1. This Privacy Policy sets out the rules for the processing of personal data obtained through the website www.sopotpokoje.eu (hereinafter referred to as the PS Website). 2. The owner of the Website and at the same time the data administrator is Pizzeria Stefano – Tomasz Kaczor 3. Personal data collected by the PS via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation), also known as the GDPR. 4.
PS makes special diligence to respect the privacy of the User when visiting the Website.
& sect; & nbsp; 1 Type of data processed, purposes and legal basis
1.
PS collects information about physical persons
2.
Personal data of the User are collected in the case of:
a)
registration of an account on the Website, for the purpose of creating an individual accounts and & nbsp; management of this account. Legal basis: the necessity to perform the Contract for the provision of the Account service (Article 6 (1) (b) of the GDPR);
b)
placing an order on the Website for the purpose of performing a sales contract. Legal basis: necessity to perform the sales contract (art.6 par.1 lit.b RODO);
c)
subscribing to the newsletter (Newsletter), for the purpose of performing the contract, which subject is a service provided electronically. Legal basis & mdash; consent of the person whose data relate to the performance of the contract for the provision of the Newsletter service (Article 6 (1) (a) of the GDPR);
d)
using the & nbsp; contact form service on the & nbsp; Website for the purpose of performing an electronic contract. Legal basis: the necessity to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR).
3.
When registering an account on the Website, the User provides:
a)
e-mail address;
b)
address details:
a.
zip code and & nbsp; city;
b.
street with & nbsp; house / flat number.
c)
first name and last name;
d)
telephone number.
4.
When registering an account on the & nbsp; Website, the User sets an individual password to access his account. The user may change the password at a later time, on the terms described in & nbsp; & sect; 5.
5.
When placing an order on the Website, the User provides the following data:
a)
e-mail address;
b)
address details:
a.
zip code and & nbsp; city;
b.
street with & nbsp; house / flat number.
c)
first name and last name;
d)
telephone number.
e)
credit card number
6.
If you use the Newsletter service, you will only provide your email address.
7.
When using the & nbsp; contact form service, the User provides the following data:
a)
e-mail address;
b)
name and surname;
c)
telephone number.
10.
When using the Website, additional information may be downloaded, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
11.
Navigational data may also be collected from the User, including information about links and & nbsp; links, in & nbsp; kt they decide to click or other activities undertaken on our Website. Legal basis & mdash; legitimate interest (art.6 par.1 lit.f RODO), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
12.
In order to determine, investigate and enforce claims, some personal data provided by the User as part of using the functionality in the Website may be processed, such as: name, surname, data on the use of services, if the claims result from the manner in which the User uses the & nbsp; services, other data necessary to prove the existence of the claim, including the size of the damage suffered. Legal basis & mdash; legitimate interest (art.6 par.1 lit.f RODO), consisting in the determination, investigation and enforcement of claims and defense against claims in proceedings before courts and other state authorities.
13. The
transfer of personal data to PS is voluntary, in connection with concluded sales contracts or the provision of services via the Website’s Website, with the proviso that failure to provide the data specified in the forms in the Registration process prevents Registration and creating a User Account, and in in the case of placing an order without registering a User Account, it will not be possible to place and process a User order.
& sect; & nbsp; 2 Who is the data shared or entrusted to, and how long is it stored?
1.
User’s personal data is transferred to service providers that PS uses when running the Website. Service providers who transfer personal data, depending on contractual arrangements and circumstances, or are subject to PS instructions as to the purpose of processing the data (processors) or define the purposes and methods of their processing (administrators).
and)
Processing entities. PS uses suppliers that process personal data only on instructions from PS. These include providers of hosting services, services providing marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns;
b)
Administrators. PS uses suppliers who do not act solely on instructions and set the purposes and ways of using personal data themselves. They provide electronic and banking payment services.
2.
The User’s personal data is stored:
a)
If the basis for the processing of personal data is the consent at & oacute; while the User’s personal data are processed by PS until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period limitation of claims that the PS may raise and which may be raised against it. Unless the special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to the conduct of business & ndash; three years.
b)
If the basis for data processing is the performance of the contract, then the User’s personal data are processed by PS as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless the special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to the conduct of business & ndash; three years.
4.
Navigation data may be used to provide Users with better service, statistical data analysis and to adapt the Website to the User’s preferences, and also to administer the Website.
5.
In the event that the User subscribes to the newsletter (Newsletter) to his email address PS will send electronic messages containing commercial information about promotions and new products available on the Website.
6.
In the event of a request being made, PS shall disclose personal data to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
& sect; & nbsp; 3 Cookies mechanism
1.
