Privacy Policy

of the Optimal Dairy Website

  1. General Information
    This Privacy Policy defines the principles of processing the personal data of website users and Customers of the online store operated by the Data Administrator.

    This document fulfills the information obligation arising from Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).2.

  2. Personal Data Administrator
    The personal data administrator is:

    Łukasz Kuriata Optimal Dairy
    Sole proprietorship
    Place of business: Lębork, Poland
    Tax Identification Number (NIP): 841 162 0 205
    E-mail address: contact@optimaldairy.com

    (hereinafter: “Administrator”).

  3. Scope of the Policy
    The Privacy Policy applies to:

    • users of the website,

    • Customers of the online store,

    • persons contacting the Administrator via electronic means,

    • persons using forms available on the website,

    • persons purchasing digital products or services provided at a distance.

  4. Scope of Processed Personal Data
    The Administrator processes only personal data necessary for achieving specific purposes, in particular:

    • first and last name,

    • e-mail address,

    • invoice data (including Tax ID, company name, address),

    • data contained in the content of correspondence,

    • order and payment data,

    • technical connection data (including IP address) processed solely for security and the proper functioning of the website.

    Providing data is voluntary, however, failure to provide it may prevent the conclusion of a contract, issuance of an invoice, or handling of an inquiry.

  5. Purposes and Legal Bases for Data Processing
    Personal data is processed for the following purposes and on the following legal bases:

    • Conclusion and performance of a sales contract or service agreement
      (Art. 6(1)(b) GDPR)

    • Issuing invoices, maintaining accounting records, and fulfilling tax obligations, including transferring data to the National e-Invoicing System (KSeF)
      (Art. 6(1)(c) GDPR – legal obligation)

    • Handling inquiries and correspondence directed to the Administrator
      (Art. 6(1)(f) GDPR – legitimate interest of the Administrator)

    • Marketing of the Administrator’s own products and services (if applicable)
      (Art. 6(1)(a) or (f) GDPR)

    • Ensuring the security of IT systems and the website, including preventing abuse
      (Art. 6(1)(f) GDPR)

    The Administrator does not use personal data for profiling nor makes decisions in an automated manner.

  6. Recipients of Personal Data
    Personal data may be transferred to the following categories of recipients:

    • payment operators,

    • entities providing accounting and tax services,

    • providers of financial and accounting systems (including systems integrated with KSeF),

    • IT and hosting service providers,

    • e-mail and communication service providers,

    • public authorities entitled to receive them under the law (including the Ministry of Finance regarding KSeF).

    The Administrator does not sell personal data and does not share it with third parties for purposes unrelated to the performance of the contract or legal obligation.

  7. National e-Invoicing System (KSeF)
    In connection with tax obligations, the Administrator transfers data contained in invoices to the National e-Invoicing System (KSeF), operated by the Minister of Finance.
    Data transferred to KSeF includes in particular:

    • buyer’s identification data,

    • transactional data,

    • tax amounts and rates.

    Invoices issued in KSeF are stored in this system for a period of 10 years, in accordance with applicable law.

  8. Transfer of Data Outside the European Union
    In connection with the use of IT tools, personal data may be transferred to third countries (outside the EU).

    Data transfer occurs only:

    • to entities ensuring an adequate level of data protection,

    • based on standard contractual clauses or other mechanisms provided for in the GDPR.

  9. Data Retention Period
    Personal data is stored:

    • for the duration of the contract and after its termination for the period required by law,

    • for the period resulting from tax and accounting obligations (including 10 years for invoices in KSeF),

    • until consent is withdrawn – for data processed based on consent,

    • for the period necessary to secure potential claims.

  10. Rights of Data Subjects
    The data subject has the right to:

    • access their personal data,

    • rectify them,

    • restrict processing,

    • delete data (to the extent permitted by law),

    • data portability,

    • object to processing,

    • withdraw consent at any time,

    • lodge a complaint with the President of the Office for Personal Data Protection.

  11. Cookies
    The rules for using cookies are defined in a separate Cookie Policy, available on the website.
  12.  Data Security

    The Administrator applies appropriate technical and organizational measures to protect personal data, in particular against:

    • unauthorized access,

    • data loss,

    • their unauthorized modification or disclosure.

  13.  Changes to the Privacy Policy
    The Administrator reserves the right to change this Privacy Policy in case of changes in law, technological or organizational changes.