Good day!

If you’ve found yourself here, it’s a sure sign that you value your privacy. We fully understand that, which is why we’ve prepared this document where you’ll find the principles for processing personal data and using cookies in connection with visiting the website https://kawiarnia-aniola.pl/.

A formal note to start – the site is administered by Łukasz Decowski.

If you have any questions or concerns regarding the privacy policy, feel free to contact us at any time by sending an email to biuro@kawiarnia-aniola.pl.

We care about your privacy, but also your time. That’s why we’ve prepared a summary of the most important rules related to privacy protection.

1. When you place an order, file a complaint, withdraw from a contract, leave a comment, or simply contact us, you share your personal data with us. We guarantee that your data will remain confidential, secure, and will not be shared with any third parties without your explicit consent.
2. We entrust the processing of personal data only to verified and trusted entities providing services related to data processing.
3. We use Google Analytics tools to collect information about your visits to our site, such as the pages you viewed, the time spent on the site, and transitions between subpages. For this purpose, cookies from Google LLC related to the Google Analytics service are used. Through Google Analytics, we collect demographic data and information about interests. You can object to the collection of this data in your cookie settings.
4. We use Google AdWords for remarketing campaigns, which also involves the use of cookies from Google LLC related to Google AdWords. You can object to the use of these cookies in your cookie settings.
5. We use marketing tools like Facebook Pixel to serve you personalized ads on Facebook. This involves the use of cookies from Facebook. You can object to the use of these cookies in your cookie settings.
6. We provide social media functions, such as sharing content on social networks and subscribing to social profiles. Using these features may involve the use of cookies from social media platforms like Facebook, Instagram, YouTube, Twitter, Google+, and LinkedIn.
7. We embed videos from YouTube and Vimeo on our site. For this, cookies from Google LLC (YouTube) and Vimeo Inc. are used, which are only loaded when you play the video.
8. We use the Disqus commenting system, which uses cookies.
9. We offer direct contact via online chat, which involves the use of cookies from Smartsupp.com s.r.o.
10. We use our own cookies to ensure the proper functioning of the site, particularly for managing user accounts and processing orders.

If the above information is not enough for you, you can find more detailed explanations below.

The administrator of your personal data, in accordance with data protection regulations, is Łukasz Decowski.

The purposes, legal basis, and duration of the processing of personal data are indicated separately for each processing purpose (see the description of individual purposes for processing personal data below).

Your rights
The General Data Protection Regulation (GDPR) grants you the following potential rights related to the processing of your personal data:

1. The right to access personal data
2. The right to rectify personal data
3. The right to delete personal data
4. The right to restrict the processing of personal data
5. The right to object to the processing of personal data
6. The right to data portability
7. The right to file a complaint with a supervisory authority
8. The right to withdraw consent to the processing of personal data, if consent has been given.

The rules for exercising these rights are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these regulations. We believe it’s important to clarify that the rights mentioned above are not absolute and may not apply to all processing activities concerning your personal data. For your convenience, we’ve made efforts to indicate the rights available to you within the description of each data processing operation.

We emphasize that one of the rights mentioned above always applies – if you believe we have violated data protection regulations while processing your personal data, you have the right to lodge a complaint with the supervisory authority (the President of the Office for Personal Data Protection).

You can also always request information about what data we hold about you and for what purposes we process it. Simply send a message to biuro@kawiarnia-aniola.pl. We have made every effort to ensure that the information you’re interested in is thoroughly explained in this privacy policy. You can also use the above email address for any questions related to the processing of your personal data.

We guarantee the confidentiality of all personal data you provide to us. We ensure that all necessary security and data protection measures required by data protection regulations are in place. Personal data is collected with great care and appropriately protected against unauthorized access.

Your data may be processed by our subcontractors, meaning the entities we use to process data and provide services to you or fulfill orders in our online store.

• LH.PL SP. Z O.O. – for storing personal data on the server,
• Furgonetka sp. z o.o – to manage the shipping process in the online store, which involves processing your data necessary for order delivery,
• InPost Sp. z o.o., Geopost, FedEx Corporation  – to use courier services that deliver your orders,
• Testin Krzysztof Samborski – for IT support services, website management, where the entity providing support may have access to your personal data collected via the website or store.

All entities to which we entrust the processing of personal data guarantee the use of appropriate data protection and security measures as required by law.

When placing an order, you are required to provide necessary information such as your name, billing address, email address, and phone number. Providing this data is voluntary but essential to complete the order.

The data you provide in relation to the order is processed for the purpose of fulfilling the order (Article 6(1)(b) GDPR), issuing an invoice (Article 6(1)(c) GDPR), including the invoice in our accounting records (Article 6(1)(c) GDPR), and for archival and statistical purposes (Article 6(1)(f) GDPR).

Order-related data will be processed for the time necessary to fulfill the order, and afterward until the expiration of any claims related to the contract. Additionally, after this period, the data may still be processed for statistical purposes. Remember, we are required to keep invoices with your personal data for 5 years from the end of the tax year in which the tax obligation arose.

You cannot correct order data after the order has been completed. You also cannot object to the processing of data or request its deletion until the expiration of the claims period related to the contract. Similarly, you cannot object to or request the deletion of data contained in invoices. However, after the claims period has expired, you may object to the processing of your data for statistical purposes and request its removal from our database.

Regarding order data, you also have the right to data portability, as stated in Article 20 of the GDPR.

If you wish to subscribe to our newsletter, you must provide your email address through the newsletter subscription form. Providing this data is voluntary but necessary to sign up for the newsletter.

The data you provide when subscribing to the newsletter is used for sending you the newsletter, and the legal basis for processing this data is your consent (Article 6(1)(a) GDPR), given when you sign up.

Your data will be processed for as long as the newsletter is active, unless you choose to unsubscribe, which will result in your data being removed from the database.

You can update your data stored in the newsletter database at any time, or request its deletion by unsubscribing from the newsletter. You also have the right to data portability as outlined in Article 20 of the GDPR.

When you file a complaint or withdraw from a contract, you provide us with personal data included in the complaint or withdrawal statement, such as your name, address, phone number, email address, and bank account number. Providing this data is voluntary but necessary to file a complaint or withdraw from the contract.

The data provided in relation to filing a complaint or withdrawing from a contract is used to process the complaint or withdrawal procedure (Article 6(1)(c) GDPR).

The data will be processed for the time necessary to complete the complaint or withdrawal procedure. Complaints and withdrawal statements may also be archived for statistical purposes.

For data included in complaints and withdrawal statements, you cannot correct this data. You also cannot object to the processing of this data or request its deletion until the expiration of the statute of limitations for claims related to the contract. After the expiration of this period, however, you can object to the processing of your data for statistical purposes and request its deletion from our database.

When contacting us via email, including through the contact form, you naturally provide us with your email address as the sender. Additionally, you may include other personal data in the message content. Providing this data is voluntary but necessary to establish contact.

Your data is processed for the purpose of communicating with you, and the legal basis for this processing is your consent (Article 6(1)(a) GDPR) as a result of initiating contact. After the contact is concluded, the legal basis for processing is a legitimate interest in archiving the correspondence for internal purposes (Article 6(1)(c) GDPR).

The content of the correspondence may be archived, and we cannot definitively determine when it will be deleted. You have the right to request the history of the correspondence you’ve had with us (if it was archived) and also request its deletion unless its archiving is justified by our overriding interests, such as defending against potential claims from you.

If you want to add a comment on the blog, you must fill out a form and provide your email address and name. Providing this data is voluntary but necessary to post a comment.

The comment system is operated by Disqus Inc., 301 Howard Street, Suite 300, San Francisco, CA 94105, USA. Disqus is an independent controller of your personal data, and using the system is based on your acceptance of Disqus’ terms of service.

