Privacy policy

Thanks for using our services!

PRIVACY POLICY

1. DEFINITIONS

Personal Data Administrator ("Administrator") - means a Partner Restaurant. 

Personal Data Processor ("Processor") is an entity that processes Customer data at the request of the Administrator. The processing rules are described in the Agreement on the Processing of Personal Data concluded between the Processor and the Administrator. 

Internet service is a software developed by Restaumatic Sp. z o.o. operating under the Skubacz.pl and Restaumatic.com brands and used by the Partner Restaurant through which the Customer can order the products and services offered by the Partner Restaurant.

Mobile application: a mobile application available for mobile phones and mobile devices is another form of the Internet System used to order goods and services in a Partner Restaurant.

Personal data: all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person, including the device's IP number, location data, internet identifier and information collected through cookies and other similar technology. 

Recipient means a natural or legal person, public authority, unit, or other entity to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific proceeding under Union or Member State law are not considered recipients; the processing of these data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing.

Policy: this Privacy Policy.

Profiling means any form of automated processing of personal data, which involves the use of personal data to evaluate certain personal factors of a natural person, in particular, to analyze or forecast aspects related to the effects of that natural person's work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement. 

Processing means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, arranging, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise sharing, matching or combining, limiting, deleting or destroying. 

GDPR: Regulation of the European Parliament and of the Council (EU) 2016/679 of April 7, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC. 

Partner Restaurant is: RESTAURACJA '' TAM GDZIE ZAWSZE'' MAREK POLASIK, CHMIELNA 72/1, 80-748 GDAŃSK, PL, 5842632602.

Customer is a natural person (including a consumer) who is 18 years of age and has full legal capacity, or a legal person or organizational unit with legal capacity. The Customer may be a natural person who is 13 years of age but under 18 years of age to the extent that he or she can acquire rights and incur obligations in accordance with the provisions of generally applicable law, i.e. in minor everyday matters of everyday life. 

Order within the meaning of this document is a legal act carried out using the Internet Service, during which the Customer expresses the will to purchase the ordered products and services in accordance with their description and price. 

Consent of the data subject  means a voluntary, specific, informed and unambiguous demonstration of will, which the data subject, in the form of a statement or a clear affirmative action, allows the processing of personal data relating to them. 

2. The purposes of processing personal data in connection with the use of the Internet Service and Mobile Application. 

  1. Handling an order placed via the order form on the website of the Partner Restaurant to purchase goods and services. 
  2. For the purpose of handling online payments for the ordered products via the Internet Service and Mobile Application. 
  3. For the purpose of marketing products and services of Partner Restaurants. 
  4. In order to run social networks .
  5. For statistical purposes (Article 6 sec. (1) (f) of the GDPR) .

RE: 1. Handling an order placed via the order form on the website of the Partner Restaurant to purchase goods and services. 

The Administrator of data processed for this purpose is a PARTNER RESTAURANT .

In matters related to personal data processing, please contact the Partner Restaurant directly by e-mail.

The recipients of the data are, among others: Restaumatic Sp. z  o.o., 41-800 Zabrze, ul. Wolności 345, NIP: 648-276-55-71, entities providing the Administrator with support services in the field of business (e.g. e-mail, hosting, etc.) and entities authorized under the law.

Using the Website (including placing orders, presenting the offer) does not require creating a user account. The customer may use the option of placing an order without first creating an account on the Internet Service. The administrator collects user data to the extent necessary to provide services offered via the Internet Service and Mobile Application, as well as information about their activity in the Internet Service. 

The Administrator processes the personal data of all persons using the Internet Service (including the IP address or other identifiers and information collected via cookies or other similar technologies), and also records the activity of Customers on the Internet Service in system logs (a special computer program used to store a chronological record containing information on events and activities related to the IT system used for the provision of services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, for the purposes of ensuring the security of the IT system and its management, as well as for analytical and statistical purposes. 

When using the IT System, the Customer is obliged to use only his own personal data under threat of violating the applicable law in this respect and the personal rights of third parties. 

Using the Internet Service requires providing personal data. Failure to provide this data makes it impossible to use the Internet Service. 

Their processing is necessary for the execution of the contract to which the Customer or Partner Restaurant is a party or to take action at the request of these persons before concluding the contract. (Article 6 sec. (1) (b) of the GDPR). 

Your personal data provided in the order process will be processed for a period of 14 days from the date of completion of the order, and then until the limitation period for claims, counting from the date of order fulfillment.

RE: 2. For the purpose of handling online payments for the ordered products via the Internet Service and Mobile Application.

The Administrator of data processed for the purpose of execution of online payments is Partner Restaurant. 

Personal data of customers using online payments are transferred to specialized companies dealing with online payments, such as PayPro SA., ul. Kancelarska 15, 60-327 Poznań, telefon: +48 61 600-61-70, strona internetowa: www.dotpay.pl, as well as to the company Restaumatic Sp. z o.o. When placing an order with the use of payment via the Internet, customers are each time informed by which entity the given payment is serviced.   

