Privacy Policy

DEFINITIONS

1.1. Administrator – Żabka Polska sp. z o.o., headquartered in Poznań, at ul. Stanisława Matyi 8, 61-586 Poznań, registered in the Register of Entrepreneurs maintained by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number: 0000636642, Tax ID (NIP): 5223071241, Statistical ID (REGON): 36538839800000, with a share capital of PLN 113,215,000.00.

1.2. Personal Data – information about an identified or identifiable natural person through one or more specific factors defining physical, physiological, genetic, psychological, economic, cultural, or social identity, including device IP, location data, online identifiers, and information collected via cookies or other similar technologies.

1.3. Policy – this Privacy Policy.

1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. Service – the website operated by the Administrator at the address nano.zabka.pl.

1.6. User – any natural person visiting the Service or using one or more of the services or functionalities described in this Policy.

2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE SERVICE

2.1. In connection with the User’s use of the Service, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Service. Below are detailed rules and purposes for the processing of Personal Data collected during the use of the Service by the User.

3. PURPOSES AND LEGAL BASES FOR DATA PROCESSING IN THE SERVICE

USING THE SERVICE

3.1. The personal data of all individuals using the Service (including IP address or other identifiers and information collected via cookies or similar technologies) is processed by the Administrator:

3.1.1. To provide electronic services by making the content available to Users through the Service – in this case, the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);

3.1.2. For analytical and statistical purposes – in this case, the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), which involves analyzing User activity and preferences to improve the functionalities and services provided;

3.1.3. To potentially establish, pursue, or defend against claims – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), which involves protecting its rights;

3.1.4. For the Administrator’s and third parties’ marketing purposes, particularly related to behavioral advertising – the rules for processing Personal Data for marketing purposes are described in the “MARKETING” section.

3.2. The User’s activity on the Service, including their Personal Data, is recorded in system logs (a specialized computer program for chronologically recording information about events and actions related to the IT system used to provide services by the Administrator). The information collected in logs is processed primarily for purposes related to service provision. The Administrator also processes it for technical and administrative purposes, to ensure the security of the IT system, manage this system, and for analytical and statistical purposes – in this regard, the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

CONTACT FORM

3.3. The Administrator provides the possibility of contacting them via an electronic contact form. Using the form requires providing personal data necessary for contacting the User, responding to inquiries, and establishing cooperation. The User may also provide additional data to facilitate contact or inquiry handling. Providing mandatory data is required to accept and handle inquiries, and failure to do so will result in the inability to process the inquiry or establish cooperation. Providing other data is voluntary.

3.4. If the contact form is used, personal data will be processed:

3.4.1. For handling inquiries submitted via the contact form and potential cooperation – the legal basis for processing is the need to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR); for optional data, the legal basis for processing is the consent given (Article 6(1)(a) of the GDPR);

3.4.2. To establish or defend against claims – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), which involves protecting its rights.

GEOLOCATION

3.5. The Administrator has implemented a geolocation tool in the Service using Google Maps API. Using this functionality is optional and not required for proper use of the Service. Location data is processed solely to enable the User to locate the nearest physical sales points of the Administrator’s network, provided the User consents to access location information – in this case, the legal basis for processing such data is the consent provided by the User (Article 6(1)(a) of the GDPR). This data is processed on a one-time basis, i.e., the information is used when consent is given. After closing the page, the Administrator does not have access to location data and does not store location information obtained during the browsing session.

3.6. The use of the Google Maps API tool in the Service is also subject to the current version of the Additional Terms of Service for Google Maps and Google Earth, which can be found at https://maps.google.com/help/terms_maps/.

3.7. As part of using this tool, Google processes the User’s personal data according to the rules described in the current version of the Google Privacy Policy, available at https://policies.google.com/privacy.

