Strona główna / Polityka prywatności
Privacy Policy
Privacy Policy
Our goal is to ensure you feel safe on our website, which is why your privacy and the protection of your personal rights are important to us. We kindly ask you to carefully review the following summary to understand how our website operates. You can be assured that your data will be processed transparently and fairly, and we will make every effort to handle your data carefully and responsibly. This Privacy Policy is intended to inform you about how we use your personal data, which we manage in accordance with the strict requirements of the German Data Protection Act and the General Data Protection Regulation (GDPR).
DATA CONTROLLER AND DATA PROTECTION OFFICER
Bastion Smaku Sp. z o.o.
Ruś 2, 10-687 Olsztyn
Email: sklep@bastionsmaku.pl
The Data Protection Officer at the controller’s company is available at the email address rodo@bastionsmaku.pl.
SCOPE OF PERSONAL DATA PROCESSING
We collect and process your personal data only to the extent necessary to ensure the website’s functionality, the content we provide, and the services we offer, for example, when you provide your data to activate a membership in the Castle of Flavor Club, register as a customer on our website, log into an existing customer account, or order products. Your personal data is collected and used only with your consent, except in cases where it is not possible to obtain prior consent due to circumstances, and data processing is legally permitted. The security of your personal data is a high priority for us.
We take technical and organizational measures to protect the data we store from loss and misuse by third parties. Our employees involved in processing personal data are bound by confidentiality obligations, which they must observe. Your personal data is protected by ensuring it is transmitted in encrypted form; for example, we use SSL (Secure Sockets Layer) when communicating with your web browser. A padlock icon will appear on your browser to indicate that an SSL connection has been established.
To ensure your data is always protected, technical security measures are regularly reviewed and adapted to new technological standards as necessary.
PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We collect, process, and use your personal data for the following purposes:
– Entering into and executing contracts (orders)
– Providing newsletters about new product launches
– Customer service and support
– Providing media services, such as processing orders for goods and services offered online
– Providing media services for mailing and SMS notifications, for instance, to send you information about new product launches
RETENTION PERIOD AND PROCESSING OF PERSONAL DATA
We process and store your personal data only for the period necessary to achieve the storage purpose or as required by law or regulation. Once the purpose has been fulfilled or becomes inapplicable, your personal data will be deleted.
COLLECTION OF GENERAL DATA AND INFORMATION
In accordance with Article 6, Section 1(f) of the GDPR, our website collects various general data and information each time it is accessed, which is temporarily stored in server logs. The log is created as part of the automatic logging performed by the processing computer system. The following data may be collected:
– Access to the website (date, time, and frequency)
– How you reached the site (referral website, hyperlink, etc.)
– Amount of data transmitted
– The browser and version you are using
– The operating system you are using
– Your Internet service provider
– The IP address assigned to your computer by your Internet service provider when connecting to the Internet
The collection and storage of this data are necessary for the website to function and to display the content correctly
COOKIES, WEB ANALYSIS SERVICES, AND SOCIAL MEDIA
Our website uses cookies, web analysis services, and social media plugins.
We want to ensure that your experience using our website is as smooth as possible. To this end, we use cookies, web analytics services, and social media plugins in accordance with Article 6, Section 1 of the GDPR.
We use various cookies and services to guarantee full website functionality, making the site as informative and user-friendly as possible. It is important to us that you can easily navigate our website, so we continually implement improvements.
We take care to handle your personal data responsibly. In this document, you will find detailed information about the cookies and services used on this website. Of course, you can disable all cookies and services as you wish. You can do this by blocking or deleting cookies through your web browser settings. You can also deactivate them by installing an opt-out cookie or by following a hyperlink. Please note that deactivation is necessary for all browsers you use. If you delete all cookies in your browser, this will also affect the opt-out cookie.
1. Functional Cookies Cookies are small files placed on your computer by websites you visit. They allow settings or changes made by you to be restored during your next visit to the website. These functional cookies ensure that our website operates correctly. Cookies are stored for a maximum of two years and are automatically deleted afterward. The following features are possible with the use of these cookies:
– Saving products you placed in your online cart or added to your wishlist
– Saving information you entered during checkout, so you don’t need to re-enter it
– Saving settings such as language, location, search result preferences, etc.
