Personal data: all information about an identified or identifiable natural person by one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person, including the IP number of the device, location data, online identifier and information collected through cookies and other similar technology.
RODO: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website: a website published by the Administrator, to which this Policy applies, i.e. www.diet-food.pl, managed by the Administrator.
User: any natural person visiting the Website or using the services or functionalities provided on the Website.
DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered on the Website, as well as information about the User's activity on the Website. The detailed rules and purposes for processing personal data collected when the User uses the Website are described below.
OBJECTIVES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE
Using the Website: Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator: to provide services electronically in the scope of providing Users with content collected on the Website - then the legal basis processing is necessary to perform the contract (Article 6(1)(b) of the RODO), for analytical and statistical purposes - then the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO), consisting in conducting analyzes of Users' activity, as well as their preferences, to improve the functionalities and services provided; to possibly establish, pursue or defend against claims - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO) consisting in protecting your rights; The User's activity on the Website, including his data, is recorded in system logs. The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, to ensure the security of the IT system and to manage it, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the administrator (Article 6(1)(f) ) RODO).
Contact forms: The administrator provides the opportunity to contact him using an e-mail or a contact form. Providing basic data (name, surname, email address) is required to accept and handle the inquiry, and failure to do so results in the inability to handle it. Providing other data is voluntary. Personal data is processed: to identify the sender and handle his inquiry - the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6(1)(b) of the RODO); for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO), consisting in keeping statistics of inquiries submitted by Users via the Website to improve its functionality.
Newsletter: The Administrator provides the newsletter service to persons who have provided their e-mail addresses for this purpose. Providing data is required to provide the newsletter service, and failure to provide them results in the inability to send it. Personal data is processed: to provide the newsletter-sending service - the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the RODO); in the case of sending marketing content to the User as part of the newsletter - the legal basis for processing, including profiling, is the Administrator's legitimate interest (Article 6(1)(f) of the RODO), in connection with the consent given to receive the newsletter; for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO) consisting in conducting analyzes of Users' activity on the Website to improve the functionalities used; to possibly determine, pursue or defend against claims - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO).
COOKIES AND SIMILAR TECHNOLOGY
Cookie files (so-called cookies) are IT data, in particular text files, installed on the device of the User browsing the Website. Cookies usually contain the domain name of the website they come from, their storage time on the end device, and a unique number.
Cookies are used to: a) adjust the content of websites to the User's preferences and optimize the use of the Website; in particular, these files allow to recognize the device of the website user and properly display the website, tailored to his individual needs, b) creating statistics that help to understand how website users use websites, which allows for improving their structure and content, c) maintaining the website user's session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage of the website, d) providing users with advertising content more tailored to their interests.
In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the User's end device by default. Website users may change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time they are placed on the website user's device. Detailed information on the possibilities and ways of handling cookies is available in the web browser software settings. Failure to change the cookie settings means that they will be placed on the user's end device, and thus the Administrator will store information on the user's end device and gain access to this information.
PERIOD OF PROCESSING PERSONAL DATA
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or order completion, until the consent is withdrawn or an effective objection to data processing is submitted in cases where the legal basis for data processing is the Administrator's legitimate interest. The period of data processing may be extended, in particular in the following circumstances: until the statute of limitations for potential claims arising from contracts concluded between the Administrator and the User, for the time necessary to pursue specific claims made by the Administrator or refute them (if the claims were made by the User) in connection with concluded contracts, for the duration of the performance of obligations under the law, including in particular in the field of tax and accounting regulations, e.g. obligations related to the storage of documentation by the requirements of the Act of September 29, 1994, on accounting, for the period necessary for the Administrator to document before public administration authorities, including the supervisory authority in the field of personal data protection, the correctness of fulfilling legal obligations incumbent on him, for archiving purposes, when it concerns the history of correspondence and responses to submitted inquiries (not directly related to concluded contracts). After the expiration of the processing period, the data is irreversibly deleted or anonymized.
The User is entitled to the right to information about the processing of personal data - on this basis, the Administrator provides the natural person submitting the request with information about the processing of data, including in particular about the purposes and legal grounds for the processing, the scope of data held, entities to which they are disclosed, and the planned date of deletion data; the right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data concerning the natural person submitting the request; the right to rectification - the Administrator is obliged to remove any inconsistencies or errors in the processed Personal Data and supplement them if they are incomplete; the right to delete data - on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which they were collected; the right to limit processing - in the event of such a request, the Administrator ceases to perform operations on Personal Data - except operations to which the data subject has consented - and their storage, by the adopted retention rules or until the reasons for limiting data processing ceases to exist ( e.g. a decision of the supervisory authority will be issued allowing for further data processing); the right to transfer data - on this basis - to the extent that data is processed in an automated manner in connection with the concluded contract or consent - the Administrator issues data provided by the person to whom they relate, in a format that allows the data to be read by a computer. It is also possible to request that these data be sent to another entity, provided that there are technical possibilities in this respect both on the part of the Administrator and the indicated entity; the right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection; the right to object to other purposes of data processing - the data subject may at any time object - for reasons related to his particular situation - to the processing of Personal Data, which is carried out based on the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or reasons related to with property protection); an objection in this respect should contain a justification; the right to withdraw consent - if the data is processed based on consent, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal; the right to complain - if it is found that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, the Data Subject may submit a complaint to the body supervising the processing of Personal Data, competent for the place of habitual residence of the Data Subject, his place of work or place committing the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection. The above rights can be exercised by contacting the Administrator: e-mail address email@example.com or in writing to the following address: Mipam E.Z. Szafarz sp.j. Rogatka 14Z, Opatowek 62-860.
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems used to provide services, entities such as banks and payment operators, research companies, entities providing accounting and legal services, marketing agencies (including in the scope of marketing services) and entities related to the Administrator. If the User's consent is obtained, his data may also be made available to other entities for their purposes, including marketing purposes. The Administrator reserves the right to disclose information about the User to competent authorities or third parties who submit a request for such information, based on the appropriate legal basis and by the provisions of applicable law.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary, and ensures an appropriate level of protection, primarily through: cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued; the use of standard contractual clauses issued by the European Commission; application of binding corporate rules approved by the competent supervisory authority; The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
SECURITY OF PERSONAL DATA
The administrator conducts risk analysis on an ongoing basis to ensure that personal data is securely processed by him, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The administrator makes sure that all operations on personal data are registered and performed only by authorized employees and associates.
Contact with the Administrator is possible via the e-mail address firstname.lastname@example.org or in writing to the following address: