Controller – Perła – Browary Lubelskie S.A., with its registered office in Lublin, ul. Bernardyńska 15, 20-950.
Personal Data – information about a natural person identified or identifiable by one or several specific factors referring to physical, physiological, genetic, mental, economic, cultural or social identity, including device’s IP, location data, online identifier and information collected through cookies or other similar technology.
Policy – this Privacy Policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – the website run by the Controller on the following address: perlowapijalniapiwa.pl.
User – any natural person visiting the Website or using one or several services or functionalities described in the Policy.
Perłowa Pijalnia Piwa – a restaurant run by the Controller in Lublin at 15A Bernardyńska Street.
Data processing in connection with using the Website
In connection with using the Website, the Controller collects Users’ data to the extent necessary for providing the individual services offered, as well as information on the User’s activity on the Website. The detailed principles and purposes of the processing of Personal Data collected in connection with using the Website are described below.
Purposes and bases of data processing on the Website
USE OF THE WEBSITE
Personal Data of all persons using the Website (including their IP addresses or other identifiers and information collected by means of tools used by the Controller) is processed by the Controller:
for the purpose of providing electronic services in the scope of making the content collected on the Website available to Users – the legal basis for such processing is the fact that the processing is indispensable for the performance of contractual provisions (Article 6.1.b of GDPR); in the scope of data provided optionally, the legal basis for such processing is the consent granted by the User (Article 6.1.a of GDPR);
for analytical and statistical purposes – the legal basis for such processing is the Controller’s legitimate interest (Article 6.1.f of GDPR) consisting of conducting analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and the services provided;
for the purpose of establishing and investigating claims or defending against them – the legal basis for such processing is the Controller’s legitimate interest (Article 6.1.f of GDPR), consisting of the protection of the User’s rights.
The User’s activity on the Website, including his/her Personal Data, is recorded in system logs (special software used to store a chronological record containing information about the events and activities that concern the IT system used by the Controller to provide services). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller may also process data for technical and administrative purposes, for the purpose of ensuring security and managing the IT system, as well as for analytical and statistical purposes – the legal basis for such processing is the Controller’s legitimate interest (Article 6.1.f of GDPR).
BOOKING THROUGH E-MAIL CORRESPONDENCE OR TELEPHONE CONTACT
The Controller provides the possibility to make reservations at the restaurant run by the Controller by e-mail or telephone.
If the Controller receives correspondence or is contacted by e-mail or telephone regarding any matters unrelated to the services provided, the personal data obtained during such contact is processed solely for the purpose of conducting communication and resolving the matter. The legal basis in this case is the Controller’s legitimate interest (Article 6.1.f of GDPR) connected with the need to resolve the reported matter related to its business activity.
Personal data is processed by the Controller:
for the purpose of exchanging correspondence – the legal basis for processing is the Controller’s legitimate interest (Article 6.1.f of GDPR) which is to enable the Controller to exchange correspondence in connection with its business activities;
for booking purposes – the legal basis for such processing is the fact that the processing is indispensable for the performance of contractual provisions (Article 6.1.b of GDPR); in the scope of data provided optionally, the legal basis for such processing is the consent granted by the User (Article 6.1.a of GDPR);
for the purpose of investigating claims or defending against them – the legal basis for such processing is the Controller’s legitimate interest (Article 6.1.f of GDPR) to enable the Controller to determine and investigate claims, or to defend against them.
GEO-LOCATION
The Controller has provided the Google Maps API tool on the Website, which enables displaying information on the surroundings of Perłowa Pijalnia Piwa. Google is the provider of the tool. In connection with its use, the Controller does not collect data about the User’s location.
The use of the Google Maps API tool provided on the Website is further governed by the current version of the Specific Terms and Conditions of Use of Google Maps and Google Earth, which can be found on https://maps.google.com/help/terms_maps
In connection with using this tool, Google processes the User’s personal data in accordance with the principles described in the current version of its Privacy Policy available on https://policies.google.com/privacy. The Controller is not responsible for data processing by Google.
Social networking sites
The Controller processes Personal Data of Users visiting the Controller’s profiles on social media (Facebook, Instagram). This data is processed in connection with running the profile, also for the purpose of informing Users about the Controller’s activities and promoting various events, services and products. The legal basis for the Controller’s processing of Personal Data for this purpose is its legitimate interest (Article 6.1.f of GDPR), connected with promoting its own brand.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies are small text files installed on the User’s device when browsing the Website. Cookies collect information making it easier to use the Website, e.g., by remembering the User’s visits to the Website and the actions performed.
