Get in touch

Privacy Policy

DEFINITIONS

Controller – the company operating under the name Żabka Polska Sp. z o.o., with its registered office in Poznań (61-586), at ul. Stanisława Matyi 8, entered into the Register of Entrepreneurs kept by the District Court for Poznań Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number

KRS number 0000636642, with a fully paid-up share capital of PLN 113,215,000, BDO: 000016909, NIP (Tax Identification Number): 522-30-71-241, REGON (Statistical Number): 365388398.

Personal data – all information relating to an identified or identifiable natural person, identifiable by one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP address, location data, online identifier, and information collected via cookies or other similar technologies.

Policy this Privacy Policy.

RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27.

2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Service – Internet service run by the Administrator under the adresami: https://ads.retailmedia.zabka.pl/.

User – any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.

2. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE SERVICE

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Website. Detailed rules and purposes of processing personal data collected during the User’s use of the Website are described below.

PURPOSES AND LEGAL BASES FOR DATA PROCESSING IN THE SERVICE – USE OF THE SERVICE

Personal data of all individuals using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies), who are not registered Users (i.e., individuals without a profile in the Service), is processed by the Controller:

for the purpose of providing electronic services in the scope of making content collected in the Service available to Users – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);

for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which involves analyzing User activity and preferences in order to improve the functionalities used and the services provided;

for the purpose of pursuing claims or defending against them – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which involves protecting its rights;

for marketing purposes of the Controller – the principles of processing personal data for marketing purposes are described in the “MARKETING” section.

The User’s activity in the Service, including their personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions related to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to service provision. The Controller also processes it for technical and administrative purposes, to ensure the security of the IT system and manage this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

GEOLOCATION

The Controller has provided a geolocation tool in the Service using the Google Maps API to locate the User’s device. The use of this functionality is optional and not required for proper use of the service. Location data is processed solely for the purpose of enabling the User to find the nearest physical retail points of sale of the Controller’s network if the User consents to access their geolocation information – in this case, the legal basis for processing this data is the consent given by the User (Article 6(1)(a) of the GDPR). The above data is processed on a one-time basis, meaning the information is used at the moment the consent is given. After the page is closed, the Controller has no access to the location data, nor does it store any location information retrieved while browsing the page.

Your use of the Google Maps API tool provided on the site, is further governed by the current version of the Google Maps and Google Earth Additional Terms of Service, which can be found at. https://maps.google.com/help/terms_maps/.

As part of the use of this tool, Google processes your personal data in accordance with the terms described in the current version of Google’s Privacy Policy, available at https://policies.google.com/privacy.

CONTACT FORMS

The Controller provides the possibility to contact them using electronic contact forms. Using the form requires providing personal data necessary to contact the User and respond to their inquiry. The User may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and process the inquiry, and failure to provide such data will result in the inability to process the inquiry. Providing other data is voluntary.

Depending on the specific form used by the User, personal data is processed:

In the case of the contact form – for the purpose of handling the inquiry submitted via the contact form – the legal basis for processing is the necessity of processing for the performance of a contract for the provision of services (Article 6(1)(b) of the GDPR); with regard to the processing of optional data, the legal basis for processing is the consent given (Article 6(1)(a) of the GDPR);

In the case of using any of the forms – for the purpose of pursuing or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which involves protecting its rights.

4. MARKETING
NEWSLETTER

The Controller processes the personal data of Users for marketing activities, including sending email notifications about interesting offers or content, which in some cases may contain commercial information (newsletter service). The Controller provides the newsletter service to individuals who have provided their email address for this purpose. Providing this data is required to deliver the newsletter service, and failure to provide the data will result in the inability to send the newsletter. Personal data is processed:

for the purpose of directing marketing content to the User as part of the newsletter – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO) in connection with the consent to receive the newsletter;

for analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of conducting analysis and statistics to enable the tailoring of targeted content and services to newsletter recipients; for the purpose of possibly establishing and asserting claims or defending against them – the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the possibility of defending one’s rights.

