Date of first publication of this Privacy Policy 29.06.22
Date of last update of this Privacy Policy 29.06.22

1. Definitions

1.1. Controller – Domeguru Sp. z o.o. with its registered office in Szczecin, ul. Madalińskiego 5, 70-101 Szczecin, EU VAT: 9552538274.

1.2. Personal Data – any information relating to a natural person who is or can be identified by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP address, location data, Internet handle and information collected through cookies or similar.

1.3. Policy – this document, i.e. the privacy policy.

1.4. GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

1.5. Website – an Internet website operated by the Controller at the address https://dineatdome.com.

1.6. User – any natural person visiting the Website or using the services or functionalities described in the Policy.

2. Basic information

2.1. The ultimate purpose of this Policy is to provide you with the knowledge of data processing procedures performed in connection with operating the Website.

2.2. The personal data controller is an entity that determines the purposes and means of processing your Personal Data when you use the Website or its functionalities.

2.3. You will find details about the processing of your Personal Data in this document. We are committed to sharing with you full information on what happens to the Personal Data of which we are the controller or joint controller.

3. Data Protection Officer

3.1. According to the GDPR, the Controller does not have an obligation to appoint a Data Protection Officer Consider. However, keep in mind that this does not affect the degree of the protection of your privacy, which is surveyed by our professionals who monitor compliance with internal procedures to make sure that the Personal Data of all our Users are secure.

3.2. You will be informed if we appoint a Data Protection Officer in the future.

4. Bases and purposes of personal data processing

4.1. We process the Personal Data of Users to a varying extent and on a different legal basis specified in the GDPR. All depends on the purpose of processing of your data. We can process your Personal Data in particular on the basis of:

4.1.1. Article 6(1)(a) of the GDPR, if you granted your consent to the processing of personal data, for example to receive a newsletter;

4.1.2. Article 6(1)(b) of the GDPR, when you have concluded or intend to conclude an agreement (including electronically) with us, when you began collaborating with us, or when you submitted a complaint using the tools available on the Website;

4.1.3. Article (6)(1)(c) of the GDPR, when we perform our legal obligations, for example issue invoices or bills, store documentation related to concluded agreements or make settlements with authorities;

4.1.4. Article 6(1)(f) of the GDPR, when we process your data based on our legitimate interests, such as potential establishment, exercise or defence of legal claims, exercising the duties of a website administrator, answering your inquiries (including inquiries sent via forms available on the Website), or collecting your data for analytical, administrative or statistical purposes.

4.2. Remember that we are processing the Personal Data of Users solely to the extent to which we are entitled to do so.

4.3. Consider also that Personal Data collected, for example, to conclude an agreement or perform a legal obligation, can under certain conditions (Article 6(4) of the GDPR) be processed for the needs of one or more legitimate interests of the Controller. The condition is, however, that processing for such other purpose is compatible with the purpose for which the personal data were initially collected.

5. Manner of obtaining personal data by the Controller

5.1. As part of the Website, the Controller processes (or may process) the following

Personal Data or information which may constitute Personal Data.

5.1.1. Data provided by you:
You need to provide your Personal Data to conclude an agreement for electronic provision of services with us or to use certain functionalities of the Website. We always state which Personal Data are mandatory and which can be provided voluntarily. In particular, you provide us with data such as: first name, last name, company, phone number, email, NIP tax identification number. It may also happen that you use the tools we make available to facilitate contact between us. For example, when you write us using a contact form available on the Website, you will be asked for your first and last name and your e-mail address so that we can send you a reply. Consider also that we are using Tablein, a tool that interfaces between the Controller and specific restaurants in which you want to book a table. The provider of that tool is UAB “Internet Marketing Solutions”, K. Donelaičio g. 62, LT-44248, Kaunas, Lithuania (tax code: 30184055). UAB “Internet Marketing Solutions” acts sometimes as a controller and sometimes as a processor. To learn more, read the respective messages on our Website when you enter your personal data and read the privacy policy of the tool’s provider at https://www.tablein.com/privacy/ .

5.1.2. Data we receive automatically when you use the Website: First and foremost, we want to inform you that we use various tools to make our Website more efficient and comfortable. We are also committed to constantly improving the Website functionalities we use. We declare that it is not our purpose to identify the Users who use our Website. The majority of the following tools we use employ cookies (to learn more about cookies, see section 5.1.3 below). For this reason, based on our legitimate interest, i.e. based on Article 6(1)(f) of the GDPR, we collect the following kinds of data:

• Geolocation data
Using the Website, we can automatically receive the IP address of your device, information about your ISP and other information, which allow us to determine your latitude and longitude.

