Privacy Policy EN

1. DEFINITIONS

1.1. Controller – Żabka Polska sp. z o.o. with its registered office in Poznań, ul. Stanisława Matyi 8 (61-586 Poznań, Poland), entered in the Business Register maintained by the District Court for Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS number: 0000636642, NIP (Tax Identification Number): 5223071241, REGON (Industry Identification Number): 36538839800000, share capital: PLN 113,215,000.00.

1.2. Personal Data – information about a natural person identified or identifiable by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet ID and information gathered through cookies or other similar technology.

1.3. Policy – this Privacy Policy.

1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC.

1.5. Website – website operated by the Controller at nano.zabka.pl.

1.6 User – any natural person visiting the Website or using one or more services or functionalities described in this Policy.

2. PROCESSING OF DATA IN CONNECTION WITH USE OF THE WEBSITE

2.1. In connection with use of the Website by a User, the Controller collects data to the extent necessary for the provision of individual services, as well as information about the User’s activity on the Website. Set out below are the detailed policies for processing Personal Data collected when the Website is used by a User, as well as the purposes of its processing.

3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE

USE OF THE WEBSITE

3.1. Personal Data of all individuals using the Website (including IP addresses or other identifiers, as well as information collected via cookies or similar technology) is processed by the Controller for the following purposes:

3.1.1. to provide services by electronic means, specifically to make content available to Users through the Website – the legal basis for the processing is its necessity for the performance of a contract (Article 6(1)(b) of GDPR);

3.1.2. for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting in the performance of analyses of User activity and User preferences to improve the functionalities used and the quality of services provided, 

3.1.3. to establish and exercise or defend against potential claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting in the protection of its rights; 

3.1.4 for marketing purposes of the Controller and other entities, related in particular to behavioural advertising – the rules of processing Personal Data for marketing purposes are set out in the ‘MARKETING’ section.

3.2. A User’s activity on the Website, including their Personal Data, is recorded in system logs (a specialised computer program that can provide a chronological account of events and actions related to the IT system used by the Controller to provide services).Data stored in the system logs is processed primarily for purposes related to service provision. Additionally, the Controller processes such data for technical and administrative purposes, to ensure the security and manage the IT system, as well as for analytical and statistical purposes. In these cases, the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR). 

CONTACT FORM

3.3. The Controller provides the option to be contacted using an electronic contact form. If a User uses the contact form, they must provide Personal Data necessary to contact the User, respond to their inquiry and establish a relationship. The User may also provide other data to facilitate such contact or response. Provision of data designated as mandatory is required for an inquiry to be accepted and processed, and failure to provide such data will result in the inability to process the inquiry and establish a relationship. Provision of other data is voluntary.

3.4. If a User uses the contact form, their Personal Data will be processed to:

3.4.1. handle requests submitted via the contact form and establish a relationship with the User – the legal basis for the processing is its necessity in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of GDPR); with regard to the processing of optional data – the legal basis for the processing is the data subject’s consent (Article 6(1)(a) of GDPR);

3.4.2. to exercise or defend against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting in the protection of its rights. 

GEOLOCATION

3.5. The Controller has implemented within the Website a tool for the geolocation of a User’s device, utilising Google Maps API. This functionality is entirely optional and not required for proper use of the Website. Data identified through geolocation tracking is processed solely to help the User find the nearest physical retail locations within the Controller’s network, provided the User grants consent for access to their location data – the legal basis for the processing is the User’s consent (Article 6(1)(a) of GDPR). Such data is processed on a one-time basis, meaning the information is used only at the moment consent is granted. Once the site is closed, the Controller does not have access to location data and does not store any such data obtained during the User’s visit.

3.6. Use of the Google Maps API tool embedded within the Website is additionally governed by the current version of ‘Additional Terms of Service for Google Maps and Google Earth’, available at https://maps.google.com/help/terms_maps/.

3.7. When this tool is used, Google processes the User’s personal data in accordance with the terms outlined in Google’s current Privacy Policy, available at: https://policies.google.com/privacy.

4. MARKETING

4.1. The Controller processes Personal Data of Users for the purpose of marketing activities, which may consist in:

4.1.1. displaying marketing content to a User that is not tailored to the User’s preferences (contextual advertising);

4.1.2. displaying marketing content to a User that is tailored to the User’s interests (behavioural advertising).

