Privacy Policy
(hereinafter referred to as the “Policy”)
§ 1
Personal Data – General Principles
1. As of May 25, 2018, the General Data Protection Regulation (GDPR) has been in force. Therefore, we kindly ask you to familiarize yourself with the principles of personal data protection applied by the Data Controller.
2. The controller of personal data is Good Taste Production spółka z ograniczoną odpowiedzialnością, with its registered office in Poznań (60-178), ul. Dziewińska 59, REGON: 302692642, NIP: 7792421062, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000504906, registration files kept by the District Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register, share capital: PLN 5,000.00 (the “Data Controller”).
3. The Data Controller collects and processes personal data for the purpose of providing comprehensive service to users visiting the websites operated by the Data Controller.
§ 2
Processing of Personal Data by the Data Controller
1. The legal bases for data processing by the Data Controller are as follows:
a) processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
b) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller (Article 6(1)(f) GDPR);
c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject (Article 6(1)(c) GDPR).
2. The data that may be provided to the Data Controller includes, in particular: first name, last name, address, e-mail address, phone number, tax identification number (NIP), and other data necessary for the performance of a contract or related actions by the Data Controller. Providing personal data is fully voluntary, but necessary for the Data Controller to carry out tasks related to the purpose of data processing.
3. The Data Controller may disclose personal data to entities providing IT, accounting, administrative services, and other entities supporting the Data Controller’s website or online store. The Data Controller requires such entities to ensure a high level of privacy and data security in accordance with applicable law. The Data Controller does not transfer personal data to third parties for marketing purposes.
4. Personal data is not transferred to third countries.
5. Personal data will be processed for the period necessary to achieve the purpose for which it is processed, and thereafter stored for the period required for the limitation of claims. After this period, personal data will be deleted in accordance with GDPR requirements.
6. In connection with the processing of your data, you have the right to request:
a) access to your data, within the scope of Article 15 GDPR;
b) rectification of your data, within the scope of Article 16 GDPR;
c) erasure of your data, within the scope of Article 17 GDPR;
d) restriction of processing, within the scope of Article 18 GDPR;
e) data portability, within the scope of Article 20 GDPR;
f) objection to processing based on Article 6(1)(f) GDPR.
7. The above rights may be exercised, in particular, by sending a request to: bilety@goodtaste.pl or by post to the Data Controller’s address: ul. Dziewińska 59, 60-178 Poznań.
§ 3
Contact Regarding Personal Data Protection
1. If you believe that the processing of personal data by the Data Controller violates GDPR provisions, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
2. If you have any questions regarding personal data protection, you may contact us by e-mail at: bilety@goodtaste.pl or in writing by post to the Data Controller’s address: ul. Dziewińska 59, 60-178 Poznań.
§ 4
Data Controller’s Website
1. For analytical purposes, i.e. to examine and analyse activity on the Data Controller’s website, the Data Controller processes the following personal data:
a) date and time of visit;
b) type of operating system;
c) approximate location;
d) type of web browser;
e) time spent on the website;
f) visited subpages
– unless otherwise provided by the user’s device settings.
2. The legal basis for such processing is Article 6(1)(f) GDPR, which allows processing based on the Data Controller’s legitimate interest (analysing user activity on the website).
3. User activity on the Data Controller’s website, including personal data, is recorded in system logs (a program used to store chronological records containing information about events and actions related to the IT system used by the Data Controller). The information collected in logs is processed in connection with the provision of services. The Data Controller also processes it for technical purposes; in particular, data may be temporarily stored and processed to ensure the security and proper functioning of IT systems, e.g. in connection with backups, testing system changes, detecting irregularities, or protection against abuse and attacks.
§ 5
Cookies
1. The Data Controller uses cookies on its website, i.e., small text files stored on the user’s computer, phone, tablet, or other device. They may be read by the Data Controller’s system as well as by systems of other entities whose services the Data Controller uses (e.g., Facebook, Google).
2. Cookies serve many functions on the website, in particular:
a) ensuring security: cookies protect the user’s personal data from unauthorized access;
b) affecting website performance: cookies help the website run smoothly and allow the use of available functions by remembering settings between visits;
c) session state: cookies can store information about how users navigate the website, e.g., which subpages are most frequently viewed; they also allow identification of errors on certain subpages. Session cookies help improve services and enhance browsing comfort;
d) generating statistics: cookies help analyze how users interact with the website (how many open the site, how long they stay, which content attracts the most attention). This allows continuous website improvement and adaptation to user preferences. To track activity and generate statistics, the Data Controller uses Google tools such as Google Analytics. Besides reporting site usage statistics, Google Analytics may, together with some of the above cookies, help deliver more relevant content to users in Google services (e.g., Google search) and across the web;
e) social features: the Data Controller may use cookies to enable navigation from its social media profiles to its website. To do so, the Data Controller must use cookies provided by those entities.
3. The user’s browser typically allows cookies by default. On the first visit, the Data Controller asks for consent to use cookies. If the user does not consent, browser settings can be adjusted at any time to block cookies completely or request notification whenever cookies are set.
4. Instructions for disabling cookies vary by browser:
a) Google Chrome: Menu (top right) → Settings → Show advanced settings → Privacy → Content settings.
b) Internet Explorer: Menu (top right) → Tools → Internet Options → Privacy → Sites → Adjust level → OK.
c) Mozilla Firefox: Menu → Tools → Options → Privacy → Activate “Firefox will use custom settings.” Accept cookies as desired.
d) Opera: Menu → Tools → Preferences → Advanced → Cookies → Enable or disable.
e) Safari: Menu → Safari → Preferences → Security → Choose “Accept cookies” level.
5. The Data Controller respects user decisions regarding cookies but informs that disabling or restricting cookies may cause significant difficulties in using the website, e.g., needing to log in on each subpage, longer page load times, limited functionality, or reduced social media account features.
§ 6
Final Provisions
1. The Policy is governed by the universally applicable law of the Republic of Poland.
2. The Data Controller reserves the right to amend the Policy for valid reasons, particularly to ensure compliance with the law or recommendations, orders, or decisions of competent authorities.
3. Changes to the Policy will be communicated at least 14 days in advance via an appropriate announcement.
4. The Policy is available at the Data Controller’s office and in electronic form on the Data Controller’s website.
