PERSONAL DATA PROCESSING PRINCIPLES
I. Introduction
This Privacy Policy regulates the collection, storage and use of personal data of Users of the website https://wypiekarnia.com (hereinafter referred to as "„Side”" or "„Website”"). The administrator of these data is the company Wypiekarnia (Wypiekarnia Martyna Mrozowska, conducting business activity in Rzeszów, at ul. Hetmańska 32, 35-045 Rzeszów, NIP: 8133632565) (hereinafter referred to as "„Bakery”"). Personal data is collected and processed in the manner and under the principles set out in this Policy.
II. General provisions
The bakery attaches particular importance to protecting the privacy of its customers, contractors, and employees. One of its key aspects is protecting the rights
and freedoms of natural persons with regard to the processing of their personal data.
We ensure that the processing of your data is carried out in accordance with the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter referred to as the "GDPR"), the Personal Data Protection Act, and specific provisions.
Wypiekarnia is the controller of personal data within the meaning of Article 4(7) of the GDPR. We also use the services of processors referred to in Article 4(8) of the GDPR – they process personal data on behalf of the controller (e.g. accounting or IT companies).
The bakery implements appropriate technical and organizational measures to ensure a level of security appropriate to the potential risk of violating the rights and freedoms of natural persons, with varying likelihood and severity of the threat. Our personal data protection activities are based on adopted policies and procedures, as well as regular training to enhance the knowledge and competence of our lawyers in
this area.
III. What we use your personal data for
(basis and purpose of data processing)
Below, we describe the purposes for which we use your personal data. The legal basis for our processing of personal data is: (i) your voluntary and informed consent to the processing of your personal data, or (ii) the necessity of processing such data in connection with the performance of a sales contract or the management of an account in our online store, or (ii) our legitimate interests (in which case, we will explain what these interests are).
| Purpose of processing | Legal basis for processing |
|---|---|
| – providing information on the order of a service or product / implementation of the concluded contract; | Article 6(1)(b) of the GDPR. Contractual necessity – we process personal data to fulfill our obligation to deliver and fulfill the order placed in the online store (e.g. delivery of the ordered product, complaint handling, etc.), including the provision of the account service in our online store. |
| – contacting you regarding the evaluation of a product or service or to obtain feedback after the completion of an order or the provision of a service; | Article 6(1)(f) GDPR. Legitimate interests – we process personal data to contact you to obtain feedback on the product or service you have ordered from us. |
| – communicating for other purposes. For example, we will use your contact information to respond to any questions you may have; | Article 6(1)(f) GDPR. Legitimate interests – we process personal data to be able to answer your questions. |
| – communicating for other purposes. For example, we will use your contact information to respond to any questions you may have; | Article 6(1)(f) GDPR. Legitimate interests – we process personal data to be able to answer your questions. |
| – sending information about our products and services, including gifts, special offers and discounts via the following communication channels: e-mail, SMS/MMS, telephone contact; | Article 6(1)(a) of the GDPR, if you have voluntarily given prior consent to such communication. |
| – review of your previous purchases and activity history on our website in order to send you special offers or tailor the website to your needs; | Article 6(1)(f) GDPR. Legitimate interests – we process personal data to send special offers and tailor the use of services offered online. |
| – response to any claims against us. | Article 6(1)(f) GDPR. Legitimate interests – We process personal data to respond to any claims made against us. In certain cases, we may also be required to disclose personal data under applicable law (for example, in connection with legal proceedings). |
IV. What rights do you have?
We take appropriate measures to provide you with all relevant information and communications regarding the processing of your personal data in a concise, transparent, understandable and easily accessible form, using clear and simple language, in connection with the exercise of your right to:
- information provided when obtaining personal data;
- information provided upon request – whether data are being processed and other matters specified in Article 15 of the GDPR, including the right to a copy of the data;
- rectification of data;
- being forgotten (deletion of data);
- processing restrictions;
- data transfer;
- objection (in a situation where the processing of personal data is based on Article 6(1)(f) of the GDPR);
- not to be subject to a decision based solely on automated processing (including profiling).
Furthermore, if your personal data is processed based on consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.
For contact purposes regarding exercising the above-mentioned rights, including the right to withdraw marketing consent please contact us via email address: manager.wypiekarnia@gmail.com, entering "GDPR" in the subject of the message.
The security of your data is our priority, however, if you believe that we are processing your personal data in violation of the provisions of the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
V. How we will contact you
We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide information orally, provided we confirm your identity by other means. If you submit your request electronically, the information will also be provided electronically, to the extent possible, unless you indicate a different preferred method of communication. You can contact Wypiekarnia in the following ways:
- by correspondence: Wypiekarnia Martyna Mrozowska; ul. Hetmańska 32, 35-045 Rzeszów;
- e-mail: manager.wypiekarnia@gmail.com
- phone: (+48) 697 815 372
VI. How long will it take to fulfill your request?
We strive to provide information without undue delay – generally within one month of receiving your request. If necessary, this deadline may be extended by a further two months due to the complex nature of the request or the number of requests. However, in any case, within one month of receiving your request, we will inform you of the actions taken and (where applicable) any extension of the deadline, providing the reason for the delay.
VII. Subcontractors / processors / data recipients
If we cooperate with entities that process personal data on our behalf, we only use the services of such processors that provide sufficient guarantees to implement appropriate technical and organisational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of data subjects.
We thoroughly vet the entities entrusted with processing your data. We enter into detailed agreements with them and periodically review their compliance with the terms of such agreements and the law.
In addition, the recipients of your personal data may also be other personal data controllers, such as transport and courier companies and entities providing payment services responsible for the execution of online payments.
VIII. How we care about the processing of your data
We regularly review and update our documentation to demonstrate compliance with legal requirements in accordance with the accountability principle set out in the GDPR, but we also strive to incorporate best market practices to protect the interests of data subjects.
IX. Data retention
We store personal data in a form that permits the identification of the data subject for no longer than is necessary for the purposes for which the data is processed. After this period, we anonymize the data (remove the features that enable the identification of the individual) or delete it. Personal data deletion is complete and permanent.
We determine the data processing period primarily based on legal provisions and the legitimate interest of the controller (e.g. marketing activities).
X. Authorizations
We ensure that any person acting under our authority who has access to your personal data processes it only on our instructions, unless otherwise required by EU or Member State law.