SERVICE COOKIES
The Controller uses so-called “service” cookies primarily to render the services provided electronically to the User. Cookies used for this purpose include:
cookies with data entered by the User (session ID) for the duration of the session (user input cookies).
ANALYTICS COOKIES
The Controller uses analytics cookies to improve the quality of services on the Website. In this regard, the Controller and other entities providing analytical and statistical services to the Controller use cookies to store information or access information already stored on the User’s telecommunications terminal equipment (computer, phone, tablet, etc.). Cookies used for this purpose include:
Google Analytics cookies used to analyse the use of the Website and to develop statistics and reports on the functioning of the Website;
Goggle Tag Manager cookies used to manage scripts on the website.
Analytical tools used by the Controller and its Partners
The Controller and its Partners use various solutions and tools for analytical purposes. Basic information about these tools is provided below. For further details, please refer to the privacy policy of individual partners.
GOOGLE ANALYTICS
Google Analytics cookies are used by Google to analyse the use of the Website by the User, and to develop statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User, nor does it align this information to make such identification possible. Detailed information on the scope and principles of data collection in connection with this service can be found on: https://www.google.com/intl/pl/policies/privacy/partners.
GOOGLE TAG MANAGER
Google Tag Manager is a tool for managing scripts on a website and can be used to install various types of scripts. These include scripts related to the User’s consent, scripts tracking Users’ behaviour through analytical tools such as Google Analytics, or conversion tracking from advertising systems such as Google Ads. In connection with the use of the tool, Google collects aggregated data on running these scripts, without being able to identify a specific User. Detailed information on the scope and principles of data collection in connection with this service can be found on: https://www.google.com/analytics/terms/tag-manager/.
MANAGEMENT OF COOKIE SETTINGS
Service cookies, which are necessary for the use of the web page, are automatically installed on the User’s device. Their use is necessary for the provision of the telecommunications service (data transmission for the display of content) – the User does not have the possibility to opt out of these cookies if he/she wishes to use the Website.
Analytics cookies are not automatically installed by the Controller. The User may grant a permission to the Controller to install analytics cookies by giving his/her consent when entering the Website or by using this link
The User can consent to the installation of analytics cookies by clicking on the “Accept all” button on the banner that appears when entering the web page. The Controller will then be entitled to install analytics cookies according to the settings of the browser used by the User. (In the case of default settings, all cookies are installed).
The User can consent to the installation of only selected analytical cookies. To this end, it is sufficient to click on the “Manage cookies” button on the banner that appears when entering the web page and select the cookies to the installation of which the User wishes to consent (each type and each cookie provider separately).
The User can withdraw the consent given at any time. To do so, the User should click on the cookie icon in the corner.
It is also possible to withdraw the consent to the use of cookies via browser settings. Detailed information can be found under the following links:
If the consent for a given type and provider of cookies has not been given or has been withdrawn (in the case of not accepting the installation of cookies in accordance with the settings of the browser), the Controller will not install such cookies on the User’s terminal equipment.
The User may at any time verify the status of his/her current privacy settings for the browser he/she is using by means of the tools available at the following links:
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a general rule, data is processed for the duration of the service provided or the execution of the order, until the consent is withdrawn or until an effective objection is made to the data processing in cases where the legal basis for such processing is the Controller’s legitimate interest.
The period of data processing may be extended where the processing is necessary for establishing and investigating claims or defending against them, and thereafter only if and to the extent as required by law. After the expiry of the processing period, the data shall be irreversibly deleted or anonymised.
