Privacy Policy

  1. Controllers and contact details:

    Data controllers of your personal data (hereunder: the “Data”) are:

    • {{name}} with its registered seat in {{city}} ({{postal_code}}), {{address}}, entered into the register of entrepreneurs of the National Court Register under the KRS number {{krs}}, registry files of which are kept by the District Court {{court}}, NIP (tax ID no.): {{nip}}, REGON (statistical no.): {{regon}} / {{name_and_surname}} conducting business activity under the name {{business_activity_name}} with its registered seat in {{city}} ({{postal_code}}), {{address}}, based on an entry to the Central Evidence and Information about Economic Activity under NIP (tax ID no.): {{nip}}, REGON (statistical no.): {{regon}} (hereunder: the “Seller” or the “Controller”).

      Contact details for Data-related issues: All requests and inquiries related to your rights can be directed to the following email address: {{email_personal_data}}.

    • 3E KOLCZYŃSKI, LIŻEWSKI, GĘDZIOROWSKI, ROSTOCKI spółka jawna with its registered seat in Warsaw (02-732), 51 Podbipięty Street, entered into the register of entrepreneurs of the National Court Register under the KRS number 0000235015, registry files of which are kept by the District Court for the capital city of Warsaw in Warsaw, 20th Commercial Division of the National Court Register, NIP (tax ID no.): 521-33-43-778, REGON (statistical no.): 14014613 (hereunder: the “Operator” or the “Controller”).

      Contact details for Data-related issues: All requests and inquiries related to your rights can be directed to the following email address: info@orderingstack.com.

  2. Scope of Data:

    1. Controller – Seller: Data necessary for execution of the civil law agreement, incl. contact details obtained in scope of electronic ordering procedure, e.g. name, surname, delivery address, email address, phone number, user-agent, comments, and other data necessary to execute the agreement (legal ground: Article 6 point 1 letter b) of GDPR).

    2. Controller – Operator:Data collected directly from You, e.g. in scope of order forms and Data collected by means of cookies and other technologies, saved during Your movement on websites, incl. e.g. name, surname, address, phone number, email address, comments, browser (user-agent), IP number, orders history, way of making an order.

  3. Purposes and legal grounds of processing

    Controller – Seller:

    • Execution of the agreement, incl. logging-in and using Online Market, concluding and executing Transactions, as well as security, incl. above all prevention of cyber attacks

      • Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract)
    • Statistical measurements

      • Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract) or, if such measurements are not necessary for the purpose of agreement performance, Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
    • Marketing purposes, incl. marketing of the products and services of the Controller, marketing of the products and services of third parties, especially internet marketing, including newsletters

      • Article 6 point 1 letter a of GDPR (consent of data subject)
    • Tax, accounting, anti-fraud and AML-related purposes, as well as other purposes resulting from Controller’s legal obligations

      • Article 6 point 1 letter c of GDPR (processing necessary to fulfill legal obligations of the Controller)

    Controller – Operator:

    • Statistical measurements

      • Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
    • Marketing purposes, incl. marketing of the products and services of the Controller, marketing of the products and services of third parties, especially internet marketing, including newsletters

      • Article 6 point 1 letter a of GDPR (consent of data subject)
    • Tax, accounting, anti-fraud and AML-related purposes, as well as other purposes resulting from Controller’s legal obligations

      • Article 6 point 1 letter c of GDPR (processing necessary to fulfill legal obligations of the Controller)
  4. Retention period: We only process the Data for as long as it is necessary. When the purpose of the Data processing is fulfilled, the Data will be deleted in accordance with our data retention policy, unless we are legally obliged to keep such Data. Depending on the legal grounds of processing, the Data may be processed for the following periods of time:

    • if the Data are processed based of a ground of necessity to execute the Agreement – no longer than until expiry of claim limitation period related thereto (the Controller may decide about earlier anonymisation or deletion of such Data);

    • if the Data are processed based on a ground of a legitimate interest of the Controller – until a successful objection is filed (the Controller may decide about earlier anonymisation or deletion of such Data);

    • if the Data are processed based on a ground of fulfilling a legal obligation of the Controller – in the scope and for the period necessary to fulfil such obligations in compliance with binding laws;

    • if the Data are processed based on a consent – until withdrawal thereof;

    • if the Data are processed for tax, accounting, anti-fraud or AML-related purposes – in the scope and for the period compliant with binding provisions of law.

  5. Voluntary provision of Data: Providing the Data is voluntary.

  6. Recipients: We can transfer Your Data to the following categories of recipients: (a) entities that act on our request (processors) and provide us services, e.g. in scope of IT systems or marketing activities, (b) other controllers that individually decide about purposes and means of processing your Data, e.g. state or local authorities. Each transfer of Data can only be executed solely based on grounds that are important and result from binding laws.

  7. Your rights: Depending on the situation, you are granted several rights based on the GDPR. You can withdraw Your consent at any time, if we are processing Your Data based on your consent. The withdrawal of your consent does not impact lawfulness of Data processing before such withdrawal. Additionally, You can raise objection at any time, if we are processing your Data based on our legitimate interest. You also have the rights to access your Data, including receiving a copy thereof; right of rectification of your Data; right of erasure of your Data; right to restrict processing of your Data; right to Data portability. If you have any complaints related to our processing of your Data, you have a right to file a complaint to the supervising authority – the President of the Personal Data Protection Office (www.uodo.gov.pl).

  8. Transfer of Data to third countries (outside the EEA): We do not plan to transfer the Data to third countries (i.e. the countries outside the EEA (European Economic Area)). Should it, however, happen, it will be executed in compliance with all requirements resulting from the binding provisions of law. Should the Data be transferred to an entity located in a third country, not ensuring an adequate level of protection, we will apply protection measures such as e.g. standard contractual clauses approved by the European Commission.

  9. No automated decision-making: As a part of our marketing and service improvement activities, we analyse the Data in IT systems using various filters and tools. We perform these activities based on our legitimate interest (legal ground: Article 6 point 1 letter f of GDPR), which consists in searching and grouping categories of persons in order to determine which advertising messages may be of interest, as well as to improve our services. We do not make any automatic decisions towards You based on the results of the activities described above.

  10. Information about cookies: In order to ensure proper functioning of your services, we can sometimes place on your computer or mobile device small files containing IT data, so called “cookies”. Cookies are in particular text files, which are stored by the server on the computer or mobile device. The content of a cookie can be retrieved or read only by the server that created such cookie. The text in a cookie often consists of identifiers, site names, as well as some numbers and characters. Cookies are unique to the browsers or mobile applications you use, and enable websites to store various data, such as e.g. your preferences. Like many other Internet service providers, we use cookies to improve user experience (UX). Session cookies are deleted after each visit, while persistent cookies remain in place across multiple visits. Cookies allow websites to remember your settings such as language, font size on your computer or mobile device, or other browser preferences. This means that you do not need to reset preferences every time. Therefore, if cookies are not used, websites will treat you as a new visitor every time you load a web page. For example, if you are redirected to another web page from a website you are already logged into and then return to the original website, it will not recognize you and you will have to log in again. You can manage or delete cookies based on your own preferences. You can clear all the cookies stored on your device, while most of the web browsers provide the option of blocking cookies. However, by doing so, you have to change the user settings every time you visit our website. Find out how to manage cookies settings in your browser or on its dedicated website.

  11. Changes/Updating information Since any privacy policy as an up-to-date information about Data processing, this Privacy Policy may be updated from time to time to ensure its consistency with actual processing of your Data. Current version of Privacy Policy is always available here and You are advised to consult it regularly.