Menu

Privacy policy

This document sets out the principles for the processing of personal data on the website www.myb.pl in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

  1. The controller of personal data is Sobremesa Spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw (03-982), at 5/37 Konrada Guderskiego Street, registered in the National Court Register (KRS) under number 0000591139, tax identification number (NIP): 1132899570 (the “Controller”). The Controller may be contacted at the above address or electronically at: kontakt@bajs.com.pl.
  2. Information on the purposes of personal data processing and the legal basis is provided at the time of entering into agreements or when collecting data via the contact form. Personal data may be processed for purposes necessary to: (i) conclude and perform a contract to which you are a party; (ii) take steps at your request prior to entering into a contract; (iii) respond to inquiries regarding elements of the Controller’s commercial offer or matters related to the Controller’s activities; (iv) comply with a legal obligation incumbent upon the Controller; (v) pursue the legitimate interests of the Controller; as well as (vi) based on your consent – for purposes consistent with the scope of that consent (including, among others, sending newsletters). Where processing is based on the Controller’s legitimate interests, such interests may include: pursuing claims, defending against claims brought against the Controller, direct marketing of the Controller’s services, provision of services, or communication with you. The legal basis for the processing of personal data is set out in Article 6(1)(a), (b), (c) and (f) of the GDPR.
  3. Personal data may be retained for the period necessary to fulfil the purposes indicated above, as well as for the limitation period of any claims that may arise from the obligations undertaken. Where processing is based on your consent, personal data will be stored until such consent is withdrawn. If applicable law requires earlier deletion or longer retention of your personal data, the Controller will comply with such legal obligations.
  4. You have the right to request from the Controller access to your personal data, as well as the rectification or completion of such data if it is inaccurate or incomplete.
  5. You have the right to request the erasure of your personal data in any of the following cases:
    • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    • the data subject has withdrawn consent on which the processing is based and there is no other legal ground for processing;
    • the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects pursuant to Article 21(2) GDPR;
    • the personal data has been processed unlawfully;
    • the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject.
      The above shall not apply in the cases referred to in Article 17(3) GDPR.
  6. You have the right to request the restriction of the processing of your personal data in any of the following cases:
    • the data subject contests the accuracy of the personal data – for a period enabling the Controller to verify the accuracy of the data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
    • the Controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
    • the data subject has objected to processing pursuant to Article 21(1) GDPR – pending verification whether the legitimate grounds of the Controller override those of the data subject.
  7. You have the right to withdraw your consent to the processing of personal data (where such processing is based on your consent) at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
  8. Where personal data is processed on the basis of Article 6(1)(f) GDPR (i.e. for the purposes of the legitimate interests pursued by the Controller), you have the right to object at any time, free of charge, to such processing, whether initial or further (Article 21(1) GDPR). In the event of an objection, the Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.
  9. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing (Article 21(2) GDPR). If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  10. Your personal data may be disclosed to individuals or entities authorised under applicable law, in particular to public authorities or courts where required by law, as well as to authorised entities where this is necessary for the proper performance of a contract, e.g. banks, contractors, notarial offices in connection with the execution of a notarial deed, property managers, and IT service providers. Our service providers are located in Poland and in other countries of the European Economic Area (EEA). Due to the use of Google Analytics, personal data may be transferred outside the EEA (to the United States of America). In connection with such transfers, providers are required to ensure an adequate level of protection of personal data. Such safeguards arise in particular from the obligation to apply standard contractual clauses adopted by the European Commission. Information on data transfers by Google is available at: https://policies.google.com/technologies/partner-sites?hl.
  11. You have the right to lodge a complaint with the President of the Personal Data Protection Office if the processing of your personal data violates applicable law (https://uodo.gov.pl/p/kontakt).
  12. In most cases, personal data is obtained directly from you (i.e. from the data subject). In some cases, your data may be obtained from your employers, contracting parties, clients, or other authorised entities.
  13. Providing personal data is voluntary; however, for specific purposes defined in the agreements applicable to the Controller, providing such data may be necessary to carry out certain transactions or activities.
  14. Decisions of the Controller are not made by automated means.
  15. The Controller uses cookies on the website for statistical purposes, to track activities performed by visitors, and to improve and personalise the user experience. Two types of cookies are used: persistent cookies and session cookies. Persistent cookies are stored on the user’s device for a specified period of time, while session cookies are stored only during the browsing session and are deleted once the browser is closed. The Controller uses Google Analytics, which may involve collecting information about visits to the website from logged-in Google users who have consented to personalised advertising. The information collected by Google may include the user’s location, browsing history, and data from websites cooperating with Google, and is used to provide aggregated and anonymised insights into user behaviour. By using our website and accepting tracking and cookies, you consent to such processing. You can review or delete your data via Google My Activity.
  16. Persistent cookies are used, for example, to store the user’s personal settings on the website so that the user does not have to repeat certain actions on each visit. Session cookies are used to store statistical data regarding the use of the website. By using the website or by accepting this Privacy Policy and cookie information, you consent to the use of cookies. If you do not agree to the use of cookies, you may disable them in your browser’s security/privacy settings. You may delete cookies from your device at any time. If you do not wish cookies to be used, you can disable them in your browser settings (please refer to your browser’s help section for more information). You can also delete cookies that have been stored in connection with previously visited websites.
  17. Any changes to this Privacy Policy and the use of cookies will be made available on this page.