RESTURACJA STARY DOM LIMITED LIABILITY COMPANY LIMITED PARTNERSHIP
We place great importance on protecting your privacy. We treat personal data with care and in accordance with obligations arising from applicable legal provisions, particularly GDPR. We use technology that allows us to collect cookies. Information about how we use these technologies can be found in Chapter VII dedicated to Cookie Policy.
I. Personal Data Controller
The controller of your personal data is:
RESTURACJA STARY DOM LIMITED LIABILITY COMPANY LIMITED PARTNERSHIP
with registered office at: ul. Puławska 104/106, 02-620 Warsaw
entered in the KRS business register under number: 0000426620
Tax ID: 521-34-48-980
REGON: 141033556
hereinafter also “Controller” or “Restaurant“.
For matters concerning personal data processing, you can contact us:
- by mail: Restauracja Stary Dom ul. Puławska 104/106, 02-620 Warsaw,
- email: info@restauracjastarydom.pl,
- phone: 22 646 42 08.
If a Data Protection Officer is appointed, information about them and contact details will be published on the Restaurant’s website.
II. Scope and methods of data processing
In connection with using our services, we collect your data to the extent necessary to provide them, as well as information about your activity on the website and in the course of fulfilling orders (in-store, online, catering).
We process the following categories of data in particular:
- Identification and contact data
- first and last name,
- address (e.g., for catering delivery),
- phone number,
- email address.
- Billing and accounting data
- data necessary for issuing receipts/invoices (name, tax ID, address),
- information about payments made and orders.
- Data related to website usage
- IP address,
- device and browser identifiers,
- data collected through cookies (details in Chapter VII).
- Data provided in contact/order forms
- content of messages, inquiries, comments, or complaints.
Data is provided to us directly by you (e.g., when placing an order, contacting through a form, email, phone, in person at the Restaurant) or collected automatically in connection with using our website (cookies, server logs).
III. Purposes and legal bases for data processing
Your personal data may be processed for the following purposes:
- Providing electronic services and website operation
- providing content on the website, handling forms, enabling online ordering.
Legal basis: Article 6(1)(b) GDPR (contract performance or actions before its conclusion).
- providing content on the website, handling forms, enabling online ordering.
- Performing contracts concluded with the Restaurant
- fulfilling orders in the delicatessen shop, in the restaurant, “Starodomski Catering” catering service, reservations, deliveries.
Legal basis: Article 6(1)(b) GDPR.
- fulfilling orders in the delicatessen shop, in the restaurant, “Starodomski Catering” catering service, reservations, deliveries.
- Fulfilling legal obligations incumbent on the Controller
- maintaining accounting books, tax settlements, providing responses to relevant state authorities, storing documentation for the required period, obligations related to implementing a project co-financed with EU funds (RRP).
Legal basis: Article 6(1)(c) GDPR.
- maintaining accounting books, tax settlements, providing responses to relevant state authorities, storing documentation for the required period, obligations related to implementing a project co-financed with EU funds (RRP).
- Analytical and statistical purposes
- analyzing user activity on the website, sales analysis, purchasing preferences, to improve service quality, offerings, website functionality.
Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller.
- analyzing user activity on the website, sales analysis, purchasing preferences, to improve service quality, offerings, website functionality.
- Marketing and promotion of Restaurant services
- informing about current offers, promotions, events, newsletter, remarketing activities (provided the law allows and consent requirements are met when necessary).
Legal basis: - Article 6(1)(a) GDPR – consent (e.g., for newsletter),
- Article 6(1)(f) GDPR – legitimate interest of the Controller (marketing own services).
- informing about current offers, promotions, events, newsletter, remarketing activities (provided the law allows and consent requirements are met when necessary).
- Handling complaints and reports
- receiving and processing complaint reports, quality issues, service comments.
Legal basis: Article 6(1)(b) and (c) GDPR.
- receiving and processing complaint reports, quality issues, service comments.
- Establishing, pursuing, or defending claims
- pursuing claims related to concluded contracts or conducted business, defending against claims from Customers or third parties.
Legal basis: Article 6(1)(f) GDPR.
- pursuing claims related to concluded contracts or conducted business, defending against claims from Customers or third parties.
When using the website, we also process IP addresses or other device identifiers and information collected through cookies – details in Chapter VII.
