (e.g. consulate or foreign counterparty contact).

Technically, the site may load resources from external infrastructure (e.g. a content delivery network). That can involve technical processing of your IP address outside the EU/EEA; where required, we rely on Chapter V GDPR mechanisms or other EU-recognized safeguards.

9. Automated decision-making

The Controller does not make decisions based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect the data subject.

10. Cookies and similar technologies

The website uses a consent manager so you can accept, reject, or customize optional cookies while allowing strictly necessary cookies and storage of your cookie choice. You may use “Reject all”, “Customize”, or “Accept all” when the banner appears, or reopen preferences after clearing site cookies or as otherwise provided on the site.

Preference categories include: necessary, functional, analytics, performance, and advertising/marketing. Deploying specific analytics or advertising tools requires a valid up-to-date consent for that category and compliance with GDPR and ePrivacy rules on tracking technologies.

The consent dialogue links to this Privacy Policy for full legal information. You can also control cookies in your browser; blocking necessary cookies may impair site features.

11. Changes to the privacy policy

The Controller reserves the right to amend this Privacy Policy. Significant changes will be communicated on the website.

Last updated: May 13, 2026