Privacy policy

Disclosure requirement

Personal data is processed for the purpose of handling and execution of orders as well as for accounting and tax purposes, based on art. 6 point 1 letter b) and f) GDPR.

The data administrator is Tommy Cafe Tomica Grzegorz based in Skoczów (43-430) at ul. Budowlanych 8. To contact us, send a message to the following e-mail address: or call us at +48 33 858 40 59.

The recipients of personal data are courier service providers, a hosting company, external accounting services, companies providing marketing services, and companies operating payment systems.

The data will be stored in the time necessary to achieve the goal, for a maximum of 10 years from the date of completion of the service (data used to service and processing of the order) and 7 years (billing information).

The person whom the data concerns have the right to access the data, correct it, delete it, limit its processing, arise an opposition to their processing, the right to transfer data, as well as the right to file a complaint to the supervisory body.

  1. Who the information about the protection of personal data concerns?

The following information on protection of personal data (hereinafter referred to as ‘’Information’’ is directed to the customers and business partners (data subjects as a part of this information collectively referred to as ‘’Customers’’. Therefore this information concerns the recipients who are customers of the Tommy Café Tomica Grzegorz, ul. Budowlanych 8, 43-430 Skoczów, Taxpayer Identification Number: 5482398215

  1. What is the purpose of the information?

The information should provide the customers with a knowledge:

  • which personal data (hereinafter referred to as ‘’Data’’ provided by the customer are processed by Tommy Café Tomica Grzegorz;

  • for what purpose and based on what the data is processed;

  • what is happening to the data and for how long they are processed;

  • what rights are available to the customer in the range of data protection towards the Administrator,

  • who as part of the business of Tommy Cafe Tomica Grzegorz is responsible for the processing of data and to whom the Customer may contact.

  1. What kind of data is processed by Tommy Café Tomica Grzegorz?

Tommy Cafe Tomica Grzegorz is processing data that the customer provides and make them available as a part of business relations and in order to handle an order placed by the customer. It especially refers to data of contact person such as their surname, e-mail address or business phone numbers.

What is the purpose of processing the data by Tommy Café Tomica Grzegorz?

The data is processed only in order to implement the agreement with the customer. The specific purpose depends on the agreement concluded between the customer and Tommy Cafe Tomica Grzegorz, and Tommy Cafe Tomica Grzegorz needs the data in particular for:

  • general development of customer relations;

  • carrying out the services that are part of the agreement;

  • delivery of products and information that are part of the agreement;

  • issuing an invoice

  • handling of defect reports or customer complaints;

  • information on changes and creating products and services;

  • sending newsletters

  • phone records

Tommy Café Tomica Grzegorz does not process any data beyond contractual relations with the customer.

What justifies the data processing by Tommy Cafe Tomica Grzegorz?

The data is process based on justified own businesses, namely the specific providing of contractual services, compliance with own statutory obligations and consents from Customers.

  1. Is the data transferred to other entities?

When implementing the provisions of the agreements, offers and relations with the customers, Tommy Cafe is transferring selected data to processing entities such as courier companies, hosting companies, marketing companies, companies that are performing payment transactions, companies that are providing physical security and monitoring, companies collecting customer reviews about cooperation with Tommy Café Tomica Grzegorz. Each of the entities so-called a Processor has its own protection policy and relevant agreements with Tommy Café Tomica Grzegorz.

Additional information see point 23.

  1. Is the data sent by Tommy Café Tomica Grzegorz also to countries outside the EU, the EEA or Switzerland?

Tommy Cafe Tomica Grzegorz does not send data to countries outside the EU, the EEA or Switzerland. Such activities may be undertaken by Processors as part of the provision of services and the implementation of data entrustment activities.

  1. For how long the data is processed or stored by Tommy Cade Tomica Grzegorz?

The data is usually stored for 10 years after the end of the contractual relationship with the customer. This regulation does not apply to data which, in accordance with local legislation, should be deleted earlier.

  1. How does Tommy Cafe Tomica Grzegorz conduct a profiling policy?

Through the remarketing possibilities offered by Google Adwords and Facebook Ads.

  1. What rights do Clients have towards Tommy Cafe Tomica Grzegorz, whose data are processed as part of the execution of contractual provisions/business relations?