The data provided when adding a comment is used to publish the comment on the blog, and the legal basis for processing is your consent (Article 6(1)(a) GDPR) given by posting the comment.

The data will be processed for as long as the comments are active on the blog, unless you request the removal of the comment, which will result in your data being deleted from the database.

You can update your data associated with the comment at any time, as well as request its deletion. You also have the right to data portability, as stated in Article 20 of the GDPR. These rights can be exercised directly through your user account in the Disqus system.

Our website and store, like almost all other websites, use cookies.

Cookies are small text files stored on your end device (e.g., computer, tablet, smartphone) that can be read by our IT system (first-party cookies) or the IT systems of third parties (third-party cookies).

Some of the cookies we use are deleted after the end of your browser session, meaning after you close it (session cookies). Other cookies remain on your end device and allow us to recognize your browser during your next visit (persistent cookies).

More details can be found below.

During your first visit to the site, you will see information about the use of cookies. Through a special tool, you can manage cookies directly from the website. Additionally, you can always change your cookie settings from your browser or delete cookies altogether. Browsers handle cookie settings differently, and you can find explanations on how to change cookie settings in your browser’s help menu.

Please note that disabling or limiting the use of cookies may cause difficulties in using our site, as well as many other websites that rely on cookies.

We use first-party cookies to ensure the proper functioning of the website, particularly for processes such as placing orders and logging into user accounts.

Our website, like most modern websites, uses features provided by third parties, which involve the use of third-party cookies. The use of these cookies is described below.

We use Google Analytics, a tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Our activities in this area are based on our legitimate interest in creating statistics and analyzing them to optimize our website.

Google Analytics automatically collects information about your use of our site. The data collected in this way is typically transmitted to Google servers in the United States and stored there.

Due to the IP anonymization feature we have activated, your IP address is shortened before being transmitted. Only in exceptional cases is the full IP address sent to a Google server in the U.S. and shortened there. The anonymized IP address provided by your browser through Google Analytics is generally not combined with other Google data.

Since Google LLC is based in the U.S. and uses technical infrastructure located there, it has joined the EU-US Privacy Shield program to ensure an adequate level of personal data protection required by European regulations. Under the agreement between the U.S. and the European Commission, the latter has determined that companies certified under Privacy Shield provide an appropriate level of data protection.

You can prevent the recording of data collected by cookies related to your use of our website by Google, as well as the processing of this data by Google, by installing a browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

We also collect demographic and interest-based data through Google Analytics. You can disable Google Analytics cookies directly from our website’s cookie settings.

If you’re interested in more details on how Google Analytics processes data, we encourage you to read Google’s explanation: https://support.google.com/analytics/answer/6004245.

We use Google AdWords marketing tools provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. With Google AdWords, we promote our website in search results and on third-party websites. We also utilize remarketing tools. Our activities in this area are based on our legitimate interest in marketing our own products or services.

When you visit our website, a Google remarketing cookie is automatically placed on your device. This cookie, using a pseudonymous identifier (ID), enables interest-based ads based on the pages you visit.

Further data processing occurs only if you have given Google consent to link your browsing history and app usage with your Google account and to use information from your Google account to personalize ads displayed across websites. If you are logged into Google while visiting our website, Google will use your data along with Google Analytics data to create and define target audience lists for remarketing purposes across multiple devices. For this purpose, Google temporarily links your personal data with Google Analytics data to create target groups.

Since Google LLC is based in the U.S. and uses technical infrastructure located there, it has joined the EU-US Privacy Shield program to ensure the appropriate level of personal data protection required by European regulations. Under the agreement between the U.S. and the European Commission, companies certified under the Privacy Shield provide an adequate level of data protection.

You can disable cookies used for remarketing through your Google account settings: https://adssettings.google.com. Additionally, you can disable remarketing cookies through the cookie settings on our website.

For more information about data processing in Google AdWords, we encourage you to review Google’s privacy policy: https://policies.google.com/privacy.

