Privacy policy

  1. GENERAL PROVISIONS
    1. This Website Privacy Policy is for information purposes only, which means that it does not result in any obligations for Website Service Recipients. This Privacy Policy includes, most of all, principles concerning personal data processing by the Controller in the Website, including the grounds, purposes, and scope of personal data processing, as well as the rights of data subjects and information concerning the use of cookies and analytical tools in the Website.
    2. The Controller of personal data collected via the Website is TASTYSOFT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with a registered office in Łódź (address of the registered office and service address: Sienkiewicza 85/87/8 P. XI, 90-057 Łódź); entered in the Register of Entrepreneurs of the National Court Register with the no. KRS 0000411725; registration court where the company’s documentation is kept: District Court for Łódź-Sródmieście in Łódź, Commercial Law Division XX of the National Court Register; share capital of PLN 5,000; NIP: 7252058310; REGON: 101374260; hereinafter referred to as the “Controller”, who is also the Website Service Provider.
    3. Personal data in the Website is processed by the Controller in line with the applicable legal regulations, including in particular the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”. The official text of the GDPR: https://eur-lex.europa.eu/eli/reg/2016/679/oj.
    4. The Controller exercises particular diligence to protect the interests of data subjects whose data it processed; in particular, the Controller is responsible for the following and ensures that in relation to the personal data the Controller collects: (1) the data are processed lawfully; (2) the data are processed for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes; (3) the data collected are accurate on terms of their content and adequate to the purpose for which they are processed; (4) the data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and (5) the data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
    5. Taking into account the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller will implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures will be reviewed and updated where necessary. The Controller applies technical measures preventing collection and modification, by unauthorised parties, of the personal data sent using electronic measures.
    6. All words, expressions, and acronyms used in this Privacy Policy, starting with a capital letter (e.g. Service Provider, Website, E-Service), should be understood as defined in the Website Rules available in the Website.
  2. GROUNDS FOR DATA PROCESSING
    1. The Controller is authorised to process personal data if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation by which the Controller is bound; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
    2. Processing personal data by the Controller requires each time that at least one of the conditions referred to in Sec. 2.1 of the Privacy Policy is satisfied. Specific grounds for processing personal data of Website Service Recipients by the Controller are listed in the following section of the Privacy Policy with respect to a specific purpose of processing the personal data by the Controller.
  3. PURPOSE, GROUNDS, AND PERIOD OF DATA PROCESSING IN THE WEBSITE
    1. The purpose, basis, period, and recipients of personal data processed by the Controller result each time from the actions undertaken by a specific Service Recipient in the Website.
    2. The Controller may process personal data in the Website for the following purposes, on the following grounds, and in the following periods:
      Purpose of data processing Legal grounds for data processing Period of data processing
      Performance of a service sale contract/contract concerning the provision of E-Service, or taking steps at the request of a data subject prior to entering into a contract Art. 6(1)(b) of the GDPR (performance of a contract) The data are stored for the period necessary to perform or terminate the contract or for the period necessary for the contract to expire in any other manner.
      Direct marketing Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) The data are stored for the period of the legitimate interest pursued by the Controller; no longer, however, than for the limitation period for claims against the data subject on account of the business operations conducted by the Controller. The period of limitation is specified by legal regulations, in particular the Civil Code (a basic period of limitation for claims related to business operations is three years). The Controller may not process data for the purpose of direct marketing if a data subject makes an effective objection against that.
      Marketing Art. 6(1)(a) of the GDPR (consent) The data are stored until the data subject withdraws his or her consent for further processing for that purpose.
      Keeping the books Art. 6(1)(c) of the GDPR read in conjunction with Art. 74(2) of the Accounting Act of 30 January 2018 (Dziennik Ustaw [the Polish Journal of Laws] of 2018, item 395) The data are stored for the period required under legal regulations which impose on the Controller an obligation to keep the books (5 years from the beginning of the year following the business year the data pertain to).