• Information obtained by Google Analytics
The Website uses Google Analytics, which allows us to improve our services. Google Analytics is a tool for collecting anonymised information about Website visits as regards time spent on the Website, pages displayed or links clicked. This tool uses cookies and the information we collect allows us to analyse how Users are using our Website. If you do not want to share this information with us, you can install an add-on to block Google Analytics in your browser. For more, see https://support.google.com/analytics/answer/181881

• Google Tag Manager
We use Google Tag Manager to make analysing the Website easier and improve our Website tag management. Consider that the tool is used only to implement tags and does not store any cookies, and consequently does not collect your personal data.

• Google Remarketing
We use the so-called remarketing tools that allow you to see our ads once you have visited our Website. For this purpose, Google Remarketing stores cookies in your device. If you do not want Website or Website offering ads displayed on other websites, you can change the settings of your browser, disable conversion tracking or install an add-on that does not allow ads to be personalised in your device
https://support.google.com/ads/answer/7395996

• Facebook Pixel
Facebook Pixel (provided by: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is another tool we use for remarketing, allowing you to see our ads once you have visited our Website. Thanks to it, we can also make our ads less burdensome, so that they are displayed only to people interested in our services. Processing your data as part of the above tool occurs under Facebook’s privacy policy, see https://www.facebook.com/about/privacy (where you will also find the details of the Facebook DPO). We urge you to consider that in processes such as creating customised ads and providing commercial messages we are the joint controller of your personal data together with Facebook. We are the joint controller of your data pursuant to an agreement https://www.facebook.com/legal/controller_addendum concluded between Facebook and the Controller. The basis for sharing data in the scope of joint control is Article 6(1)(f) of the GDPR.

5.1.3. Cookies
• Cookies should be understood as IT data, for example text files, stored in the end devices of Users. Such files allow to recognise the User’s device and show the Website in a manner adjusted to the User’s preferences. Cookies usually contain the name of the website they derive from, the time of storage in the end device, and a unique number. We are using only first-party cookies, either temporary or permanent.
• The Website also uses the so-called security cookies that allow us to identify and prevent threats to your security. Thanks to them, we can authenticate users and protect their data against access by unauthorised persons.
• In addition, we are using the so-called site management cookies to remember your identity or Website session. Thanks to these cookies, you will not be unexpectedly logged out, and all information you enter are remembered when you navigate from one Website content to the next.
• The last kind of cookies we use are the so-called analytics cookies. These cookies are used to monitor how you reached the website and how you interact with its functionalities. Thanks to these cookies, we know which parts of the Website work best and which can still be improved.

5.1.4. Do you want to delete cookies?
Usually, your website browsing software allows placing cookies on your end device. Remember, however, that you can change these settings at any time and block automatic handling of cookies. Detailed information about the possibility and methods of handling cookies can be found in the settings of your software (Internet browser). Consider that limiting the use of cookies may affect some of the functionalities offered on the website.
Example of how to delete cookies in selected browsers;
Edge
Internet Explorer
Chrome
Safari
Firefox
Opera
Mobile devices:
Android
Safari (iOS)
Windows Phone

6. Entities with which we can share Personal Data

6.1. Your Personal Data may be shared with third parties. Making the Website available to you would not be possible without cooperation with our partners, in particular providers of IT, legal, debt recovery and accounting services or booking management tools.

6.2. There are also other entities with which we can share your Personal Data, that is entities authorised to request your data under the provisions of law.

7. Marketing and newsletter consents

7.1. While using the Website, you can voluntarily grant your consent to have your personal data processed to manage the newsletter service or to send marketing contents via text messages. The newsletter and text messages will be used to send you information about Website news, special offers or planned and
implemented changes.

7.2. For marketing purposes, we will use, depending on the scope of your consent, such personal data as first name, last name, email address and phone number.

7.3. Remember that you can withdraw your consent for data processing at any time, either for all of the above purposes or some of them.

7.4. Granting marketing and newsletter consent is fully voluntary and does not affect the possibility of concluding an agreement with us and the quality of its future performance.

7.5. Consider that we do not plan to use your data for marketing purposes in a way burdensome for you – you can expect to hear from us at most once per week, unless you decide otherwise and ask for such contact.

8. Transferring data to third countries

8.1. As a rule, we will not transfer your personal data to a third country or international organisation outside the EEA (European Economic Area).