We use marketing tools provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. These tools allow us to show you ads on Facebook. Our actions in this regard are based on our legitimate interest in marketing our own products or services.

To deliver personalized ads based on your activity on our website, we have implemented the Facebook Pixel on our site. This tool automatically collects information about your behavior on our website, specifically the pages you view. The data collected in this way is typically transmitted to Facebook’s servers in the United States and stored there.

The information collected via Facebook Pixel is anonymous, meaning it does not allow us to identify you. We only know what actions you have taken on our website. However, please note that Facebook may combine this information with other data about you collected through your use of the Facebook platform and use it for its own purposes, including marketing. These activities are not under our control. You can find more information about them in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. You can also manage your privacy settings directly through your Facebook account.

Since Facebook Inc. is based in the U.S. and uses technical infrastructure located there, it has joined the EU-US Privacy Shield program to ensure an adequate level of personal data protection as required by European regulations. Under the agreement between the U.S. and the European Commission, companies certified under the Privacy Shield provide an appropriate level of data protection.

You can disable Facebook Pixel through the cookie settings available on our website.

We use Hotjar, a tool provided by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. With Hotjar, we analyze your behavior on our website, such as time spent on specific pages, buttons clicked, links used, and more. This helps us optimize our website for user experience. Our activities in this regard are based on our legitimate interest in optimizing our website.

Hotjar uses cookies and other technologies to collect information about your behavior on the site and the devices used to access it, such as your IP address (anonymized), screen size, browser information, location, and language. Hotjar stores this information in a pseudonymized profile. Neither Hotjar nor we will ever use this information to identify you. For more details, you can review Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy.

You can opt out of the creation of your anonymous profile and Hotjar’s storage of your data by visiting this page: https://www.hotjar.com/legal/compliance/opt-out. Additionally, you can disable Hotjar cookies via the cookie settings on our website.

Our website uses plugins and other social media tools provided by platforms such as Facebook, Twitter, Instagram, Google, and LinkedIn.

When you visit our website that contains such a plugin, your browser establishes a direct connection with the servers of the social media providers (service providers). The content of the plugin is transmitted by the service provider directly to your browser and integrated into the website. As a result of this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile or are not logged into the service. This information (including your IP address) is transmitted by your browser directly to the service provider’s server (some of which are located in the USA) and stored there.

If you are logged into a social media platform, the service provider can directly associate your visit to our website with your profile on the respective social media platform.

If you use a plugin, such as clicking the “Like” or “Share” button, this information will also be transmitted directly to the service provider’s server and stored there.

Additionally, this information will be published on the social media platform and shown to your contacts. The purpose and scope of data collection, further processing, and use by service providers, as well as your rights and privacy settings options, are detailed in the privacy policies of each service provider.

1. Facebook – https://www.facebook.com/legal/FB_Work_Privacy
2. Instagram – https://help.instagram.com/519522125107875?helpref=page_content
3. Twitter – https://twitter.com/en/privacy
4. Google – https://policies.google.com/privacy?hl=pl
5. LinkedIn – https://www.linkedin.com/legal/privacy-policy

If you do not want social media platforms to associate data collected during your visit to our website directly with your profile, you must log out of your social media account before visiting our website. You can also prevent the loading of plugins entirely by using browser extensions, such as script blockers.

We embed videos from YouTube and Vimeo on our website. For this purpose, cookies from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (for YouTube) and Vimeo Inc. are used. These cookies are only loaded when the video is played. If you do not consent to their use, please refrain from playing the video.

When you play a video, Google or Vimeo receive information about this, even if you do not have a profile with the respective provider or are not logged in. This information (including your IP address) is transmitted by your browser directly to the service provider’s server (some servers are located in the USA) and stored there.

If you are logged into Google or Vimeo, the service provider can directly associate the video playback on our site with your profile. The purpose and scope of data collection, as well as further processing and use by the providers, along with your rights and privacy settings options, are detailed in the privacy policies of each provider.

