Privacy policy and cookies
§ 1
Entry
- The administrator of personal data collected and processed as part of the use of the services of the eatyx Online Store is eatyx Polska sp. z o. o. with its registered office in Krakow, Al. 3 Maja 9, 30-062 Kraków, registered in the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division, under KRS number: 0001005514, REGON: 523795322, NIP: 6772487175, BDO registration number: 000597279, with capital company fee in the amount of PLN 10,000,000.00, tel.: +12 357 22 56 (call fee in accordance with the operator's tariff package; the Customer can communicate with the Seller by phone from Monday to Friday, excluding public holidays, from 9:00 a.m. to 5:00 p.m.) (hereinafter: Administrator ).
- The administrator has a designated data protection officer who can be contacted via e-mail: iod@eatyx.com or in writing to the address of the Administrator's office. You can contact the data protection officer in all matters relating to the processing of personal data and the exercise of rights related to the processing of this data.
-
The administrator processes the collected personal data in compliance with the security rules resulting from:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) , hereinafter referred to as: GDPR ;
- Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended);
- Act of July 16, 2004 - Telecommunications Law (Journal of Laws No. 171, item 1800, as amended).
- The Administrator is aware of the threats arising from the processing of personal data on the Internet and declares that it makes every effort to ensure an appropriate level of protection of the privacy and security of customers. The tools used have been selected to ensure adequate protection of personal data processing in accordance with legal requirements.
- The data is processed only in electronic form.
- The Administrator ensures compliance with the rules and regulations regarding the protection of personal data.
§ 2
Scope of processed data
- Registration is not required to read the Store's pages or to order via the Store. However, full use of the Store's services requires prior registration of the Customer.
- When registering an Account, the Customer will be asked to provide the following data that is necessary to set up a Customer Account:
- e-mail adress;
- name and surname (company in the case of entrepreneurs);
- residential address, telephone number;
- a password that the Customer chooses freely, taking into account the minimum security requirements - a minimum of 8 characters, including at least one lowercase and uppercase letter and one number (hereinafter referred to as Password ).
- The password is stored in encrypted form and is not visible in plain text in the form field.
- Account registration can also be done via: Google, Facebook, Apple ID accounts , with:
- when logging in via Google, a direct connection is established with the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google); as part of this process, Google detects the use of data to log in to the Store; registration and use of Google is governed by Google's privacy policy, as well as terms of service ( https://policies.google.com/privacy?hl ); if the Customer has expressly consented to Google within the meaning of Article 6 (1) (a) of the GDPR, personal data will be transferred to the Seller as part of the registration process using the social networking site; The Seller uses the following data provided to the Seller, stored until it is automatically deleted: e-mail address, Google profile name (name and surname), profile photo (or avatar) used on Google; this data is used to identify users as contractual partners of the Seller, to create a user account; checking the correctness of the entered data; the legal basis for such action is Article 6 (1) (b) of the GDPR. The use of this data enables the Seller to fulfill contractual obligations arising from the terms of service (Article 6 (1) (b) of the GDPR); the collected data will be deleted no later than upon the expiry of the agreement to use the platform; users have the option to block association with a Google account;
- when logging in via Facebook, this is a service of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland); more information at: https://www.facebook.com/help/2230503797265156 ; The Seller uses the following data provided to the Seller, stored until it is automatically deleted: name, surname, profile photo;
- when logging in via Apple ID, this is a service of Apple Distribution International Ltd. (Hollyhill Industrial Estate, Hollyhill, Cork, Ireland); more information at: https://support.apple.com/en-us/HT210318 ; The Seller uses the following data provided to the Seller, stored until it is automatically deleted: name, surname, e-mail address.
- Failure to provide the data required when registering an Account will make it impossible to create a Customer Account and use its functionalities. The data of Customers who resign from registration during the registration process will not be saved in the Administrator's system.
- When placing an Order, the Customer will be asked to provide the following data that is necessary to place the Order
- NIP number in the case of entrepreneurs;
- Phone number;
- address (street, house number, apartment number, postal code, city, voivodeship);
- if an Order is placed by a Customer who does not have an Account - also name and surname (company name in the case of entrepreneurs) and e-mail address;
- delivery details (if different from the above);
- payment details.
- The Administrator processes the following data characterizing how the Customer uses the service provided electronically (operational data):
- markings identifying the Customer assigned on the basis of his other data;
- markings identifying the termination of the telecommunications network or the IT system used by the Customer, including the IP address;
- information about the beginning, end and scope of each use of the service provided electronically;
- information about the Customer's use of services provided electronically.
- If the Customer expresses consent by clicking the appropriate button on the cookie message displayed when first entering the Store's website, the Administrator will also process data about the customer's behavior on the Store's website.
- If the Customer contacts the Administrator either via the contact form available in the Store or in any other way, the Administrator processes the data provided by the Customer for the purpose of contact, in particular name and e-mail address.
