PRIVACY POLICY OF THE WEBSITE BIFALOSTEAKHOUSE.PL
GENERAL PROVISIONS
This Website privacy policy is for information purposes only, which means that it does not create obligations for persons using the Website. The Privacy Policy primarily contains rules regarding the processing of personal data collected by the Administrator on the Website, including the grounds, purposes and duration of the processing of personal data and the rights of data subjects, as well as information regarding the use of cookies and analytical tools on the Website.
The administrator of the personal data collected via the Website is BIFALO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław (registered and correspondence address: ul. Świeża 119, 54-060 Wrocław), entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000936359; the registration court where the company's documentation is kept: District Court for Wrocław - Fabryczna in Wrocław, 6th Economic Department of the National Court Register; share capital of: 5000.00 PLN; NIP: 8943177437, REGON: 520610530, e-mail address: kontakt@bifalo.com.pl and telephone number: (+48) 509 668 467 - hereinafter referred to as ‘Administrator’ and being at the same time the Owner of the Website. .
Personal data on the Website is processed by the Administrator in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as 'GDPR' or 'GDPR Regulation'. Official wording of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
The use of the Website is voluntary. Likewise, the related provision of personal data by the user using the Website is voluntary, with the reservation that the failure to provide, in the cases and to the extent indicated on the Website and in this privacy policy, the personal data necessary to use certain electronic services may result in the impossibility to use these services (e.g. the impossibility to send an enquiry using the contact form and receive a reply from the Administrator). Providing personal data in such a case is necessary for the proper use of the Website services provided by the Owner.
The Administrator shall take particular care to protect the interests of the data subjects whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which it is processed; (4) kept in a form which permits identification of the data subjects for no longer than is necessary to achieve the purpose of the processing; and (5) processed in a manner which ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental processing.
Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent the acquisition and modification by unauthorised persons of personal data transmitted electronically.
All words, phrases and acronyms appearing in this privacy policy and beginning with a capital letter shall be understood in accordance with their meaning as set out in this document.
GROUNDS FOR PROCESSING
The Administrator shall be entitled to process personal data where, and to the extent that, one or more of the following conditions are met: (1) the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for the performance of an agreement to which the data subject is party or to take steps at the request of the data subject prior to entering into an agreement; (3) the processing is necessary for compliance with a legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The processing of personal data by the Administrator requires the existence of at least one of the grounds indicated above in each case. The specific grounds for the Administrator's processing of personal data of Website users are indicated in the following section
PURPOSE, BASIS AND DURATION OF DATA PROCESSING ON THE WEBSITE
In each case, the purpose, basis and period and recipients of the personal data processed by the Controller shall result from the activities undertaken by the user concerned on the Website.
Administrator może przetwarzać dane osobowe na Stronie
| Purpose of data processing | Legal basis for data processing | Data retention period |
| Conclusion of an agreement or taking steps at the request of the data subject prior to the conclusion of an agreement | Article 6(1)(b) of GDPR (agreement) - the processing is necessary for the conclusion of an agreement with the data subject or to take steps at the request of the data subject prior to the conclusion of that agreement (e.g. sending an offer in response to an enquiry from a contact form) | The data shall be stored for the period necessary for the performance, termination or otherwise expiry of the agreement entered into with the Administrator. |
| Direct marketing | Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - the processing is necessary for purposes deriving from the Administrator's legitimate interests - consisting of looking after the Administrator's interests and good image, and reaching a wider audience with its products and services | The data shall be stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of claims against the data subject in respect of the Administrator's business activities. The period of limitation shall be determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years). The Administrator may not process data for direct marketing purposes in the event of an effective objection to this effect by the data subject. |
| Running a newsletter | Article 6(1)(a) of the GDPR Regulation (consent) - the data subject has consented to the processing of their Personal Data for marketing purposes by the Administrator | The data shall be stored until the data subject has withdrawn his or her consent to the further processing of his or her data for this purpose. |
| Establishing, asserting or defending claims which the Administrator may assert or which may be asserted against the Administrator | Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes of the Administrator's legitimate interests - consisting of establishing, asserting or defending claims which the Administrator may raise or which may be raised against the Administrator | The data shall be stored for the period of existence of the legitimate interest pursued by the Administrator, but not longer than the period of limitation of claims against the data subject in respect of the Administrator's business activities. The period of limitation is determined by law, in particular the Civil Code (the basic limitation period for claims that may be raised against the Administrator is six years). |
| Use of the Website and ensuring its proper functioning | Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes of the Administrator's legitimate interests - consisting of the operation and maintenance of the Website | The data shall be stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of the Administrator's claims against the data subject in respect of the Administrator's business activities. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years). |
| Keeping statistics and analysing Website traffic | Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - the processing is necessary for the purposes of the Administrator's legitimate interests - consisting of statistics and analysis of Website traffic in order to improve the functioning of the Website | The data shall be stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of the Administrator's claims against the data subject in respect of the Administrator's business activities. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years). |
RECIPIENTS OF DATA ON THE WEBSITE
For the proper functioning of the Website, it is necessary for the Administrator to use the services of third parties (such as a software or server provider). The Administrator shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.
Personal Data may be transferred by the Administrator to a third country, in which case the Administrator ensures that this will be done in relation to a country ensuring an adequate level of protection - in accordance with the GDPR Regulation, and in the case of other countries, that the transfer will take place on the basis of standard data protection clauses. The Administrator shall ensure that the data subject is able to obtain a copy of their data. The Administrator shall transfer the collected Personal Data only if and to the extent necessary to fulfil the specific purpose of the processing in accordance with this Privacy Policy.
