PRIVACY POLICY AND COOKIES POLICY

This Privacy Policy defines the rules for storing, processing and accessing information on the website and on the User’s devices used for the provision of electronic services.

The Cookies Policy defines the rules for saving and accessing data on the devices of Users using the Website for the purpose of providing electronic services by the Website Administrator. In addition, the Cookies Policy specifies the duration of operation of these files and determines whether third parties may have access to such files.

I. PRIVACY POLICY

§1 DEFINITIONS

“Regulation” – means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
“Administrator” – means BROWAR TRZECH KUMPLI SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at ul. Mariana Langiewicza 5/37, 33-100 Tarnów, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 12th Commercial Division of the National Court Register, under KRS no. 0001026466, NIP 9930354091, REGON 52491261700000.
If you wish to contact us regarding the processing of your personal data, please write to us at: sklep@trzechkumpli.pl.
“Personal Data” – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” – means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Third Party” – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal Data Breach” – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Cookies” – means IT data, in particular small text files, stored and kept on the devices through which the User uses the Website.
“Administrator’s Cookies” – means Cookies placed by the Administrator, related to the provision of electronic services by the Administrator through the Website.
“External Cookies” – means Cookies placed by the Administrator’s partners through the Website.
“Website” – means the website operated by the Administrator at the domain trzechkumpli.pl.
“Device” – means an electronic device through which the User accesses the Website.
“User” – means an entity to whom, under the Regulations and applicable law, electronic services may be provided or with whom a contract for the provision of such services may be concluded.

§2 DATA CONTROLLER

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679, we hereby inform you that:
The Controller of your personal data is BROWAR TRZECH KUMPLI SP. Z O.O., with its registered office at ul. Mariana Langiewicza 5/37, 33-100 Tarnów, registered in the National Court Register under KRS no. 0001026466, NIP 9930354091, REGON 52491261700000.
If you wish to contact us regarding the processing of your personal data, please send an e-mail to: sklep@trzechkumpli.pl.
To ensure the security of Users’ personal data processing and to enable you to exercise their rights in connection with data processing, the Controller has appointed a Data Protection Officer. Any questions or comments should be sent to the same address: sklep@trzechkumpli.pl.

§3 CATEGORIES OF PROCESSED DATA

If the User uses only basic functionalities, i.e., browses the Website without using its interactive features (i.e. without placing an order, creating an account, or subscribing to the newsletter), the Controller processes only limited data such as the User’s IP address and Cookies. If the User uses additional features, such as:

creating an account on the Website;
placing an order through completing the Order Form;
subscribing to the Newsletter;
contacting via the contact form,
the Controller also processes personal data provided by the User, such as: name and surname, e-mail address, delivery address, and telephone number.

§4 PURPOSE OF PERSONAL DATA PROCESSING

The User’s personal data are processed for the following purposes and on the following legal bases:

To perform a contract or to take steps prior to entering into a contract (Art. 6(1)(b) and (f) GDPR), including actions related to concluding a contract/order, accepting an order, selling a product, delivery, service performance, and handling complaints.
To register an account on the Website – for the purpose of creating and managing an individual account. Legal basis: the necessity for the performance of the contract for the provision of the Account service, pursuant to Article 6(1)(b) of the General Data Protection Regulation (GDPR).
To use the contact form – for the purpose of performing a contract concluded by electronic means. The Controller provides the possibility of contacting the Controller through an electronic contact form. The use of this form requires the provision of personal data necessary to establish contact with the User and to respond to the enquiry. Providing data marked as mandatory is required in order to accept and handle the enquiry, while failure to provide such data will result in the inability to process the enquiry. The provision of other data is voluntary. Personal data are processed for the purpose of identifying the sender and handling their enquiry — the legal basis for processing is the necessity of processing for the performance of a contract for the provision of a service (Article 6(1)(b) GDPR); in the scope of data provided voluntarily, the legal basis for processing is consent (Article 6(1)(a) GDPR).

4. Undertaking actions on the basis of the freely given consent of the data subject to the processing of personal data (Article 6(1)(a) GDPR, Article 172 of the Telecommunications Law, and Article 10(2) of the Act on the Provision of Electronic Services), in connection with the delivery of current information about products, marketing content, and commercial communications in the form of a newsletter.

5. The legitimate interests of the Administrator (e.g. defence against possible claims) — legal basis: Article 6(1)(f) GDPR.

6. Use of the Website and ensuring its proper operation — the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in the operation and maintenance of the Website.

7. Conducting statistics and analysing traffic on the Website for the purpose of improving its functioning, tailoring the content of the Website to the User’s interests, and increasing sales — the legal basis for processing is the User’s consent (Article 6(1)(a) GDPR).

Providing personal data for the purpose of service performance, sales, and complaint handling is necessary to deliver those services, execute sales transactions, or process complaints. Failure to provide such data will result in the inability to provide the service, complete the sale, or process the complaint.

Providing personal data for marketing purposes is voluntary. If you do not consent to the processing of personal data collected in connection with your use of the Website, your personal data will not be processed for this purpose.

Processing of personal data for other purposes, such as tailoring the Administrator’s Website content to your interests, conducting statistical analyses, and improving the quality of services, is necessary to ensure a high standard of service provision. In the absence of your consent, personal data will not be processed for these purposes.

§5 DATA RETENTION PERIOD

The User’s personal data will be stored for the duration of the services provided through the Website, i.e. until the User’s account is deleted in order to terminate the use of the Administrator’s services, or until the expiration of statutory limitation periods for potential claims.

