Privacy Policy

 

Personal data, the Administrator of which is Caterings sp. z o.o. with its registered office in Warsaw, are processed in a manner consistent with the provisions of generally applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: „GDPR”).

The Administrator guarantees the confidentiality of all personal data processed by him. Ensures that all security measures are taken. Personal data is collected with due diligence and properly protected against access to it by unauthorized persons. All entities entrusted with the processing of personal data guarantee the application of appropriate protection measures and security of personal data required by law.

General

  1. This Privacy Policy (hereinafter referred to as the „Privacy Policy”) sets out how we collect, process and store personal data:
    1. visitors to the website of the https://www.caterings.pl/ owned by the Administrator;
    2. job candidates;
    3. persons contacting the Administrator by e-mail and telephone and persons contacted by the Administrator;
    4. individual clients and contractors;
    5. employees and associates of our clients and contractors;
  2. This Privacy Policy is for informational purposes only and does not constitute a source of obligations for data subjects.
  3. The administrator takes special care to protect the interests of data subjects and applies technical and organizational measures to ensure adequate and adequate protection of personal data processed to the threats.

Data Controller

The administrator of personal data is: Caterings Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw at Saska 103 /1 (03-914), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the m.st. Warsaw, Commercial Division of the National Court Register under number 0000938380, NIP 1133047283, REGON 520715707

Contact with the Administrator

  1. In matters related to the processing of personal data, please contact us by e-mail at a dedicated e-mail:rodo@caterings.pl address
  2. You can also send us a message, request or request to our correspondence address: Saska 103 /1, 03-914 Warsaw.

Purpose and legal basis of data processing

  1. Each time, the purpose and basis for the processing of personal data by the Administrator results from the nature of the relationship between the Administrator and the data subject.
  2. Each of these relationships has been described separately, below, to make it easier for you to find the right records for you.

Visitors to the website https://www.caterings.pl

  1. The administrator may process personal data for the following purposes:
    • monitoring and enforcement of compliance with the terms of use of the website pursuant to Article 6(1)(f) of the GDPR – legitimate interest in ensuring the functionality of the website;
    • administering and managing the website, including confirming identity and preventing unauthorized access – legitimate interest consisting in maintaining the stability of the website and ensuring cybersecurity of website visitors;
    • aggregating data for the purpose of conducting analyzes, pursuant to Article 6(1)(f) of the GDPR – legitimate interest in the form of conducting activities aimed at improving the operation of the website;
    • direct marketing of own products and services – marketing is carried out in the form of the following activities:
      1. use of Google Analytics and Google Ads analytics software to collect user data. In this case, the administrator collects only the following categories of data: the source and medium of obtaining visitors to the website, the way they behave on the website, information about devices and browsers, IP address and domain and geographical data. The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR – consent expressed through browser preference settings;
      2. using the Facebook Pixel tool to target personalized Facebook ads to website users. In particular, the Facebook Pixel collects a history of events (actions performed by the user on the website, e.g. adding a product to the basket) in order to then display a personalized advertisement on Facebook. The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR – consent, expressed within the appropriate browser preference settings;
      3. using the HotJar tool, which is an analytical tool that tracks the behavior taken on our website. The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR – consent, expressed within the appropriate browser preference settings;
    • establishing, investigating and defending against claims pursuant to Article 6(1)(f) of the GDPR – legitimate interest in the form of protection of the Administrator’s interests.
    • You can read the entire cookie policy used by the Administrator here.
    • The recipients of your personal data will be entities providing IT services to the Administrator to the extent applicable to activities related to website management. In addition, the recipients of the data will also be (if you give your consent) Google Inc., Facebook Inc., Hotjar Limited.
    • The administrator is not responsible for the processing of data by Google, Facebook, Hotjar – the owner of Google Analytics and Google Ads tools and Facebook Pixel and HotJar, respectively. The Administrator recommends that you read the privacy policy of Google, Facebook and HotJar to learn about their personal data processing rules.
    • Personal data will be processed until the cookies are deleted, in accordance with the information contained in the Cookies Policy. After this period, the Administrator will store personal data if it is obliged to do so under the law for the period provided for in these provisions or in order to pursue legitimate interests during the period of limitation of claims.
    • In connection with the processing of personal data, the data subject has the following rights: access to personal data, to rectify personal data (update), to delete data, to limit processing, transfer personal data, the right to object to the processing of personal data and lodge a complaint with the supervisory authority.
    • The data subject also has the right to withdraw consent to the processing of personal data. You can withdraw your consent by changing your browser settings. If you do not want to receive personalized ads from the Administrator on Facebook, you should choose your privacy settings on Facebook. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
    • Providing personal data necessary for the operation of the website is voluntary, but without providing them, some functions of the website may not work properly. In the remaining scope, providing personal data is voluntary.