4.2. In order to carry out such marketing activities, the Controller in some cases uses profiling. This means that the Controller, based on automated data processing, evaluates selected factors pertaining to Users in order to analyse or predict their behaviour. As a result, it is possible to better tailor content displayed to a User to their individual preferences and interests.

CONTEXTUAL ADVERTISING

4.3. The Controller processes Personal Data of Users for marketing purposes in connection with targeting Users with contextual advertising (i.e. advertising that is not tailored to the User’s preferences). The legal basis for the processing of Personal Data in such case is the Controller’s legitimate interest (Article 6(1)(f) of GDPR).

BEHAVIOURAL ADVERTISING

4.4. The Controller and its trusted Partners process Personal Data of Users, including Personal Data collected via cookies and other similar technology, for marketing purposes in connection with targeting Users with behavioural advertising (i.e. advertising that is tailored to the User’s preferences). Such processing of Personal Data includes profiling of the Users. 

4.5. A list of the Controller’s trusted Partners is available here.

5. SOCIAL MEDIA

5.1. The Controller processes Personal Data of Users who visit its profiles on social media (Facebook). Such data is processed solely in connection with managing the profile, including communicating the Controller’s activities to Users and promoting various events, services and products. The legal basis for the processing of Personal Data for this purpose is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) in promoting its own brand.

6. COOKIES AND SIMILAR TECHNOLOGY

6.1. A cookie is a small text file installed on a User’s device. Cookies collect information that can facilitate use of an internet site – for instance, by remembering certain information about the User, such as their login data or language preferences. The controller of the data processed in connection with cookies is Żabka Polska sp. z o.o. with its registered office at ul. Stanisława Matyi 8, 61-586 Poznań, Poland. On the Website, the Controller uses its own files installed directly by the Website. In addition, third-party cookies are set, being cookies from a domain other than the domain of the visited site – mainly for analytics and advertising activities of the Controller.

6.2. The Website uses cookies primarily to ensure proper functioning of the site, to remember choices made on the site by a User, and – subject to the User’s relevant consent – to analyse and track a visit on the Website and to match advertising content to the User’s interests. The Website also installs cookies to enable social media pages to function, subject to the User’s consent.

6.3. Provided below are details on the cookies used by the Controller on the Website. The Controller regularly uses tools scanning the Website to determine which cookies are stored on a User’s device to make sure the list of cookies used is as accurate as possible. The Controller uses the following categories of cookie files: essential (strictly necessary) cookies, functionality cookies, analytics cookies, advertising cookies and social media cookies.

ESSENTIAL COOKIES 

6.4. Use of essential cookies by the Controller is necessary to enable Users to experience the full functionality of the internet site. These files are installed primarily to remember login sessions or to fill out forms, and for purposes related to setting privacy options.

6.5. The legal basis for the processing of data in connection with essential cookies is the necessity of the processing for the performance of a contract (Article 6(1)(b) of GDPR). 

6.6. If a User wants more details about individual cookies within this category, i.e. the name of each cookie, their purpose, validity period and origin, they should click on the ‘Consent preferences’ button available in the footer of each Website page.

When the cookies banner is shown, the User can read information about the types of cookies and expand the list by clicking the arrow button next to the title.

FUNCTIONALITY AND ANALYTICS COOKIES

6.7. The role of functionality cookies is to remember and personalise the Website based on choices made by a User in terms of language preferences and other things. Functionality cookies can be installed by the Controller and its Partners through the Website.

6.8. Analytics cookies can gather information on the number of visits and sources of traffic on the Website. They are used to find out which pages are more and which are less popular, and to understand how Users navigate the site by keeping statistics on Website traffic. The data is processed to improve the Website performance. Information collected by these cookies is aggregated, so it is not meant to identify the User. Analytics cookies can be installed by the Controller and its Partners through the Website. 

6.9. The legal basis for the processing of Personal Data in connection with the use of functionality and analytics cookies by the Controller is its legitimate interest (Article 6(1)(f) of GDPR) in ensuring the highest quality of services provided on the Website, subject to a User’s consent to their storage (given separately for analytics files and for functionality files). 

6.10. The processing of Personal Data in connection with the use of functionality and analytics cookies is subject to a User’s consent to the use (separately) of functionality and analytics cookies through the cookie consent manager platform. Such consent may be withdrawn at any time through the platform. 

6.11. If a User wants more details about individual cookies within this category, i.e. the name of each cookie, their purpose, validity period and origin, they should click on the ‘Consent preferences’ button available in the footer of each Website page.