The Internet Service provides customers with the payment service via the Internet for the ordered goods and services in Partner Restaurants. 

Using the online payment option is voluntary. Failure to provide personal data necessary to make a payment via the Internet results in the inability to perform such a transaction. Its processing is necessary for the performance of the contract to which the customer is a party or to take action at the request of the customer before concluding the contract. (Article 6 sec. (1) (b) of the GDPR). 

The customer may also use other forms of payment for the ordered goods and services, including cash payments and, depending on the offer of the Partner Restaurant, also via the payment terminal of the Partner Restaurant. 

Personal data processed for the purpose of handling online payments may be additionally processed for other legally justified purposes of the administrator (Article 6 (f) of the GDPR). These legitimate goals are:  1. conducting analyzes of the activity and preferences of customers to improve the functionalities and services provided, 2. possible determination, pursuing or defense against claims. 

Handling Internet Payments requires providing personal data and payment information. Failure to provide this data makes it impossible to make an online payment, but does not exclude the possibility of using the website.

Your personal data provided in the ordering and payment process will be processed for the period of limitation of claims, counting from the date of order fulfillment and payment.

RE: 3. For the purpose of marketing products and services of Partner Restaurants.

The administrator is the Partner Restaurant: RESTAURACJA '' TAM GDZIE ZAWSZE'' MAREK POLASIK, CHMIELNA 72/1, 80-748 GDAŃSK, PL, 5842632602.

Personal data is transferred to the following recipients: Restaumatic Sp. z o.o., 41-800 Zabrze, ul. Wolności 345, NIP: 648-276-55-71 (in the scope of the implementation of the ordered marketing campaign), mobile phone operators, e-mail providers, online advertising agencies, etc. 

The customer must provide separate, explicit consent to the processing of their personal data for marketing purposes. Their consent is voluntary and does not affect the execution of the order or the use of the IT System.

The administrator processes the personal data of the Customers of the IT System to carry out marketing activities, which may include: 

a. displaying to the Customer marketing content that is not tailored to his preferences (contextual advertising), including in the form of web banners, advertising texts, or "Push" functionality;  b. displaying marketing content to the Customer that is tailored to his preferences (behavioral advertising), including in the form of web banners, advertising texts, or "Push" functionality;  c. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);  d. sending SMS notifications about interesting offers or content, which in some cases contain commercial information (newsletter service). 

To carry out marketing activities, the Administrator uses profiling in some cases. This means that thanks to automatic data processing, the Administrator assesses selected factors relating to natural persons to analyze their behavior, create a forecast for the future, or invite them to use products and services again. 

RE: a) Contextual advertising The Administrator processes the Customers' personal data for marketing purposes in connection with targeting contextual advertising (i.e. advertising that does not match the Customer's preferences) to Customers. The processing of personal data for this purpose takes place in connection with the implementation of the legitimate interest of the Administrator (Article 6 sec. (1) (f) of the GDPR) consisting in promoting their brand.

RE: b) Behavioral advertising The Administrator or Processors (entities from the marketing industry) process Customers' personal data, including personal data collected via cookies and other similar technologies for marketing purposes, in connection with targeting behavioral advertising to the Customers (i.e. advertising tailored to the Customer's preferences). The processing of personal data for this purpose also includes Customer profiling. 

RE: c) Newsletter  The Administrator provides the newsletter service for persons who provided their e-mail address for this purpose. Providing data is required to provide the newsletter service, and failure to do so results in the inability to send it.  

RE: d) Direct marketing The Customer's personal data may also be used by the Administrator to direct marketing content to them through various channels, i.e. via e-mail, MMS / SMS. Such actions are taken by the Administrator only if the Customer has consented in this regard. The expressed consent may be withdrawn by the Customer at any time, which will not affect the lawfulness of the processing carried out by the Administrator prior to its withdrawal. 

Your personal data held for the purposes of marketing the products and services of Partner Restaurants will be processed until the consent is withdrawn.

RE: 4 Social Media

The administrator of data processed for this purpose is Partner Restaurant and Social Network Administrator.

The recipients of the data are, among others: Restaumatic Sp. z o.o., 41-800 Zabrze, ul. Wolności 345, NIP: 648-276-55-71, entities providing ICT services to the Administrator, e.g. e-mail, hosting, social network administrators, etc. 

The Administrator processes the personal data of Customers visiting the Administrator's profiles in social media (Facebook, YouTube, Instagram, LinkedIn, Twitter). These data are processed only in connection with managing the profile, including informing Customers about the Administrator's activity and promoting various types of events, services, and products. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 sec. (1) (f) of the GDPR), consisting of promoting its brand and maintaining relations with customers. 

Your personal data provided in social media will be processed until the post is deleted or until such deletion is requested.

RE: 5 Cookies and similar technology 

The administrator of data processed for this purpose is Partner Restaurant. 

