Privacy policy

Privacy Policy
braciaziolkowscy.pl

1. ABOUT US

1. The administrator of the personal data collected via the Website is BRACIA ZIÓŁKOWSCY - PALARNIA KAWY SPÓŁKA JAWNA with registered office at: ul. Łąkowa 1, 26-804 Stromiec, e-mail address: wlodzimierz@braciaziolkowscy.pl. ("Administrator")
2. BRACIA ZIÓŁKOWSCY - PALARNIA KAWY SPÓŁKA JAWNA operates the Website and is responsible for the correct provision of the Website's Electronic Services.

2. GENERAL PROVISIONS

1. This Privacy Policy of the Website is a measure implemented by the Controller, the purpose of which is to define the actions taken by the Controller with regard to the protection of personal data provided to the Controller by Data Subjects and, moreover, to inform Data Subjects of the procedure in force in the business run by the Controller for dealing with personal data, including, in particular, the purposes and legal grounds for processing and the categories of recipients to whom personal data processed by the Controller is further communicated, and the implementation by the Controller towards Data Subjects of the information obligation arising from the content of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, hereinafter referred to as "RODO") to the remaining extent
2. The Service Provider shall take particular care to protect the interests of data subjects and, in particular, shall ensure that the data it collects are processed lawfully; collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed; and stored in a form that allows the identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
3. This Website privacy policy is for information purposes only, which means that it does not create obligations for Website Service Recipients.
4. All words, phrases and acronyms appearing on this Website and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) shall be construed as defined in this Privacy Policy or in the Website Terms and Conditions (if applicable) available on the Website.
5. The Customer's personal data shall be processed in accordance with the RODO and the Data Protection Act of 10 May 2018 (hereinafter: Data Protection Act) and the Act on the Provision of Electronic Services of 18 July 2002 (Journal of Laws 2002 No. 144, item 1204 as amended). .

3. PURPOSE AND SCOPE OF DATA COLLECTION

1. In each case, the purpose, scope and recipients of the data processed by the Service Provider result from the activities undertaken by the Client on the Website. For example, if the Client intends to use an Account, the Client's personal data will be processed for the purpose of concluding and implementing the Agreement for the use of the Account.
2. The Administrator processes personal data concerning the Client or his/her representatives for the following purposes:
   • conclusion and performance of a contract for the use of an Electronic Service,
   • to comply with legal obligations, including tax and accounting regulations,
   • conducting court, arbitration, administrative, judicial, enforcement and mediation proceedings,
   • documenting contractual relationships for evidentiary purposes for the period of the statute of limitations for claims relating to them,
   • carrying out direct marketing of the services or goods offered by the Administrator, including through e-mail correspondence of the newsletter type,
   • handling complaints and claims arising from warranty rights
3. The Service Provider may process the following personal data of Service Recipients using the Website:
   • the name of the Customer,
   • e-mail address,
   • Name of Cooperating Organisation,
   • Name of the Branch of the Cooperating Organisation,
4. The provision of the personal data referred to in the paragraph above is not mandatory, but is necessary for the conclusion and execution of the agreement for the provision of Electronic Services on the Website. Each time the scope of data required to conclude an agreement is indicated in advance on the Website, during the use of the Website and in its Terms and Conditions (if applicable).
5. Personal data concerning the Customer may be transferred to public administration bodies or to other persons or third parties - to the extent and in cases in which the Administrator is obliged to make them available by law. In addition, Personal Data concerning the Customer may also be transferred to entities performing accounting and bookkeeping services and legal services for the Administrator on the basis of a separate agreement.
6. The Controller declares that he/she has implemented appropriate technical and organisational measures to ensure an adequate level of security corresponding to the risks involved in the processing of the personal data entrusted to him/her, as referred to in Article 32 RODO. The Controller shall regularly review and update the technical and organisational measures it has in place to ensure an adequate level of protection for the personal data entrusted to it.
7. The Administrator declares that, in order to ensure the security of personal data processing, it has implemented a Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrator in accordance with Article 24(1) and (2) of the RODO, the purpose of which is to introduce in an enterprise run by the Administrator a procedure for handling personal data on the basis of which their processing by the Administrator will be carried out in accordance with the RODO.
8. The processing of personal data within the framework of the purposes indicated in point 3(2) above includes, in particular, the collection, modification, storage, consultation, updating, analysis, and archiving of personal data.
9. The Service Provider also processes anonymised data, related to the use of the Website (e.g. number of Customers) to generate statistics on the use of the Website. This data is aggregate and anonymous, i.e. it does not contain identifying characteristics of the persons using the Website.
10. Personal data relating to the Service Recipient will be stored by the Administrator for the following period:
    • in the case of personal data in relation to which the legal basis for their processing by the Administrator is the fact that it is necessary for the proper performance of a contract - until the statute of limitations for claims arising from that contract,
    • in the case of personal data in relation to which the basis for their processing by the Administrator is a legitimate interest - until such time as that basis for processing has expired, in particular, until the Administrator's claims and the Client's claims arising from the legal relationship between them have become time-barred, the Administrator's legal existence has come to an end, or the Administrator's legal existence has been finally or validly established or adjudicated, or the Administrator's or the Client's claim or other entitlement has been satisfied or defended in judicial, arbitration, administrative, judicial and administrative enforcement or mediation proceedings,
    • in the case of personal data in respect of which processing is based on the fact that it is necessary for compliance with a legal obligation incumbent on the Controller, until such time as that basis for processing ceases to exist.