When the cookies banner is shown, the User can read information about the types of cookies and expand the list by clicking the arrow button next to the title.

ADVERTISING COOKIES 

6.12. Advertising cookies help tailor advertising content displayed on the Website to the interests of Users within and outside the Website. Based on information gathered by these cookies and a User’s activity on other websites, a profile of the User’s interests is developed. Advertising cookies can be installed by the Controller and its Partners through our Website. 

6.13. The legal basis for the processing of Personal Data in connection with the use by the Controller of advertising cookies for this purpose is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) in promoting the Controller’s brand and communicating the Controller’s current offering, including delivery of targeted marketing information tailored to the interests of the Website’s Users, subject to their consent to the storage of advertising cookies. 

6.14. The processing of Personal Data in connection with the use of advertising cookies is subject to a User’s consent to the use of advertising cookies through the cookie consent manager platform. Such consent may be withdrawn at any time through the platform. 

6.15. If a User wants more details about individual cookies within this category, i.e. the name of each cookie, their purpose, validity period and origin, they should click on the ‘Consent preferences’ button available in the footer of each Website page.

When the cookies banner is shown, the User can read information about the types of cookies and expand the list by clicking the arrow button next to the title.

SOCIAL MEDIA COOKIES

6.16. These cookies are installed by the Controller’s Partners to provide custom advertising content on the social networking sites used by a User. Based on information gathered by these cookies and the User’s activity on other websites or social media platforms, a profile of the User’s interests is developed. As a result, content displayed to that User is tailored to their individual needs. Social media cookies do not directly store Personal Data, but they identify the web browser and hardware. If a User does not permit these cookies, the Controller will not be able to prevent displaying the same advertisement to the User or allow the User’s ‘likes’ and ‘shares’ of content posted by the Controller on social media sites.

6.17. If a User wants more details about individual cookies within this category, i.e. the name of each cookie, their purpose, validity period and origin, they should click on the ‘Consent preferences’ button available in the footer of each Website page.

When the cookies banner is shown, the User can read information about the types of cookies and expand the list by clicking the arrow button next to the title.

7. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS

7.1. The Controller and its Partners apply various solutions and tools used for analytical and marketing purposes. Provided below is key information on such tools. Relevant details can also be found in each Partner’s privacy policy. 

7.2. For a complete up-to-date list of the Controller’s trusted Partners, go to: zabka.pl-zaufani-partners.pdf

GOOGLE ANALYTICS 

7.3. Google Analytics cookies are files used by Google to analyse how Users interact with the Website, and to generate statistics and reports on the usage of the Website. Google does not use the collected data to identify Users, nor does it combine this information to enable such identification. For detailed information on the extent of and policies for data collection in connection with this service, go to: https://www.google.com/intl/pl/policies/privacy/partners.

FACEBOOK PIXEL

7.4. Facebook Pixel is a tool allowing the Controller to measure the effectiveness of its advertising campaigns run on Facebook. The tool leverages advanced data analytics to optimise the Controller’s activities, including the use of other tools provided by Facebook. For details on data processing by Facebook, go: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content. 

GOOGLE TAG MANAGER 

7.5. Google Tag Manager is a tool for setting up and managing tags on a website. It allows various types of tags to be installed. This tool is used, among other things, to manage tags related to consent statements given by a User, tags that track the User’s behaviour by means of analytical tools such as Google Analytics, and tags tracking conversion from advertising systems such as Google Ads. In connection with the use of this tool, Google collects aggregated data on the running of such tags, without being able to identify any specific User. For detailed information on the extent of and policies for data collection in connection with this service, go to: https://www.google.com/analytics/terms/tag-manager/.

SYNERISE

7.6. Synerise is a tool used to collect information about a User’s behaviour. It is used to create the User’s profile and match content to their profiled preferences. For details on data processing by Synerise, go to: https://synerise.com/legal/privacy-policy.

STORYLY

7.7. Storyly is a set of tools that facilitate creation by the Controller of marketing content, allowing it to measure the effectiveness of its marketing campaigns (analytical tool). The tool leverages advanced data analytics to optimise the Controller’s activities, while not allowing it to identify any specific User. For details on data processing by Storyly, go to: https://www.storyly.io/privacy-policy.

8.  MANAGING COOKIE SETTINGS

8.1. The use of cookies to collect data, including to access data stored on a User’s device, requires consent of the User. On the Website, the User’s consent is obtained by the Controller through the cookie consent manager platform. Such consent may be withdrawn at any time in accordance with the provisions of Section 8.4. below.

