Privacy Policy

Information note.

Personal data is processed for the purpose of handling and fulfilling orders and for accounting and tax purposes, pursuant to Article 6(1)(b) and (f) of the GDPR.

The data controller is Tommy Cafe Tomica Grzegorz with its registered office in Skoczów (43-430), Poland, at ul. Budowlanych 8. If you want to contact us, please send an email to: or call +48 33 858 40 59.

The recipients of personal data are courier service providers, hosting company, external accounting services, marketing companies, payment system companies.

The data will be stored for the time necessary to achieve the purpose, for a maximum period of 10 years from the termination date of the provision of services (the data used for the handling and performance of the order) and 7 years (payment information).

The data subject has the right to access his/her data, rectification, erasure, restriction of processing, object to their processing, the right to data portability, as well as the right to lodge a complaint with a supervisory authority.

Who is the policy on protection of personal data for?

This privacy policy (“policy”) is addressed to customers and business partners (data subjects within this policy, collectively referred to as “customers” or “you”). As a result, this policy applies to recipients who are customers of Tommy Cafe Tomica Grzegorz, ul. Budowlanych 8, 43-430 Skoczów, tax identification number: 5482398215

What is the purpose of the policy?

This policy provides you (the customer) with information about:

– which of the personal data provided by you (“data”) is processed by Tommy Cafe Tomica Grzegorz

– the purpose and basis for processing the data,

– what happens to the data and how long it is processed,

– your rights with regard to data protection and the Data Controller,

– who, as part of Tommy Cafe Tomica Grzegorz business, is responsible for data processing and who you can turn to.

What data is processed by Tommy Cafe Tomica Grzegorz?

Tommy Cafe Tomica Grzegorz processes the data that you provide and make available as part of the business relationship and the purpose of handling your orders. This especially means contact details, such as name and surname, private or business email addresses or phone numbers.

What purpose does Tommy Cafe Tomica Grzegorz process this data for?

The data is processed only for the purpose of fulfilling the agreement with you. The specific purpose of processing arises from a given agreement concluded between you and Tommy Cafe Tomica Grzegorz. Tommy Cafe Tomica Grzegorz needs the data especially for:

– general establishment of a relationship with the customer;

– the provision of the services required by the agreement;

– the supply of the products and information required by the agreement;

– issuing an invoice;

– handling reports of defects or customer complaints;

– information on changes and the creation of products and services;

– sending newsletters;

– phone records.

Tommy Cafe Tomica Grzegorz does not process data outside of contractual relations with you under any circumstances.

What justifies the processing of the data by Tommy Cafe Tomica Grzegorz?

The data is processed on the basis of legitimate own interests, namely the specific provision of contractual services, fulfilling their own statutory obligations and consents expressed by the customers.1. Is the data transferred to other entities?

By implementing the provisions of the agreements, offers and customer relations, Tommy Cafe transmits selected data to processors, which are courier, hosting, marketing companies, payment companies, companies providing physical protection and monitoring, companies collecting customer feedback on cooperation with Tommy Cafe Tomica Grzegorz. Each of these entities, i.e. a data processor, has their own privacy policy and relevant agreements with Tommy Cafe Tomica Grzegorz.

Read section 24. for additional information.

2. Is the data also sent by Tommy Cafe Tomica Grzegorz to countries outside the EU, EEA or Switzerland? Tommy Cafe Tomica Grzegorz does not send data to countries outside the EU, EEA or Switzerland. Such actions may be taken by the data processors in the provision of services and the implementation of data entrustment activities.3. How long is the data processed or stored by Tommy Cafe Tomica Grzegorz? The data is usually stored for 10 years from the end of the contractual relationship with the customer. This provision does not cover data which, in accordance with local legislation, must be strictly deleted earlier.4. How does Tommy Cafe Tomica Grzegorz conduct a profiling policy? It is made through the remarketing capabilities offered by Google Adwords and Facebook Ads.5. What rights do the customers have in relation to Tommy Cafe Tomica Grzegorz when their data is processed in the performance of the provisions of business agreements/relationships?