4. MARKETING

4.1. The Administrator processes Users’ Personal Data to conduct marketing activities, which may involve:

4.1.1. Displaying marketing content to the User that is not tailored to their preferences (contextual advertising);

4.1.2. Displaying marketing content to the User that corresponds to their interests (behavioral advertising).

4.2. To carry out marketing activities, the Administrator may use profiling in certain cases. This means that through automated data processing, the Administrator evaluates selected factors concerning Users to analyze their behavior or create future predictions. This enables better customization of displayed content to the User’s individual preferences and interests.

CONTEXTUAL ADVERTISING

4.3. The Administrator processes Users’ Personal Data for marketing purposes in connection with directing contextual advertising to Users (i.e., advertising not tailored to the User’s preferences). The processing of Personal Data is carried out based on the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

BEHAVIORAL ADVERTISING

4.4. The Administrator and its trusted partners process Users’ Personal Data, including Personal Data collected via cookies and other similar technologies, for marketing purposes in connection with directing behavioral advertising to Users (i.e., advertising tailored to the User’s preferences). This processing also involves profiling Users.

4.5. The list of the Administrator’s trusted partners can be found [here].

5. SOCIAL MEDIA

5.1. The Administrator processes Personal Data of Users who visit the Administrator’s profiles on social media platforms (e.g., Facebook). This data is processed solely in connection with maintaining the profile, including informing Users about the Administrator’s activities and promoting various events, services, and products. The legal basis for processing Personal Data for this purpose is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), which involves promoting its brand.

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1. Cookies are small text files installed on the User’s device. Cookies collect information that facilitates the use of the website – for example, by remembering User information such as login details or language preferences. The data processed in connection with the use of cookies is managed by Żabka Polska Sp. z o.o., headquartered in Poznań (61-586), ul. Stanisława Matyi 8. The Service utilizes both first-party cookies installed directly by the Service and third-party cookies, which come from domains other than the domain of the visited website, mainly for analytical and advertising purposes by the Administrator.

6.2. The Service uses cookies primarily to ensure proper website functionality, remember the User’s choices on the site, and, with the User’s consent, analyze and track traffic on the Service and tailor advertising content to interests. Based on consent obtained, cookies enabling the use of social media functionalities are also installed within the Service.

6.3. Below is detailed information regarding the cookies used by the Administrator in the Service. The Administrator regularly employs tools to scan the Service to determine which cookies are stored on the User’s device, ensuring the most accurate list of used cookies. The Administrator applies the following categories of cookies: necessary, functional, analytical, advertising, and social media cookies.

6. COOKIES AND SIMILAR TECHNOLOGIES

NECESSARY COOKIES

6.4. The use of necessary cookies by the Administrator is essential for the proper functioning of the website. These cookies are primarily installed to remember login sessions, fill out forms, and manage privacy settings.

6.5. The legal basis for processing data in connection with the use of necessary cookies is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR).

6.6. For detailed information about individual cookies in this category (names, functionality descriptions, validity period, and origin), click the “Manage Cookies” button in the footer of each page in the Service. When the cookie banner appears, select “Manage Cookies” and then expand the “Necessary Cookies” list. Click “Details” for further information.

FUNCTIONAL AND ANALYTICAL COOKIES

6.7. Functional cookies are used to remember and adapt the Service to the User’s choices, such as language preferences. These cookies can be installed by the Administrator and its partners via the Service.

6.8. Analytical cookies collect information such as the number of visits and traffic sources on the Service. They help determine which pages are more or less popular and provide insights into how Users navigate the site by compiling traffic statistics. This data is used to improve the Service’s performance. The information collected by these cookies is aggregated and not intended to identify the User. Analytical cookies can also be installed by the Administrator and its partners via the Service.

6.9. The legal basis for processing Personal Data related to the use of functional and analytical cookies is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) in ensuring the highest quality of services provided on the Service, combined with the User’s consent for saving these cookies (separate for analytical and functional cookies).