– Saving display settings on your device, such as desired buffer size and screen resolution data
– Saving browser settings to allow optimal website display
– Saving login information so you don’t need to re-enter it each time
2. Analytical Services for Statistical Purposes To determine which content on our website is most attractive to you, we continually monitor the number of visitors and the most frequently viewed pages. We use the data we collect for statistical purposes, such as:
– Registering the number of visitors to our websites
– Registering the time visitors spend on our website
– Registering the order in which different websites are visited
– Identifying which parts of our website need updates or changes
– Optimizing the website
We use the following services for statistical purposes, which you can disable by installing an opt-out cookie or clicking on a hyperlink:
– Google Analytics: This web analysis service is offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to allow the website operator to analyze how users interact with the site. The information generated by the cookie about your use of the website is typically transmitted to a Google server in the USA and stored there. However, Google shortens your IP address within EU Member States or other countries in the European Economic Area before transferring it to the USA. In exceptional cases, the full IP address is transmitted to a Google server in the USA and then shortened. The IP address transmitted by your browser within Google Analytics is not combined with other data from Google. Google Analytics cookies are automatically deleted after 14 months.
You can find more information on the terms of use and data protection at the following websites:
https://www.google.com/analytics/terms/gb.html and
https://policies.google.com/?hl=en
To disable Google Analytics, click on the following hyperlink to download and install the browser plugin:
https://tools.google.com/dlpage/gaoptout?hl=en
GOOGLE MAPS API
This is a map service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We use the Google Maps API to display an interactive map and provide driving directions or help you find a physical store. When using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored on Google’s servers in the USA. For more information about the Google Maps privacy policy and terms of use, please visit the following websites:
https://www.google.com/intl/eng_eng/help/terms_maps.html and
https://policies.google.com/privacy?hl=eng
SOCIAL MEDIA PLUGINS
Our website provides you with plugins for social media platforms so that you can connect with your social media accounts. These plugins are clearly marked. If you are a member of a social media network and click on the corresponding social media plugin, the social media provider may be able to link information about your visit to our website with your profile data on that platform. Please familiarize yourself with these functionalities by consulting the privacy policies of the social media providers you use. The following social media plugins are integrated with our website:
– Facebook Provider: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Facebook Privacy Policy: https://www.facebook.com/privacy/explanation
– Instagram Provider: Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA, Instagram Privacy Policy: https://help.instagram.com/155833707900388
– YouTube Provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, YouTube Privacy Policy: https://policies.google.com/privacy
PROCESSING OF PERSONAL DATA WHEN CONTACTING US, REGISTERING, AND PLACING ORDERS WITHOUT REGISTRATION
1. Contacting Us
Information you provide when contacting us by phone, email, or through a contact form will be stored by us based on Article 6, Section 1(a) of the GDPR to respond to your questions. The contact will be logged so that we can prove it took place in compliance with legal requirements. When filling out the contact form, your consent will be obtained, and this Privacy Policy is referenced. The data collected in this context will be deleted by us once the conversation is concluded and the matter is resolved.
2. Registration
After receiving the appropriate login and temporary password from the website operator, you need to complete the registration by providing your personal data. This data is entered into a data form, transmitted to us, and stored by us. The registration is carried out to execute a contract or perform pre-contractual actions and is, therefore, based on Article 6, Section 1(b) of the GDPR.
For entering into and executing contracts, we require contact data depending on the specific case, such as name, delivery address, billing address, email address, and information about the chosen payment method. We also use your data to maintain our customer database, where only the most necessary data is stored. To prevent typographical errors (so-called “typos”) and ensure that ordered products are correctly delivered, we check the completeness and accuracy of your address when you enter it.
3. Miscellaneous Provisions
Based on Article 6, Section 1(c) and (f) of the GDPR, we use and store your personal data and, where necessary, technical information to prevent misuse of data or other unlawful behavior on our website or to investigate such cases, e.g., to ensure data security in the event of attacks on our IT systems. This can be done based on orders from public authorities or courts, where required by law, and to protect our rights and interests and defend ourselves in court if necessary.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
When transferring your personal data, we ensure that the level of security is always as high as possible. Therefore, your data is only transferred to carefully selected and contractually obligated service providers and partners. We only disclose your data to entities that meet appropriate security standards. Data transfers to third countries are not currently practiced or planned.
