Privacy Policy

WEBSITE PRIVACY POLICY www.aboutmatcha.com 1. General Provisions

  1. The Privacy Policy defines the principles of processing and protecting the personal data of Users and Customers (including potential customers) using the Website available at the Internet address: aboutmatcha.com, hereinafter referred to as the Website. The document also specifies the rules for the use of cookies.
  2. The privacy policy of the Service is
  3. The administrator of the personal data of the Users and Customers of the Service within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (OJ EU. L No. 119, p. 1), hereinafter referred to as GDPR, is Matcha Global Cafe sp. z o.o. Matcha Global Cafe sp. z o.o. with its registered office in Warsaw at ul. Nowy Świat 66, 00-357 Warsaw; REGON: 540036043, NIP 5253022483, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number 0001135515. E-mail address: [email protected], telephone number: +48 666660605, hereinafter referred to as the Administrator and being both the Service Provider and the Seller.
  4. Personal data are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).
  5. The Administrator makes every effort to protect the interests of persons whose the collected data concern, and in particular ensures that these data are processed in accordance with Personal data are collected by the Administrator for defined, lawful purposes and not subject to further processing incompatible with these purposes. The Administrator declares that the data collected by him is stored in a form that allows identification of the persons to whom it relates, no longer than is necessary to achieve a given purpose of processing.
  6. The purpose of the Privacy Policy is to define the actions taken by the Administrator, in the scope of personal data collected via the Website and services and tools related to the Website, used by Customers to perform activities such as creating an Account, placing an Order and performing other types of activities within the Website.
  7. The Customer who uses the services and tools provided within the Website confirms that he has read the provisions of the Privacy Policy and the Regulations of the Website, and also consents, if necessary, to the use of his personal data in accordance with the Regulations of the Website and the Privacy Policy (for this purpose, he selects the appropriate checkboxes following the messages appearing on the website of the Website).
  8. All data collected by the Administrator are protected using rational technical and organizational measures and security procedures in order to protect them against access by third parties. unauthorized or their unauthorized use.
  9. The Administrator of the Website has exclusive access to the data under the terms and conditions specified in the Regulations and Privacy Policy. Access to the Customer’s personal data may also be entrusted to other entities, e.g. through which the Customer makes payments, which entities collect, process and store personal data in accordance with their regulations and privacy policies. Access to the Customer’s personal data is granted to the entities in question to the extent necessary and only to such an extent that will ensure the proper implementation of services. External entities process the entrusted data only on the basis of appropriate agreements.
  10. All words and expressions appearing in the Privacy Policy beginning with a capital letter (e.g. Website, Customer, Order) should be understood in accordance with the definitions contained in the Website Regulations available on the Website of the Website.

