woseba shape1
Search
Search
Account
Cart
0
Language
Popular searches:
See products:
Whole bean coffeeGround coffeeInstant coffeeSetsAccessoriesPromotionsNo category
Search
Account
Cart
0
Language
Search
Account
Cart
0
Language
Home / Privacy policy

Privacy policy

§1 Personal Data Administration

  1. The Personal Data Administrator is P.P.U.H. WOSEBA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Odolanów, ul. Krotoszyńska 150, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court IN POZNAŃ, 22nd Commercial Division of the National Court Register under KRS number: 0000013901, NIP: 6220006580, REGON: 003376160, share capital in the amount of PLN 150,480.00.
  2. Contact with the person supervising personal data processing in the organization is possible electronically at the e-mail address: sklep@woseba.pl, in writing to the Administrator’s address, or by phone at +48 61 221 65 93.
  3. This Policy contains rules regarding the processing of personal data by the Administrator in the Internet Service, including the grounds, purposes, and scope of personal data processing and the rights of data subjects.
  4. Personal data are processed by the Administrator in accordance with applicable laws, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
    http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
  5. User rights are not absolute and do not apply to all personal data processing activities.

§2 Definitions

  • Administrator – P.P.U.H. WOSEBA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Odolanów, ul. Krotoszyńska 150, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court IN POZNAŃ, 22nd Commercial Division of the National Court Register under KRS number: 0000013901, NIP: 6220006580, REGON: 003376160, share capital in the amount of PLN 150,480.00.
  • Personal Data – information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, internet identifier, and information collected via cookies and other similar technology.
  • Policy – this Privacy Policy.
  • Cookie Policy – a document specifying the rules for the use of cookies in the Service available at: https://woseba.pl/en/cookie-policy/.
  • Profiling – automated processing of personal data, which consists of analyzing and predicting user behavior.
  • GDPR / GDPR Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • Service – the website operated by the Administrator at the address woseba.pl.
  • User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

§3 Security

The Administrator has implemented appropriate technical and organizational measures that ensure the security of personal data processing, and in particular is responsible for and ensures that the data collected by them are:

  • processed lawfully;
  • collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes;
  • substantively correct and adequate in relation to the purposes for which they are processed;
  • stored in a form enabling identification of the persons to whom they relate, no longer than it is necessary to achieve the purpose of processing;
  • processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

§4 Purposes and legal bases for data processing

Based on Article 6(1)(a) of the GDPR Regulation (consent), personal data may be processed for the purposes of:

  • Retargeting and behavioral advertising, including displaying personalized advertisements based on the user’s activity history in the Service and other websites. Processing data for these purposes takes place solely based on the User’s consent expressed in the cookie banner. Data may be collected via cookies and similar technologies, in accordance with the Cookie Policy.
  • Sending the Newsletter.
  • Saving data in cookie files in accordance with the Cookie Policy available at: https://woseba.pl/en/cookie-policy/.
  • Operating and maintaining a user account in the Service.
  • Sending a newsletter.
  • Performance of a contract the subject of which is a service provided electronically.
  • Account registration in the Service.

Based on Article 6(1)(b) of the GDPR Regulation (performance of a contract), personal data may be processed for the purposes of:

  • User account management.
  • Performance of a sales agreement or an agreement for the provision of a Service or taking action at the request of the data subject before concluding the indicated agreement or after its conclusion, in particular: the right to statutory warranty, consideration of complaints.
  • Complaints or withdrawal from a distance contract.

Based on Article 6(1)(c) of the GDPR Regulation (legal obligation incumbent on the Administrator), personal data may be processed for the purposes of:

  • Issuing and storing invoices, bills, or fulfilling other obligations resulting from tax and accounting regulations (archival obligation regarding accounting documents).
  • Cooperation with law enforcement agencies and public institutions.
  • Creating registers and other documentation required by GDPR regulations.

Based on Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator), personal data may be processed for the purposes of:

  • Operating the woseba.pl Service.
  • Saving data necessary for the proper functioning of the Service in cookie files in accordance with the Cookie Policy.
  • Operating an account on Facebook, Instagram, YouTube, and interacting with Users of the indicated portals.
  • Establishing claims raised by or against the Administrator.
  • Contact with the User.

