This privacy policy contains information on the processing of personal data in accordance with art. 13 sec. 1 and sec. 2 GDPR.
1. Definitions
Personal Data Administrator (“Administrator”) – means the Partner Restaurant as defined in the Regulations.
The Personal Data Processor (“Processor”) is a processor that processes the Customer’s data at the request of the Administrator on the terms set out in Article 28 of the GDPR. The processing rules are described in the Personal Data Processing Agreement concluded between the Processor and the Administrator. The Processor within the meaning of this privacy policy is Restaumatic SA with its registered office in Zabrze (41-800) at Wolności 345, entered into the Register of Entrepreneurs – National Court Register kept by the District Court in Gliwice, 10th Commercial Division of the National Court Register under KRS number 0001016935, NIP 6482765571, REGON 242895699, share capital and paid-up capital: PLN 149,400.00
The Internet Service is a software created by Restaumatic SA operating under the Skubacz.pl and Restaumatic.com brands, and used by the Partner Restaurant, through which the Customer can order products and services offered by the Partner Restaurant at the Partner Restaurant.
Mobile Application – is a mobile application available for mobile phones and mobile devices. This is another form of the Website used to order goods and services at the Partner Restaurant.
Personal data – is all information about an identified or identifiable natural person by one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person, including the IP number of the device, location data, online identifier and information collected through cookies and other similar technology, as well as order data on the basis of which it is possible to determine the customer’s preferences, his address of residence and the like.
Recipient – means a natural or legal person, public authority, unit or other entity to whom personal data is disclosed, regardless of whether it is a third party. However, public authorities that may receive personal data as part of a specific inquiry under Union or Member State law are not considered recipients; the processing of these data by these public authorities must comply with the data protection rules applicable according to the purposes of the processing.
Policy – this Privacy Policy.
Profiling – means any form of automated processing of personal data, which consists in the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict aspects regarding the effects of this natural person’s work, economic situation, health, personal preferences, interests, credibility , behaviour, location or movement.
Regulations – regulations for the provision of electronic services within the Portal, pursuant to art. 8 of the Act on the provision of electronic services.
Processing – means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise such as sharing, alignment or combination, restriction, erasure or destruction.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Partner Restaurant – MOGOVA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, MARSZAŁKOWSKA 86/68, 00-683 WARSZAWA, PL, NIP: 7011037016.
Customer – a natural person (including a Consumer) who has full legal capacity, or a legal person or an organizational unit with legal capacity. A customer may be a natural person who is over 13 years old, but under 18 to the extent that he can acquire rights and incur liabilities in accordance with the provisions of generally applicable law, i.e. in minor current matters of everyday life.
Order – within the meaning of this document, it is a legal transaction made using the Website, during which the Customer expresses the will to purchase the ordered products and services in accordance with their description and price.
Consent of the data subject – means a voluntary, specific, conscious and unambiguous manifestation of will in the form of a statement or clear affirmative action, with which the data subject consents to the processing of personal data concerning him.
2. The purposes for which personal data are processed in connection with the use of the Website and the Mobile Application and the legal grounds for data processing.
- Handling an order placed via the order form on the Website for the purpose of purchasing goods and services and performing the contract (Article 6(1)(b) of the GDPR).
- For the purpose of handling online payments for ordered products via the Website and the Mobile Application (Article 6(1)(b) and (f) of the GDPR).
- For the purposes of marketing products and services of Partner Restaurants and the Administrator (Article 6(1)(f) of the GDPR).
- In order to run social networking sites (Article 6(1)(f) of the GDPR).
- For statistical purposes (Article 6(1)(f) of the GDPR).
- in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.
- In order for the Administrator and the Processor to fulfill the obligations imposed by law, e.g. the Accounting Act, Tax Law (Article 6(1)(c) of the GDPR).
- To handle inquiries and complaints (Article 6(1)(f) of the GDPR).
ad. 1. Handling an order placed via the order form on the Website for the purpose of purchasing goods and services.