 

5. SOCIAL NETWORKS

The Administrator processes personal data of Users visiting the Administrator’s profiles maintained on social media (Facebook, YouTube, Instagram). The data is processed solely in connection with the running of the profile, including for the purpose of informing Users about the Administrator’s activities and promoting various events, services and products. The legal basis for the Administrator’s processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) RODO) in promoting its own brand.

6. COOKIES AND SIMILAR TECHNOLOGY

Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information that facilitates the use of the website – for example, by remembering the User’s visits to the Website and the activities performed by him.

“SERVICE” COOKIES

The administrator uses so-called service cookies primarily to provide

User of electronically provided services and to improve the quality of such services. Accordingly, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies, storing information or accessing information already stored in the User’s telecommunications terminal device (computer, phone, tablet, etc.). Cookies used for this purpose include:

Installed to localStorage:

  1. A cookie indicating whether the installation of cookies has been accepted;
  2. Slider plugin (tiny-slider) containing information about the User’s browser;
  3. Video plugin (plyr) containing information about the player available on the site (such as volume);
  4. Search Engine (Algolia) containing the ID key and similar information;
  5. A cookie containing information about the nearest store on the Locator.

Installed to sessionStorage:

  1. a) A cookie containing information about pop-up messages to be opened only once per session.
7. ANALYTICAL AND MARKETING TOOLS USED BY THE ADMINISTRATOR

The administrator applies various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools.

GOOGLE ANALYTICS

Google Analytics cookies are cookies used by Google to analyze your use of the Site, to create statistics and reports on the operation of the Site. Google does not use the collected data to identify

User nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/intl/pl/policies/privacy/partners.

GOOGLE TAG MANAGER

Google Tag Manager is a tool for managing scripts on a website. Using it, you can install various types of scripts on your website. This includes scripts related to consents given by the user, scripts that track user behavior through analytics tools such as Google Analytics, or conversion tracking from advertising systems such as Google Ads. In connection with the use of the tool, Google collects aggregated data on the running of these scripts, without being able to identify a specific User. Detailed information about the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/analytics/terms/tag–manager/.

GOOGLE ADS

Google Ads is a tool that allows us to measure the effectiveness of advertising campaigns carried out by the Administrator, allowing us to analyze such data as keywords or the number of unique users. The Google Ads platform also allows us to display our ads to people who have visited the Service in the past. Information on Google’s data processing for the above service is available at the link: https://policies.google.com/technologies/ads?hl=pl.

FACEBOOK PIXELS

Facebook Pixels is a tool that allows measuring the effectiveness of advertising campaigns implemented by the Administrator on Facebook. The tool allows advanced data analytics to optimize the Administrator’s activities also using other tools offered by Facebook. Detailed information on data processing by Facebook can be found at this link: https://pl–pl.facebook.com/help/443357099140264?helpref=about_content.

HOTJAR

HotJar is a tool that allows the Administrator to conduct analysis of User activity on the Website, such as through surveys or satisfaction studies, and by anonymously collecting information about clicks on particular places on the Website. The tool does not allow for User identification. Detailed information about the data collected through HotJar and how to deactivate User monitoring is available at the link: https://www.hotjar.com/privacy.

ISSUU

Issuu is a tool for viewing PDF documents. It is used to publish promotional newspaper files. It collects information about the number of: views, interaction with the file. Measures the time spent viewing the file. The tool does not allow to identify the User. Detailed information about Issuu’s data processing can be found at the link: https://issuu.com/legal/privacy.

8. MANAGING COOKIE SETTINGS

Session cookies, which are necessary for the use of the Website, are automatically installed on the User’s device. Their use is necessary for the provision of the telecommunications service (data transmission to display content) – the User does not have the option to opt out of these cookies if he wants to use the Website. Analytical and marketing cookies are not automatically installed by the Administrator. The User may grant the Administrator permission to install analytical and marketing cookies by giving his/her consent when opening the Website (entering the website) or by selecting in the footer of the page https://ads.retailmedia.zabka.pl/ Manage cookies” option.