In cases where the Administrator adjusts the content of the Website to the User’s interests, performs statistical analyses or improves services, the data will be processed for these purposes until the withdrawal of consent or until the User ceases to use the Website, but no longer than five (5) years from the date of termination of the agreement.

Where personal data are processed on the basis of a legitimate interest, such data may be processed and retained as long as the Administrator has a legitimate interest which prevails over the User’s rights and freedoms.

Furthermore, the Administrator may store the User’s personal data until the conclusion of any legal disputes in which such data may be required as evidence.

All rights referred to in this document may be exercised by sending an e-mail to: sklep@trzechkumpli.pl

§6 DATA RECIPIENTS

Depending on the purpose of processing, the recipients of Users’ personal data may include:
• postal and courier service providers;
• IT solution providers (e.g., mailing services);
• suppliers of IT systems and equipment;
• banks;
• payment transaction operators;
• insurance companies;
• telecommunication service providers;
• entities responsible for the destruction of documents;
• public authorities lawfully entitled to access the data;
• entities providing legal, auditing, or consulting services.

§7 USER RIGHTS

The User is entitled to the following rights:
• the right to request access to personal data from the Controller;
• the right to rectify data;
• the right to erasure of data (“right to be forgotten”);
• the right to restrict processing;
• the right to object to processing;
• the right to data portability.

If the User has any doubts concerning the processing of personal data, they may contact the Controller to request further information.
If, despite the Controller’s assistance, the User believes that their personal data are being processed in violation of applicable law, they have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Where the processing of personal data is based on consent, the User has the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Consent may be withdrawn by submitting a statement to the following e-mail address: sklep@trzechkumpli.pl

§8 PROFILING

By means of cookies used on the Website, the Administrator may identify the User’s preferences, including through the analysis of how frequently the Website is visited or which products are most often viewed.
The analysis of online behaviour helps the Administrator understand Users’ habits and expectations, enabling the adjustment of services and content to their needs and interests.
This allows the Administrator to display advertisements tailored to the User’s preferences.

Opting out of cookies used for personalised advertising does not mean that the User will not receive any advertisements at all — only that such advertisements will not be tailored to their previous activity on the Website.

§9 SECURITY PRINCIPLES

The Administrator protects personal data by applying appropriate technical and organisational security measures.
The Administrator ensures transparency in data processing and collects data only to the extent necessary for the specified purpose and for the period required for its achievement.
The Administrator undertakes all necessary measures to ensure that subcontractors and other cooperating entities also guarantee the application of adequate security safeguards.

II. COOKIES POLICY

§1 GENERAL INFORMATION

Cookies used by the Administrator are safe for the User’s Device. These files make it possible to identify the software used by the User and to tailor the Website individually to each User. Cookies typically contain the domain name from which they originate, the duration of their storage on the Device, and an assigned value.
The Administrator uses two types of cookies:
• Session cookies – stored on the User’s Device and remain there until the web browser session ends. The stored information is then permanently deleted from the Device’s memory;
• Persistent cookies – stored on the User’s Device and remain there until they are deleted. Ending the browser session or switching off the Device does not remove them. The User has the ability to restrict or disable cookies on their Device.

§2 PURPOSES FOR WHICH COOKIES ARE USED

The Administrator uses own cookies, among others, for the following purposes:
• proper configuration of the website (adjusting content, recognising the device, remembering settings);
• authenticating the User on the website and maintaining the User’s session;
• executing processes necessary for the full functionality of the website;
• analyses, research, and audience measurement.

The Administrator also uses third-party cookies for the following purposes:
• logging into the website via social media platforms (e.g. Google);
• promoting the website through social media services.

§3 OPTIONS FOR SETTING THE CONDITIONS OF STORAGE OR ACCESS BY COOKIES

The User may at any time independently change their cookie settings, specifying the conditions for storing or accessing cookies on their Device. These changes can be made by the User through the browser settings.
The User may delete cookies at any time using the functions available in their web browser.
Restricting the use of cookies may affect certain functionalities available on the Website.
The Administrator uses cookies for statistical and marketing purposes only when the User gives consent upon their first visit to the Website.

§4 TYPES OF COOKIES

The Administrator uses the following types of cookies based on their purpose:
• Necessary cookies – these cookies are installed to provide the User with access to the Website and its core functionalities; these do not require the User’s consent.
• Optional cookies:
• Functional cookies – they allow the Website to remember User preferences or choices and provide personalised content.
• Statistical cookies – they enable the tracking of visits and traffic sources within the Website.
• Advertising cookies – ther are used to deliver advertisements consistent with the interests and preferences of Users

§5 THIRD-PARTY ACCESS TO COOKIES

Google Analytics: Our online services use Google Analytics, a tool provided by Google LLC (USA). Google processes information on our behalf, based on your consent. Statistical cookies do not collect data that can directly identify you. For additional privacy protection, IP address anonymisation has been enabled.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://policies.google.com/privacy?hl=en

Google Tag Manager: We use Google Tag Manager, which does not collect, store, or share any information about website users, including visited URLs.

Google Privacy Policy: https://policies.google.com/privacy?hl=en

Google Consent Mode v2: Within Google Analytics, we use Consent Mode v2, which allows analytical +data collection to be adjusted based on the User’s consent.
It cannot be excluded that authorities in the United States may gain access to data stored by Google.

CHANGES TO THE PRIVACY AND COOKIES POLICY

The Administrator reserves the right to make changes to this Privacy Policy and Cookie Policy at any time.
Any changes introduced will always be published on this page.
The changes enter into force on the date of publication.