The administrator of data processed for this purpose is the PARTNER RESTAURANT.
In matters relating to the processing of personal data, please contact the Partner Restaurant directly by e-mail.
The recipients of the data are, among others: entities providing the Administrator with support services in the field of business (e.g. specialized services related to the implementation of the order placed), providers of legal and advisory services and supporting the Administrator in order to pursue due claims (in particular law firms, tax , debt collection companies) and entities authorized under the law.
Using the Website (including placing orders, presenting the offer) does not require the creation of a user account. The Customer may place an order without first setting up an account on the Website. The Administrator collects users’ data to the extent necessary to provide services offered via the Website or the Mobile Application, as well as information about their activity on the Website.
The Administrator processes the personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies), and also records the activity of Customers on the Website in system logs (a special computer program used to store chronological a record containing information on events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, to ensure the security of the IT system and to manage it, as well as for analytical and statistical purposes.
Using the functionality of the Website requires providing personal data. Failure to provide this data makes it impossible to use the Website, e.g. in order to conclude and perform a contract.
Their processing is necessary to perform the contract to which the Customer or the Partner Restaurant is a party or to take action at the request of these persons before concluding the contract (Article 6(1)(b) of the GDPR). If you do not provide us with your data, we will not be able to process your order.
Your personal data provided in the order process will be processed for a period of 14 days from the date of completion of the order, and then until the period of limitation of claims, counting from the date of order completion. After this time, the data is processed only in the case and to the extent required by law. After the processing period has expired, the data is irreversibly deleted or anonymised.
ad. 2. For the purpose of handling online payments for ordered products via the Website and the Mobile Application.
The administrator of data processed for the purpose of making online payments is the Partner Restaurant.
The Website provides Customers with a payment service via the Internet for ordered goods and services in Partner Restaurants.
Using the online payment option is voluntary. Failure to provide personal data necessary to make a payment via the Internet results in the inability to perform such a transaction, but does not exclude the possibility of using the website. Their processing is necessary to perform the contract to which the Customer is a party or to take action at the Customer’s request before concluding the contract (Article 6(1)(b) of the GDPR).
The customer may also use other forms of payment for the ordered goods and services, e.g. with cash payment and, depending on the offer of the Partner Restaurant, also through the payment terminal of the Partner Restaurant.
Personal data processed for the purpose of handling online payments may be additionally processed for other legally justified purposes of the administrator (Article 6(1)(f) of the GDPR). These legitimate purposes are:
- conducting analyzes of customer activity and preferences in order to improve the functionalities and services provided,
- possible determination, investigation or defense against claims.
Your personal data provided in the order and payment process will be processed for the period required by law, in particular tax law, and then for the period of limitation of claims, counting from the date of order completion and payment.
ad. 3. For the purposes of marketing products and services of Partner Restaurants and partners.
The administrator is Restauracja Partnerska MOGOVA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, MARSZAŁKOWSKA 86/68, 00-683 WARSZAWA, PL, NIP: 7011037016
Personal data is transferred for marketing purposes to the following recipients: Restaumatic SA (within the scope of the commissioned marketing campaign), mobile phone operators, e-mail providers, online advertising agencies, etc.
The customer must give separate, explicit consent to the processing of his personal data for marketing purposes. His consent is voluntary and does not affect the execution of the order or the use of the IT Service.
The Administrator processes the personal data of the Customers of the IT Service in order to carry out marketing activities, which may consist of:
a) Displaying marketing content to the Customer that is tailored to his preferences (contextual advertising), including in the form of web banners, advertising texts or “Push” functionality; b) displaying marketing content to the Customer that is tailored to his preferences (behavioral advertising ), including in the form of web banners, advertising texts or “Push” functionality; c) sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service). d) sending SMS notifications about interesting offers or content, which in some cases contain commercial information (newsletter service).