Personal data may also be processed for other purposes if the Administrator possesses an appropriate legal basis for this, in particular resulting from Art. 6 GDPR, provided that this purpose does not infringe the rights and freedoms of the User. In such a case, the User will be informed about the new purpose of processing before processing begins for this purpose.

§5 Profiling

  1. The Administrator uses profiling for marketing purposes, consisting of analyzing the User’s activity in the Service using cookies and similar technologies.
  2. Profiling may include:
  • personalization of advertisements based on browsing history,
  • analysis of User interaction with content in the Service,
  • adjustment of displayed advertising content on external sites (e.g., Google Ads, Facebook).

3. Profiling takes place solely based on the User’s consent.

4. Profiling does not produce legal effects concerning the User nor does it similarly significantly affect their situation.

5. The User may withdraw consent for profiling at any time by changing settings or contacting the Administrator at the e-mail address: sklep@woseba.pl

§6 Personal Data processing period

  1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data are processed for the duration of the service provision, until the withdrawal of expressed consent or filing an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.
  2. The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against claims, and after this time only if and to the extent required by law. After the processing period expires, data are irreversibly deleted or anonymized.
  3. Detailed data retention periods depending on the purpose, e.g.:
  • Data related to contract performance – stored for the duration of the contract, and then until the expiration of the limitation period for claims (3 or 6 years).
  • Accounting and tax data – stored for the period required by tax law regulations (currently 5 years).
  • Data obtained based on received consent – stored until consent is withdrawn.
  • Data related to user inquiries – stored for a period of up to 12 months from the end of correspondence.

§7 User Rights

  1. The User has the following rights regarding their personal data:
  • access to their personal data,
  • rectification of personal data at any time,
  • deletion of their personal data at any time,
  • receiving a copy of their data,
  • restriction of personal data processing,
  • objection to personal data processing,
  • portability of personal data,
  • withdrawal of consent; withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal,
  • objection to personal data processing based on the Administrator’s legitimate interest for marketing purposes, direct marketing, and for purposes other than marketing,
  • to lodge a complaint with a supervisory authority.

2. To exercise the above rights, the User may contact the Administrator by sending a message to the e-mail address sklep@woseba.pl or correspondence to the address of the Administrator’s registered office. The Administrator undertakes to consider the application within 30 days of its receipt.

3. In some cases, the Administrator may refuse to fulfill the User’s request if legal regulations impose an obligation to further process the data.

§8 Recipients of personal data

  1. In order to properly operate the Service, the Administrator transfers the User’s personal data to other external entities, in particular: providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic in the Service, systems for analyzing the effectiveness of marketing campaigns.
  2. The Administrator reserves the right to disclose personal data in a situation where it results from applicable laws, including the obligation to provide information to competent administrative bodies or law enforcement agencies.

§9 Transfer of personal data outside the EEA

  1. The level of Personal Data protection outside the European Economic Area (EEA) may differ from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA in the following cases:
  • When it is necessary for the performance of the contract.
  • When the Administrator uses the services of technological and infrastructural providers from outside the EEA, such as, among others: Instagram LLC and Google LLC as part of using their analytical and social tools.

2. The Administrator ensures an adequate level of protection, primarily through:

  • cooperation with entities processing Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of ensuring an adequate level of Personal Data protection;
  • application of binding corporate rules approved by international certification standards and the competent supervisory authority;
  • application of standard contractual clauses issued by the European Commission based on Art. 46 GDPR. Personal data may also be transferred outside the EEA based on the User’s consent. The User is informed about this event in advance.

§10 Security of Personal Data

  1. The Administrator conducts risk analysis on an ongoing basis to ensure that Personal Data are processed by them in a secure manner. Through their actions, they ensure above all that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them.
  2. The Administrator is obliged to take all actions permitted by law to ensure that all operations on Personal Data are registered and performed only by authorized entities.
  3. The Administrator is also obliged to ensure that other entities cooperating with the Administrator guarantee the application of appropriate security measures in each case where they process Personal Data on behalf of the Administrator.
  4. The Administrator uses technical security measures, such as data transmission encryption (SSL/TLS), access restriction to systems, and protection procedures against unauthorized access to data.

§11 Changes to the Privacy Policy

  1. The Policy is verified and updated on an ongoing basis.
  2. The current version of the Policy was adopted and has been effective since 20.01.2026.

Compliance of this document with the law is guaranteed by lawyers from the KZ Law Firm.