1.1. The administrator of personal data collected through the website www.wszamaj.to (hereinafter referred to as the "Service") is Wszamaj.to Sp. z o.o. with its registered office at ul. Księcia Witolda 49/15, 50-202 Wrocław, registered by the District Court for Wrocław – Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under the number: 0001102643, NIP: 8982307080, REGON: 528467781, hereinafter referred to as the "Administrator".
1.2. The Administrator can be contacted via:
e-mail address: kontakt@wszamaj.to
contact form available on the Service page.
2.1. The Administrator collects and processes the following personal data of Users and Restaurants:
Identification data: name, surname, company name, NIP number
Contact data: e-mail address, phone number, residential address or company seat address.
Order data: order history, order details, order preferences.
Payment data: information about made payments, bank account number (in case of refunds).
Technical data: IP address, browser type, operating system, device identifiers. Technical data can be processed in an anonymized way and used solely for statistical and security purposes.
Cookies data: information collected using cookies and similar technologies (more information in point 9 of the Privacy Policy).
2.2. Personal data is collected in the following way:
Through registration and order forms available in the Service.
During telephone or e-mail contacts with Users and Restaurants.
Automatically during use of the Service using cookies and other similar technologies.
3.1. The Administrator processes personal data of Users and Restaurants for the following purposes:
Order realization: processing data is necessary for the realization of orders placed through the Service, including contact with the User regarding the order and delivery of ordered products.
Complaint handling: processing data for the purpose of handling complaints submitted by Users and ensuring appropriate service quality.
Direct marketing: processing data for marketing purposes, such as sending newsletters, promotional offers and information about news, if the User has expressed consent for this.
Analysis and statistics: processing data for analytical and statistical purposes to improve the functioning of the Service and adapt the offer to the needs of Users.
User and Restaurant account handling: managing accounts of Users and Restaurants, including enabling login, changing data and using the functionalities of the Service.
Fullfilment of legal obligations: fulfilling obligations resulting from legal provisions, such as tax and accounting regulations.
4.1. The Administrator processes personal data of Users and Restaurants based on the following legal bases:
User or Restaurant consent: art. 6 ust. 1 lit. a GDPR - in case of processing personal data for marketing purposes and in other cases where the User or Restaurant has expressed consent.
Agreement realization: art. 6 ust. 1 lit. b GDPR - in case where processing data is necessary for the realization of an agreement concluded through the Service, including order realization and complaint handling.
Fulfillment of a legal obligation: art. 6 ust. 1 lit. c GDPR - in case where processing data is necessary to fulfill legal obligations incumbent on the Administrator, such as tax and accounting obligations.
Legitimate interest of the Administrator: art. 6 ust. 1 lit. f GDPR - in case of processing data for analytical, statistical purposes and for the purpose of ensuring the security and functionality of the Service. The legitimate interest of the Administrator is also direct marketing of own products and services.
5.1. The Administrator does not sell or share personal data of Users and Restaurants to third parties, except for the situations described below.
5.2. Personal data of Users is shared with Restaurants for the purpose of carrying out orders placed through the Service. Restaurants receive the necessary contact and address data of Users to be able to properly realize the order.
5.3. Personal data can be shared with the following entities:
Payment operators: for the purpose of realizing payments for orders (e.g. PayU).
Entities cooperating with the Administrator: within the scope necessary for providing service services and technical support.
5.4. Personal data can be transferred to state authorities in the following situations:
At the request of authorized authorities: when the obligation to share data results from legal provisions, in particular at the request of courts, prosecutor's office, police and other authorized state authorities.
To fulfill legal obligations: when it is necessary to fulfill legal obligations incumbent on the Administrator, such as tax and accounting obligations.
5.5. The Administrator ensures that all entities to which it shares personal data process them in accordance with applicable regulations on personal data protection and based on appropriate data processing entrustment agreements.
The User and the Restaurant have the right to obtain confirmation whether personal data concerning them are processed by the Administrator, and if that takes place, they have the right to obtain access to these data and information regarding their processing.
The User and the Restaurant have the right to request rectification of incorrect personal data concerning them and supplementation of incomplete data.
The User and the Restaurant have the right to request the deletion of personal data concerning them in cases provided by law, in particular when the data are no longer necessary for the purposes for which they were collected, or when the data were processed unlawfully.
In order to realize the right to delete personal data, the User or the Restaurant may:
The notification should contain data enabling identification of the account. The Administrator realizes the request immediately, no later than within 30 days, in accordance with art. 12 ust. 3 GDPR.
The User and the Restaurant have the right to request restriction of data processing in cases provided by law, in particular when they question the accuracy of personal data or when the processing is unlawful and the User or the Restaurant opposes the deletion of data.