The transfer of data by the Administrator does not take place in every case and not to all the recipients or categories of recipients indicated in the privacy policy - the Administrator transfers data only when it is necessary for the execution of the given purpose of personal data processing and only to the extent necessary for its execution.
Personal Data of Website users may be transferred to the following recipients or categories of recipients:
- service providers who supply the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct its business, including its Website, and to provide electronic services (in particular, a computer software provider for running the Website, an e-mail and hosting provider, and a business management and technical support software provider to the Administrator) - the Administrator shall make the collected Personal Data of the user available to the selected provider acting on the Administrator's behalf only in the case of and to the extent necessary for the fulfilment of the given purpose of data processing in accordance with this Privacy Policy.
- legal and advisory service providers providing legal or advisory support to the Administrator (in particular, a law firm) - the Administrator will share the Personal Data collected from you with the selected provider acting on its behalf only if and to the extent necessary for the fulfilment of the given purpose of data processing in accordance with this Privacy Policy.
RIGHTS OF THE DATA SUBJECT
Right of access, rectification, restriction, deletion or portability - The Data Subject has the right to request from the Administrator access to their Personal Data, their rectification, erasure (‘right to be forgotten’) or restriction of processing and has the right to object to the processing, as well as the right to data portability. The detailed conditions for exercising the rights indicated above are indicated in sections 15-21 of the GDPR Regulation.
Right to withdraw consent at any time - the data subject whose data is processed by the Administrator on the basis of the consent given (pursuant to section 6(1)(a) or 9(2)(a) of the GDPR), has the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
Right to lodge a complaint with a supervisory authority - the data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on Personal Data Protecion. The supervisory authority in Poland is the President of the Personal Data Protection Authority.
Right to object - the data subject shall have the right to object at any time - on grounds relating to their particular situation - to the processing of Personal Data concerning them based on section 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Administrator), including profiling on the basis of these provisions. In such a case, the Administrator shall no longer be allowed to process these Personal Data, unless the Administrator demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
Right to object to direct marketing - where Personal Data is processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of Personal Data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
To excercise the rights referred to in this point of the privacy policy, the Administrator may be contacted by sending the relevant
WEBSITE COOKIES AND ANALYTICS
Cookies are small text files which are sent by a server and stored on the website visitor's side (e.g. on the hard disk of a computer, laptop or smartphone memory card - depending on the device used by the visitor to our Website). Detailed information on cookies, as well as the history of their creation can be found, inter alia, here: https://pl.wikipedia.org/wiki/HTTP_cookie. Cookies that may be sent by the Website can be divided into different types, according to the following criteria:
| By their provider: 1) own (created by the Administrator's Website) and 2) owned by third parties (other than the Administrator) | By their duration of retention on the device of the person visiting the Website: 1) session files (stored until you leave the Website or close your web browser) and 2) permanent files (stored for a specific period of time, defined by the parameters of each file or until they are manually deleted) | By the purpose of their use: 1) indispensable (enabling the proper functioning of the Website), 2) functional/preferential (enabling the adaptation of the Website to the visitor's preferences), 3) analytical and performance (gathering information about the use of the Website), 4) marketing, advertising and social media (collecting information about the visitor to the Website for the purpose of displaying advertisements to the visitor, measuring their effectiveness, personalising them and carrying out other marketing activities, including on websites separate from the Website, such as social networks or other websites belonging to the same advertising network as the Administrator's Website) |
The Administrator may process the data contained in Cookies when visitors use the Website for the following specific purposes:
It is possible to check in the most popular web browsers which Cookies (including the duration of the Cookies and their provider) are being sent by the Website at any given time, as follows:
| In the Chrome browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the ‘Cookies’ tab. | In the Firefox browser: (1) in the address bar, click on the shield icon on the left, (2) go to the ‘Allowed’ or ‘Blocked’ tab, (3) click on the box ‘Tracking cookies between sites’, ‘Social media tracking elements’ or ‘Content with tracking elements’ | In Internet Explorer: (1) click the ‘Tools’ menu, (2) go to the ‘Internet Options’ tab, (3) go to the ‘General’ tab, (4) go to the ‘Settings’ tab, (5) click the ‘View Files’ box |
| In the Opera browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the ‘Cookies’ tab. | in the Safari browser: (1) click on the ‘Preferences’ menu, (2) go to the ‘Privacy’ tab, (3) click on the ‘Manage site data’ box | Irrespective of the browser, using the tools available, for example, at: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/ |
By default, most web browsers on the market accept the storing of cookies. You can determine the conditions for the use of cookies via the settings of your own browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the storage of cookies - in the latter case, however, this may affect the operation of certain elements of the Website.
Your browser's settings regarding cookies are relevant from the point of view of your consent to the use of cookies by our Website - in accordance with the regulations, such consent can also be given through your browser settings. Detailed information on how to change your cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the respective link):
in Chrome
in Firefox
in Opera
in Safari
The Administrator may use on the Website the following services: Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator to keep statistics and analyse traffic on the Website. The data collected is processed by the above services to generate statistics to help administer the Website and analyse Website traffic. These data are of an aggregate nature. When using the above services on the Website, the Administrator collects data such as the source and medium of acquisition of visitors to the Website and their behaviour on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
It is possible for a person to easily block the release of information to Google Analytics about their activities on the Website - for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
In connection with the possibility of the Administrator to use analytical and advertising services provided by Google Ireland Ltd. on the Website, the Administrator indicates that full information on the principles of processing of data of visitors to the Website (including information stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.
The Administrator may use on the Website the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the effectiveness of advertisements and to find out what actions visitors take on the Website, and to display tailored advertisements to such visitors. Details of operation
