Privacy policy

Privacy Policy

The data controller is ESA Trucks Polska Sp. z o.o. seated in Komorniki (62-052), at ul. Ks. Wawrzyniaka 1, entered into the Register of Entrepreneurs kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register, under KRS number: 0000267483, REGON number: 300422973, NIP Tax Identification Number: 9721145555


  1. Personal data – information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  2. Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. Controller – means ESA Trucks Polska Sp. z o.o.
  4. User – means a natural person on whose behalf, in a lawful manner, electronic services may be provided, or with whom an Agreement for the provision of electronic services may be concluded.
  5. Cookies – means IT data, in particular small text files, saved and stored on devices through which the User uses the website of the Service.
  6. Controller’s Cookies – means Cookies placed by the Controller related to the provision of electronic services by the Controller via the Service.
  7. External Cookies – means Cookies placed by the Administrator’s partners via the website of the Service.
  8. Service – means a website of the TSL Music Festival
  9. Device – means any electronic device through which the User gains access to the Service.

Information clause and legal grounds for personal data processing

  1. Personal data gathered by the Controller are processed pursuant to the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), the Act of May 10, 2018, on personal data protection (Journal of Laws of 2018, item 1000) and the Act of July 18, 2002 on providing services by electronic means (Journal of Laws of 2017, item 1219 as amended).
  2. The Controller processes only personal data which the User has provided in connection with the use of the Service. Processing of personal data of the Users takes place within the scope of:
    1. establishing contact – pursuant to article 6 (1) (a) of the GDPR, i.e. pursuant the consent granted by the data subject,
    2. exercising claims – pursuant to article 6 (1) (f) of the GDPR, i.e. due to the fact that processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party,
    3. carrying out legal obligations of the Controller in connection with conducting a business activity – pursuant to art. 6 (1) (c) of the GDPR, i.e. due to the fact that the processing is necessary to carry out the legal obligation of the Controller,
    4. carrying out own marketing and promotional activities (art. 6 (1) (f) of the GDPR),
    5. using telecommunication user’s devices and automated calling systems for the purpose of direct marketing pursuant to the Act dated July 16, 2004, Telecommunications Law (Journal of Laws of 2017, Item 1907), pursuant to a consent granted separately.
  3. The Service Administrator collects or may collect the following personal data via the contact form available in the Service or via direct contact from the User:
    1. identification data (first and last name),
    2. contact details (phone number, e-mail address),
    3. other data provided by the User during contact with the personal data controller.
  4. Personal data will be processed for the period:
    1. necessary for the execution of contracts or responses to User’s inquiries, including after their execution due to the possibility of the parties using their rights under the contract, as well as due to the possible claims – until the expiry of the statute of limitation for the claims;
    2. until withdrawal of the consent or objection to data processing,
    3. The Controller stores Users’ personal data when it is necessary to carry out his legal obligations, but exclusively for the period required by national law.
  5. The User has the right to:
    1. data accessibility – pursuant to art. 15 of the GDPR,
    2. data rectification/update – pursuant to art. 16 of the GDPR,
    3. data erasure – pursuant to art. 17 of the GDPR,
    4. restriction of data processing – pursuant to art. 18 of the GDPR,
    5. data transferability – pursuant to art. 20 of the GDPR,
    6. objection to the processing of personal data – pursuant to art. 21 of the GDPR,
    7. withdrawal of the consent at any time – pursuant to art. 7 (3) of the GDPR,
    8. lodging a complaint to the supervisory authority i.e. The President of the Office of Personal Data Protection – pursuant to art. 77 of the GDPR.
  6. In order to perform the contract or respond to an inquiry, the Controller may provide the gathered data to entities including employees, partners, courier companies, entities providing legal services for the Controller and IT support.
  7. The Controller has appointed a Data Protection Officer, which can be contacted at the following e-mail address: in any matter regarding data processing.

Cookie files

    1. Types of cookies processed by the Controller are:
      1. session cookies: they are stored on the User’s Device and remain there until the end of the session of the given browser. The saved information is then permanently removed from the Device’s memory. The mechanism of session cookies does not allow for the collection of any personal data or any confidential information from the User’s Device;
      2. permanent cookies: they are stored on the User’s Device and remain there until they are deleted. Ending the session of a given browser or turning off the Device does not delete them from the User’s Device. The mechanism of permanent cookies does not allow for the collection of any personal data or any confidential information from the User’s Device;

Changes in the privacy policy made by the Controller

  1. The Controller has the right to make changes to the Privacy Policy, about which the User will be notified in a manner allowing for reading the changes. In case of any inquiries regarding changes, please contact our Data Protection Officer.
  2. This privacy policy in no way limits any rights which the User may have under the applicable law.