The protection of private information regarding Users of the website https://www.sakura.rest.pl/(hereinafter referred to as the “Website”) is extremely important to us, therefore we make every effort to ensure that you are safe when visiting our Website.
The following terms should be understood:
- “Restaurant” or “Sakura Rest & Sushi” – it ought to be understood as the Company Valido Rest Sp. z o.o. with its registered office in Kraków, address: ul. Wielopole 3, 31-072 Kraków, entered into the Register of Entrepreneurs kept by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Department of the National Court Register under the number KRS 0000447530, NIP: 6762461599, REGON: 122764119;
- “Online store” – it ought to be understood as the website available at https://www.sakura.rest.pl;
- “Customer” – it ought to be understood as a natural person acting on his / her behalf or for a legal person or an organizational unit without legal personality, but having legal capacity under the Act, and who used the Restaurant’s website by browsing the website available at https://www.sakura.rest.pl or by sending your personal data to register an Individual Account on the Restaurant’s website or to place an order on the Sakura Rest & Sushi website, or to subscribe to the Newsletter;
- “Individual account” – a panel assigned individually to the Customer after data registration in the Online Store system, marked with an individual name (login) and password provided by the Customer in the Restaurant’s ICT system, allowing the Customer to use additional functionalities of the Restaurant’s website;
- “Order form” – a form by which the Customer orders meals offered by Sakura Rest & Sushi on the Restaurant’s website, in which the Customer provides the following data: name, surname, e-mail address, telephone number, delivery address;
- “Account registration” – it ought to be understood as the form used to register the Customer on the Sakura Rest & Sushi website in order to create an Individual Account via the Restaurant’s website, through which the User provides the following personal data: name, surname, e-mail address, optional data companies;
- “Logging into the Individual Account” – it ought to be understood as the form used to log the Customer into the Individual Account in the Online Store – after having previously registered – through which the Customer provides the following personal data: e-mail address, password;
- “Contact form” – it ought to be understood as the form placed on the Website in the “Contact” tab, used to contact the Restaurant in order to obtain detailed information about products, orders placed by the Customer or technical problems on the Website, through which the User provides: name, address email, phone number;
- “Services” – means the following activities of the Restaurant, undertaken as a result of providing personal data by the Customer: maintaining an Individual Account or sending a return message containing detailed information about products, the Customer’s order or technical problems on the site;
§ 1. Preliminary provisions
- This Online Store runs Sakura Rest & Sushi.
§ 2. Cookies
§ 3. Personal data
- Personal data is information about an identified or identifiable natural person. Personal data is not anonymized in such a way that data subjects cannot be identified at all or can no longer be identified.
- The administrator of personal data obtained from customers is Sakura Rest & Sushi.
- Personal data is processed in accordance with the law and taking into account the principles of reliability, transparency and adequacy.
- Personal data is not collected or processed on the Online Store website for the purpose of transferring or selling them to external entities for marketing purposes. Sakura Rest & Sushi also does not send messages on behalf of third parties.
- We may collect, process, store and transfer various types of your personal data, which we have grouped as follows:
- Identity Data, including name, surname, username or similar identifier.
- Contact details, including billing address, delivery address, email address, phone number.
- Transaction Data, including transactions and payments.
- Technical Data, including the IP address, login details, browser type and version, time zone and location settings, types and versions of plugins, operating system and other technologies used by you on the devices with which you use the Website.
- Account Data, including username and password as well as order history.
- User Data, information on how you use the Restaurant’s website and what Services you use.
- Marketing and Communication Data, including your preferences in receiving commercial information and communication from us.
- The moment you use the website of our Website, it may automatically download your Technical Data regarding your devices or activities and patterns of behavior on the web. We collect this personal data through Cookies and other technologies, in accordance with the “Cookies Policy” available on our Online Store website.
§ 4. Purpose and basis for processing your personal data
- If the User provides personal data, they will be used in accordance with the purpose of their transfer. Below we present a specification of the purposes / activities of processing your personal data by category of this data, assigned to the legal basis for the processing of personal data.
|Purpose / processing operation||Personal data type||The basis for processing|
|Creating a customer account||Identity Data Contact Details||Conclusion and performance of the contract|
|Execution of the contract||Identity Data Contact Data Account Data||Conclusion and performance of the contract|
|Customer relationship management: Notification of changes in regulations and policies||Identity Data Contact Data Account Data||Performance of the contract Our legal obligation|
|Managing and ensuring the security of the Restaurant and its Website (diagnostics and system maintenance, data analysis, testing, server management and hosting)||Identity Data Contact Data Technical Data||The legitimate interest of the administrator (conducting business activities, managing IT processes, ensuring network security, preventing fraud) We have a legal obligation|
|Ensuring adequate content of the Restaurant website and ads, as well as analyzing the effectiveness of conducted advertising campaigns||Identity Data Contact Data Account Data Usage Data Marketing and Communication Data Technical Data||The legitimate interest of the administrator (verification of how customers use our services to develop and improve the quality of service provision and to create marketing strategies)|
|Providing the customer with a return message regarding detailed information about products, orders made by the Customer or technical problems on the website||Contact details||Take action before the conclusion of the contract. Performance of the contract|
- Providing personal data is voluntary, however, the lack of consent to the processing of personal data prevents Account registration and order processing.
- One of the ways we process personal data is the so-called profiling. We can use your Identity, Contact, Technical, Usage and Account Data to create a profile of our clients’ preferences and thus, based on them, customize our services and the content they receive from us. In this way, we can decide which of our Services may be appropriate for you.
§ 5. Provision of your personal data and international transfers
- For the purposes set out in the preceding paragraph, we may disclose your personal data to external third parties, such as marketing, accounting and IT companies, providing services such as hosting, cloud computing, as well as to the Tax Office and other public authorities in the Republic of Poland.