The Website uses small files called cookies. They are saved by the PS on the terminal device of the person visiting the Website, if the web browser allows it. A cookie usually contains the domain name from which it comes, sw & oacute; j & quot; expiration time & quot; and an individual randomly selected number identifying this file. Information collected using this file helps to tailor the products offered by PS to the individual preferences and actual needs of persons visiting the Website. They also give the opportunity to compile general statistics of visits to the product presented on the Website.
2.
PS uses two types of & oacute; file in cookies:
a)
Session cookies: after the end of the browser session or turning off the computer, the saved information is removed from the device’s memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from & nbsp; computer & oacute; w.
b)
Persistent Cookies: they are stored in the memory of the User’s terminal device and & nbsp; remain there until they are deleted or expire. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the & nbsp; computer of the User & oacute; w.
3.
PS uses its own cookies to:
a)
authenticate the User on the Website and provide the User’s session on the Website (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
b)
analyzes and surveys and audience audit, and in particular to create anonymous statistics that help to understand how they are using the Website, which allows improving its structure and content.
4.
PS uses external cookies to:
a)
present on the Website’s information pages a map indicating the location of the PS office using the maps.google.com website (external cookies administrator: Google Inc. based in the USA);
d)
collecting general and & nbsp; anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc. with headquarters in & nbsp; USA);
5.
The cookies mechanism is safe for your computer in the User on the Website. In particular, it is not possible to get into the computer in the User ‘s virus or in any other unwanted software or malware. However, in & nbsp; their browsers, Users have the option of limiting or disabling access to the & oacute; file in cookies to your & oacute; w. In the case of using this option, the use of the Website will be possible, in addition to the functions that by their nature require the file & oacute; in cookies.
6.
Below we show how you can change the settings of popular web browsers in the & nbsp; scope of use of the & oacute; file in cookies:
a)
Internet Explorer;
b)
Microsoft EDGE browser;
c)
Mozilla Firefox browser;
d)
Chrome browser;
e)
Safari browser;
f)
Opera browser.
7.
The Website contains links and references to other websites. PS is not responsible for the privacy policies applicable to them.
& sect; & nbsp; 4 Rights regarding the data concerned
1.
The right to withdraw consent & ndash; legal basis: art. 7 item 3 GDPR.
a) The
User has the right to withdraw any consent given by PS.
b)
Withdrawal of consent has effect from the moment of withdrawal of consent.
c)
Withdrawal of consent does not affect the processing carried out by PS in accordance with the law before its withdrawal.
d)
Withdrawal of consent does not entail any negative consequences for the User, however, it may prevent further use of services or functionalities which, according to PS law, can only be provided with consent.
2.
Right to object to data processing & mdash; legal basis: art. 21 GDPR.
a) The
User has the right to object at any time & ndash; due to reasons related to its special situation & ndash; to the processing of his personal data, including profiling, if PS processes its data based on a legitimate interest, e.g. marketing product and services, keeping statistics on the use of individual functionalities of the Website and facilitating the use of the Website, and also satisfaction survey.
b)
Opting out of the & nbsp; e-mail message receiving & nbsp; receiving marketing communications regarding your product or services will mean your objection to the processing of your personal data, including profiling for & nbsp; these purposes.
c)
If the User’s objection turns out to be well founded and the PS has no other legal basis to process personal data, the User’s personal data will be deleted in relation to the processing of the User’s objection.
3.
The right to delete data (& quot; right to be forgotten & quot;) & quot; legal basis: art. 17 GDPR.
a) The
User has the right to request the deletion of all or some personal data.
b) The
User has the right to request the deletion of personal data if:
a.
the personal data are no longer necessary for the purposes of their collection or in the processing of personal data;
b.
withdrew a specific consent, to the extent that & nbsp; personal data were processed on the basis of & nbsp; his consent;
c.
we oppose the use of his data for marketing purposes;
d.
personal data is processed unlawfully;
e.
personal data must be deleted for the purpose of fulfilling the legal obligation provided for in Union law or the law of the Member State to which the PS is subject;
f.
personal data was collected in connection with the & nbsp; offering information society services.
c)
Despite the request to delete personal data, in connection with the objection or withdrawal of consent, PS may keep certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union or Member State law which is subject to the PS. This applies in particular to personal data including: name, surname, e-mail address, which are stored for the purpose in handling complaints and claims related to the use of PS services, or additionally the address of residence / correspondence address, order number, which data is stored for the purpose of examining complaints and claims related to concluded sales contracts or provision of services.
4.