Rights arising in connection with the processing of personal data
RIGHTS OF DATA SUBJECTS
The following rights are vested in data subjects:
the right to be informed on the processing of personal data – the Controller shall provide the person making the request with information about data processing, including in particular the purposes and legal bases for such processing, the scope of the data retained, the entities to which the data is disclosed, and the planned date of data erasure;
the right to obtain copies of data – the Controller shall provide the person making the request with copies of the processed data;
the right to rectify data – the Controller shall eliminate any inconsistencies or errors in the Personal Data being processed, and to complete it when necessary;
the right to erase data – the data subject may demand the erasure of data whose processing is no longer necessary for the fulfilment of any of the purposes for which it was collected;
the right to restrict processing – if such a request is made, the Controller shall cease to perform operations on Personal Data – with the exception of operations to which the data subject has given his/her consent – and to store such data in accordance with the retention rules adopted or until the reasons for restricting the processing cease to apply (e.g., a decision is issued by a supervisory authority allowing for the further processing of data);
the right to data portability – to the extent that the data is processed by automated means in connection with the concluded agreement or under consent, the Controller shall supply the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided that both the Controller and the entity concerned have the technical capacities to do so;
the right to object to data processing for marketing purposes – the data subject may at any time object to the processing of Personal Data for marketing purposes, without having to justify such objection;
the right to object to other data processing purposes – the data subject may at any time object, for reasons connected with his/her unusual circumstances, to the processing of Personal Data which takes place in connection with the Controller’s legitimate interest (e.g., for analytical or statistical purposes, or for reasons connected with property protection); such objection should be made along with providing justification;
the right to withdraw the consent – if the data is processed under the consent, the data subject has the right to withdraw it at any time; however, this shall not affect the lawfulness of the processing carried out before the withdrawal of the consent;
the right to file a complaint – if the processing of Personal Data is considered to be in breach of the provisions of GDPR or other provisions relating to the protection of Personal Data, the data subject may file a complaint with the supervisory body for the processing of Personal Data, having jurisdiction over the data subject’s usual place of residence, place of work or place where the alleged breach has been committed.. In Poland, the supervisory body is the President of the Personal Data Protection Office.
REPORTING A REQUEST CONCERNING THE EXERCISE OF RIGHTS
A request for the exercise of data subjects’ rights can be made:
in writing to the Controller’s address;
electronically to the e-mail address: kodo@biuro.perla.pl.
The request should, as far as possible, indicate precisely what the request concerns, in particular:
which right the requesting person wants to exercise (e.g., the right to obtain a copy of the data, the right to erasure, etc.);
which processing the request refers to (e.g., use of a particular service, activity on a particular website, receipt of a newsletter containing commercial information to a particular e-mail address, etc.);
which processing purposes the request refers to (e.g., marketing purposes, analytical purposes, etc.).
If the Controller is unable to identify the natural person on the basis of the request, it shall request additional information from the person making the request. The provision of such data is not mandatory but failure to provide it shall result in the request rejection.
The request can be made in person or through a proxy (e.g., a family member). For reasons connected with data security, the Controller encourages the use of a power of attorney in a form certified by a civil-law notary or an authorised legal counsel or attorney, which will all significantly speed up the verification process of the authenticity of the request.
A response to the request should be provided within one month of receipt. If it is necessary to extend this deadline, the Controller shall inform the requesting persons of the reasons.
If the request has been addressed to the Company electronically, the response shall be provided in the same form unless the requesting person demanded the response in another form. Otherwise, the response shall be provided in writing. Where the timing of the request makes it impossible to provide the response in writing and the extent of the requesting person’s data processed by the Controller enables electronic contact, the response shall be provided electronically.
FEE COLLECTION PRINCIPLES
The processing of submitted requests is free of charge. Fees may be charged only in the case of:
making a request for issuing the second and each subsequent copy of data (the first copy of data is free of charge); in such cases, the Controller may change PLN 200.00. The aforementioned fee includes administrative costs related to processing the request;
submitting excessive (e.g., very frequent) or clearly groundless requests by the same person; in such cases, the Controller may charge PLN 500.00. The aforementioned fee includes the costs of communication and the costs related to taking the requested action;
If the decision to impose the fee is contested, the data subject may file a complaint with the supervisory body for the processing of Personal Data, having jurisdiction over the data subject’s usual place of residence, place of work or place where the alleged breach has been committed. In Poland, the supervisory body is the President of the Personal Data Protection Office.
Data recipients
In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular suppliers responsible for the supply and operation of IT systems.
The Controller reserves the right to disclose selected information concerning the User to the competent bodies or third parties who make a request for such information by referring to the appropriate legal basis and in accordance with the provisions of the applicable law.
Provision of data outside the EEA
The level of Personal Data protection outside the European Economic Area (EEA) differs from that envisaged by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
cooperating with the processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of Personal Data protection;
applying standard contractual clauses issued by the European Commission;
applying binding corporate rules approved by the competent supervisory body.
The Controller shall always disclose its intent to transfer Personal Data outside the EEA upon its collection.
Contact details
The Controller can be contacted via e-mail kodo@biuro.perla.pl or the following mailing address: Koordynator Danych Osobowych [Personal Data Coordinator], ul. Bernardyńska 15, [post code] 20-950 Lublin.
The Controller has appointed the Personal Data Coordinator who can be contacted via e-mail kodo@biuro.perla.pl on any matter concerning the processing of Personal Data.
Amendments to the Privacy Policy
The policy is updated on an ongoing and as needed basis.
The current version was adopted on and has been binding since 18th April 2023.