6.10. Processing of Personal Data related to the use of functional and analytical cookies is subject to the User’s consent obtained through the cookie consent management platform. This consent can be withdrawn at any time via the same platform.

6.11. For detailed information about individual cookies in these categories (names, functionality descriptions, validity periods, and origins), click the “Manage Cookies” button in the footer of each page in the Service. When the cookie banner appears, select “Manage Cookies,” then expand either the “Analytical Cookies” or “Functional Cookies” list, and click “Details” under each list.

ADVERTISING COOKIES

6.12. Advertising cookies allow for the personalization of advertising content displayed to Users within and beyond the Service. Based on information from these cookies and User activity on other sites, a profile of interests is built. Advertising cookies can be installed by the Administrator and its partners through the Service.

6.13. The legal basis for processing Personal Data related to the use of advertising cookies is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) in promoting its brand and informing Users about current offerings. This includes directing marketing information matching the interests of Service Users, based on the User’s consent to save advertising cookies.

6.14. Processing of Personal Data related to the use of advertising cookies is contingent on obtaining the User’s consent via the cookie consent management platform. This consent can be withdrawn at any time using the same platform.

6.15. For detailed information about individual cookies in this category (names, functionality descriptions, validity periods, and origins), click the “Manage Cookies” button in the footer of each page in the Service. When the cookie banner appears, select “Manage Cookies,” then expand the “Advertising Cookies” list, and click “Details” below.

SOCIAL MEDIA COOKIES

6.16. These cookies are installed by the Administrator’s partners to tailor advertising content displayed on social media platforms used by the User. Based on information from these cookies and User activity on other sites or social media, a profile of interests is built. This ensures that displayed content aligns with individual needs. Social media cookies do not store Personal Data directly but identify the User’s browser and device. If the User does not allow these cookies, the Administrator cannot prevent the repeated display of the same advertisement or enable liking and sharing content posted by the Administrator on social media platforms.

6.17. For detailed information about individual cookies in this category (names, functionality descriptions, validity periods, and origins), click the “Manage Cookies” button in the footer of each page in the Service. When the cookie banner appears, select “Manage Cookies,” then expand the “Social Media Cookies” list, and click “Details” below.

6.18. Cookies are small text files installed on the User’s device while browsing the Service. They collect information that simplifies website usage, such as remembering the User’s visits and actions on the Service.

7. ANALYTICAL AND MARKETING TOOLS USED BY THE ADMINISTRATOR’S PARTNERS

7.1. The Administrator and its Partners use various solutions and tools for analytical and marketing purposes. Below are basic details about these tools. Detailed information on this subject can be found in the respective partner’s privacy policy.

7.2. The current and complete list of the Administrator’s Trusted Partners is available at the link: zabka.pl-zaufani-partnerzy.pdf.

GOOGLE ANALYTICS

7.3. Google Analytics cookies are files used by Google to analyze how the Service is used by the User, as well as to create statistics and reports on the functioning of the Service. Google does not use the collected data to identify the User and does not combine this information in a way that would allow identification. Detailed information on the scope and principles of data collection related to this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.

FACEBOOK PIXELS

7.4. Facebook Pixels is a tool that allows measuring the effectiveness of advertising campaigns run by the Administrator on Facebook. The tool enables advanced data analytics to optimize the Administrator’s activities, including the use of other tools offered by Facebook. Detailed information on data processing by Facebook can be found at this link: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.

GOOGLE TAG MANAGER

7.5. Google Tag Manager is a tool for managing scripts on a website. It allows the installation of various types of scripts on the website. This includes scripts related to consents granted by the User, scripts tracking User behavior through analytical tools such as Google Analytics, or conversion tracking from advertising systems like Google Ads. By using this tool, Google collects aggregated data on the activation of these scripts without the ability to identify a specific User. Detailed information on the scope and principles of data collection related to this service can be found at: https://www.google.com/analytics/terms/tag-manager.