Job Candidates

  1. conducting recruitment proceedings (assessment of qualifications, abilities, skills for a given position, selection of the best person for our team), based on:
  • Article 6(1)(b) of the GDPR – taking action at the request of the data subject;
  • Article 6(1)(c) of the GDPR legal obligation of the controller, including those resulting primarily from Article 221 § 1 of the Labour Code;
  • Article 6(1)(a) of the GDPR – consent expressed in the form of an action clearly confirming the sending of application documents in the scope of documents not required by law, but provided by you in these documents;
  • Article 6(1)(f) of the GDPR – the legitimate interest of the administrator, which is the possibility of checking your skills, competences – in the scope of data provided to us during the interview.
  • Article 6(1)(a) of the GDPR – consent – in the scope of future recruitment processes. Your personal data may be transferred to entities providing various services to us, including: IT service providers (hosting and server of the website and mail, IT outsourcing), which the administrator uses, accounting office, as well as state authorities and other entities authorized under the law. [K.1]
  • We store your personal data until the end of the recruitment process or the candidate’s resignation from applying for employment, unless the candidate agrees to the processing of his personal data also for the purposes of possible future recruitment.
  • In connection with the processing of personal data, the data subject has the following rights: access to personal data, to rectify personal data (update), to delete data, to limit processing, transfer personal data, withdraw consent, the right to object to the processing of personal data and lodge a complaint to the supervisory authority.
  • obligatory to the extent required by the provisions of the Labour Code. The consequence of not providing data is exclusion from the recruitment process. Providing data in the remaining scope is voluntary and does not affect the possibility of joining the recruitment process.

Persons contacting the Administrator by e-mail and phone and persons contacted by the Administrator

  1. The administrator may process personal data for the following purposes:
  • answering questions, including contacting by e-mail, phone or in any other way for this purpose, i.e. pursuant to Article 6(1)(f) of the GDPR – legitimate interest consisting in the possibility of answering a question about business activity;
  • establishing cooperation directly with such a person or employer/entity that such a person represents, i.e. pursuant to Article 6(1)(f) of the GDPR – a legitimate interest consisting in establishing and maintaining relationships as part of business activity.
  • The above purposes and bases apply to persons who contact Caterings sp. z o.o. with its registered office in Warsaw in any matter before the purpose of contact is specified or if toCaterings sp. z o.o. in Warsaw (by phone and e-mail) contacts such a person in any matter.
  • Your personal data may be transferred to entities providing us with various services, including: legal services, IT service providers (hosting and server of the website and mail, IT outsourcing), which the administrator uses, as well as state authorities and other entities authorized under the law.
  • Personal data will be processed until the end of the case that is the subject of the inquiry, contact or objection to the processing of personal data. After this time, the Administrator will store personal data if it is obliged to do so under the law for the period provided for in these provisions or in order to pursue legitimate interests during the period of limitation of claims.
  • Providing data is voluntary, but necessary to respond.

Customers and Contractors

  1. The administrator may process personal data of the client and contractor for the following purposes:
    • necessary to conclude and perform the contract, including customers subscribing to packages also for the purpose of providing electronic services (management, service and execution of the order, setting up an account, servicing the account, transactions, payments), i.e. pursuant to Article 6(1)(b) of the GDPR, Article 6(1)(c) of the GDPR (legal obligation) and Article 6(1)(f) – the legitimate interest of the Administrator, which is the possibility of verifying the status of a member of the Management Board, demonstrate the right of representation;
    • fulfilling obligations towards tax authorities, i.e. pursuant to Article 6(1)(c) of the GDPR;
    • answering e-mails, questions, inquiries and contacting for this purpose, i.e. pursuant to Article 6(1)(f) of the GDPR – the legitimate interest of the Administrator, which is the possibility of reacting to the received message, answering in accordance with its content);
    • pursuing claims or defending rights, as the implementation of the legitimate interest of the Administrator, i.e. pursuant to Article 6(1)(f) of the GDPR;
    • handling the process of submitted complaints, i.e. pursuant to Article 6(1)(b) of the GDPR (performance of the contract) and Article 6(1)(c) of the GDPR (legal obligation);
    • conducting statistical surveys, i.e. pursuant to Article 6(1)(f) of the GDPR – the legitimate interest of the Administrator, which is to improve the operation of the website, enabling it to be tailored to the Customer’s needs;
    • improve business activity and archiving documents, i.e. pursuant to Article 6(1)(f) of the GDPR – the legitimate interest of the Administrator, which is the storage of documentation, more efficient and effective conduct of business.
  • Your personal data may be transferred to entities providing us with various services, including: legal services, IT service providers (hosting and server of the website and mail, IT outsourcing), which the administrator uses, entities that are operators of electronic payment services, as well as state authorities and other entities authorized under the law.