      Establishment, exercise, or defence of legal claims which may be made by or against the Controller Art. 6(1)(f) of the GDPR The data are stored for the period of the legitimate interest pursued by the Controller; no longer, however, than for the period of limitation of claims against the data subject on account of the business operations conducted by the Controller. The period of limitation is specified by legal regulations, in particular the Civil Code (a basic period of limitation for claims related to economic operations is three years).
  4. DATA RECIPIENTS IN THE WEBSITE
    1. For proper operation of the Website, including proper provision of E-Services by the Controller, it is necessary that the Controller use third party services (e.g. software providers). The Controller uses only services of such processors which provide sufficient guarantees of implementing adequate technical and organisational measures, so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
    2. Data are not transferred by the Controller in each case and they are not transferred to all recipients or categories of recipients specified in the Privacy Policy; the Controller transfers data only when and to the extent that it is required for accomplishing a specific purpose of personal data processing.
    3. Personal data of Website Service Recipients may be transferred to the following recipients or categories of recipients:
      1. entities processing electronic payments or payment card operations – in the case of Service Recipients who use electronic payments or payment card operations in the Website, the Controller provides the collected personal data of the Service Recipient to a selected entity processing such payments in the Website at the Controller’s request, to the extent necessary to process the Service Recipient’s payment. The transaction data, including personal data, may be transferred to PayLane Sp. z o.o. with the registered office in Gdańsk, ul. Norwida 4: 80-280, KRS: 0000227278, to the extent necessary to process a payment for an order.
      2. service providers supplying the Controller in technical, IT, and organisational solutions which enable the Controller to conduct economic operations, including the Website and E-Services provided via the Website (including without being limited to providers of software for the Website, e-mail and hosting providers, and providers of software for company management and technical support for the Controller) – the Controller transfers the collected personal data of Service Recipients to a selected provider operating at such provider’s request only if and to the extent that it is necessary to accomplish a specific purpose of data processing according to this Privacy Policy.
      3. providers of accounting, legal, and consulting services providing the Controller with accounting, legal, or consulting support (including without being limited to an accounting firm, a legal firm, or a debt collection company) – the Controller transfers the collected personal data of Service Recipients to a selected provider operating at such provider’s request only if and to the extent that it is necessary to accomplish a specific purpose of data processing according to this Privacy Policy.
  5. PROFILING IN THE WEBSITE
    1. The GDPR imposes on the Controller an obligation to inform data subjects about automated decision-making, including profiling referred to in Art 22(1) and (4) of the GDPR and, at least in those events, to provide significant information on the principles of such decision-making as well as on the importance and predicted consequences of such processing for the data subject. That being so, the Controller hereby provides information on possible profiling in this section of the Privacy Policy.
    2. In the Website, the Controller may use profiling for the purpose of direct marketing; however, decisions made based on profiling by the Controller do not pertain to entering into or to refusing to enter into a contract or to a possibility of using E-Services in the Website. The results of using profiling in the Website may include e.g. granting a person with a discount, reminding them of incomplete actions in the Website, sending an offer of services which may be suitable for their interests or preferences, or proposing better conditions as compared to the standard Website offer. Despite profiling, it is the person themselves that makes a free decision whether they are willing to use the discount or better conditions offered in this manner and make a purchase in the Website.
    3. Profiling in the Website also consists in an automated analysis or prediction of a behaviour of a specific person in the Website by way of analysing the history of past actions taken in the Website. To conduct such profiling, the Controller has to have the personal data of such a person in order to be able to grant them e.g. with a discount.
    4. The data subject has the right not to be included in a decision which is based only on automated processing, including profiling, and which produces legal effects concerning the data subject or similarly significantly affects the data subject.
  6. RIGHTS OF THE DATA SUBJECT
    1. Right of access, rectification, restriction of processing, deletion, or data portability – the data subject has the right to request, from the Controller, access to, rectification of, or deletion of their data (“the right to be forgotten”) or to request restriction of processing, to object against processing, and to have their data transferred. The detailed conditions of exercising the rights referred to above are specified in Art. 15-21 of the GDPR.
