This document sets out the principles for the processing of personal data on the website www.foodtown.pl in relation to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
- The administrator of the personal data is the company: MyEcolife Sp. z o.o. with its registered office in Warsaw (00-841) at Żelazna 51/53, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number 0000307724, NIP: 527-257-50-59, NIP: 5213898163 (“Administrator”). Contact with the Administrator can be made at the address indicated above or by e-mail at: email@example.com .
- We inform you about the purposes of processing your personal data and the legal basis when entering into contracts or collecting data via the contact form. Personal data may be processed for the purposes necessary for: (i) to conclude and perform a contract to which you are a party or (ii) to take action at your request prior to concluding a contract or (iii) to respond to an enquiry concerning elements of the Administrator’s commercial offer or matters relating to the Administrator’s business (iv) to comply with a legal obligation incumbent on the Administrator or (v) for the purposes arising from the legitimate interests pursued by the Administrator, as well as (vi) on the basis of your consent – for the purposes in accordance with the content of the consent given (inter alia for the purpose of sending a newsletter). Whenever processing is based on the Administrator’s legitimate interests, it may include: the assertion of claims by the Administrator, the defence against claims made against the Administrator, direct marketing of the Administrator’s services, the provision of services or communicating with you. The legal basis for the processing of your personal data derives from the provisions of the GDPR, i.e. Article 6(1)(a), (b), (c) and (f) of the GDPR.
- The personal data may be stored for the period necessary for the purposes indicated above, as well as the period of limitation of claims that may arise from the obligations undertaken. In the case of processing with your consent – the storage of personal data will take place until your consent is withdrawn. If the law requires the earlier deletion of your personal data or longer storage, the Administrator will comply with such legal obligation.
- You have the right to request the Administrator to access, rectify or complete personal data concerning you if the data is incorrect or incomplete.
- You have the right to request the erasure of personal data in any of the following cases:
5.1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
5.2. the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
5.3. the data subject raises an objection under Article 21(1) GDPR to the processing and there are no overriding legitimate grounds for the processing.
1 GDPR against the processing and there are no overriding legitimate grounds for the processing or the data subject raises an objection under Article 21(2) GDPR against the processing;
5.4. the personal data have been unlawfully processed;
5.5. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Controller is subject.
The above shall not apply in the case referred to in Article 17(3) of the GDPR.
- You have the right to restrict the processing of personal data in any of the following cases:
6.1. the data subject challenges the accuracy of the personal data – for a period of time to allow the Controller to verify the accuracy of the personal data;
6.2. the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead that the use of the personal data be restricted;
6.3. The Controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish, assert or defend a claim;
6.4. the data subject has raised an objection under Article 21(1) of the GDPR to the processing – until it is established whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection.
- You have the right to withdraw your consent to the processing of personal data (if the processing of personal data is based on your consent) at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
- If personal data are processed on the basis of Article 6(1)(f) GDPR (i.e. for the purposes of legitimate interests pursued by the Controller), you may object at any time, free of charge, to this processing, whether initial or further (Article 21(1) GDPR). In the event of an objection, the Controller shall no longer be permitted to process the personal data in question, unless the Controller can demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, assertion or defence of claims.
- If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing (Article 21(2) GDPR). If the data subject objects to the processing for direct marketing purposes, the personal data must no longer be processed for such purposes.
- Your data may be made available to persons or entities authorised in accordance with the applicable laws, in particular at the request of public or judicial authorities in cases justified by the provisions of the law, as well as to authorised entities when this is necessary for the proper performance of a contract, e.g. making data available to a bank, investment contractor, notary office in connection with the signing of a notarial deed, property manager, IT service providers. Our suppliers are based in Poland and other countries of the European Economic Area (EEA). In connection with the use of Google Analytics, your personal data is transferred outside the EEA (to the United States of America). In connection with the transfer of your data outside the EEA, the providers are obliged to guarantee an adequate level of protection for your personal data. These guarantees arise in particular from the obligation to apply the standard contractual clauses adopted by the EU Commission. Information on the transfer of data by Google is available: https://policies.google.com/technologies/partner-sites?hl.
- You have the right to lodge a complaint with the President of the Office for the Protection of Personal Data if the processing of personal data concerning you violates the law (https://uodo.gov.pl/p/kontakt).
- For the most part, your personal data has been obtained from you (personal data comes from the data subject); There may be cases where your data has been obtained from your employers, principals, clients or other principals.
- The provision of data is voluntary; for specifically defined purposes in the relevant contracts applicable to the Administrator, the provision of data may be necessary to carry out certain transactions or activities.
- The Administrator’s decisions are not taken by automated means.
- Any changes to the privacy and cookies policy will be made available on this website.