- If the Customer signs up for the newsletter, the Administrator processes data about the Customer's e-mail address.
- If a comment is published by a Store user, the Administrator processes data about the e-mail address, the name of the comment author and other data contained in the content of the comment.
§ 3
Security of personal data
- The Administrator implements and operates the necessary organizational and technical measures to ensure proper protection of personal data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the law and change, loss, damage or destruction.
- Only recipients of personal data and persons with appropriate written authorization from the Administrator have access to personal data collected in the Store, and the Administrator's data protection inspector keeps a register of persons authorized to process them, containing the names and surnames of authorized persons, dates of granting and termination and the scope of authorizations to process personal data. , access identifiers to the IT system.
- Access to the IT system in which personal data is collected is secured with a password known only to the Administrator and persons authorized to process personal data.
- The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically, in particular:
- prevents access to the Store and the system without providing the password, which is stored in an encrypted form, inaccessible in text form;
- monitors all operations on personal data collected in personal data files;
- prohibits the use of simple passwords - a minimum of 8 characters is required, including at least one number.
§ 4
Cookies
- The eatyx store may use cookies (so-called cookies) - information files saved by the Administrator's server on the Customer's computer. The use of cookies makes it easier for the Customer to use the Store (including maintaining the session and authorization when logging in), and enables improving the quality of services by storing Customer preferences. With the Customer's consent expressed by clicking the appropriate button on the cookie message displayed when first entering the Store's website, the use of cookies is used for statistical purposes (preparing statistics on the use of the eatyx Store by Customers), analysis of Customer behavior and marketing purposes (displaying tailored advertisements to the Customer). to his preferences or interests).
- The Store uses two basic types of cookies: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are stored on the Customer's end device until logging out, leaving the website or turning off the software (web browser). "Permanent" cookies are stored on the Customer's end device for the time specified in the cookie parameters or until they are deleted by the Customer.
- The Store uses the following types of cookies:
- "necessary" cookies enabling the use of services available in the Store, e.g. authentication cookies used for services requiring authentication in the Store;
- cookies used to ensure security, e.g. used to detect abuses in the field of authentication within the Store;
- "functional" cookies, enabling "remembering" the settings selected by the Customer and personalizing the Customer's interface, e.g. in terms of the selected language or region from which the Customer comes, font size, website appearance, etc.;
- with the Customer's consent - "performance" cookies, enabling the collection of information on how to use the Store's websites;
- with the Customer's consent - "advertising" cookies, enabling the Customer to be provided with advertising content more tailored to their interests;
- with the Customer's consent - "statistical: cookies enabling statistics on the use of the Store.
- In many cases, the software used to browse websites (web browser) allows cookies to be stored on the customer's end device by default. Store customers can change cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time they are placed on the Store Customer's device. Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings.
- The use of cookies does not allow downloading any personal and address data of the Customer or any confidential information from his computer. The use of cookies is not possible if the option to save cookies has been disabled in the web browser. Generally, this does not prevent you from browsing the Store, but it may cause some difficulties, including slowing down the operation of the Store and preventing you from placing an Order through the Store.
- Due to the provision of services related to the Store, cookies are transferred to Google Analytics (Google LLC). Google LLC uses cookies to identify sessions - the files transferred to Google LLC do not store or transmit any personal data.
- Cookies that do not constitute personal data, which are placed on the end device of the Store Customer and may also be used by advertisers and partners cooperating with the Store Administrator (Microsoft Clarity and Microsoft Advertising, INIS sp. z o. o., Adform sp. z o. o., Wirtualna Polska Holding SA ). In the case of cooperation with INIS sp. z o. o., cookies are used 1st party saved in the user's browser, used to identify conversions and correct settlement with INIS sp. z o. o., which provides marketing services to the Seller; cookies are stored for a maximum of 30 days and belong to the category of essential cookies. In the case of cooperation with Wirtualna Polska Holding SA, detailed information on data processing by Wirtualna Polska can be found in Wirtualna Polska's privacy policy: https://holding.wp.pl/poufnosc . Microsoft Clarity and Microsoft Advertising record how Customer interacts with the Store using behavioral metrics, heat maps and session replays in order to improve and sell products/services. Site usage data is recorded using first and third-party cookies and other tracking technologies to determine product/service popularity and online activity. This information is used for site optimization, fraud/security purposes and advertising purposes. For more information about how Microsoft collects and uses data, please visit the Microsoft Privacy Statement Microsoft.
- Changing the conditions for storing or receiving cookies is possible by configuring the settings in web browsers.
- The Administrator is not responsible for the privacy policy of websites to which links are placed on the Store's websites.
§ 5
Purposes, grounds and methods of processing personal data.