The right to limit data processing & mdash; legal basis: art. 18 GDPR.
a) The
User has the right to request the restriction of the processing of his personal data. Submission of a request, pending its consideration, prevents the use of certain functionalities or services, which will result in the processing of the data covered by the request. PS will also not send any & oacute; s message, including marketing messages.
b) The
User has the right to request the restriction of the use of personal data in the following cases:
a.
when he questions the correctness of his personal data & ndash; w & oacute; during PS limits their use for the time needed to check the correctness of the data, but not longer than for 7 days;
b.
when the processing of data is contrary to the & nbsp; law, and & nbsp; instead of deleting the data, the User will request to limit their use;
c.
when personal data cease to be necessary for the purposes of their collection have been collected or used but they are needed by the User in order to determine, assert or defend claims;
d.
when we oppose the use of his data & ndash; w & oacute; while the restriction occurs for the time needed to consider whether & ndash; due to the special situation & ndash; protection of the interests, rights and freedoms of the User prevails over the interests pursued by the Administrator by processing User’s personal data.
5.
Right of access to data & ndash; legal basis: art. 15 GDPR.
a) The
User has the right to obtain confirmation from the Administrator whether he is processing personal data, and if this is the case, the User has the right to:
a.
gain access to his personal data;
b.
obtain information about the purposes of processing, categories of personal data processed, about recipients or categories of recipients in these data, the planned period of storage of User’s data or about the criteria for determining this period (when it is not possible to determine the planned period of data processing), o & nbsp the rights of the User under the GDPR and about the right to lodge a complaint to the supervisory authority, about this data, about automated decision making, including profiling and about the safeguards used in connection with this & nbsp; outside the European Union;
c.
obtain a copy of your personal data.
6.
Right to rectify data & mdash; legal basis: art. 16 GDPR.
a) The
User has the right to request the Administrator to immediately correct his personal data that is incorrect. With regard to the purpose of processing, the User whose data relate has the right to request the completion of incomplete personal data, including by submitting an additional statement, directing the request to the e-mail address in accordance with & nbsp; & sect. 6 Privacy Policy.
7.
Right to data portability & ndash; legal basis: art. 20 GDPR.
a) The
User has the right to receive his personal data, which he provided to the Administrator, and then send it to another personal data administrator of his choice. The User also has the right to request that personal data be sent by the Administrator directly to such an administrator, as far as technically possible. In this case, the Administrator will send the User’s personal data in the form of a file in the & nbsp; csv format, which is a commonly used, machine-readable and & nbsp; format that allows the received data to be sent to another personal data administrator.
8.
In the situation when the User has the right resulting from the above rights, PS fulfills the request or refuses to comply with it immediately, not later than within a month after receiving it. However, if & ndash; due to the complex nature of the request or the number of requests & ndash; The PS will not be able to fulfill the request within a month, will fulfill it in the next two months informing the User in advance within one month of receiving the request & ndash; about the intended extension of the deadline and its reasons.
9. The
User may submit to the Administrator complaints, inquiries and & nbsp; requests regarding the processing of his personal data and the exercise of his rights.
10. The
User has the right to request from PS a copy of standard contractual clauses by directing the inquiry in the manner indicated in & sect; 6 Privacy Policy.
11. The
User has the right to lodge a complaint to the President of the Office for Personal Data Protection regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.
12.
In addition to the rights listed above, you have the right to complain to the national supervisory authority, which is: President of the Office for Personal Data Protection, ul. Stawki 2, & nbsp; 00-193 Warsaw., Tel. 22 531 03 00
& sect; & nbsp; 5 Security management & ndash; password
1.
PS provides Users with a secure and encrypted connection when sending personal data and when logging into the User Account on the Website. PS uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted via the Internet.
2.
In the event that a User who has an account on the Website has lost his access password in any way, the Website shall generate a new password. PS doesn’t send password reminder. The password is stored in an encrypted form in a way that prevents it from being read. In order to generate a new password, enter the e-mail address in the form available under the link ‘You forgot your password’ provided at the login form to the account on the Website. The User will receive an electronic message containing a redirection to the dedicated form provided on the Website’s Website to the e-mail address provided during registration or saved in the last change of account profile, where the User will be able to set a new password.
3.
PS never sends any correspondence, including electronic correspondence, asking for login details, and in particular the password for accessing the User’s account.
& sect; & nbsp; 6 Changes to the Privacy Policy
1.
The Privacy Policy may change, about which PS will inform the User & oacute; 7 days in advance.
2.
Questions regarding the Privacy Policy should be directed to: [email protected]
3.
Date of last modification: 02.02.2020.