IV. Your rights regarding data processing
In connection with processing your personal data, you have the following rights, among others:
- right of access to data – you can obtain information about whether we process your data and receive a copy of it;
- right to rectification of data – you can request correction or completion of incomplete data;
- right to erasure of data (“right to be forgotten”) – you can request deletion of data when there are no grounds for further processing;
- right to restriction of processing – e.g., when you contest the accuracy of data or processing is unlawful, but you don’t want it deleted;
- right to data portability – when processing is carried out automatically, based on consent or contract;
- right to object – to processing based on our legitimate interest (Article 6(1)(f) GDPR), including marketing activities;
- right to lodge a complaint with a supervisory authority – President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.
The indicated rights may be exercised taking into account limitations arising from legal provisions (e.g., accounting, tax, project obligations).
To exercise your rights, you can contact the Controller in any way indicated in Chapter I.
V. Recipients of personal data and data transfers outside the EEA
Your personal data may be disclosed to the following categories of recipients:
- IT service providers (hosting, email, sales systems, reservation systems, online order and catering management systems);
- entities providing accounting, legal, advisory services;
- courier and transport companies (to fulfill deliveries for catering/delicatessen);
- payment operators (for electronic payments);
- institutions involved in implementing, settling, and controlling projects financed under the National Recovery and Resilience Plan (national and EU institutions);
- state and local government authorities, courts, law enforcement agencies – when required by applicable law.
As a rule, we do not transfer data outside the European Economic Area (EEA). If we use services from providers based outside the EEA (e.g., analytical tools providers, cloud services), data transfer will be carried out in compliance with GDPR requirements, particularly through:
- cooperation with entities from countries for which the European Commission has issued a decision establishing an adequate level of protection,
- using standard contractual clauses,
- other permissible mechanisms provided for in GDPR.
VI. Personal data processing period
The period of processing your data depends on the purpose:
- data related to contract performance (orders, catering, reservations) – for the duration of the contract and limitation of claims (generally up to 6 years);
- accounting and tax data – for the period required by law (at least 5 years from the end of the tax year);
- data processed based on consent – until its withdrawal;
- data processed based on legitimate interest – until realization of that interest or effective objection;
- data related to EU project (RRP) – according to requirements of financing institutions and provisions on project documentation archiving.
After the indicated periods expire, data is irreversibly deleted or anonymized.
VII. Cookie Policy
Cookies are small text files stored on your device (e.g., computer, tablet, smartphone) that allow, among other things, proper website operation, remembering selected settings, and analyzing website usage.
When you use our website:
- we inform you about cookie usage,
- you can decide which cookie categories you accept (except cookies necessary for website operation).
Cookies may collect, among other things, your IP address, device identifier, data about activity on the website. As a rule, they do not serve to directly identify you, but to ensure website operation and traffic analysis.
We use cookies particularly:
- for proper website and shopping cart operation;
- to remember your settings (e.g., language preferences);
- for statistical and analytical purposes – to improve website structure and content.
We use, among others:
- session cookies – stored until logout or browser closure;
- persistent cookies – stored for a period resulting from browser settings or until their deletion.
You can change browser settings regarding cookie handling at any time (blocking, notification of their saving). However, limiting cookie usage may affect some website functions.
VIII. Profiling
Personal data provided by you is not subject to automated decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you.
IX. Information about the “Starodomski Catering – catering service” project
RESTURACJA STARY DOM SP. Z O.O. SP.K. implements the project:
“Business diversification in the Mazovian Voivodeship (region 2) by adding a new service to the offer: Starodomski Catering – catering service”
The project is implemented under the National Recovery and Resilience Plan, action A1.2.1 Investments for enterprises in products, services and employee competencies and staff related to business diversification.
The project is co-financed with European Union funds.
Co-financing amount: 410,934.33 PLN.
In connection with project implementation, we process personal data for purposes including:
- implementing project activities,
- demonstrating expenditure eligibility,
- reporting, monitoring, control, and audit of the project by authorized institutions.
The legal basis for this processing is:
- Article 6(1)(c) GDPR – fulfilling legal obligations related to project implementation and settlement,
- Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in project implementation and proper settlement and defense against potential claims.
Data may be transferred to institutions responsible for implementing the National Recovery and Resilience Plan and other entities authorized to conduct audits, controls, and settlements of projects co-financed with EU funds.
X. Final provisions
We reserve the right to change the provisions of this Privacy Policy. We will inform about each significant change by publishing an updated version on the website.
In matters not regulated by this Policy, relevant provisions of Polish law and GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council) apply.