8.2. Consent is not required only in the case of cookies the use of which is necessary for the provision of a telecommunications service (transmission of data to display content) – a User may not opt out of these cookies if they want to use the Website.

8.3. In order to receive advertisements tailored to a User’s preferences, it is necessary for the User – besides consenting to the installation of cookies through the cookie consent manager platform – to maintain appropriate browser settings allowing the storage of cookies from the Website on the terminal device of the User.

8.4. Withdrawal of consent for the collection of cookies on the Website is possible through the cookie consent manager platform. A User can return to the banner by clicking on the ‘Manage cookies’ button below or an identically titled button available in the footer of each Website page.

8.5. Once the banner is displayed, the User can withdraw consent by clicking on the ‘MANAGE COOKIES’ button, and then moving the slider next to the selected cookie category and press the ‘SAVE SETTINGS AND CLOSE’ button.

8.6. In addition, a User has the option to withdraw consent by changing their browser settings. More details can be found under the links below:

8.6.1. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

8.6.2. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

8.6.3. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/

8.6.3. Safari: https://support.apple.com/kb/PH5042?locale=en-GB

8.7. A User can check the status of the current privacy settings for their browser using tools available under the links below:

• http://www.youronlinechoices.com/pl/twojewybory
• http://optout.aboutads.info/?c=2&lang=EN

8.8. To exercise the rights of access, rectification or erasure of Personal Data, right to restrict the processing, right to data portability, right to object to the processing of Personal Data, lodge a complaint, or make any other inquiry about cookies, the relevant request should be sent to iod@zabka.pl or other contact details of the Controller provided in this Privacy Policy.

9. DATA PROCESSING PERIOD

9.1. The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data is processed for the duration of the service, until consent is withdrawn or an effective objection to data processing is expressed in cases where the legal basis for data processing is the Controller’s legitimate interest. 

9.2. The period of data processing may be extended if the processing is necessary to establish and to exercise or defend against potential claims, and thereafter only if and to the extent required by law. After the processing period expires, the data will be irreversibly deleted or anonymised. 

10. USER’S RIGHTS

10.1. A User has the right to access the content of their data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to data processing, as well as the right to lodge a complaint to the supervisory authority in charge of personal data protection. 

10.2. To the extent that a User’s data is processed on the basis of consent, the consent may be withdrawn at any time by contacting the Controller, for instance via email at: iod@zabka.pl.

10.3. A User has the right to object to the processing of their data for marketing purposes if the processing is carried out in connection with the Controller’s legitimate interest as well as – for reasons related to the User’s particular circumstances – in other cases where the legal basis for the data processing is the Controller’s legitimate interest (e.g. the data is processed for analytical and statistical purposes). 

11. RECIPIENTS OF DATA

11.1. In connection with the performance of services, Personal Data will be disclosed to third parties, including, in particular, providers responsible for the operation of IT systems, providers of analytical and marketing tools, marketing agencies (to the extent related to marketing services) and the Controller’s related parties, including companies of its group. 

11.2. If a User’s consent is obtained, the User’s data may also be made available to other entities for their own purposes, including marketing purposes.

11.3. The Controller reserves the right to disclose selected information concerning a User to the competent authorities or third parties who make a request for such information, based on the relevant legal basis and in accordance with the provisions of the applicable law.

12. TRANSFER OF DATA OUTSIDE THE EEA

12.1. The level of protection of personal data outside the European Economic Area (EEA) differs from that afforded by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and provided that an adequate level of protection is ensured, primarily through:

12.1.2. the use of standard contractual clauses issued by the European Commission;

12.1.3. theapplication of binding corporate rules approved by the relevant supervisory authority.

12.2. The Controller always communicates its intention to transfer Personal Data outside the EEA at the stage of data collection.

---

 [J1]Prosimy o sprawdzenie poprawności numeracji.

13. CONTACT DETAILS

13.1. The Controller can be contacted via email at: kontakt@zabka.pl or the postal address: ul. S. Matyi 8, 61-586 Poznań, Poland.

13.2. The Controller has appointed a Data Protection Officer, who can be contacted via email at: iod@zabka.pl, in any matter concerning the processing of Personal Data. 

14. DOCUMENT CONTROL DATA

14.1. This Policy is reviewed and revised as necessary. 

14.2. The currently adopted version of the Policy is effective as of 1 May 2023.