In order to carry out marketing activities, the Administrator and the Processing Entity use profiling in some cases. This means that thanks to automatic data processing, the Administrator and the Processing Entity assess selected factors regarding natural persons in order to analyze their behavior, create a forecast for the future or invite them to use products and services again.
ad. a) Contextual advertising
The Administrator processes Customers’ personal data for marketing purposes in connection with directing contextual advertising to Customers (i.e. advertising that is tailored to the Customer’s preferences). The processing of personal data for this purpose takes place in connection with the implementation of the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in promoting its own brand.
ad. b) Behavioral advertising
The Administrator or Processors (entities from the marketing industry) process Customers’ personal data, including personal data collected via cookies and other similar technologies for marketing purposes, in connection with targeting Customers with behavioral advertising (i.e. advertising that is tailored to the Customer’s preferences ). The processing of personal data for this purpose also includes profiling of customers.
ad. c) Newsletter
The Administrator provides the newsletter service to persons who have provided their e-mail address for this purpose. Providing data is required in order to provide the newsletter service, and failure to provide them results in the inability to send it.
ad. d) Direct marketing
The Customer’s personal data may also be used by the Administrator to direct marketing content to him through various channels, i.e. via e-mail, MMS/SMS. Such actions are taken by the Administrator only if the Customer has given his consent in this regard. The consent expressed by the Customer may be withdrawn at any time, which will not affect the lawfulness of the processing carried out by the Administrator before its withdrawal.
ad. e) Posting Opinions
The Customer’s personal data in the field of name and opinion with a rating may also be used by the Administrator to publish the rating and its products and services. Such actions are taken by the Administrator only if the Customer has given his consent in this regard during the publication of the assessment.
Your personal data held for the purposes of marketing products and services of Partner Restaurants will be processed until the consent is withdrawn.
ad. 4. Social networks
The administrator of data processed for this purpose is the Partner Restaurant and the Administrator of the Social Network.
The recipients of the data are, among others: entities providing ICT services to the Administrator, e.g. e-mail, hosting, administrators of social networking sites, etc.
The Administrator processes the personal data of Customers visiting the Administrator’s profiles in social media (Facebook, YouTube, Instagram, LinkedIn, Twitter). These data are processed only in connection with maintaining the profile, including in order to inform customers about the Administrator’s activity and to promote various types of events, services and products. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in promoting its own brand and maintaining contact with customers.
Adding entries and other activities in social networks is voluntary, and the Administrator is not responsible for the posted entries.
Your personal data provided in social media will be processed until the entry is deleted or you request such removal.
ad. 5. Statistical Purposes
The administrator of data processed for this purpose may be Restauracja Partnerska or Restaumatic SA. In this case, the legal basis for processing consisting in conducting analyzes of Users’ activity, as well as their preferences in order to improve the functionalities and services provided, is the consent expressed by you, via the cookie banner. Your personal data held for statistical purposes will be processed until the consent is withdrawn or until the Administrator’s legitimate interest exists, but no longer than for a period of 5 years.
ad. 6. In order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Administrator, consisting in the protection of his rights.
The legal basis for processing is the Administrator’s legitimate interest in protecting his rights. Your personal data held for the purposes of protecting the rights of the Administrator will be processed until the expiry of the period related to a given claim under the law.
ad. 7. In order for the Administrator and the Processor to fulfill personal data resulting from the obligations imposed by law, e.g. the Accounting Act, Tax Law.
Your personal data held for the purposes of fulfilling the obligations imposed by the provisions of law by the Administrator and the Processor of personal data will be processed for the period in which the provisions of law require the storage of documentation and the fulfillment of obligations towards you resulting from them.
ad. 8. To handle inquiries and complaints.
The legal basis for the processing of the above data is our legitimate interest in the possibility of establishing and pursuing claims or defending against such claims. Your personal data held for the purpose of handling inquiries and complaints will be processed for the period indicated by law.
3. Cookies and similar technology
The administrator of data processed by cookies, depending on the purpose, may be Diyaa Indian and Thai Restaurant or Mogova sp. z.oo with its registered office in Warsaw as the processing entity. The recipients of the data are, among others: entities providing ICT services to the Administrator, e.g. e-mail, hosting, etc.
