Privacy Policy of PKO Leasing Finanse sp. z o.o.

We are devoted to apply the highest possible standards to protect privacy of users of the website of PKO Leasing Finanse sp. z o.o. (“Company”). Below is further and more detailed information on the type of collected data and the regulations concerning its processing and usage. We limit the activities involving the use and collection of information on the website users to the extent that proves really necessary to provide cutting-edge services.

We do protect personal data of the website users; this is why before opening an auction service of PKO Finanse sp. z o.o., user’s browser provides, via P3P Protocol the information on the type of collected data.

Why do we process the data?

  • to prevent scam, counteract money laundering and terrorism financing,
  • to ensure security of services provided by the Company,
  • to analyse and profile clients,
  • to send personalised marketing materials,
  • to tailor certain products and services to the needs of customers,
  • to improve products and services offered by the companies of The PKO Bank Polski S.A. Capital Group (the current list of which is published on,
  • to adjust the content of the website to users’ interest and optimize the website navigation in order to ensure convenient and intuitive content search.

For direct marketing, we can forward to our clients a quotation for products and services offered by the Company that will be satisfy their needs and follow their interests in the manner that has been previously accepted by the client. A client can always resign from obtaining personalised offers and commercial information, as well as profiling.

What data are collected?

The Company collects personal data of users of the Company’s website (auction service) that may be its present or prospective clients. The collected data concern activities performed by users. The website logs are collected. Logs contain the data like IP address, time of event, data of collected resources, referer, user agent, cookie.

A personal data is the information which the Company may use to identify a client. The Company does not collect the data concerning political or religious views, data on health condition or ethnic origin.

Reference to other websites

We are not responsible for privacy policy applied by owners of the websites referenced on the Company’s website. We encourage users to follow privacy statements published on our partners’ websites, specifically if they collect personal data.

Third-party advertising agencies

Whilst viewing the website on the Internet with the Company’s ad displayed thereon, our Internet advertising agency can send cookie or floodlight files on your computer. Then, it will be able to recognize a computer during consequent visit or when measuring client’s response to a specific ad.

Changes in the Privacy Policy of an auction service of PKO Leasing Finanse sp. z o.o.

Any and all changes in the privacy policy of the Company’s service may be affected by the Internet technology development, any amendments introduced to personal data protection laws and regulations as well as the growth of our Internet service. We will update you on such changes on our website.

What does a P3P protocol mean?

The Platform for Privacy Preferences (P3P Protocol) is a new technology dedicated to privacy protection and developed by World Wide Web Consortium (W3C). Due to this technology, a user can make well informed decisions on the type of his personal data to be collected by the website. The Company has taken serious precautions to protect personal data of its clients and implemented a P3P Protocol.

Browsers with implemented P3P technology can automatically decide on which cookies do not infringe user’s privacy protection preferences.

Floodlight Codes

Certain websites use the Floodlight technology which is applied to create collective statistics on website usage. Floodlights code can recognize certain information on users’ computers, like cookies, time and date of visiting a website and description of a website where a Floodlight code is placed.


Cookies are small files saved on the user’s device by visited websites. Cookie files contain various information that proves often necessary for the website to operate in an accurate manner. Cookies are encoded for unauthorized persons to be prevented access thereto. The information embedded in cookies contain data on the user’s activities on the Internet website from which it has been sent. The files are saved on a terminal device memory storage device, e.g. user’s computer, tablet, mobile, in order to facilitate navigation and adjust the website to user’s preferences.

The Company may combine the information collected using cookies files with other client data possessed thereby, if a client authorised to do so and does not switch cookies off, with the aim being to prepare a quotation for the Company’s products or services to be best tailored to the client’s expectations.

The user’s blocking cookies from being save in the browser of the device used thereby or their removal is possible after appropriate configuration of browser’s settings. If the user’s mobile device operates iOS system, in order to use a full version of the Company’s website, cookies files should be accepted.

Depending on the time for which cookies are installed, the files are divided into:

    • temporary session cookies – they are not saved on the disc, required to maintain a context of the user’s session; they are very often used by various websites due to specificity of HTTP protocol where websites are transmitted,
    • permanent cookies – i.e. the cookies that are not deleted after closing the browser and may be used by the website in future; they may be divided into:
      • o cookies within a specific domain (first party) – the website configures cookies only for its own needs,
      • o cookies within an external domain (third party) – the website uses cookies to be further used by other services.

Depending on the cookie usage purpose as realised by the Company, these files are divided into basic and marketing cookies:

    • basic cookies – are installed if authorised by the user with settings of the software installed on his communication device. Basic cookies are divided into technical and analytical cookies:
      • technical cookies – are necessary for the website to function in an appropriate manner and to be used in order to:
        • ensure relevant website display – depending on the used device,
        • remember whether the user authorised certain content to be displayed.
      • analytical cookies – prove necessary for the Company to make settlements with business partners, measure effectiveness of marketing activities and to improve website functioning, and they are used by the Company in order to:
        • analyze statistics concerning traffic on,
        • detect any abuse,
        • limit certain marketing activities, also to protect users against multiple display of the same ad,
        • measure effectiveness of the campaigns conducted for the Company, e.g. in Google, partners’ programmes,
        • make settlements with business partners for advertising services based on the registered campaigns conducted at users’ requests.
      • marketing cookies – are saved on the devices only if the user has authorized to do so and fails to switch cookies off. When applying these cookies in the manner that will comply with the user’s preferences on service selection, on the basis of the data possessed by the Company, and user’s behaviour on the Company’s website, the Company profiles ads displayed on external websites and its intranet services.