The data subject has the following rights with respect to the data related to that data subject:

– obtaining information whether and which data is stored by Tommy Cafe Tomica Grzegorz (categories of data, recipients or categories of recipients, duration of data storage or criteria for determining storage time);

– receipt of a copy of the data;

– in the event of an error, requesting a correction of the data;

– requesting deletion of the data;

– requesting a restriction during data processing;

– receipt of data in a structured, popular and computer-readable format;

– objecting to the processing of data, in particular for the purposes of direct advertising.

All of the actions described above can be performed by the customer by contacting the data controller in writing.

The aforementioned rights may be denied or restricted if the interests, rights and freedoms of third parties are of greater importance or the processing of data is used to assert, exercise or defend the legal claims of Tommy Cafe Tomica Grzegorz.

6. Who is responsible for the processing of personal data on the part of Tommy Cafe Tomica Grzegorz? In the structures of Tommy Cafe Tomica Grzegorz, the person responsible for data processing is Grzegorz Tomica. Contact details: +48 509 802 080,

7. Details of the actions of selected privacy policy areas in relation to the customer.

8. The provision of personal data, as well as consent to their processing is not mandatory (i.e. it is voluntary), but it is necessary for the provision of the above-mentioned services by the Store.

9. The personal data that is provided and processed under the consent is processed only to the extent and for the purpose under the consent.

10. The data is processed in compliance with all security requirements set out in the Act of 29 August 1997 on the protection of personal data and in its implementing rules supplemented by Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

11. Each potential customer can view the assortment offered by the Store without registering in the system – at this stage no personal data is collected. If you want to purchase from the Store, you can choose to create a user account to follow orders in the future and view purchase history. For this purpose, you will be asked to provide the necessary data for this process, i.e. login and email address, which will be used to log into the system.

12. You can place an order without having to create an account.

13. When placing an order in the Store, you will be asked to provide the following data: name, surname, telephone number, email, delivery address and information regarding the method of payment. All of the above-mentioned details are necessary to carry out the purchase transaction.

14. You can also request a VAT invoice (as standard, sales are documented by means of a receipt) by selecting the appropriate option on the order form. In the case of invoicing transactions, the following details must be provided: tax identification number, company name and address of the registered office, and in the case of natural persons – the address of residence.

15. You may also request the invoice to be issued and sent electronically. The invoices are accepted by you at the email address indicated when logging in to the Store or any other indicated email address.

16. It is possible that the following information will be recorded when visiting the Store: computer’s IP number, domain name, browser type and operating system type. This data is collected by Google Analytics: a widely known and market-based web system for surveying website visit statistics provided by Google, Inc. Google Analytics uses cookies, which are text files placed on the user’s computer to enable the website to analyse how it is used. The information generated by the cookies about your use of the website (including your IP address) is transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of the website, to report website traffic to website operators, and to provide other services related to website traffic and internet usage. Google may also transfer this information to third parties if it is required by law or where such third parties process such information on Google’s behalf. Google does not link your IP address to any other data in its possession. You can opt out of cookies by selecting the appropriate settings on your browser, but please note that, in this case, you may not be able to use all the features of the website. By using the Store, you consent to Google processing your data in the manner and for the purposes set out above.

17. If, with regard to the execution of your order, you ask the Store for detailed data, inquiries about the product, both by email and by phone, you provide the Store with your data, namely: telephone number, name and/or surname, email address. This is data that has been previously provided and which the processing has been consented to. All this data is used solely to confirm your identity and contact to provide comprehensive information related to the execution of the order.

18. If you decide to receive the newsletter from the Store, this option can be indicated on the order form or when creating the account. The email address will be stored in the Store’s database. You can unsubscribe from the newsletter at any time. Each advertising and promotional message sent by the Store has clear instructions on how to opt out of receiving it. We guarantee that we do not send any marketing materials electronically without your consent in accordance with the Act on the provision of electronic services of 18 July 2002 (Journal of Laws No. 144, item 1204).