Cookies are small text files installed on the device of the Customer browsing the IT Service. Cookies collect information facilitating the use of the website – e.g. by remembering the Customer’s visits to the IT Service and activities performed by him.
The Administrator informs that cookies are harmless to the computer or other device of the Customer and his data. The Administrator also informs that it is possible to configure the web browser or the Mobile Application in such a way that it does not allow cookies to be saved on the computer or other device of the Customer.
However, before the Customer decides to change the default browser settings, he should remember that many cookies increase the convenience of using the Website. Disabling cookies may affect the appearance and functioning of the Website.
The Administrator informs that it is also possible to delete cookies after the end of a given session when using the Website.
The information contained in the system logs in connection with the general principles of making connections on the Internet is used by the hosting company operating the IT Service only for technical and statistical purposes.
3.1. “Service” cookies and similar technologies
The administrator uses the so-called service cookies and similar technologies (local storage) primarily to provide the Customer with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies, storing information or accessing information already stored in the Customer’s telecommunications end device (computer, telephone, tablet, etc.).
Cookies used for this purpose include:
- Cookies with data entered by the Customer (session ID) for the duration of the session (user input cookies) – the data administrator is Mogova sp. z.oo with its registered office in Warsaw;
- Authentication cookies used for services requiring authentication for the duration of the session (authentication cookies) – the data administrator is Mogova sp. z.oo with its registered office in Warsaw;
- Cookies used to ensure security, e.g. used to detect abuses in the field of authentication (user centric security cookies) – the data administrator is Mogova sp. z.oo with its registered office in Warsaw;
- Session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies) – the data administrator is Mogova sp. z.oo with its registered office in Warsaw;
- Persistent cookies used to personalize the Customer’s interface, for the duration of the session or slightly longer (user interface customization cookies) – the data administrator is the Partner Restaurant;
- Cookies used to monitor traffic on the website, i.e. data analytics – the data administrator is the Partner Restaurant.
3.2. “Marketing” cookies
Processors (entities from the marketing industry) at the request of the Data Administrator – Partner Restaurant also use cookies for marketing purposes, including in connection with targeting customers with behavioral advertising. More information on this subject can be found in Google’s privacy policy at: https://policies.google.com/technologies/partner-sites
3.3. Push technology
The administrator uses the so-called push technology, which gives the possibility of sending notifications to the Customer, e.g. in connection with directing advertising to the Customer. For this purpose, the Administrator stores information or accesses information already stored in the Customer’s telecommunications end device (computer, telephone, tablet, etc.).
The use of cookies to collect data through them, including access to data stored on the Customer’s device, requires his consent. In the IT Service, such consent is received by means of a cookie banner. This consent may be withdrawn at any time. This consent is not required in the case of essential cookies, i.e. those whose use is necessary for the proper provision of telecommunications services (e.g. data transmission to display content).
In addition to agreeing to the installation of cookies via the cookie banner, the Customer should keep the appropriate browser settings that allow storing cookies from the Website on the Customer’s end device.
After displaying the banner, the Customer may withdraw consent by clicking the “manage cookie” button. Then, he should move the slider next to the selected category of cookies and press the “Save” button. Withdrawal of consent to the use of cookies is also possible through the browser settings.