4. COOKIES AND USAGE DATA

1. Cookies are small text files which are sent by a server and stored on the website of a visitor (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on the device used by the visitor to our Website). Detailed information on cookies, as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
2. The Service Provider may process the data contained in Cookies when visitors use the Website for the following purposes:
   • to carry out the basic functionalities of the Website, such as identifying Service Users as logged in and maintaining a login session and storing dynamic data, e.g. statistics, summaries;
   • to adapt the content of the Website to the User's individual preferences (e.g. concerning the language of the site);
   • memorising IP location, time zone;
   • to keep anonymous statistics showing how the Website is used.
3. By default, most web browsers available on the market accept the storing of cookies. You can determine the conditions for the use of cookies via the settings of your browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the storage of cookies - in the latter case, however, this may affect some of the functionalities of the Website.
4. The cookie settings of your internet browser are relevant for your consent to the use of cookies by our Website - in accordance with the regulations, such consent can also be expressed through your browser settings. In the absence of such consent, the cookie settings of your internet browser must be changed accordingly.
5. Detailed information on how to change your cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your browser and on the following pages (just click on the respective link):
   • in Chrome browser - https://support.google.com/chrome/answer/95647?hl=pl
   • w przeglądarce Firefox - https://support.mozilla.org/pl/kb/W%25C5%2582%25C4%2585czanie%20i%20wy%25C5%2582%25C4%2585czanie%20obs%25C5%2582ugi%20ciasteczek
   • in Internet Explorer - https://support.microsoft.com/en-us/hub/4338813/windows-help
   • in the Opera browser - https://help.opera.com/pl/latest/web-preferences/
   • in the Safari browser - https://support.apple.com/kb/PH5042?locale=en_US
   • in the Microsoft Edge browser - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
6. The Administrator uses Google Analytics and Universal Analytics services on the Website provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The data collected is processed as part of the above services in an anonymised manner (this is so-called usage data, which prevents the identification of the person) for the generation of statistics to assist in the administration of the Website. Detailed information on the operation of the above services is available here: www.google.com/intl/pl/policies/privacy/partners/.

5. BASIS OF DATA PROCESSING

1. The provision of personal data by the Customer is voluntary, although the failure to provide the personal data indicated on the Website and in the Website Terms and Conditions (if applicable), which are necessary to conclude and perform the agreement for the use of Electronic Services, shall result in the impossibility to conclude the agreement.
2. The legal basis for the processing of personal data for the purpose set out in 3(2)(a) above is that it is necessary for the performance of the contract. The legal basis for the processing of Personal Data for the purpose set out above under 3(2)(b) is that it is necessary for the fulfilment of legal obligations incumbent on the Controller. The legal basis for the processing of Personal Data for the other purposes indicated above under point is the legitimate interest pursued by the Administrator.

6. THE DATA SUBJECT'S RIGHTS IN RELATION TO THE PROTECTION OF PERSONAL DATA

The data subject can exercise his or her rights by using the form available on the website: https://app.gorodo.pl/api/claim/7981480284

A. Right to information

1. The controller, when obtaining personal data, is obliged to provide the data subject with all the following information:
   • his identity and contact details and, where applicable, the identity and contact details of his representative,
   • where applicable, the contact details of the Data Protection Officer,
   • the purposes of the processing of personal data, and the legal basis for the processing,
   • information on the recipients or categories of recipients, if any, of the personal data,
   • where applicable, information about the intention to transfer Personal Data to a third country or international organisation,
   • the period for which the personal data will be kept and, where this is not possible, the criteria for determining that period,
   • whether the provision of personal data is a statutory or contractual requirement or a condition for entering into a contract and whether the data subject is obliged to provide the data and the possible consequences of failing to do so.
2. If the Controller plans to further process personal data for a purpose other than the purpose for which the personal data were collected, the Controller shall, prior to such further processing, inform the data subject of that other purpose and provide the data subject with any other relevant information.