When entering the Company’s website, you may refuseyour authorization for the Company to use cookies for marketing purposes. Then, the Company’s ads displayed on its website will to satisfy the user’s preferences.

Whilst conducting analytical activities on the users’ activities on the Company’s website, we cooperate with external, local or foreign partners. Partners provide the Company with the services which will involve monitoring, creating statistics and their analysis. We provide these activities based on the Company’s legitimate interest, with the aim being to optimize the Company’s website.

On our website we publish a small image file which allows PKO Bank Polski SA to conduct analyses, within the PKO BP Capital Group, of the traffic from the launched campaigns, interaction on the user’s website, remarketing activities. The Bank will build the user’s profile based on the data collected by either party within cookies, and combining it with other information possessed on the data subject, solely within the context of persons who authorized the use of cookies for marketing purposes.

Incorporation/ deletion/ blocking cookies

We use cookies in the manner that will comply with the settings established for the browser software as installed in your device. You should check whether you have authorized us to use cookies or not.

In numerous browsers cookies functioning is switched off by default. The website user may at any time change settings in his browser or switch cookies off; but switching cookies off can result in inappropriate website functioning.

Using the website with cookies switched off in a browser means that these files are saved in the user device memory. Using the Company’s website without any changes made in the browser with regard to cookies means that you have confirmed that you have read the above specified information and accepted cookies.

Further information on cookies is available in a “Help” tab in your browser menu.

The users, who after reading the information available in the Internet, do not desire cookies to be stored in the device browser should delete them from your browser after completing a visit in the Internet.

Personal Data Controller

PKO Leasing S.A., with its registered seat in Łódź (93-281), at Marszałka Edwarda Śmigłego-Rydza 20 (“Company”), acts as a personal data controller.

The Company has appointed a personal data protection inspector that can be contacted at: Inspektor Ochrony Danych Osobowych, PKO Leasing S.A., Marszałka Edwarda Śmigłego-Rydza 20, Łódź (93-281), e-mail:

The following will constitute the grounds to process the data within the extent and for the purpose specified in the Policy:

  • authorization – i.e. your voluntary authorisation for the data to be processed as provided for in Article 6.1.a) GDPR,

reasonable requirements of personal data controller – i.e. a need to satisfy the Company’s reasonable interests, referred to in Article 6.1.f) GDPR.

  • Based upon the above specified personal data legal regulations, the Company actually processes or may process the acquired data for the following purposes:

    for the purposes specified in the authorization, on the basis of such authorization – in these circumstances you may withdraw your authorization at any time which will not affect legal compliance of professing activities conducted on the basis of such authorization before it is withdrawn; due to a refusal to grant authorization or its withdrawal, the Company will not be further authorized to process your data for the purposes indicated in the authorization.

    Based upon your authorization for cookies to be applied for marketing purposes, the Company may process the data in compliance with the procedure determined in this Privacy Policy, in order to pursue marketing activities for the products and services offered by The PKO Bank Polski SA Capital Group (whose current list is published on, also in certain circumstances preceded by building your profile and its analysis by the Company or the Group company that is a data recipient.

  • to file claims and defense against claims which directly or indirectly relate to your activities on the Company’s website – following reasonable and legitimate requirements of the data controller,
  • to ensure financial security and protection of the Company’s – on the basis of reasonable and legitimate requirements of the data controller.

The period to process the acquired personal data is related to the above specified objectives of data processing. Therefore, personal data will be processed for the longer of the following timeframes:

  • during the timeframe required to store the data, or
  • during the timeframe equivalent of statute of limitation of claims to file which it is necessary to possess relevant data.

In connection with processing the data to pursue to the above specified purposes, the data may be disclosed to the entities different from the Company, i.e.:

  • PKO Bank Polski S.A. („Bank”) – in order to pursue the Company’s and the Bank’s legitimate interests as resulting from the parties’ authorizations to exchange the information that may be found useful to prevent fraud or effectively manage risk within the Bank Capital Group, in compliance with applicable laws and regulations. Following the Company’s disclosing the data, the Bank will become their independent controller and will process the data for the purposes specified herein. The regulations for the Bank’s processing the data and your authorities thereunder are determined on the Bank’s website, in a tab dedicated to data protection (GDPR).
  • if authorization is granted to apply cookies for marketing purposes, the entities of The PKO Bank Polski S.A. Capital Group (a current list of which is published on for the purposes related to preparing the quotation of these entities or handling the pursued marketing campaigns.
  • the companies that provide services for the Company, i.e. providers of IT or operating services, auditors, advisors, and the entities that are authorized to obtain information in compliance with applicable laws and regulations.
  • The data which the Company acquires from you are processed on the voluntary basis.

    In the circumstances and under the terms and conditions provided for in personal data protection regulation, you may:

    • be granted access to your data,
    • rectify your data,
    • delete your data,
    • limit the processing of your data,
    • file objection to processing personal data based on laws and regulations in compliance with reasonable requirements of the data controller,
    • transfer your personal data.

    Irrespective of the foregoing, you may file a complaint with competent supervisory authorities as indicated in applicable personal data protection laws and regulations.