The User and the Restaurant have the right to receive personal data concerning them, which they provided to the Administrator, in a structured, commonly used machine-readable format and have the right to send these data to another administrator.
The User and the Restaurant have the right to object to the processing of personal data concerning them in cases provided by law, in particular when the processing of data takes place on the basis of legitimate interests of the Administrator.
The User and the Restaurant have the right to withdraw consent for the processing of personal data at any time, if the processing takes place on the basis of consent. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
The User and the Restaurant have the right to lodge a complaint with a supervisory authority dealing with personal data protection, if they consider that the processing of personal data violates legal provisions.
7.1. The Administrator stores personal data of Users and Restaurants for the period necessary to realize the purposes for which these data were collected, including:
for the period necessary for the realization of orders and agreements concluded through the Service,
for the period necessary for complaint handling,
for the period in which the Administrator has the obligation to store data based on legal provisions (e.g. tax and accounting regulations).
7.2. Personal data processed based on the User's or Restaurant's consent will be stored until the withdrawal of consent, unless there is another legal basis for further processing of data.
7.3. In case of data processed based on the legitimate interest of the Administrator, the data will be stored until a successful objection is submitted or this interest ceases.
7.4. After the storage period has expired, the personal data will be deleted or anonymized in a way that makes it impossible to identify the User or the Restaurant.
8.1. The Administrator applies appropriate technical and organizational measures to ensure the security of processed personal data, in particular protection against unauthorized access, loss of data, their destruction or unauthorized modification.
8.2. Personal data protection measures include:
Access control: restricting access to personal data solely to authorized persons and using passwords and user identifiers.
Encryption: using data encryption technology during transmission of personal data via the internet (e.g. SSL/TLS).
Backup: regularly creating backup copies of personal data to protect them against loss.
Monitoring: monitoring information systems to detect and prevent potential security threats.
8.3. The Administrator ensures that all employees and coworkers having access to personal data are appropriately trained in the field of personal data protection and obliged to maintain confidentiality.
8.4. In case of a personal data protection violation that may cause a high risk of violation of rights or freedoms of Users or Restaurants, the Administrator will immediately inform the persons whose data they concern and the appropriate supervisory authority about such a violation.
9.1. The Service uses cookies, which are small text files stored on the User's end device, in order to ensure the proper functioning of the Service and for analytical purposes.
9.2. Types of cookies used in the Service:
Necessary cookies: Cookies that are necessary for the proper functioning of the Service. They enable navigation on the site and use of its basic functions.
Analytical cookies: Cookies that collect information about how the Service is used by Users. These data are used to analyze traffic on the site and improve the quality of services provided by the Service.
9.3. Purposes of using cookies:
Ensuring the proper operation of the Service: Necessary cookies enable navigation on the Service and use of its basic functions, such as logging into a user account.
Analysis and statistics: Analytical cookies allow for the collection of anonymous data regarding the use of the Service, which helps in analyzing traffic on the site and in improving the quality of services provided.
Consent for analytical cookies is voluntary and can be withdrawn at any time using the cookie settings available on the Service.
9.4. Cookie management:
9.5. How to manage cookies?
Instructions regarding cookie management can be found in the settings of the web browser used by the User. Below are links to cookie management instructions in the most popular browsers:
The User can change or withdraw consent for cookies at any time.
9.6. Changes to the Cookies Policy:
The Administrator reserves the right to introduce changes to this Cookies Policy. Users will be informed about any changes via the Service or electronic mail at least 14 days before the changes take effect.
9.7. Contact:
In case of any questions or doubts regarding this Cookies Policy, the User can contact the Administrator via:
e-mail address: kontakt@wszamaj.to
contact form available on the Service page.
10.1. The Administrator reserves the right to introduce changes to this Privacy Policy in case of changes in law, technologies used in the Service or ways of functioning of the Service.
10.2. Users and Restaurants will be informed about any changes in the Privacy Policy via the Service or electronic mail at least 14 days before the changes take effect.
10.3. Changes in the Privacy Policy take effect within the deadline indicated by the Administrator, no shorter than 14 days from the day of their publication. Using the Service after introducing changes is equivalent to accepting the new wording of the Privacy Policy.
10.4. In case of lack of acceptance of changes in the Privacy Policy, the User or the Restaurant has the right to stop using the Service and request deletion of their personal data.
10.5. Contact with Administrator
In case of any questions or doubts regarding this Privacy Policy, the User or the Restaurant can contact the Administrator via:
e-mail address: kontakt@wszamaj.to
contact form available on the Service page.