    2. Right to withdraw consent at any time – a data subject whose data are processed by the Controller based on a provided consent (under Art. 6(1)(a) or Art. 9(2)(a) of the GDPR) has the right to withdraw their consent at any time, with no effect on the lawfulness of processing done before the withdrawal.
    3. Right to lodge a complaint with a supervisory authority – a data subject whose data are processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and using the procedure specified in the GDPR and Polish legal regulations, including without being limited to the Personal Data Protection Act. The Polish supervisory authority is the President of the Personal Data Protection Office.
    4. Right to object – a data subject has the right to object, at any time, on grounds related to their particular situation, to processing of their personal data which is based on Art. 6(1)(e) (public interest or public tasks) or (f) (legitimate interest of the Controller), including profiling, based on those provisions. In such an event, the Controller can no longer process such personal data unless the Controller demonstrates compelling legitimate grounds for processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
    5. Right to object to direct marketing – if personal data are processed for the purpose of direct marketing, a data subject has the right to object, at any time, to processing their personal data for the purpose of such marketing, including profiling, to the extent that such processing is related to direct marketing.
    6. In order to exercise the rights referred to in this section of the Privacy Policy, data subjects may contact the Controller by sending a notification to this end in writing or by e-mail to the Controller’s address provided at the beginning of the Privacy Policy or using the contact form available in the Website.
  7. COOKIES IN THE WEBSITE, USAGE DATA, AND ANALYTICS
    1. Cookies are small pieces of text in the form of text files, sent by a server and saved in the device of a visitor to the Website (e.g. on a hard drive of a computer or a laptop or on a memory card of a smartphone, depending on the device used by the visitor to the Website). Detailed information concerning Cookies and the history of their origination is available e.g. on https://pl.wikipedia.org/wiki/HTTP_cookie.
    2. The Controller may process data contained in Cookies when visitors use the Website for the following purposes:
      1. to identify Service Recipients as logged in the Website and to show that they are logged in;
      2. to save data from forms or surveys filled in by visitors or logging data for the Website;
      3. to adapt the content of the Website to the individual preferences of Service Recipients (e.g. colours, font size, website layout etc.) and to optimize the use of Website;
      4. to draw up anonymous statistics showing the manner in which the Website is used;
      5. for the purpose of re-marketing, i.e. to examine the properties of behaviour of visitors to the Website by analysing their actions anonymously (e.g. repeated visits in specific sites, key words etc.) to draw up their profile and provide them with advertising content adapted to their predicted interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd.
    3. As a standard, most web browsers available in the market accept saving Cookies by default. Each person may specify the conditions of using Cookies by way of changing settings of their own browser. That means that you can e.g. partially restrict (e.g. in time) or completely disable the possibility of saving Cookies; however, the latter option may have an effect on certain functionalities of the Website.
    4. Settings of a browser related to Cookies are important from the viewpoint of a consent to the use of Cookies by our Website, as pursuant to legal regulations such a consent may also be provided through the settings of a browser. If you do not wish to provide such a consent, you should modify the settings of your browser related to Cookies as appropriate.
    5. Detailed information concerning the change of setting related to cookies and their deletion by users in the most popular browsers is available in the help section of a browser and in the following sites (click on the hyperlink):
      Chrome
      Firefox
      Internet Explorer
      Opera
      Safari
      Microsoft Edge
    6. In the Website, the Controller may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), Hotjar services provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta), and Ahrefs services provided by Ahrefs Pte. Limited (16 Raffles Quay #33-03, Hong Leong Building, Singapur). The collected data are processed as a part of the services referred to above for the purpose of, among other things, generating statistics used in administering the Website and analysing profiles of links, key words, and their visibility in search engines. Using those services in the Website, the Controller collects, among other things, information such as the source and medium of attracting visitors to the Website and their behaviour in the Website, information concerning devices and browsers used by visitors, IP, domain name, geographical data, demographic data (age, gender), and interests.
  8. FINAL PROVISIONS
    1. The Website may contain links to other web pages. The Controller recommends that, after going to other web pages, you should read their Privacy Policy. This Privacy Policy refers only to the Controller’s Website.