DISCLOSURE OF DATA TO SERVICE PARTNERS
In accordance with Article 6, Section 1(b) and (f) of the GDPR, we commission various service companies to operate and optimize our website and to fulfill contracts, such as IT service providers, website hosting companies, payment processors, and product shipment companies. We share the necessary information with these service partners (e.g., name, address). Some of these companies act on our behalf to process and fulfill orders, meaning they can only use the transmitted data in accordance with our instructions. In these cases, we remain legally responsible for ensuring that appropriate data security measures are taken. Therefore, we agree on specific data security measures with these entities and regularly monitor compliance. For example, your order will be shipped via a service provider such as UPS Polska Sp. z o.o. This provider will receive information such as your email address, phone number, and delivery address provided in your order to arrange the specific time and place for delivery with you.
YOUR RIGHTS
Of course, you have rights related to the collection of your data, which we are happy to inform you about here. If you wish to exercise any of these rights free of charge, simply send us a message. You can contact us using the following contact details without incurring any costs beyond those charged by your telecommunications provider for sending messages: Email: biuro@bastionsmaku.pl
Postal address: The Castle of Flavor Sp. z o.o., Ruś 2, 10-687 Olsztyn
For your safety, we reserve the right to request additional information to confirm your identity when responding to an existing inquiry. If identification is not possible, we also reserve the right to refuse a response to your request.
1. Right of Access
You have the right to request information from us about the personal data we store about you.
2. Right to Rectification
You have the right to request immediate rectification and/or completion of personal data stored about you.
3. Right to Restriction of Processing
You have the right to request that the processing of your personal data be restricted if you dispute the accuracy of the data stored about you, if the processing is unlawful and we no longer need the data, but you do not want the data to be deleted, and you require the data to establish, exercise, or defend legal claims, or if you have objected to the processing of the data.
4. Right to Deletion
You have the right to request the deletion of your personal data stored by us, provided that maintaining the data is not necessary for freedom of expression, freedom of access to information, compliance with a legal obligation, due to public interest, for the assertion or defense of legal claims, or for the exercise of legal rights.
5. Right to Notification
If you have exercised the right to rectification, deletion, or restriction of processing, we will notify all recipients of your personal data about the rectification, deletion, or restriction of processing unless this is impossible or involves disproportionate effort.
6. Right to Data Portability
You have the right to receive a copy of the data you have provided to us, which will be transmitted to you or a third party in a structured, standard machine-readable format. If you request the transfer of these data to another data controller, this will be done as long as it is technically feasible.
7. Right to Object
If your personal data is processed in the interest of legitimate purposes in accordance with Article 6, Section 1(f) of the GDPR, you have the right to object to the processing at any time in accordance with Article 21 of the GDPR.
8. Right to Withdraw Consent
You have the right to withdraw your consent to data collection at any time with future effect. This will not affect the data collected so far. We hope you understand that for technical reasons, it may take some time to process your withdrawal, and you may continue to receive messages from us during this period.
9. Right Not to Be Subject to Automated Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision has legal effects on you or similarly significantly affects you.
10. Right to File a Complaint with a Regulatory Authority
If the processing of your personal data violates data protection laws or if your data protection rights have been violated in any other way, you can file a complaint with a regulatory authority.
The fastest, easiest, and most convenient way to exercise your right to rectification and deletion is to log into your customer account and directly edit or delete the data stored there. Please note that once you delete your data, you will no longer have access to services related to our products through our website. This may also include services for re-downloading from the Internet. Therefore, we encourage you to back up your data before exercising your right to deletion. Data that we are legally required to store in accordance with statutory, corporate, or contractual requirements will be restricted in processing to prevent its use for other purposes but will not be deleted.
LINKS TO OTHER COMPANIES’ WEBSITES
Our website contains links to other companies’ websites. We are not responsible for the data security measures taken on other websites accessible through these links. Please refer to those external websites for information on their respective privacy policies.
CHANGES TO THE PRIVACY POLICY
To ensure that our Privacy Policy always complies with current legal requirements, we reserve the right to make changes to it at any time. This also applies to cases where the Privacy Policy needs to be updated to cover new or modified products or services.