The User may consent to the installation of analytical and marketing cookies by clicking the “I accept” button on the banner that appears after entering the website. The Administrator will then be authorized to install analytical and marketing cookies according to the settings of the browser used by the User (in the case of default settings, all cookies are installed).

The User can agree to install only analytical or marketing cookies. To do this, simply click the “Manage cookies” button on the banner that appears after entering the website and select the cookies that the User wants to agree to install.

The user may withdraw the given consent at any time.

Withdrawal of consent for the use of cookies is possible via browser settings. You can find detailed information on this subject at the following links:

Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internetexplorerdelete-manage-cookies

Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

Opera: http://help.opera.com/Windows/12.10/pl/cookies.html

Safari: https://support.apple.com/kb/PH5042?locale=en-GB

In the absence of consent or in the case of withdrawal of consent for a particular type of cookies (in the case of non-acceptance of the installation of cookies according to the settings of the browser), the Administrator does not install this type of cookies on the User’s final device.

You can verify the status of your current privacy settings for the browser you are using at any time using the tools available at the links below:


http://www.youronlinechoices.com/pl/twojewybory


http://optout.aboutads.info/?c=2&lang=EN

9. PERIOD OF PROCESSING OF PERSONAL DATA

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a general rule, data are processed for the duration of providing the service or fulfilling the order, until the withdrawal of the consent given or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

The processing period may be extended if the processing is necessary for the establishment, investigation or defense of possible claims, and thereafter only if and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.

 

10. USER RIGHTS

The user has the right: to access the content of the data and to request rectification, deletion, restriction of processing, the right to data portability and the right to object to data processing, as well as the right to lodge a complaint to the supervisory authority in charge of personal data protection.

To the extent that User Data is processed on the basis of consent, you may withdraw it at any time by contacting the Administrator or using the functionalities provided on the Website. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the legitimate interest of the Administrator, as well as – for reasons related to the User’s particular situation – in other cases where the legal basis for data processing is the legitimate interest of the Administrator (e.g. in connection with the implementation of analytical and statistical purposes).

11. DATA RECIPIENTS

In connection with the performance of services, personal data will be disclosed to external entities, including in particular IT service providers and entities such as marketing agencies (for marketing services).

If the User’s consent is obtained, his data may also be shared with other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who make a request for such information, relying on the relevant legal basis and in accordance with the provisions of the applicable law.

12. TRANSFER OF DATA OUTSIDE THE EOG

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:

Cooperation with processors of personal data in countries with respect to

Which the relevant decision of the European Commission has been issued; use of standard contractual clauses issued by the European Commission;

application of binding corporate rules approved by the relevant supervisory authority;

in the case of data transfers to the US, cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.

The controller always informs about the intention to transfer personal data outside the EEA at the stage of collection.

13. SECURITY OF PERSONAL DATA

The Administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed by him in a secure manner – ensuring, first and foremost, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.

The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees to apply appropriate security measures whenever they process personal data on behalf of the Administrator.

14. CONTACT INFORMATION

Contact with the Administrator is possible via e-mail address: IOD@zabka.pl or mail address: Żabka Polska Sp. z o.o., 8 Stanisława Matyi Street, 61-586 Poznań.

The Administrator has appointed a Data Protection Officer, who can be contacted via e-mail: IOD@zabka.pl on any matter concerning the processing of personal data.

15. PRIVACY POLICY CHANGES

The Policy is reviewed on an ongoing basis and updated as necessary. If the Policy is updated, the User will be notified by displaying a clear notice on the Service or by sending the User an email. In some cases, the User may be notified in advance of the update of the Policy, and the fact of using the Service will imply acceptance of the updated version of the Policy.

A user who does not accept the terms of service on the Website after the newer version of the Policy comes into effect may stop using the Website’s services.

The current version of the Policy has been adopted and is effective as of 20.11.2024