The person that the data concerns in relation to this subject have following right:

  • obtaining information on whether and if so, which data is stored by Tommy Cafe Tomica Grzegorz (data categories, recipients or categories of recipients, time of data storage or criteria for determining storage time);

  • receiving a copy of the data;

  • in the case of incorrect information request for data correction;

  • request removal of the data

  • request limitations during processing of data;

  • obtaining data in a structured, popular and computer-readable format;

  • objecting to the processing of data, in particular for direct advertising purposes.

All activities described above can be performed by the Customer through written contact with the Administrator.

There is a possibility of refusal or limitation of aforementioned rights, if the third parties' interests, rights, and freedoms or the processing of data have greater weight, is to investigate, enforce or defend legal claims of Tommy Cafe Tomica Grzegorz.

  1. Who on the side of Tommy Cafe Tomica Grzegorz is responsible for the processing of personal data?

In the structures of Tommy Cafe Tomica Grzegorz, the person responsible for data processing is Grzegorz Tomica. Contact details: (+48) 509 802 080,

  1. Details of the activities of selected areas of the privacy policy in relation to the customer

  2. Providing personal data, as well as consent to their processing is not mandatory (it is voluntary), but it is necessary for the Store to provide the above-mentioned services.

  3. Personal data that is provided and on whose processing consent will be given will be processed only in the range and purpose of the consent.

  4. The data will be processed in compliance with all security requirements specified in the Act of 29 August 1997 on protection of personal data along with executive regulations issued on its basis supplemented by the Regulation of the European Parliament and the Council 2016/679 of April 27, 2016von the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95/46/EC (general regulation on data protection).

  5. Each potential customer has the possibility to see the offer proposed by the store without registering in the system - at this stage, no personal data is collected. If the customer decides to make a purchase in the Store, he can choose the option of creating a user account, where he will be able to track his orders in the future and view the history of his previous purchases. For this purpose, the Customer will be asked to provide the necessary data in this process, i.e. login and e-mail address, which will be used for the login option.

  6. The customer can make an order without creating an account.

  7. When placing an order in the Store, the Customer will be asked to provide the following data: name, surname, telephone number, e-mail address, delivery address and payment method information. All of the above elements are necessary to carry out the purchase transaction.

  8. The Customer may also ask for issuing a VAT invoice (normally the sale is documented by receipt), by selecting the appropriate option on the order form. In the case of invoicing transactions, you should provide a taxpayer identification number, company name, and address of the registered office, and in the case of natural persons - address of residence.

  9. The Customer may also ask for issuing and sending invoices by electronic means, and invoices will be accepted by him at the e-mail address provided during logging into the Store or a different one provided by him.

  10. It is possible that during the visit to the Store the following information will be registered: computer IP number, a name of domains, the type of web browser used and type of operating system. This data is collected by Google Analytics - commonly known and marketed Internet system for the study of website traffic statistics provided by Google, Inc. Google Analytics uses "cookies", which are text files placed on the user's computer in order to enable the website to analyze how the users use it. The information generated by the cookie about the use of the website by the user (including his IP address) is transferred to Google and stored by them on servers in the United States. Google will use this information to evaluate your use of the website, create site traffic reports for website operators, and provide other services related to website traffic and internet usage. Google may also transfer this information to third parties if it is required to do so by law or if they process such information on behalf of Google. Google will not link the customer's IP address to any other data in its possession. The user can opt out of cookies by selecting the appropriate settings on the browser, however, it should be remembered that in such a case the use of all functions of the website may not be possible. By using the store, you consent to the processing of data about you by Google in the manner and for the purposes listed and described above.

  11. If the Customer asks the Store to ask about the order, to refine the data, to inquire about the product, both via e-mail and phone, he shall provide the Store with his data such as phone number, name, and surname and e-mail address. These are the data that were previously provided and on which processing has been agreed. All these data are used only to confirm identity and to contact, in order to provide comprehensive information related to the implementation of the agreement.

  12. If the Customer decides to receive the newsletter from the Store /the option can be marked on the order form or when creating an account/, the email address will be placed in the Store database. The Customer may unsubscribe from the newsletter at any time. Each advertising and promotional message sent by the Store has a clear instruction on how to withdraw from receiving it. We guarantee that without the consent of the Customer, we do not send any marketing materials by electronic means in accordance with the Act on the services provided by electronic means of July 18, 2002 (Journal of Laws No. 144, item 1204).

