Administrator – UBIQ EVENT SP. Z O.O. Grunwaldzka St. 34A, 60-786 Poznan, REGON: 521053496, NIP: 7792535185, KRS: 947333.
Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Act – the Act of 10 May 2018 on the protection of personal data (consolidated text: Journal of Laws of 2019, item 1781)
User – any natural person visiting the Site or using one or more services or functionalities described in the Policy.
II. PERSONAL DATA
The Administrator processes personal data of the Site User: www.turestaurant.pl.
Users’ personal data shall be processed for the following purposes:
– in order to provide services electronically related to the extent necessary to establish, shape the content of the amendment, termination and proper implementation of the service provided electronically and the implementation of requests made by the User, online reservations made through the booking form, orders or complaints, in order to process them. The basis for processing personal data is Article 6(1)(b) of the RODO (performance of a contract);
– marketing (newsletter, sending SMS messages) and promotion of goods and services offered by the Administrator. The basis for the processing of personal data is Article 6(1)(a)
RODO (the data subject has given consent for his/her personal data to be processed for one or more specified purposes);
– for analytical and statistical purposes. The legal basis for the processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO) consisting in conducting analyses of the Users’ activities, as well as of their preferences in order to improve the applied functionalities and provided services;
– detecting cases of unauthorized use of services, determining liability and asserting or defending against claims. The legal basis for the processing is the Administrator’s legitimate interest (Article 6(1)(f) of the RODO) consisting in the protection of Users’ rights.
The Users’ personal data may also be used by the Administrator to direct marketing content to them via various channels, i.e. via e-mail, MMS/SMS or by phone. Sending commercial information to the Users by e-mail takes place only after the Users give their consent to this form of communication.
Users’ personal data can be disclosed and made available to recipients or third parties, which can be entities to whom the Administrator entrusts the processing of personal data, under and on the basis of entrustment agreements and in accordance with the requirements of Article 28 RODO, entities to whom the Administrator makes personal data available, as well as entities authorized by law.
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the service provision, until the withdrawal of the expressed consent or filing an effective objection to data processing in cases where the legal basis of data processing is the legitimate interest of the Administrator. The period of data processing may be extended if the processing is necessary to establish and assert or defend against possible claims, and after that time only in the case and to the extent required by law. After the end of the processing period, the data shall be irreversibly deleted or anonymized.
The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service provided or the execution of the order, until:
a. to terminate the performance of the contract,
b. to withdraw the consent given, where the legal basis of data processing is the consent of the User, or
c. raising an effective objection to data processing in cases where the legal basis of data processing is the legitimate interest of the Administrator.
The period of data processing may be extended in each case where the processing is necessary to establish and assert or defend against possible claims, and thereafter only in the case and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.
In the case of processing of personal data based on the consent granted by the User, all consents granted for the processing of personal data may be withdrawn at any time, without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
The User has the right to demand from the Administrator access to the content of their data, their rectification, erasure, restriction of processing, to object to the processing, as well as the right to data portability.
The User also has the right to lodge a complaint to the President of the Office for Personal Data Protection if they consider that the processing of their personal data violates the law, including RODO.
Providing data marked as obligatory is required in order to create and maintain an account, and their failure results in the impossibility to create an account. Providing other data is voluntary.
Users’ personal data processed for marketing and promotional purposes of goods and services offered by the Administrator shall not be processed in an automated manner, including in the form of profiling.
The Administrator ensures that personal data are processed in accordance with the law, in particular with the provisions of the RODO and other legal regulations governing personal data protection, and moreover that they are collected for specified, lawful purposes, substantively correct and adequate in relation to the purposes for which they are processed.
The Administrator uses so-called “cookie files” – computer data stored by web servers on the User’s end device, which can be read by web servers each time the User’s end device is connected.
Cookies stored on the User’s terminal device are used by the Administrator to provide services at the highest level, tailored to their individual needs, as well as for advertising and statistical purposes.
V. FINAL PROVISIONS
1. The Policy shall be reviewed and updated as necessary.
3. The current version of the Policy has been adopted and is effective as of 28 April 2022.