If you do not want Google or Vimeo to associate the data collected during video playback on our website directly with your profile, you must log out of that service before visiting our site. You can also completely prevent the loading of plugins by using appropriate browser extensions, such as script blockers.

We encourage you to review the privacy policies of Google (https://policies.google.com/privacy) and Vimeo (https://vimeo.com/privacy).

We use the Disqus system to manage comments on our blog. This involves the use of cookies from Disqus Inc. Disqus may use the information stored in these cookies for its own marketing purposes, over which we have no control. Disqus assures the anonymity of information collected through cookies. You use Disqus based on an agreement between you and Disqus by registering a user account in their system. By doing so, you agree to the use of cookies according to Disqus Inc.’s privacy policy: https://help.disqus.com/terms-and-policies/disqus-privacy-policy.

We offer you the option to contact us via an online chat embedded on the website. This tool is provided by Smartsupp.com, s.r.o., Milady Horakove 13, Brno, 602 00, Czech Republic. The tool uses cookies.

No personal data is stored in the cookies. The technical information stored in the cookies is used solely to ensure the proper functioning of the chat. Smartsupp.com, s.r.o. guarantees the privacy of individuals using the chat. For more details, refer to Smartsupp’s privacy policy: https://www.smartlook.com/help/privacy-statement/.

Using the website involves sending requests to the server where the site is hosted. Each request made to the server is logged.

These logs include information such as your IP address, the server’s date and time, browser, and operating system information. The logs are stored on the server.

The data stored in the server logs is not associated with specific individuals using the website and is not used to identify you.

Server logs are used solely for the purpose of administering the website, and their content is not disclosed to anyone except those authorized to manage the server.

[WW1] Please remember that this document is an example and must be adapted to the specifics of the given website. I’ve included as much information as I could think of. Any information that is excessive relative to the actual data processing or cookie usage should simply be removed.

[WW2] The description of the purpose of processing personal data should be tailored to the real situation. It may be that account registration, placing an order, or subscribing to the newsletter is not possible on the site. In that case, those mentions should be removed. From my experience, websites usually at least have a contact form or email contact information, so it seems that information about data processing for contact purposes will always remain in the policy.

[WW3] Of course, the cookie description should be adjusted to what actually applies.

[WW4] For a while now, cookie use has been a lively discussion topic. Various opinions and approaches have emerged, which can be summarized as follows:

– For cookies necessary for the proper functioning of the site and basic analytics (without additional functions like demographics, interests, or remarketing), it’s enough to inform about cookies without needing extra consent.

– For more extensive cookies (enhanced analytics, Facebook Pixel, AdWords, AdSense systems, etc.), the user should consent to the loading of such cookies or at least be able to opt out.

In practice, a recommended technical solution is to allow users to manage cookies from the website level. For example, visit Nike’s website, where, during the first visit, a window appears asking about cookies. It’s possible to click a button that leads to detailed cookie settings, where marketing cookies, for instance, can be disabled. There are tools on the market that help implement cookie management processes, like Optanon. There are also plugins for popular content management systems, especially for WordPress, that allow this kind of solution, like this example on Codecanyon.

You can also see an example on the MinderCRM website. The script’s creator is Mr. Łukasz Socha, who provides implementation services in various variants. If interested, I can provide contact details.

In general, opinions on the necessary consent for cookies vary. In my view, when it comes to cookies used for your own advertising purposes, you can rely on the legitimate interest of the administrator instead of consent, while giving the user the opportunity to object. I would handle this by having a standard cookie banner with information on the purposes for which they are used. Users could click “I accept” or click on a “Settings” button to configure their preferences, such as opting out of Facebook Pixel, for example. This would be a balanced approach that maintains business operations while giving users control over cookies.

[WW5] The use of cookies has been described as an example. The provisions included should be verified and adapted to what is actually applied. If additional cookies are used, these should of course be described