The controller of your personal data is Zacisze Anioła Palarnia Kawy Kawiarnia Sp. z o.o., with its registered office in Łańcut (ul. Ottona z Pilczy 21, 37‑100 Łańcut). Contact: kontakt@kawaspeciality.com.pl, phone +48 501 239 648.
Customer service hours: Mon–Fri 08:00–17:00, Sat–Sun 10:00–18:00.
A data protection officer has not been appointed—please write to the e‑mail address above regarding any privacy matters.

2) How we obtain your data and for what purposes we process it

We obtain data primarily from you—during purchases, when creating an account, when contacting us, in returns/complaints processes, and while you use the website (cookies). The website includes “Log in / Register” and “Information” sections (including: Delivery and payments, Returns and complaints, Terms, Privacy Policy).

Main purposes and legal bases:

● Order fulfilment, payment, delivery – Article 6(1)(b) GDPR (contract) and 6(1)(c) GDPR (accounting/tax obligations). We cooperate, among others, with Tpay and PayPal payment operators, as well as with carriers (e.g., InPost, DPD/Geopost, FedEx)—as indicated on the website.

● Client account servicing – Article 6(1)(b) GDPR. (An Account allows you to track order history and speeds up future purchases.)

● Contact (e‑mail/phone/form) – Article 6(1)(f) GDPR (legitimate interest: handling enquiries).

● Complaints and returns – Article 6(1)(c) and (b) GDPR (consumer law/contract). Information and communication channels are provided in the “Returns and complaints” section.

● Analytics and online marketing (upon cookie consent) – Article 6(1)(a) GDPR (consent). We use Google Analytics, Google Ads (remarketing) and Facebook Pixel—details in the cookies section.
Newsletter: currently we do not run newsletter sign‑ups—if launched, this Policy will be updated accordingly.

Depending on the activity: first and last name, e‑mail address, phone number, delivery/billing address, invoicing details, order and payment data, account data (login, password—stored in encrypted form), content of correspondence, cookie identifiers, and technical data of your browser/device (see §6).

We cooperate with trusted entities that process data on our behalf or as independent controllers to the extent necessary for order fulfilment, payment processing, delivery, website maintenance, and analytics/online marketing, including:

● Hosting/maintenance: LH.PL sp. z o.o.; IT support: Testin Krzysztof Samborski.

● Payments: Krajowy Integrator Płatności S.A. (operator of the Tpay system), PayPal (Europe) S.à r.l. et Cie, S.C.A. (operator of the PayPal system).

● Delivery: Furgonetka sp. z o.o. (broker), InPost sp. z o.o., DPD/Geopost, FedEx – depending on the selected delivery method.

● Analytics/marketing: Google (Analytics/Ads), Meta (Facebook Pixel).

● Chat: Smartsupp.com, s.r.o.

We only share data necessary to accomplish a specific purpose (e.g., a carrier receives the address and contact details required to deliver a parcel).

● Orders / invoices – for the period required by tax and accounting regulations (as a rule, 5 years counted from the end of the tax year).

● Account – until the account is deleted.

● Correspondence – until the matter is concluded and any potential claims expire.

● Cookies – until the expiry period indicated in the cookie settings or until consent is withdrawn (see §6).

6.1. Who sets cookies and for what purposes

We use the following categories of cookies:

● Necessary – ensure the Store functions (cart, login, checkout) – processed on the basis of our legitimate interest and do not require consent.

● Analytics and marketing – activated only after your consent given in the cookie banner:

○ Google Analytics – website usage statistics (with IP anonymization enabled).

○ Google Ads (remarketing) – serving ads tailored to your activity on our site.

○ Facebook Pixel – ad targeting within Meta services.

6.2. How to manage consent

You can give/withdraw consent at any time via the banner/cookie preference center visible on the site or in your browser settings (note: disabling necessary cookies may prevent purchases).

6.3. Embedded content

We may embed YouTube materials on the site (cookies load only upon playback).

We use providers that may process data outside the EEA (e.g., Google, Meta, Smartsupp). For transfers to the USA, we rely on legal mechanisms under the GDPR: the recipient’s participation in the EU–U.S. Data Privacy Framework (DPF) (where applicable) or the European Commission’s Standard Contractual Clauses (SCCs). More about DPF and SCCs can be found on the European Commission’s pages.

You have the right to: access, rectify, erase, restrict processing, data portability, object to processing (where the basis is our legitimate interest), and withdraw consent (without affecting the lawfulness of processing based on consent before its withdrawal). You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

Providing data is voluntary, but for purchases it is necessary to conclude and perform the contract (without delivery/payment data we cannot fulfil the order). For analytics/marketing cookies—the decision is yours (consent via the banner).

We do not make decisions about you producing legal effects solely on the basis of automated processing. Upon consent to marketing cookies, we may conduct basic profiling (e.g., tailoring ads to pages visited)—this can be disabled by withdrawing consent (see §6).

This Policy may be updated, e.g., when Store functionalities or service providers change. The current version is published in Information → Privacy Policy.