8.2. We urge you to consider, however, that tools provided by Google LLC, such as
for example:
1) Google Analytics;
2) Google Ads;
3) Google Remarketing;
4) Google Tag Manager;
may cause your personal data to be transferred to third parties. For this purpose, Google uses standard contractual clauses.

9. Personal data retention period

9.1. The time for which personal data are processed by the Controller depends on the type of service provided and the purpose of processing. As a rule, data are processed for the time of providing a service or completing an order, until a granted consent is withdrawn, or until a successful objection to data processing is made in cases where the legal basis for data processing is the legitimate interest of the Controller.

9.2. The time for which data are processed may be extended when the processing is necessary for potential establishment, exercise or defence of legal claims, and afterwards only in cases and to the extent required by provisions of law. After the processing time has elapsed, the data are irretrievably erased or
anonymised.

10. User rights

10.1. Pursuant to the GDPR, a User has the following rights related to the processing of their Personal Data by the Administrator:

10.1.1. Right of access to personal data
You have the right to obtain from the Controller confirmation whether your Personal Data are being processed, and if so, to what extent and for what purposes (described more fully in Article 15(1) of the GDPR).

10.1.2. Right to rectification of the processed data
You have the right to demand from the Controller an immediate rectification of your Personal Data if they are inaccurate.

10.1.3. Right to erasure of data (“right to be forgotten”)
If it appears that your Personal Data are no longer necessary in relation to the purposes for which they were processed, if a successful objection has been made, if the data are processed in violation of law, or if the data must be erased in compliance with a Polish or EU law obligation, you may demand their immediate erasure.

10.1.4. Right to restriction of processing of data
You have the right to demand from the Controller restriction of the processing of your personal data, which consists of the need to restrict the processing of your data solely to storage. Processing of data, with the exception of storage, is possible only if one of the following prerequisites is met:
– the data subject has granted their consent;
– for the establishment, exercise or defence of legal claims;
– to protect the rights of another natural or legal person;
– due to important reasons of public interest of the European Union or
member state.

10.1.5. Right to data portability
You have the right to transfer data processed in an automated manner directly to another controller if the processing occurs on the basis of your consent (Article 6(1)(a) of the GDPR) or agreement (Article 6(1)(b) of the GDPR) and is technically feasible.

10.1.6. Right to object to further processing of your data
You have the right to object to the processing of your Personal Data – this right is sometimes absolute and sometimes relative in nature. If it is absolute, it may form the basis for demanding erasure of the data; As a rule, if you decide to object to the processing of your personal data, it may become effective if the Controller fails to demonstrate that any valid and compelling legitimate grounds for processing exist that overrule your interests, rights and freedoms or that your Personal Data are necessary for the potential establishment, exercise or defence of legal claims.

10.1.7. Right to withdraw consent
If you have granted us your consent, you have the right to withdraw it at any time. Remember, however, that withdrawing consent does not affect the lawfulness of processing based on the consent prior to withdrawal. Consider also that you cannot withdraw your consent to process Personal Data if you have not granted it, for example when your data are processed for the purpose of performing an agreement.

10.1.8. Right to lodge a complaint with a supervisory authority
If you object to our processing of your Personal Data, you can directly notify the relevant supervisory authority, namely the President of the Personal Data Protection Office. For more information, see
https://uodo.gov.pl/pl/p/skargi

10.2. If you want to exercise your rights, you can contact the Controller via email by sending a message at privacy@domeguru.com or via a contact form found on the Website.

10.3. Exercising any of the above rights occurs on request of the User. The Controller thoroughly analyses each submitted request and sends a reply immediately, but not later than within one month from the date of receiving the request.

10.4. The Controller reserves the right to send a reply at a date later than stated above (up to two months) due to the number of inquiries or the complicated nature of a sent inquiry. In such a case, the Controller informs the User of this fact within one month from the date on which the User submitted the request.

11. Voluntary provision of personal data

11.1. Providing personal data on the Website is completely voluntary – after all, we cannot force you to use our tools. If, however, you want to use the services we offer, not providing your data prevents us from concluding an agreement and complying with our legal requirements (for example, we will be unable to issue an invoice, even though we are obliged to do so). In effect, failure to provide your data, even if such provisions is voluntary, will make it impossible to conclude an agreement with us.

11.2. In the remaining scope, where processing of personal data is subject to your consent, providing them is entirely voluntary.

12. Updates of the Privacy Policy

12.1. Our goal is to constantly improve the quality of the services we offer while ensuring that your Personal Data are fully protected. Our website will change in the future and so will our Privacy Policy we drafted for you. We have made every effort to describe these issues to you as best as we can. If, however, something remains unclear, write us at privacy@domeguru.com