- If the Customer chooses payment via:
- the Tpay system – his personal data is transferred to the extent necessary for the payment to be made Krajowy Integrator Płatności S.A. with its registered office ul. Św. Marcin 73/6 61-808 Poznań, NIP: 7773061579, REGON: 300878437, KRS:0000412357, then Tpay is the administrator of the Customer’s personal data;
- We require all third parties to maintain security measures regarding your personal data and to process them in accordance with the law. We do not allow our suppliers to use Users’ personal data for their own purposes and we process it for specific purposes and in accordance with our instructions.
- Due to the fact that we use the services of other suppliers, e.g. in the field of ICT support, your personal data may be transferred outside the EEA. In such cases, we provide a similar level of protection for this data by providing at least one of the following protection measures:
- transfer of personal data to countries recognized by the European Commission as ensuring adequate protection of personal data,
- application of data protection clauses adopted by the European Commission, guaranteeing the same protection as in the European Union, or
- while we use service providers based in the United States, we may provide them with Privacy Shield data, which requires them to provide similar protection as within the European Union.
§ 6. Data security
- The Customer’s processing of the Customer’s personal data takes place in compliance with all rules regarding the security of personal data processing that meet the requirements of the law. We have introduced the necessary security measures to protect your data against accidental loss, unauthorized access or use, alteration or disclosure. We limit access to your data to employees, agents, service providers and other third parties to whom such disclosure is necessary from the point of view of our business operations. They will process your personal data only in accordance with the Restaurant’s instructions and they are obliged to confidentiality.
- The restaurant has adopted appropriate procedures to deal with suspected violations. We will notify you and the relevant supervisory authority of any breach if we are legally required to do so.
§ 7. Time of data processing
- Your personal data will be stored for no longer than the time necessary to fulfill the purpose for which they were collected (i.e. the time necessary to complete the order, maintain the Customer’s account), unless a longer time results from the need to fulfill our obligations legal, accounting or reporting and for the period necessary to pursue claims resulting from the provisions of the Civil Code.
- We process personal data processed for accounting and tax reasons for 5 years counted from the end of the calendar year in which the tax obligation arose.
- Under certain circumstances, you may request the deletion of your personal data in accordance with § 9.
- In certain circumstances, we may anonymize your personal data (providing irreversible prevention of person identification) for research and statistical purposes, in which case we may store this data indefinitely, without further obligation to notify you.
§ 8. Customer rights related to the protection of personal data. Complaint to the supervisory authority
- The Customer in certain situations has the right to request the Restaurant to view, correct, change, limit, rectify or delete his personal data that the Restaurant administers and the right to object to the processing of his personal data by the Restaurant. To do this, send a message to the following e-mail address: xxx.
- Please note that we will not always be able to fulfill your request regarding the deletion of your personal data, namely due to individual legal obligations or redress. In such cases, it will be communicated to you after making such a request. If you would like to receive more information about individual rights presented in this paragraph, please contact us according to the contact details of the Restaurant.
- The customer has the right, at any time, withdraw consent to the processing of personal data by sending a message to the email address xxx or by clicking the deactivation link sent each time in the marketing message. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. This means that the withdrawal of consent concerns the future, not the processing of data that took place in the past, in the period between the consent being given and withdrawn.
- The Customer has the right to submit to the Restaurant a request to send his personal data, which is administered by the Restaurant, to another personal data administrator, provided that the technical and organizational requirements allow the sending of such personal data.
- Sakura Rest & Sushi shall without undue delay – and in any case within one month of receipt of the request – provide the Customer who has made one of the requests listed in this paragraph with information about actions taken in connection with the request, or about any extension of the deadline due to the nature of the request or the number of requests, or the reasons for not taking action, and the possibility of submitting a complaint to the supervisory authority and exercising legal protection measures before a court.
- The rights mentioned above are free of charge, however Sakura Rest & Sushi may charge the customer a reasonable fee if the presented request or requests are obviously unfounded, repetitive or excessive. In such cases, we may also refuse to comply with your request.
- In order to meet specific requests, the Restaurant may request specific information from the Customer in order to verify his identity and ensure the exercise of individual rights. This is a security measure to ensure that personal data is not disclosed to unauthorized persons.
- The Customer whose personal data is administered by the Restaurant has the right to lodge a complaint with the supervisory authority, in particular in a Member State:
- his habitual residence,
- his place of work, or
- the place of alleged violation,
- if he thinks that the processing of personal data concerning him violates the GDPR. The complaint may be sent by post to the address of the President of the Office for Personal Data Protection, ul. Stawki 2, 00 – 193 Warsaw or via e-mail to the address firstname.lastname@example.org.
§ 9. Restaurant responsibility and complaint submission
- The restaurant, acting with due diligence, ensures the correct operation of the Website, but is not responsible for technical restrictions on the ability to use the Website arising from the technical condition of the User’s Equipment and resulting from a failure of data transmission (internet connection) used by the User.
- The Restaurant asks you to report any irregularities related to the operation of the Website to the following email address: xxx.
- The restaurant shall consider the complaint referred to in the preceding paragraph of this paragraph within 7 days from the date of their notification, informing the User about the positive or negative consideration of the complaint each time stating the reasons for the decision.
- The User is also entitled to use out-of-court complaint consideration methods. In the event of a dispute involving a consumer out of court, it may also be resolved through the ODR internet platform, which is available at: http://ec.europa.eu/consumers/odr/.
- In all matters related to the processing of your personal data by the Restaurant, please contact us at the following e-mail address: xxx.pl or at the phone number indicated on the Website.