§1 General Provisions
The administrator of personal data collected via the eatmenow.net online store is Andrzej Gowin, conducting business activity under the name PYSZNE I ZDROWE Andrzej Gowin, with a registered office at Jana Kazimierza 46/LU1, 01-248 Warsaw, Poland, correspondence address: Jana Kazimierza 46/LU1, 01-248 Warsaw, Poland, NIP: 9372707195, REGON: 388001792, registered in the Central Registration and Information on Business (CEIDG), email address: pyszneizdrowe.pl@gmail.com, hereinafter referred to as the “Administrator”, who is also the Service Provider.
Personal data collected by the Administrator via the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
§2 Types of Processed Personal Data, Purpose and Scope of Data Collection
Purpose and legal basis of processing. The Administrator processes the personal data of Users of the eatmenow.net store in the following cases:
When placing an order – for the purpose of executing the sales agreement, based on Article 6(1)(b) GDPR (performance of a contract).
When using the contact form – based on Article 6(1)(f) GDPR as a legitimate interest of the Administrator.
When subscribing to the Newsletter – for the purpose of sending commercial information electronically, with the user’s separate consent, based on Article 6(1)(a) GDPR.
Types of processed data. The Administrator processes the following categories of personal data:
First and last name
Address
Email address
NIP (tax ID)
Company name
Phone number
Data retention period.
a. When the basis for processing is contract performance – data is retained as long as necessary to execute the contract, and thereafter for the period required to pursue or defend legal claims. Unless otherwise provided by law, the limitation period is six years, and for periodic claims or those related to business activity – three years.
b. When the basis is consent – data is retained until consent is withdrawn, and after withdrawal, for the period required to pursue or defend legal claims.
While using the website, additional information may be collected, such as the IP address assigned to the user’s device or external IP of their Internet provider, domain name, browser type, access time, and operating system type.
With separate consent, based on Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial communications electronically in accordance with Article 10(2) of the Act of 18 July 2002 on Providing Services by Electronic Means.
Navigational data may also be collected, including information about links clicked or other actions taken within the store. This is based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR) in improving service functionality and ease of use.
Providing personal data is voluntary.
Personal data may also be processed automatically by profiling, if the User consents, under Article 6(1)(a) GDPR. Profiling may result in assigning a profile to a person to make decisions, or analyze or predict their preferences, behavior, and attitudes.
The Administrator takes particular care to protect the interests of data subjects, ensuring that the data:
is processed lawfully,
is collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
is accurate, adequate, and relevant to the purposes for which it is processed,
is kept in a form allowing identification of data subjects for no longer than necessary.
§3 Disclosure of Personal Data
The Users’ personal data is disclosed to service providers used by the Administrator in operating the Store. These providers may process data on behalf of the Administrator (processors) or independently determine the purposes and means of processing (controllers), depending on contractual arrangements.
Users’ personal data is stored exclusively within the European Economic Area (EEA), subject to §5 point 5 of this Privacy Policy.
§4 Right to Control, Access, and Rectify Personal Data
The data subject has the right to access their personal data and to request its rectification, deletion, restriction of processing, data portability, objection to processing, and withdrawal of consent at any time without affecting the legality of prior processing based on consent.
Legal grounds for User requests:
Access to data – Art. 15 GDPR
Data rectification – Art. 16 GDPR
Erasure (“right to be forgotten”) – Art. 17 GDPR
Restriction of processing – Art. 18 GDPR
Data portability – Art. 20 GDPR
Objection – Art. 21 GDPR
Withdrawal of consent – Art. 7(3) GDPR
To exercise these rights, an email should be sent to: pyszneizdrowe.pl@gmail.com
Upon receiving such a request, the Administrator will fulfill it or refuse to fulfill it without undue delay, and no later than one month after receiving the request. If the request is complex or numerous, the deadline may be extended by another two months, with prior notice within the initial one-month period.
If a data subject believes their data is being processed in violation of the GDPR, they have the right to file a complaint with the President of the Personal Data Protection Office (UODO).
§5 “Cookies” Files
The Administrator’s website uses “cookies.”
Installing cookies is necessary for the proper provision of services on the website. Cookies contain information required for the website to function correctly and help generate general site visit statistics.
The website uses the following type of cookies: persistent.
a. “Persistent” cookies are stored on the User’s device for a defined period or until deleted.
The Administrator uses its own cookies to better understand how Users interact with the website content. These files collect information about how Users use the site, the page they came from, the number of visits, and duration of the session. These do not record specific personal data.
The Administrator also uses external cookies to collect anonymous statistical data using Google Analytics (external cookie controller: Google Inc., USA).
Users can control cookie access through browser settings. Detailed information on how to manage cookies is available in the browser software settings.
§6 Final Provisions
The Administrator applies appropriate technical and organizational measures to ensure the protection of processed personal data, especially against unauthorized access, unauthorized acquisition, unlawful processing, and accidental loss, alteration, or destruction.
The Administrator provides adequate technical safeguards to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.
For matters not regulated by this Privacy Policy, the provisions of the GDPR and relevant Polish law shall apply.
