MaxiPizza
MaxiPizza
Home
About UsFranchising

GDPR

Information regarding the processing of personal data by Maxipizza S.A. in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Controller

The controller of your personal data is Maxipizza S.A. with its registered office in Kielce (25-560) at ul. Zagnańska 94/26, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Kielce, X Commercial Division of the National Court Register under KRS number: 0000279240, NIP: 9591852984, REGON: 260100932, share capital: PLN 31,786,000.00 (fully paid up). For matters related to personal data protection, you can contact us through: - email address: rodo@maxipizza.pl - correspondence address: Maxipizza S.A., ul. Zagnańska 94/26, 25-560 Kielce, Poland - phone: +48 41 366 33 13

Purposes and Legal Basis for Processing

We process your personal data for the following purposes: 1. Fulfillment of orders and provision of catering services (legal basis: Article 6(1)(b) GDPR - performance of a contract) 2. Running loyalty programs and contests (legal basis: Article 6(1)(a) GDPR - consent, Article 6(1)(b) GDPR - performance of a contract) 3. Direct marketing of our products and services (legal basis: Article 6(1)(f) GDPR - legitimate interest) 4. Sending commercial information electronically (legal basis: Article 6(1)(a) GDPR - consent) 5. Analysis of customer preferences and behaviors to tailor our offer (legal basis: Article 6(1)(f) GDPR - legitimate interest) 6. Pursuit or defense of claims (legal basis: Article 6(1)(f) GDPR - legitimate interest) 7. Fulfillment of legal obligations, e.g., issuing and storing invoices (legal basis: Article 6(1)(c) GDPR - legal obligation) Providing personal data is voluntary but necessary to place an order or use other services offered by Maxipizza S.A.

Data Recipients

Your personal data may be transferred to the following categories of recipients: 1. Entities processing data on our behalf, participating in the performance of our activities: - providers of IT systems and IT services - marketing agencies - courier and delivery service providers - accounting, legal, and advisory service providers 2. Other data controllers processing data on their own behalf: - business partners and franchisees - electronic payment operators - banks - public authorities - to the extent that we are obliged to provide them with data Your personal data is generally not transferred outside the European Economic Area (EEA). In the event that such a transfer would take place, we will provide appropriate safeguards and guarantees in accordance with GDPR requirements.

Data Retention Period

Your personal data will be stored for the following periods: 1. In the case of order fulfillment and service provision - for the duration of the contract, and after its termination for the period necessary to: - pursue claims or defend against claims - until the expiration of the limitation period for claims (generally 3 years for claims related to business activities) - fulfill legal obligations, e.g., tax and accounting obligations (generally 5 years from the end of the calendar year) 2. In the case of data processing based on consent - until the consent is withdrawn 3. In the case of data processing based on legitimate interest - until an effective objection is raised or until that interest ceases to exist (e.g., data processed for direct marketing purposes - until an objection is raised) After the retention periods expire, personal data will be deleted or anonymized.

Your Rights

In connection with the processing of your personal data, you have the following rights: 1. Right of access - you have the right to obtain information about whether we process your personal data, and if so, what data we process and for what purpose 2. Right to rectification - you have the right to request that we immediately correct your inaccurate personal data or complete incomplete data 3. Right to erasure ("right to be forgotten") - you have the right to request that we delete your personal data if one of the circumstances indicated in Article 17 of the GDPR occurs 4. Right to restriction of processing - you have the right to request that we restrict the processing of your personal data in the cases indicated in Article 18 of the GDPR 5. Right to data portability - you have the right to receive in a structured, commonly used and machine-readable format the personal data you have provided to us, and you have the right to transmit this data to another controller 6. Right to object - you have the right to object at any time to the processing of your personal data if we process it on the basis of legitimate interest 7. Right to withdraw consent - if we process your data on the basis of consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal 8. Right to lodge a complaint with a supervisory authority - you have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland) if you believe that the processing of your personal data violates the provisions of the GDPR To exercise the above rights, please contact us through the contact details provided in the "Data Controller" section.

Cookies and Other Technologies

Our website uses cookies and similar technologies that are used to collect information about the use of our services. Cookies are small text files stored on your device that allow us to analyze how you use our website. We use the following types of cookies: 1. Necessary cookies - enable the use of basic website functions, such as logging in or placing an order 2. Analytical cookies - used to collect information about how users use our website, which helps us improve it 3. Functional cookies - remember your preferences and settings to increase the comfort of using our website 4. Marketing cookies - used to display advertisements tailored to your interests You can manage cookie settings in your web browser. Detailed information about cookies can be found in our Cookie Policy.

Data Security

The security of your personal data is our priority. We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, or modification. Among the safeguards we use are: 1. Data encryption during transmission (SSL protocol) 2. Access control to IT systems 3. Regular software updates 4. Employee training on personal data protection 5. Security incident response procedures We regularly test, check, and evaluate the effectiveness of the safeguards used to ensure the highest level of protection for the personal data processed.