SYNERISE

7.6. Synerise is a tool used to collect information about user behavior. It is used to create a user profile and personalize content for the user. Detailed information on data processing by Synerise is available at: https://synerise.com/legal/privacy-policy.

STORYLY

7.7. Storyly is a suite of tools that facilitates the Administrator in creating marketing content and measuring the effectiveness of marketing campaigns (an analytical tool). This tool enables advanced data analytics to optimize the Administrator’s activities. It does not allow User identification. Detailed information on data processing by Storyly can be found at: https://www.storyly.io/privacy-policy.

8. MANAGING COOKIES SETTINGS

8.1. The use of cookies to collect data, including access to data stored on the User’s device, requires the User’s consent. In the Service, the Administrator obtains the User’s consent via the cookie management platform. This consent can be withdrawn at any time according to the rules described in point 8.4 below.

8.2. Consent is not required for cookies that are essential for providing telecommunication services (data transmission for displaying content) – the User cannot opt out of these cookies if they wish to use the Service.

8.3. To receive advertising tailored to the User’s preferences, in addition to granting consent for cookies installation via the cookie management platform, it is necessary to maintain appropriate browser settings that allow cookies from the Service to be stored on the User’s end device.

8.4. Consent to collect cookies in the Service can be withdrawn via the cookie management platform. The User can return to the banner by clicking the “Manage cookies” button or a similar button available in the footer of every subpage of the Service.

8.5. After displaying the banner, the User can withdraw consent by clicking the “MANAGE COOKIES” button. Next, they should toggle the switch for the selected cookie category and press the “SAVE SETTINGS AND CLOSE” button.

8.6. The User also has the option to withdraw consent by changing their browser settings. Detailed information on this is available via the following links:

8.6.1. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
8.6.2. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
8.6.3. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
8.6.4. Safari: https://support.apple.com/kb/PH5042?locale=en-GB

8.7. The User can verify the status of their current privacy settings for their browser at any time using tools available at the following links:

8.8. To exercise rights to access, rectify, delete, restrict, transfer, object to the processing of personal data, file a complaint, or ask other questions regarding cookies, a query should be sent to iod@zabka.pl or other contact details provided in the Privacy Policy.

PERIOD OF PERSONAL DATA PROCESSING
9.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or until the withdrawal of the expressed consent or effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

9.2. The data processing period may be extended in the event that processing is necessary to determine and pursue potential claims or defend against claims, and after that time only in the case and to the extent required by law. After the processing period has elapsed, the data is irreversibly deleted or anonymized.

USER RIGHTS
10.1. The User has the right to access the content of the data and to request its rectification, deletion, restriction of processing, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority responsible for the protection of Personal Data.

10.2. To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator, including via e-mail: iod@zabka.pl.

10.3. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Administrator, and also – for reasons related to the specific situation of the User – in other cases, when the legal basis for data processing is the legitimate interest of the Administrator (e.g. in connection with the implementation of analytical and statistical purposes).

DATA RECIPIENTS
11.1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, suppliers of analytical and marketing tools, marketing agencies (in the scope of marketing services) and entities associated with the Administrator, including companies from its capital group.

11.2. In the event of obtaining the User’s consent, their data may also be made available to other entities for their own purposes, including marketing purposes.

11.3. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

TRANSFERRING DATA OUTSIDE THE EEA
12.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily through:

12.1.2. using standard contractual clauses issued by the European Commission;

12.1.3. using binding corporate rules approved by the competent supervisory authority.

12.2. The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.

CONTACT DETAILS
13.2. Contact with the Administrator is possible via e-mail address: kontakt@zabka.pl or correspondence address: ul. S. Matyi 8, 61-586 Poznań.

13.2. The Administrator has appointed a Data Protection Officer, who can be contacted via e-mail: iod@zabka.pl in any matter concerning the processing of Personal Data.

14.2. The current version of the Policy has been adopted and is effective from 1.05.2023.