19. Access to personal data in our company is available only to properly trained persons, dealing with the day-to-day handling of orders. If the Customer chooses a collection of the shipment other than personal pick-up, it is necessary to use the services of a courier company or the post office, which will deliver the ordered goods. The Store then provides the required information necessary for the smooth delivery of the goods: name, telephone number and delivery address, so that the carrier can verify the actual recipient of the order and deliver the products to the appropriate address.

20. When you pay with a credit card, the Store confirms your details, i.e. your name and surname, address, to pre-verify the transaction. Your credit card number is not known to the Store. Through a secure and encrypted connection, your credit card number is only known to the merchant of payment cards.

21. In the event of violation of the Terms and Conditions posted on our website, a violation of law, or if necessary by law, the Store may make the data available to judicial authorities. The Store may also make the data available in the event of an inspection by the President of the Personal Data Protection Office. Except in these cases, customer identity information will not be disclosed to any third parties.

22. Store employees contact customers by phone or email. All important information will be provided to you in this way.

23. If you have agreed to receive marketing information from the Store and provided your email address, then such information will be provided to you in this way (in connection with the requirements of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144 of 9 September 2002, item 1204)). You may withdraw your consent to receive such information at any time.

24. At any time, you may change the password, update or verify your data after logging into the Store’s system in your user account. Click “Change your details” to change the data. You cannot change the data used for a current purchase transaction on your own because it is part of a receipt or invoice.

25. Some areas of the Store may use cookies, i.e. small text files that are sent by our website and stored on your computer to enable: maintaining customer sessions (after logging in), remembering your purchases, creating viewership statistics of the pages of the website. Details of the actions of selected privacy policy areas in relation to the customer.

26. The cookies used by the Store may be temporary or persistent. Temporary cookies are deleted when you close your browser, while persistent cookies are stored even after you have finished using the Store and they are used to store information such as your password or login. At any time, you may block the installation of cookies or delete persistent cookies using the appropriate internet browser options.

27. In addition to the cookies, the Store may also collect data as part of logs or log files. The information contained in the logs may include, among others, IP address, type of platform and web browser, internet provider and the address of the website from which you entered the Store.

28. The way your computer communicates with the Store server is completely secure and invisible to third parties which use the internet. The flow of information on pages containing/retrieving personal data takes place in an encrypted SSL (Secure Socket Layer) connection.

29. The personal data of the Store’s customers is stored in the database, where technical and organisational measures are applied to ensure the protection of the processed data in accordance with the requirements set out in the provisions on the protection of personal data, including the Regulation of the Minister of Interior and Administration of 29 April 2004 on the documentation of the processing of personal data and the technical and organisational conditions to be met by the devices and information systems used for the processing of personal data (Journal of Laws No. 100, item 1024) and the guidelines of the President of the Personal Data Protection Office.

30. The Store is not responsible for the privacy policy applied by the owners or administrators of the services whose links are posted on the Store’s webpages.

31. The Store reserves the right to update and change the privacy policy by publishing new content on its website. This is due to the fact that technologies, standards and requirements for operating on the Internet change. This means that the Store may and will have to make changes to the privacy policy in the future. With each change, a new version of the privacy policy will appear on the Store’s website. The changes made to the Privacy Policy come into force 14 days after the notification of this fact to the customers by email.

32. In order to send electronic surveys examining customer satisfaction with purchases made in the Store under the “Trusted Opinions” programme, I agree to the transfer of my personal data, including email address and information about the purchase made in Tommy Cafe store, to Ceneo Sp. z o.o. with its registered office in Poznań, 60-166 Poznań, ul. Grunwaldzka 182, Poland, and their processing by Ceneo.

33. You have the right not to accept the privacy policy, i.e. to cancel the use of the Store’s services. Changes to the Privacy Policy must not affect the accrued rights of the Customer using the Store.

34. The President of the Personal Data Protection Office is the competent authority for the protection of personal data – a supervisory authority within the meaning of the GDPR.]]>