  13. The access to personal data in our company is only provided to properly trained persons who deal with ongoing order processing. If the Customer chooses other than a personal collection of the shipping, the courier company or post will be required to deliver the ordered goods. The Store then provides the necessary information required for efficient delivery of the goods: name and surname, telephone number, and delivery address - so that the carrier can verify the actual recipient of the order and deliver products to the appropriate address.

  14. When paying with a credit card, the Store confirms the data, i.e. name and surname, address to initially verify the transaction. The credit card number is not known to the Store. Through a secure and encrypted connection, the credit card number is known only by the payment card merchant.

  15. In the event of a violation of the Terms and Conditions posted on our website, breaking the law, or if there is such a necessity specified by a legal regulation, the Store may provide data to the judicial authorities. The store may also make them available in the event of an inspection by the President of the Office for Personal Data Protection. In addition to these cases, information about the identity of Customers will not be disclosed to third parties.

  16. The employees of the Store will contact customers by phone or via email. This way all important information will be provided to Customers.

  17. If the Customer has agreed to receive marketing information from the Store and provided his e-mail address, this information will be provided in this way (in accordance to the requirements of the Act of 18 July 2002 on electronic services (Journal of Laws No. 144 of 9 September 2002, item 1204) At any time, the Customer may withdraw consent to receive this information.

  18. At any time, the Customer is allowed to change the password, update or verify his data after logging into the system of the Store on their user account. Changing them is possible after clicking on the "change your data" option. You cannot change the data used for the purchase transaction being carried out on your own, because they are part of the invoice or bill.

  19. Some areas of the Store may use cookies which are small text files that are sent by our Store and stored on your computer in order to enable: maintaining the customer session (after logging in), remembering purchases that were made, creating statistics on website visits.

  20. Cookie files used by the Store may have temporary or permanent nature. Temporary cookie files are deleted when the web browser is closed, while permanent cookie files are stored also after we no longer use the Store and are used to store information such as password or login. At any time, the Customer may block the installation of cookie files or delete permanent cookie files using the appropriate web browser options.

  21. Apart from cookie files, the Store may also collect data within the so-called logs or log files. The information contained in the logs may include IP address, type of platform and web browser, Internet provider and the address of the website from which the Customer entered the Store.

  22. The method of communication between the Customer's computer and the server of the Store is completely safe and invisible to third parties using the Internet. The flow of information on websites containing/downloading personal data takes place in an encrypted SSL (Secure Socket Layer) connection.

  23. Personal data of the Store's Customers are stored in a database, in which technical and organizational means were used ensuring protection of processed data in accordance with the requirements specified in the regulations on personal data protection, including the regulation of the Minister of Interior and Administration of 29 April 2004 on documentation processing of personal data and technical and organizational requirements which should be met by devices and IT systems used to process personal data (Journal of Laws No. 100, item 1024) and guidelines of the President of the Office for Personal Data Protection.

  24. The Store is not responsible for the privacy protection policy applied by the owners or administrators of websites to which links are placed on the Store's pages.

  25. The Store reserves the right to update and change the privacy policy by publishing new content on its website. This is due to the fact that technologies, standards as well as requirements related to running a business on the Internet are changing. It means, that in the future the Store may and sometimes will have to make modifications to the Privacy Policy. With each change, the new version of the Privacy Policy will appear on the Store's website. The changes introduced to the Privacy Policy enter into force after 14 days from notification of this fact via e-mail.

  26. In order to send pools surveying customers' satisfaction with purchases made in the store using electronic means as part of the "Trusted Reviews" program, I consent to the transfer of my personal data, including my e-mail address and information about the purchase made in the Tommy Cafe, Ceneo Sp. z o.o. store with headquarters in Poznań, 60-166 Poznań, ul. Grunwaldzka 182 and their processing by Ceneo.

  27. The Customer has the right not to accept the Privacy Policy, which means resignation from the use of the services of the Store. Changes to the Privacy Policy may not violate the rights of acquired by Customers using the Store.

  28. The President of the Office for the Protection of Personal Data is the competent authority regarding the protection of personal data - a supervisory body within the meaning of the GDPR.