-
Customer data collected during registration is used for the following purposes:
- performance of obligations arising from the concluded contract for the provision of electronic services - to the extent specified in Art. 18 of the Act on the provision of electronic services,
- fulfillment of obligations arising from Sales Agreements concluded with the Customer, including sending notifications regarding the Order fulfillment process and product returns,
- contact between the Administrator and the Customer - based on the Customer's consent, expressed by sending a message to the Administrator by the Customer;
- sending information containing both commercial (newsletter) and non-commercial content (e.g. changes in operation, services, system messages, etc.) - based on the Customer's consent expressed by subscribing to the newsletter;
- publication of a Store user's comment - based on the Customer's consent expressed by adding such a comment.
- The data contained in cookies are processed by the Administrator in order to enable the functioning of the Store's website. Moreover, with the Customer's consent, these data are also used to conduct statistics related to traffic in the Store, market research and the behavior and preferences of service recipients, with the purpose of using the results of these studies to improve the quality of services provided by the Administrator. In this respect, the Customer may be subject to profiling for marketing purposes and to analyze the Customer's behavior.
-
Customer data may be transferred:
- suppliers responsible for operating IT systems used to provide services in the Store, marketing agencies (in the field of marketing services), operators of platforms for sending mailings;
- in the case of a Customer who uses the courier delivery method in the Online Store, the Administrator provides the Customer's collected personal data to the selected carrier or intermediary carrying out the shipment on behalf of the Administrator;
- in the case of a Customer who uses payment methods operated by third parties in the Online Store, the Administrator provides the Customer's collected personal data to the selected entity handling the above payments in the Online Store;
- colleagues, IT service providers, software suppliers.
- Due to the fact that customer data is processed on the Internet, it is possible that the data will be transferred to a third country. In this case, the Administrator ensures that the transfer will take place to a country that, in accordance with the position of the European Commission, ensures an adequate level of protection or the entity to which the data is transferred will provide appropriate safeguards, enforceable rights of data subjects and effective legal protection measures, including in particular by concluding an agreement with the entity to which the data is transferred containing standard protection clauses.
- Customer data processed for the purpose of providing services electronically and fulfilling orders will be stored for the period of provision of electronic services to the Customer, and after its expiry, they may also be stored for a period until the end of the calendar year in which 6 years elapse from the moment of order execution, or longer. - for the period during which, in accordance with legal provisions, the Administrator is obliged to archive accounting documentation.
- Data provided for the purpose of receiving the newsletter will be processed until consent to their processing is withdrawn.
- Data from cookies will be processed in the scope of session cookies - until the session expires, and in the scope of permanent cookies - until the consent is withdrawn / cookies are deleted from the end device
- Providing personal data in order to provide services electronically and fulfill orders is a condition for using some of the Store's functions. In the remaining scope, providing data is voluntary.
§ 6
Customer Rights.
- The Customer has the right at any time to request from the Administrator access to his or her personal data, rectification, deletion or limitation of processing, as well as the right to transfer data. To the extent that processing is based on the consent expressed by the Customer, he/she also has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- If you consent to the use of cookies for statistical, advertising purposes or to analyze customer behavior, you may also withdraw your consent by clicking on this link ( LINK ) and selecting the appropriate options.
- To the extent that the Customer's data is used for direct marketing purposes, the Customer may also object to the processing of his or her personal data.
- The customer also has the right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office.
- The Customer's rights are exercised upon his request sent to his e-mail address sklep@eatyx.shop . If the Customer finds such a solution insufficient, he or she may write to the Administrator at the following address: Aleja 3 Maja 9, 30-062 Kraków.
- Withdrawal of consent to the processing of data regarding cookies may also be done by appropriately changing the cookie settings in the Customer's browser.
- Exercising the right to delete data involves deleting data without undue delay, including deleting data from registers kept by the Administrator, in accordance with the law.
- The Administrator may refuse to delete the Customer's data in the cases specified in Art. 17 section 3 of the GDPR, including in a situation where there is a suspicion that the Customer's behavior has violated the applicable Regulations, this Privacy Policy or the provisions of applicable law, and the information held may contribute to determining the Customer's liability.
-
The transfer of personal data is carried out as follows:
- The administrator transfers data in a "structured", "commonly used" and "machine-readable" manner, i.e. in XML, JSON, CSV formats;
- if the Administrator determines that the Customer is not entitled to transfer personal data in a given situation and therefore does not intend to take action in connection with the Customer's request, he or she informs the Customer about the reasons for not taking action.
- The customer has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects for him or her or similarly significantly affects him or her. To exercise this right, the Customer may submit an objection to the Administrator. The Administrator may not comply with the Client's request in the cases specified in Art. 22 section 2 GDPR.
§ 7
Changes to personal data.
- The customer has the right to independently access his or her personal data, update it, correct incorrect information and delete it, except for the situations referred to in § 6 section 6 above. Changing or deleting data is possible after logging in to the Customer Account.
- If the Customer fails to update personal data when they have changed, the Administrator may suspend the provision of services or block the Customer's Account until the data is updated.
- To the extent not regulated by this Privacy Policy, the provisions shall apply accordingly Regulations .