  2. Collection, acquisition, scope and purpose of collecting personal data

  1. The Administrator obtains information about users, among others, by collecting server logs via the hosting operator.
  2. Data saved in the server logs is not associated with specific people using the Service’s website and is not used to identify people using the Service.
  3. Server logs are only auxiliary material used for administration
  4. The Administrator informs that in connection with the possibility of registering on the Internet Service and creating an Account, Customers creating an Account on the Internet Service may be required to provide certain data, such as an e-mail address and password. Providing the data specified during the registration process is necessary to create an Account, and the remaining data may be provided additionally.
  5. Within the Internet Service, the Administrator may collect personal data of Customers and potential Customers contacting the Administrator as part of customer service, and which personal data are necessary to fulfill a given request of the Customer and contact them in order to provide a response. The basis for data processing is art. 6 sec. 1 letter a GDPR – consent to processing. The legal basis for processing after any termination of contact will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (in accordance with art. 6 sec. 1 letter f GDPR). If an agreement is concluded after contact, the data will be processed on the basis of art. 6 section 1 letter b GDPR.
  6. Data provided in connection with the subscription to the E-mail Newsletter (e-mail address) is used only to send the Newsletter, based on the expressed consent (in accordance with art. 6 sec. 1 letter a GDPR).
  7. Data provided in connection with the subscription to the SMS/MMS Newsletter (phone number) is used only to send the SMS/MMS Newsletter, based on the expressed consent (in accordance with art. 6 sec. 1 letter a GDPR).
  8. The Administrator processes the personal data of Customers necessary for the proper implementation of the services available on the Website and is authorized to use the data collected and stored within the Website for the following purposes:
    • placing an order on the Website (in accordance with art. 6 sec. 1 letter b GDPR),
    • concluding and implementing the Sales Agreement or the Agreement for the provision of Electronic Services (in accordance with art. 6 sec. 1 letter b GDPR),
    • direct marketing of own products or services (based on Art. 6 sec. 1 f GDPR),
    • ensuring full User service, including setting up and managing User account(s), solving technical problems and providing appropriate functions (based on Art. 6 sec. 1 lit. b and f GDPR),
    • adapting the offer and User experience (based on art. 6 sec. 1 letters b and f GDPR),
    • sending the E-mail Newsletter: information about promotions, discounts and new products (based on art. 6 sec. 1 letter a GDPR),
    • sending the SMS/MMS Newsletter: information about promotions, discounts and new products (based on art. 6 sec. 1 letter a GDPR),
    • contacting Users, in particular for purposes related to the provision of services, User service, permitted marketing activities (based on art. 6 sec. 1 letters a, b and f GDPR),
    • conducting research and analyses in order to improve the operation of available services (based on art. 6 sec. 1 letters b and f GDPR),
    • enforcing compliance with the Terms of Service (pursuant to art. 6 sec. 1 lit. b and f of the GDPR).
  9. The Administrator is entitled to store data collected and tracked on the Website only to the extent necessary to achieve the above-mentioned purposes.
  10. The Administrator reserves the right to filter and block messages sent via the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the security of users of the Website.
  11. The Administrator is entitled to automatically acquire and register data transferred to the server by web browsers or Customer devices, e.g. IP address, software and hardware parameters, pages viewed, mobile device identification number and other data concerning devices and use of systems. The above information will be collected when using the Website.
  12. The Administrator collects, processes and stores the following Customer data:
    • e-mail address (e-mail address),
    • name and surname,
    • company name (in the case of Customers who are not consumers),
    • NIP (in the case of Customers who are not consumers),
    • delivery address (street, house number, apartment number, postal code, town, country),
    • business address/registered office (in the case of Customers who are not consumers),
    • number
  1. The Seller declares that the provision of data by the Customer, in the above-mentioned scope, is voluntary. However, their provision may be necessary to conclude and implement the Sales Agreement or the Agreement for the provision of Electronic Services on the Website. The scope of requiredThe data processing point of the contract is previously indicated on the Website and in the Website Regulations
  2. Data provided in connection with the Order on the Website is processed for the purpose of executing the contract, i.e. fulfilling the Order (Article 6, paragraph 1, letter b of the GDPR), issuing an invoice and performing other activities related to the provisions of tax law (Article 6, paragraph 1, letter c) and for archival and statistical purposes based on the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR).
  3. Example recipients of personal data of Customers of the Website:

– in the case of a Customer who uses the electronic payment method or a payment card on the Website, the Administrator entrusts the collected personal data of the Customer to a selected entity handling electronic payments on the Website.

  1. The Administrator informs Users that it entrusts the processing of personal data to the following entities entities:
    • Matcha Global Cafe sp. z o.o. – in order to store personal data on the server on which the Service is installed, in order to fulfill the obligation of tax settlements and accounting,
  2. The website uses plugins and other tools provided by social networking sites, such as Facebook or Instagram. When displaying a website containing such a plugin, the User’s browser establishes a direct connection with the servers of the administrators of the aforementioned social networking sites. The content of the plugin is transferred directly to the User’s browser and integrated with the site. If the User is logged into one of the social networking sites, the service provider will be able to directly assign the visit to the Site to a given profile on a given social networking site. If the User clicks, for example, on the “Share” button, the appropriate information will also be sent directly to the server of the given service provider and stored there. In addition, this information will be published on the given social networking site and will appear, for example, on the Facebook wall. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the rights of Users in this regard and the possibility of making settings to protect privacy are described in the privacy policy of individual service providers.
  3. The Administrator informs that it uses the following technologies to track actions taken by the user/Client within the Service’s website:
  • Google Analytics tracking code – in order to analyze the statistics of the Service’s website, information related to Google Analytics can be found at: https://support.google.com/analytics/answer/6004245,
  • Facebook conversion pixel (JavaScript code fragment) – in order to monitor events on the Service’s website and manage Facebook ads; information collected within the Facebook pixel is anonymous – it does not allow the Administrator to identify a given person. More information related to Facebook’s use of data collected through the pixel can be found here: https://facebook.com/privacy/explanation.