 

  • We store your personal data until the expiry of the limitation period for all claims for performance or improper performance of the contract, as well as until the expiry of the limitation period for tax liability, unless tax laws provide otherwise. In the scope of personal data processed on the basis of the legitimate interest of the Administrator until an effective objection to the processing of personal data is raised.

 

  • In connection with the processing of personal data, subject to the conditions set out in the provisions of the GDPR, the data subject has the following rights: access to personal data, to rectify personal data (update), to delete data, to limit processing, transfer personal data, the right to object to the processing of personal data and lodge a complaint to the supervisory authority.

 

  • The obligation to provide personal data results from the law regulating issues related to the implementation of contracts, including the provisions of the Civil Code and tax law. If you refuse to provide your data, we will not be able to establish a legal relationship. In the remaining scope, providing data is voluntary, but necessary to conclude a contract.

Employees and associates of our clients and contractors

  1. The administrator may process personal data of employees and associates of clients and contractors in order to properly perform the contract to which the entity for which he works is a party or with which such a person cooperates, i.e. pursuant to Article 6(1)(f) of the GDPR (legitimate interest in enabling contact between the parties to the contract in order to perform it).
  2. In such a situation, we received the data directly from the employee or co-worker or from his employer/entity he represents.
  3. The scope of data we have is: name, surname, business telephone and e-mail address, position.
  4. Your personal data may be transferred to entities providing us with various services, including: legal services, IT service providers (hosting and server of the website and mail, IT outsourcing), which the administrator uses, as well as state authorities and other entities authorized under the law.
  5. We store your personal data until the expiry of the limitation period for all claims for performance or improper performance of the contract.
  6. In connection with the processing of personal data, subject to the conditions set out in the provisions of the GDPR, the data subject has the following rights: access to personal data, to rectify personal data (update), to delete data, to limit processing, transfer personal data, the right to object to the processing of personal data and lodge a complaint to the supervisory authority.

Recipients of data

  1. The administrator uses the services of entities that provide sufficient guarantees of personal data security, including through the implementation of appropriate technical and organizational measures.
  2. Personal data is not always entrusted or made available to all of these recipients. The administrator transfers data only when it is necessary to achieve a given purpose of processing and only to the extent necessary.
  3. Due to the fact that the Administrator uses Google Analytics, Google Ads and Facebook Pixel tools, your personal data may be transferred to a third country (i.e. a country that does not belong to the European Economic Area) – the United States of America.

Duration of personal data processing

  1. The time for which we will process your data depends on the purpose for which the data was collected and the legal basis on which the purpose was based.
  2. The exact time of data processing can be found in the individual sections of the Privacy Policy. We encourage you to read this information.

Rights of the data subject

  1. The GDPR has defined a number of rights that you have in connection with the processing of personal data. Subject to the conditions set out in the provisions of the GDPR, you have the following rights:
  2. request access to your personal data, rectification, deletion, limitation of their processing, data portability,
  3. the right to object to the processing of data, if the processing is based on the premise of a legitimate interest,
  4. lodge a complaint with the supervisory body (President of the Office for Personal Data Protection) if it considers that the processing of your personal data violates the provisions of the GDPR,
  5. withdraw consent, with the proviso that the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. In order to withdraw your consent, please contact us at the following e-mail address:
  6. In order to exercise the above-mentioned rights, please contact the Administrator in the manner indicated in the „Contact with the Administrator” section.

Data Source

  1. As a rule, the Administrator obtains personal data processed by the Administrator directly from the data subject or from the employer/entity represented by the natural person.
  2. The obligation to provide personal data or the lack of such an obligation also depends on the relationship that the data subject has with the Administrator, as well as a given process within this relationship.

Final provisions

  1. The Website may contain links to other websites. The Administrator is not responsible for the rules of personal data protection applicable to other administrators. However, the Administrator recommends that after switching to other websites, read the privacy policies functioning on them.
  2. We will regularly review and update this document. This statement was last updated on 21.06.2022