§ 1. General Provisions
1. This Privacy Policy defines the rules for processing and protecting personal data of Users of the trzebachleba.pl website (hereinafter: Service).
2. The Data Controller is the bakery Trzeba Chleba located at ul. Wojewódzka 36/38, 40-026 Katowice (hereinafter: Controller).
3. Contact with the Controller is possible via email: kontakt@trzebachleba.pl or by phone: +48 572 359 415.
4. The Controller takes special care to protect the interests of data subjects.
5. Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Personal Data Protection Act.
§ 2. Scope of Collected Data
1. The Controller collects the following personal data:
• Phone number - required for order identification and contact
• Email address - for account registration and correspondence
• Name and surname - for account registration
2. Providing data is voluntary but necessary to use certain Service features.
3. A phone number is required to place an order and is used for identification upon pickup.
4. Data is also collected automatically when using the Service (session cookies, IP address, browser information).
§ 3. Purposes of Data Processing
1. Personal data is processed for the following purposes:
• Order fulfillment - based on Art. 6(1)(b) GDPR (contract performance)
• User account management - based on Art. 6(1)(b) GDPR
• Contact regarding orders - based on Art. 6(1)(b) GDPR
• Complaint handling - based on Art. 6(1)(c) GDPR (legal obligation)
• Tax and accounting purposes - based on Art. 6(1)(c) GDPR
2. Data is not processed for marketing purposes without explicit User consent.
3. The Controller does not make automated decisions, including profiling.
§ 4. Data Retention Period
1. Personal data is stored for the following periods:
• Order data - for the period necessary to fulfill the order and for the period required by tax regulations (5 years)
• Account data - until the account is deleted by the User or Controller
• Contact data (complaints) - for 3 years from the end of the matter
2. After the retention period, data is deleted or anonymized.
3. Users may request deletion of their data at any time, subject to the Controller's legal obligations.
§ 5. User Rights
1. Users have the following rights:
• Right of access - the ability to obtain information about processed data
• Right to rectification - the ability to correct inaccurate data
• Right to erasure (right to be forgotten) - the ability to request data deletion
• Right to restrict processing - the ability to limit the scope of processing
• Right to data portability - the ability to receive data in a transferable format
• Right to object - the ability to object to processing
2. To exercise these rights, please contact the Controller.
3. Users have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office).
§ 6. Cookies
1. The Service uses only essential session cookies.
2. Session cookies are used to:
• Maintain logged-in user sessions
• Ensure connection security
• Enable proper shopping cart functionality
3. Session cookies are automatically deleted when the browser is closed.
4. The Service does not use marketing, analytics, or tracking cookies.
5. Using the Service constitutes consent to the use of necessary cookies.
6. Users can change cookie settings in their browser, but this may affect Service functionality.
§ 7. Data Sharing
1. Personal data is not sold or shared with third parties for marketing purposes.
2. Data may only be shared with:
• Entities authorized by law (e.g., law enforcement, tax authorities)
• IT service providers necessary for Service operation (hosting, email)
3. Entities processing data on behalf of the Controller are required to maintain confidentiality and apply appropriate security measures.
4. Personal data is not transferred outside the European Economic Area (EEA).
§ 8. Data Security
1. The Controller applies appropriate technical and organizational measures to ensure personal data security.
2. Protection measures include:
• Connection encryption (HTTPS/SSL protocol)
• Secure password storage (hashing)
• Limited access to personal data
• Regular backups
3. Only persons authorized by the Controller have access to personal data.
4. In case of a personal data breach, the Controller will notify Users and the competent supervisory authority in accordance with GDPR requirements.
§ 9. Privacy Policy Changes
1. The Controller reserves the right to make changes to the Privacy Policy.
2. Users will be notified of significant changes through a notice in the Service.
3. The current version of the Privacy Policy is always available on the Service website.
4. Using the Service after changes are introduced constitutes acceptance of the new Privacy Policy.
§ 10. Contact
1. For matters related to personal data protection, please contact:
• Email: kontakt@trzebachleba.pl
• Phone: +48 572 359 415
• Address: ul. Wojewódzka 36/38, 40-026 Katowice
2. The Controller responds to personal data inquiries without undue delay, no later than one month from receiving the request.