  3. Cookie policy and operational data

  1. The Administrator automatically collects information contained in cookies in order to collect data related to the use of the Website by Cookies are a small piece of text that the website sends to the User’s browser and which the browser sends back on subsequent visits to the website. They are mainly used to maintain the session, e.g. by generating and sending back a temporary identifier after logging in.
  2. The Administrator uses “session” cookies stored on the Client’s end device until they log out, close the website or close the web browser, and “permanent” cookies stored on the Client’s end device for the time specified in the cookie parameters or until they are deleted by the Client.
  3. The Administrator uses the following types of cookies within the Website:
    • “essential” cookies, enabling the use of services available within the Website,
    • cookies used to ensure security,
    • “performance” cookies, used to obtain information on how the Website is used by Users,
    • “advertising” cookies, enabling the provision of advertising content to Users that is more tailored to their interests,
    • “functional” cookies, enabling “remembering” the settings selected by the User and adapting the Website to the User.
  4. The Service Administrator uses external cookies for the following purposes:
    • collecting general and anonymous statistical data via analytical tools: Google Analytics (the cookie administrator is Google LLC based in the United States),
    • popularizing the Website via the social networking site facebook.com (external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland).
  1. Google LLC and Facebook Inc are entities from a third country – the United States and have joined the Privacy Shield in order to ensure an adequate level of personal data protection required by the GDPR. The European Commission has confirmed the appropriate level of data protection for companies that have joined the Privacy Shield.
  2. Cookies adjust and optimize the Website and its offer for the needs of Customers through activities such as creating statistics of the Website’s views and ensuring the safety of its users.
  3. Cookies are also necessary to maintain the Customer’s session after they leave the Website.
  4. The Customer may change the cookie settings at any time using their web browser, including blocking the ability to collect cookies.
  5. Blocking the ability to collect cookies or making other changes to the cookie settings on the Customer’s device may make it difficult or impossible to use the services and tools of the Website, including the ability to place an Order.
  6. A Customer who does not want to use cookies for the purposes described above may delete them manually at any time. To read the detailed instructions, visit the website of the manufacturer of the web browser that the Customer is currently using. More information about cookies is available in the help menu of each web browser. Examples of web browsers that support the aforementioned cookies are Internet Explorer, Mozilla Firefox, Google Chrome, Opera.
  7. The Administrator may enable external entities, such as advertising providers or analytical solution providers, to collect information using the above technologies directly on the website of the Website. Data collected in this way is subject to the provisions of the privacy policies developed by these entities.
  8. Some external entities operating within the Website allow users to withdraw their consent to the collection and use of data for advertising purposes based on the Customer’s activity. More information on this subject and the possibility of making a choice can be found, for example, on the website: youronlinechoices.com.

  4. Rights and obligations of the Administrator and Users

  1. The Administrator has the right, as well as the statutory obligation, to provide selected or all information regarding the Customers of the Website to public authorities or third parties that submit such a request for information based on applicable provisions of Polish law.
  2. The Administrator does not entrust the processing of data and does not make the collected personal data of Customers available to unrelated entities without the consent of the interested parties, unless the following circumstances occur:
    • The Administrator may use the support of external entities to provide the services they provide, but these entities are not authorized to independently use personal data processed on behalf of the Website, and all their activities are subject to the provisions of the Privacy Policy of the Website,
    • The Administrator reserves the right to make data available to public authorities in conducting proceedings regarding possible violations of the law or in combating possible violations of the Regulations of the Website.
  1. The Client/User has the right to access their personal data collected by the Administrator at any time. This right includes the possibility of verification, modification, supplementation, deletion, restriction of data processing, objection to processing, transfer of data, cessation of processing of the Client’s personal data, as well as the right to withdraw consent to the processing of data for a specific purpose, if the Client has previously given such consent and the right to lodge a complaint with the supervisory authority. These rights are available without giving a reason, however, they are not absolute and will not apply to all personal data processing activities
  2. The Client/User, by accepting the statements proposed by the Administrator contained in interactive forms available on the Service’s website, consents to the processing of personal data for the appropriate purposes.
  3. The customer/user, by accepting the optional statements proposed in the forms, may consent to additional purposes of processing their personal data.
  4. Customers who have registered on the Internet Service have the right to view, edit and delete the data they have provided. The customer ensures that the data provided or published by them on the Internet Service is correct.
  5. Voluntarily granted consents to receive commercial information and to send e-mail and SMS/MMS newsletters may be withdrawn at any time at the request of the customer/user. At any time, you can correct the data provided in connection with the subscription to the e-mail or sms/mms newsletter, request their removal by resigning from receiving the newsletter, and also request the transfer of data.
  6. In order to exercise your rights, the Customer may at any time send an appropriate declaration of intent to the Administrator’s registered office address or via e-mail.
  7. Removal of personal data or cessation of their processing by the Administrator may result in the inability to provide services provided via the Website or limiting the possibility of using the functionality of the Website.
  8. Personal data collected for the purposes specified in the Privacy Policy will be stored for the period of provision of services (including electronic services) provided by the Administrator and for the period resulting from the limitation periods for claims (e.g. the general limitation period for claims related to business activity is 3 years, while the general limitation period for consumer claims against us is 6 years, the above-mentioned periods of storing personal data may change with the change of generally applicable legal provisions), consumer rights, tax law provisions or other rights in this scope.

  5. Changes to the Privacy Policy

  1. The offer of the Internet Service will be subject to future changes. This means that the Administrator will be obliged or entitled to introduce changes to the Privacy Policy.
  2. New versions of the Privacy Policy will appear on the Internet Service website along with an appropriate message.
  3. Each change to the Privacy Policy will be effective from the date of notification of its change by placing it on the Internet Service website. Any changes will be appropriately highlighted for a period of one month from the date of introducing changes to the Privacy Policy.

  In case of additional questions regarding the Privacy Policy of the Internet Service, please contact us at the e-mail address provided by the Administrator.