The recipients of the data are, among others: Restaumatic Sp. z o.o., 41-800 Zabrze, ul. Wolności 345, NIP: 648-276-55-71, entities providing ICT services to the Administrator, e.g. e-mail, hosting, etc. 

Cookies are small text files installed on the device of the Customer browsing the IT System. Cookies collect information that facilitates the use of the website - e.g. by remembering the Customer's visits to the IT System and the activities performed by them. 

The Administrator informs that cookies are harmless to the computer or other device of the Customer and his data. The Administrator also informs that it is possible to configure the web browser or Mobile Application in such a way that it does not allow cookies to be saved on the computer or other device of the Customer. 

However, before the Customer decides to change the default browser settings, he should remember that many cookies increase the convenience of using the Internet System. Disabling cookies may affect the appearance and functioning of the Internet System. 

The administrator informs that it is also possible to delete cookies after the end of a given session while using the Internet System. 

The information contained in the system logs in connection with the general principles of making connections on the Internet is used by the hosting company operating the IT System only for technical and statistical purposes. 

1. Service cookies and similar technologies 

The administrator uses the so-called service cookies and similar technologies (local storage) primarily to provide the Customer with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to them use cookies by storing information or accessing information already stored in the Customer's telecommunications end device (computer, telephone, tablet, etc.). 

Cookies used for this purpose include:  - cookies with data entered by the Customer (session ID) for the duration of the session (user input cookies);  - authentication cookies used for services that require authentication for the duration of the session (authentication cookies);  - cookies used to ensure security e.g. used to detect fraud in the field of authentication (user-centric security cookies);  - multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);  - persistent cookies used to personalize the Customer interface for the duration of the session or a little longer (user interface customization cookies);  - cookies used to monitor website traffic, i.e. data analytics. 

2. “Marketing” cookies

Processors (entities from the marketing industry) also use cookies for marketing purposes, including in connection with targeting behavioral advertising to customers. 

3. Push technology

The administrator uses the so-called Push technology, which enables to send notifications to the customer, including in connection with directing advertising to the Customer. For this purpose, the Administrator stores information or gains access to information already stored in the Customer's telecommunications end device (computer, telephone, tablet, etc.). 

3. Personal data processing rights

Data subjects have the following rights:

1. the right to information about the processing of personal data - on this basis, the Administrator provides information on the processing of data to the person submitting the request, including, in particular, the purposes and legal grounds for processing, the scope of the data held, entities to which they are disclosed, and the planned date of data deletion;  2. the right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data concerning the person submitting the request;  3. the right to rectify - the Administrator is obliged to remove any inconsistencies or errors in the processed personal data and to supplement them if they are incomplete;  4. the right to delete data - on this basis, one can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which it was collected;  5. the right to limit processing - if such a request is made, the Administrator ceases to perform operations on personal data – except for operations for which the data subject has consented - and their storage, in accordance with the adopted retention rules or until the reasons for limiting data processing ceases to exist (e.g. a decision of the supervisory authority will be issued authorizing further processing of the data);  6. the right to transfer data - on this basis - to the extent that the data is processed in connection with the concluded contract or consent - the Administrator issues data provided by the data subject in a format that can be read by a computer. It is also possible to request that this data be sent to another entity - provided, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity;  7. the right to object to data processing for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;  8. the right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data, which takes place based on the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or reasons related to the protection of property); objection in this respect should be reasoned;  9. the right to withdraw consent - if the data is processed based on consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn.  10. the right to file a complaint - if it is found that the processing of personal data violates the applicable regulations on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection. 

4. Reporting requests related to the exercising of rights

The application regarding the exercise of the rights of data subjects may be submitted in any form to the appropriate Data Administrator due to the purpose of processing. They will be considered. 

Applications should be sent to the e-mail address: privacy@restaumatic.com or by traditional mail 41-800 Zabrze, Wolności 345.

If the Administrator is unable to identify the applying person based on the submitted application, he will ask the applicant for additional information. 

The application may be submitted in person or through a power attorney. 

The reply to the application should be given within one month of its receipt. If it is necessary to extend this period by a maximum of another two months - the Administrator will inform the applicant about the reasons for the delay. 

The answer is provided via traditional mail unless the application was submitted by e-mail or an electronic response was requested. Upon the data subject's request, the information may be provided orally, provided that the identity of the data subject is confirmed by other means. 

5. Data transfer outside the European Economic Area 

The level of personal data protection outside the European Economic Area (EEA) differs from the one provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary, with an adequate level of protection, primarily through:  - cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;  - use of standard contractual clauses issued by the European Commission;  - application of binding corporate rules approved by the competent supervisory authority;  - in the case of data transfer to the USA - cooperation with entities participating in the Privacy Shield Program, approved by the European Commission. 

6. Personal data security

The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is safely processed by him, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Administrator makes sure that all operations on personal data are recorded and performed only by authorized employees and associates. 

The Administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator. 

7. Changes to the privacy policy 

The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from August 22, 2021.