Privacy and personal data policy

1.1. This Privacy Policy sets out the rules for the processing and protection of personal data
provided by Users and Customers in connection with the use of services offered for
via the website www.maremma.pl (hereinafter: the “Service”), including in particular
booking a table, contacting via the form, subscribing to the newsletter, participating in
events or promotional activities.

1.2. The administrator of personal data processed within the Website is Maremma Sp. z o.o.
with its registered office in Poznań, ul. ks. Jakuba Wujka 9, 61-581 Poznań, entered in the National Register
Court under KRS number 0001152614, NIP 7831921657, REGON 540772411, e-mail address:
kontakt@maremma.pl, tel.: +48 789 809 070 (hereinafter referred to as “Controller”).

1.3. The Administrator processes personal data in accordance with applicable law, in
in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 (GDPR), the Act of 10 May 2018 on the Protection of Personal Data, the Act of 18 July
2002 on the provision of services by electronic means and the Act of 16 July 2004. Law
telecommunication.

1.4. The controller takes special care to ensure that personal data are processed in accordance with
lawfully, fairly and transparently collected for specific and legally justified purposes,
adequate for these purposes, correct and up to date, stored for a period not exceeding
necessary to achieve the purpose of processing and adequately protected against unauthorized
access, loss, alteration or disclosure.

1.5. Terms used in this Policy, such as User, Customer, Booking or Administrator,
should be understood in accordance with their meaning specified in the Terms and Conditions of the Website, unless indicated
differently.

2.1. The controller processes personal data to the extent necessary for the correct
the functioning of the Website and the implementation of services offered by the Maremma restaurant.

2.2. Personal data are processed on the basis of the conditions set out in Article 6 of the GDPR.

2.2.1. Consent of the data subject (Art. 6 para. 1 lit. a GDPR) — in the event that the User
voluntarily consented to certain activities, such as receiving newsletters, information
marketing or participation in events organized by the Administrator.

2.2.2. Necessity to perform the contract or take action prior to its conclusion (Article 6 (1) (b)
GDPR) — in order to make a table reservation, confirm the visit, handle the request sent
through the contact form or prepare a cooperation offer.

2.2.3. Fulfillment of the legal obligation incumbent on the Controller (Article 6 (1) (c) of the GDPR) — in
to the extent resulting from accounting, tax or archiving regulations.

2.2.4. Legitimate interest of the Controller (Article 6 (1) (f) of the GDPR) — in particular in order to
conducting statistical analyses, ensuring the security of the Website, own marketing
services, maintaining relationships with Customers, handling complaints and improving the quality of service.

2.3. The administrator may process personal data in the scope of: name and surname, e-mail address, number
phone number, date and time of booking, number of people, visit preferences, IP address of the device,
browser and operating system data and, in the case of a business contact, the name of the company and
TIN number.

2.4. The provision of personal data is voluntary, but in some cases it may be
necessary to use the services offered by the Website, including making a reservation, contacting
restaurant or receiving the newsletter.

2.5. Personal data are stored for the period necessary to fulfill the purpose for which they were
collected, and then for the period resulting from the provisions of the law, including in the field of obligations
tax and accounting. In the case of data processed on the basis of consent — until
its withdrawal, and in the case of processing based on the legitimate interest of the Controller — to
the moment of filing an objection.

3.1. Personal data may only be transferred to entities cooperating with
Administrator to the extent necessary for the provision of services.

3.3. The data are transferred on the basis of personal data processing agreements, which
guarantee compliance with the requirements of the GDPR and appropriate security measures.

3.4. In the case of transfer of data outside the European Economic Area, the Controller shall
appropriate safeguards, in particular standard contractual clauses approved by
the European Commission to ensure that the processing complies with the GDPR.

4.1. The website uses cookies (cookies), which are IT data saved on
to the User's device and are used to ensure the correct operation of the website and personalization
content.

4.2. The administrator uses cookies to adapt the content of the website to your preferences
User, memorizing settings, conducting statistical analyses on the method
use of the Website, ensuring security and carrying out marketing activities and
Remarketing.

4.3. The user can change the settings of his browser in terms of handling at any time
cookies or disable them completely. However, limiting the use of cookies may
affect certain features of the Service.

4.4. The administrator also processes operational data such as IP address, browser type, time
visits or source of entry to the site. This data is anonymous and does not allow identification
User.

5.1. Every data subject has the right to access their personal data, their
rectification, supplementation, deletion, limitation of processing, data portability and
to object to the processing of data.

5.2. The data subject has the right to withdraw consent to the processing at any time
data, if the processing is carried out on the basis of consent. Withdrawal of consent does not affect
the lawfulness of the processing carried out before its withdrawal.

5.3. The data subject has the right to object to the processing of personal data
for direct marketing purposes, including profiling.

5.4. Every person has the right to lodge a complaint with the President of the Office for Personal Data Protection,
if it considers that the processing of its data violates the provisions of the GDPR.

5.5. In order to exercise the rights referred to in this point, you may contact
To the administrator by sending an email to kontakt@maremma.pl or in writing to
the seat of the Administrator.

6.1. The controller applies technical and organizational measures to ensure data security
personal data, including encryption of the connection to the site using an SSL certificate, security
servers and systems against unauthorised access and procedures restricting access to
data only to authorized persons.

6.2. The controller conducts regular training for staff in the field of data protection
personal and information security.

6.3. The website may contain links to other websites or social profiles.
The administrator recommends that you familiarize yourself with the privacy policies in force there. This Policy
applies only to the Website www.maremma.pl.

6.4. The Administrator reserves the right to make changes to this Privacy Policy
in the event of a change in legislation, guidelines of supervisory authorities or the introduction of new
functionality of the Service.

6.5. The current version of the Privacy Policy is always available on the website
www.maremma.pl.