B. Right to withdraw consent to the processing of personal data

1. The data subject has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

C. Right of access to personal data

1. The Data Subject shall be entitled to obtain from the Controller confirmation as to whether or not Personal Data relating to him or her is being processed and, if this is the case, he or she shall be entitled to access it and the following information:
   • purposes of processing;
   • categories of personal data concerned;
   • information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
   • where possible, the intended period of retention of personal data and, where this is not possible, the criteria for determining that period;
   • information on the right to request the Administrator to rectify, erase or restrict the processing of personal data and to object to such processing;
   • information on the right to lodge a complaint with a supervisory authority;
   • if the personal data have not been collected from the data subject, any available information about their source;
   • information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the RODO, and, at least in those cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject.
2. The Controller is obliged to provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy by electronic means and unless the Data Subject indicates otherwise, the information shall be provided by common electronic means.

D. Right to request rectification and erasure of personal data

1. The data subject shall have the right to request from the Controller the immediate rectification of personal data concerning him/her which are inaccurate. Having regard to the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by providing an additional statement.
2. The Data Subject shall be entitled to request from the Controller the immediate erasure of personal data concerning him/her, and the Controller shall be obliged to erase the personal data without undue delay if one of the following circumstances applies:
   • personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
   • the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the RODO and there is no other legal basis for the processing,
   • the data subject objects under Article 21(1) RODO to the processing and there are no overriding legitimate grounds for the processing or the data subject objects under Article 21(2) RODO to the processing,
   • personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject,
   • personal data was collected in connection with the offering of information society services, as referred to in Article 8(1) of the RODO.
   • personal data were processed unlawfully,
3. The data subject's rights indicated in point 2 above shall not apply to the extent that the processing is necessary for the exercise of the right to freedom of expression and information, for the establishment, exercise or defence of claims, for compliance with a legal obligation requiring processing under Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, on grounds of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) RODO and Article 9(3) RODO for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) RODO, insofar as the entitlement is likely to prevent or seriously impede the achievement of the purposes of such processing.
4. The controller is obliged to inform the data subject of the rectification or erasure of the personal data, unless this proves impossible or involves a disproportionate effort.

E. Right to restrict the processing of personal data

1. The Data Subject has the right to request the Controller to restrict the processing of his/her personal data in the following cases:
   • The Data Subject questions the accuracy of the personal data - for a period of time allowing the Controller to verify the accuracy of the personal data,
   • processing is unlawful and the Data Subject objects to the erasure of the personal data, requesting instead a restriction of use,
   • The controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish, assert or defend claims,
   • The data subject has objected to the processing under Article 21(1) RODO - until it is determined whether the legitimate grounds on the part of the controller override the grounds for the data subject's objection.
2. The controller is obliged to inform the data subject of the restriction of the processing of personal data, unless this proves impossible or requires a disproportionate effort.

F. Right to portability of personal data

1. The data subject shall be entitled to receive in a structured, commonly used machine-readable format the personal data concerning him or her provided to the Controller, and shall be entitled to transmit such personal data to another controller without hindrance from the Controller, where the processing is carried out by automated means and (a) based on the data subject's consent or (b) is necessary for the performance of a contract.
2. In exercising the right set out above, the data subject shall have the right to request that the personal data be sent by the Controller directly to another controller, insofar as this is technically possible. This right shall not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. This entitlement shall also not adversely affect the rights and freedoms of others.

G. Right to object and rights relating to automated decision-making in individual cases

1. The data subject shall have the right to object at any time - on grounds relating to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(e) or (f) of the RODO, including profiling on the basis of these provisions. The controller shall no longer be allowed to process these personal data unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
2. Where personal data is processed by the Controller for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
3. If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
4. Where personal data are processed for scientific or historical research purposes or for statistical purposes under Article 89(1) of the DPA, the data subject has the right to object - on grounds relating to his or her particular situation - to processing concerning his or her personal data, unless the processing is necessary for the performance of a task carried out in the public interest.
5. The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or significantly affects him or her in a similar manner, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the Controller; is authorised by Union law or by the law of a Member State to which the Controller is subject and which provides for suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject; or is based on the data subject's explicit consent.

7. FINAL PROVISIONS

1. The Website may contain links to other websites. The Service Provider urges you, when you go to other websites, to read the privacy policy established there. This privacy policy applies only to the Website.
2. The Administrator shall adequately provide the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorised persons:
   • Securing the data set against unauthorised access;
   • Access to the Account only after providing an individual login and password;
   • SSL certificate.
3. For all matters relating to the processing of personal data, including in particular the provisions of this privacy policy, the Client should contact the Administrator using the following contact details:
   
   • postal address BRACIA ZIÓŁKOWSCY - PALARNIA KAWY SPÓŁKA JAWNA ul. Łąkowa 1, 26-804 Stromiec,
   • e-mail address: wlodzimierz@braciaziolkowscy.pl,
   • request form: https://app.gorodo.pl/api/claim/7981480284