Privacy Policy

  1. GENERAL PROVISIONS

    1. The Controller of personal data collected through the website madasweet.pl is Adam Pawłowski conducting business activity under the business name MADA SWEET, headquarters address: UL. POLNA 7 26-026 MORAWICA, delivery address: , NIP: 657-00-80-542, REGON: 290524178, entered in the Central Register and Information on Economic Activity, e-mail address: KONTAKT@MADASWEET.PL, hereinafter referred to as “Controller”, who is also a Service Provider, place of conducting business: UL. POLNA 7 26-026 MORAWICA, delivery address: UL. POLNA 7 26-026 MORAWICA, NIP: 657-00-80-542, REGON: 290524178, e-mail address: KONTAKT@MADASWEET.PL, hereinafter referred to as the “Controller” Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the freemovement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, and the Personal Data Protection Act of 10 May 2018.

  2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE
    OF DATA COLLECTION

    1. PROCESSING PURPOSE AND LEGAL BASIS The Controller processes personal data through the website madasweet.pl in case of:
      1. using the contact form by the user. Your personal data is processed pursuant to article 6 paragraph 1 (f) of GDPR as the Controller’s legitimate interest.
    2. TYPE OF PERSONAL DATA PROCESSED. The Controller processes the following categories of user’s personal data:
      1. Name and surname,
      2. Email address,
      3. Phone number,
    3. PERIOD OF PERSONAL DATA ARCHIVING. User’s personal data is stored by the Controller:
      1. in case when the basis for data processing is the performance of the contract, as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period of claims. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.
      2. in case where the basis for data processing is consent, as long as the consent is not revoked, and after revoking the consent for a period of time corresponding to the limitation period of claims which may be raised by the Controller and which may be raised against him. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to
        conducting business activity – three years.
    4. When using the website, additional information may be downloaded, especially: IP address assigned to the user’s computer or the external IP addressof the Internet provider, domain  name, type of browser, access time, type of operating system.
    5. There can also be collected user’s navigation data, including information on the links and references the users decide to click or other activities performed on the website. The legal basis for this type of activity is the legitimate interest of the Controller (Art. 6 paragraph 1 (f) of GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.
    6. Provision of personal data by the user is voluntary.
    7. Personal data will also be processed in an automated way in the form of profiling, provided that the user agrees to it, pursuant to Art. 6 paragraph 1 (a) of GDPR. The consequence of profiling will be to assign a profile to a given person in order to make decisions about them or to analyse or predict their preferences, behaviours and attitudes.
    8. The Controller will use due care to protect the interests of people whose data is collected and, in particular, will ensure that the data he collects is:
      1. processed lawfully,
      2. collected for specified and legitimate purposes and not processed further in a way incompatible with the intended purposes.
      3. relevant and adequate to the purposes for which they are processed and stored in a form which permits identification of the data subjects no longer than it is necessary for the purposes for which they are processed.

  3. DISCLOSURE OF PERSONAL DATA

    1. User’s personal data is transferred to providers of services that the Controller uses when running the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions regarding the purposes and methods of processing this data (processors) or independently define the purposes and methods of its processing (controllers).
    2. User’s personal data is stored only within the European Economic Area (EEA).

  4. THE RIGHT TO CONTROL, ACCESS AND CORRECT THE PERSONAL
    DATA

    1. The data subject has the right to access their personal data, as well as to rectify, erase, restrict the processing, the right to transfer data, object, withdraw their consent at any time without affecting the lawfulness of any processing performed on the basis of the consent prior to its withdrawal.
      2. Legal basis for user requests:
    2. Podstawy prawne żądania użytkownika:
      1. Access to data – Art. 15 of the GDPR
      2. Rectification of data – Art. 16 of the GDPR
      3. Data erasure (the right to be forgotten) – Art. 17 of the GDPR.
      4. Restriction of processing – Art. 18 of the GDPR.
      5. Data portability – Art. 20 of the GDPR.
      6. Objection – Art. 21 GDPR.
      7. Withdrawal of consent – Art. 7 paragraph 3 of GDPR.
    3. In order to exercise the rights referred to in item 2, an appropriate e-mail should be sent to the following address: KONTAKT@MADASWEET.PL.
    4. In the event when the user exercises his right included in the above-mentioned rights, the Controller complies with the request or refuses to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complicated nature of the request or the number of requests – theController will not be able to fulfil the request within a month, he will comply with it within the next two months informing the user in advance, within one month of receiving the request, about the intended extension of the deadline and the reasons for it.
    5. In the event of concluding that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint to the President of the Personal Data Protection Office.

  5. COOKIES

    1. The Controller’s website uses cookies.
    2. Installation of cookies is necessary for the website’s services to be provided in a proper way. The cookies contain information necessary for the proper functioning of the website, as well as provide the possibility of compiling general statistics of website visits.
    3. The website uses the following types of cookies: session
      1. Session cookies are temporary files that are stored in the user’s terminal equipment until the user logs out (closes the website).
    4. The Controller uses their own cookies to better understand the user’s interactions with the content of the page. The files collect information on how the user uses the website, the type of  ebsite the user was redirected from and the number and length of the user’s visits to the website. This information does not register precise personal data of the user but serves to compile statistics of use of the website.
    5. The user has the right to decide on the scope of access which the cookies have to his computer by choosing relevant settings in the browser window.  Detailed information about the possibilities and methods of cookie use is available in the software (web browser) settings.

  6. FINAL PROVISIONS

    1. The Controller uses technical and organisational measures to protect personal data, appropriate to the risks and category of data being protected, in particular to protect data against their unauthorised disclosure, takeover by an unauthorised person, processing with the violation of existing regulations, alteration, loss, damage or destruction.
    2. The Controller provides the following technical measures to prevent the access and modification by third parties of personal data transmitted electronically.
    3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.