Detailed information can be found at: a. Internet Explorer: https://support.microsoft.com/plpl/help/17442/windows-internet-explorer-delete-managecookies b. Mozilla Firefox: http://support.mozilla.org/ pl/kb/cookies c. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647 d. Opera: http://help.opera.com/Windows/12.10 /pl/cookies.html e. Safari: https://support.apple.com/kb/PH5042?locale=en-GB
4. Rights related to the processing of personal data
The data subjects have the following rights: 1. the right to information about the processing of personal data – on this basis, the person making the request, the Administrator provides information about the processing of data, including in particular about the purposes and legal grounds for processing, the scope of data held, entities, to which they are disclosed and the planned date of deletion of the data; 2. the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data regarding the person submitting the request; 3. the right to rectification – the Administrator is obliged to remove any inconsistencies or errors in the processed personal data and supplement them if they are incomplete; 4. the right to delete data– on this basis, you can request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which they were collected, if there is no other basis for the Administrator to process this data, if an objection is raised against the Administrator’s processing of personal data from due to the special situation of the person whose data is processed, and the Administrator has no grounds for processing this data that would override the objection, if the objection is raised by the person whose data is processed for marketing purposes, if the personal data were processed unlawfully; 5. the right to limit processing– in the event of such a request, the Administrator ceases to perform operations on personal data – with the exception of operations to which the data subject has consented – and their storage, in accordance with the adopted retention rules or until the reasons for limiting data processing cease to exist (e.g. decision of the supervisory authority authorizing further data processing). Such a request is available, for example, if the person whose data is processed questions the correctness of the processing of this data, if the processing is unlawful, but the person whose data is processed opposes their removal, demanding instead the restriction of the processing of this data, if the Administrator no longer needs personal data a given person to achieve their goals, but they are necessary for the person they concern to determine pursuing or defending rights, if an objection has been made to the processing of personal data of a person due to their special situation, the processing of personal data is limited until it is determined whether the Administrator’s goals override the grounds for objection; 6.the right to transfer data – on this basis – to the extent that the data is processed in connection with the concluded contract or consent – the Administrator provides the authorized person with data provided by the person to whom they relate, in a format that allows them to be read by a computer. It is also possible to request that these data be sent to another entity – provided, however, that there are technical possibilities in this respect both on the part of the Administrator and that other entity; 7. the right to object to data processing for marketing purposes– the data subject may object to the processing of personal data for marketing purposes at any time, without the need to justify such an objection. In practice, each person may withdraw consent to the processing of data for marketing purposes on the terms set out in this document; 8. the right to object to other data processing purposes – the data subject may at any time object to the processing of personal data, which is carried out on the basis of the Administrator’s legitimate interest (e.g. for analytical or statistical purposes or for reasons related to the protection of property) ; an objection in this respect should contain a justification; 9. the right to withdraw consent– if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent. 10. the right to complain – if it is found that the processing of personal data violates the relevant provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection of his usual place of residence, place of work or the place of the alleged data breach personal.
5. Submitting requests related to the implementation of rights
An application regarding the exercise of the rights of data subjects may be submitted in any form to the appropriate Data Administrator due to the purpose of processing. They will be considered immediately, but not later than within one month from the date of receipt.
Requests should be sent to the email address: privacy@restaumatic.com or by traditional mail to the address of Mogova sp. z.oo, Plac Konstytucji 2, 00-552 Warsaw, Poland.
If the Administrator is unable to identify the person submitting the application on the basis of the submitted application, he will ask the applicant for additional information.
The application may be submitted in person or through a proxy.
The response to the application should be provided within one month of its receipt. If it is necessary to extend this period by a maximum of another two months – the Administrator will inform the applicant about the reasons for the delay.
The answer is provided via traditional mail, unless the request was submitted by e-mail or a response was requested in electronic form. If the data subject so requests, the information may be provided orally, provided that the identity of the data subject is confirmed by other means.
6. Transfer of data outside the European Economic Area
The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary, ensuring an appropriate level of protection, primarily through:
- Cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;
- The use of standard contractual clauses issued by the European Commission;
- Application of binding corporate rules approved by the competent supervisory authority.
7. Security of personal data
The Administrator and the Processing Entity carry out risk analysis on an ongoing basis to ensure that personal data is processed in a secure manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to their performance tasks. The Administrator and the Processing Entity ensure that all operations on personal data are recorded and performed only by authorized employees and associates.
The Administrator and the Processing Entity take all necessary actions to ensure that their subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data at the request of the Administrator or the Processing Entity.
8. Privacy policy changes
The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is valid from June 15, 2023.