Privacy policy

General information

This document defines the rules of the Privacy Policy on the Website www.maczfit.pl (hereinafter referred to as the “Website”). The Administrator of the Website is Maczfit Foods Sp. z o.o., ul. Stanisława Kostki Potockiego 24G office 2, 02-958 Warszawa, entered in the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, 13th. Commercial Division of the National Court Register under the KRS no. 0000752666, Tax reg. no. NIP: 9512471196, Statistical reg. no. REGON: 381565356. Words written in capital letters have the meaning given to them in the regulations of the Website www.maczfit.pl. The personal data, collected by the Administrator of the Website, is processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (general regulation on data protection) (Legal Journal UE L 119, p. 1), hereinafter referred to as: GDPR. The Administrator of the Website makes special efforts to protect the privacy and information provided to him/her, regarding Users of the Website. The Administrator selects and applies appropriate technical measures, including programming and organisational measures, ensuring protection of the data being processed, in particular protecting data from unauthorised access, its disclosure, loss and destruction, unauthorised modification, as well as against it being processed in violation of the applicable law, regarding the processing of data. No person under the age of 16 years may use any of the Services available on the website The personal data Administrator does not plan to collect data regarding children under 16 years of age.

Personal Data Administrator

The Administrator of your personal data is: Maczfit Foods sp. z o. o., ul. Stanisława Kostki Potockiego 24G office 2, 02-958 Warszawa, entered in the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, 13th. Commercial Division of the National Court Register under the KRS no. 0000752666, Tax reg. no. NIP: 9512471196, Statistical reg. no. REGON: 381565356.
 In the matter of your personal data, you can contact the personal data Administrator via: 

  • electronic mail: [email protected],
  • traditional mail: ul. Stanisława Kostki Potockiego 24G office 2, 02-958 Warszawa.
Data Protection Officer (DPO)

Data Protection Inspector (DPO) is Rafał Surowy, whom you can contact in the matter of the protection of your personal data by means of: 

  • electronic mail: [email protected],
  •  traditional mail: ul. Stanisława Kostki Potockiego 24G office 2, 02-958 Warszawa.
Purposes of and basis for the processing of personal data

The personal data Administrator processes your personal data for the following purposes and scope:

Purposes of and basis for the processing of personal data

The personal data Administrator processes your personal data for the following purposes and scope: in order to take action before concluding the contract at your request (e.g. setting up an Account), that is data provided in the online store registration form, such as the e-mail address and password, gender; if you register when purchasing Goods, we collect your first and last name and the data provided, in order to process the Order, such as the shipping address; in order to provide Services requiring the creation of an Account such as: keeping the history of your order, informing about the status of the implementation of the Order, we process your data, as provided in the Account and when purchasing the Goods; in order to provide Services that do not require the creation of an Account or the purchase of Goods, i.e. browsing the Online Store websites, searching for Goods, we process personal data regarding your activity in the Online Store, such as data about the content you browse, the Goods, the session data of your device, operating system, browser, location and unique ID, IP address; in order to enter into a Contract for the Sale of Goods (for example delivery of the goods ordered), we process personal data provided by you when purchasing the Goods, such as your name, e-mail address, address details, payment details and whether you are purchasing through the Account, also the password set; in order to use statistics of individual functionalities available in the Online Store, facilitate the use of the Online Store and ensure the IT security of the Online Store, we process personal data regarding your activity in the Online Store and the amount of time spent on each subpage in the Online Store, your search history, location, IP address, device ID, data about your internet browser and operating system; in order to determine, investigate and enforce claims and defend against claims in court proceedings and other enforcement authorities, we may process your personal data provided when purchasing Goods or creating an Account and other data necessary, in order to prove the existence of a claim or which may result from a legal requirement, court order or other legal procedure; in order to resolve complaints, claims and requests and answer questions, we process the personal information you provide in the contact form, complaints and requests forms, as well as to answer questions in another form and some of the personal details you provide in the Account, as well as data on the Order and/or other Services we provide that are the reason for the complaint, claim or request and data contained in the documents attached to the complaints, claims and applications; in order to market our Goods and Services, as well as our partners’ services, including re-marketing, we process personal data provided by you when creating an Account and its updates, data about your activity in the Online Store, including orders that are registered and stored via cookies, in particular, order history, search history, clicks in the Online Store, login and registration dates, history and your activity related to our communication with you. In the case of re-marketing, we use data about your activity in order to reach you with our marketing messages outside of the Online Store and use for this purpose the services of external suppliers. These services consist in displaying our messages on websites other than the Online Store. Details on this subject can be found in the records regarding Cookies; in order to organise contests and loyalty programmes, such as notifications about accumulated points, notifications about winning and advertising our offer, we use your personal data provided in the Account and when registering in such as a competition or a loyalty programme. Detailed information on this subject is provided each time in the participation conditions of a given competition or a loyalty programme; in order to investigate the market and the opinions by us or our partners, i.e. information about the Order, your data provided in the Account or when purchasing the Goods, your e-mail address. Data collected as part of market research and opinion research is not used by us for advertising purposes. The exact tips are given in the information about the questionnaire or in the place where you enter your details.

The personal data Administrator processes the following categories of the relevant personal data: details of Orders; contact details; data regarding your activity on the Website; data regarding Orders on the Website; data regarding complaints, claims and applications; data on marketing services.

Voluntary submission of personal data

Providing your required personal data is voluntary and is a condition for the provision of services by the personal data Administrator via the Website.

Data processing period

Personal data will be processed for the period necessary to carry out the Orders, services, marketing activities and other services performed for the User. Personal data will be deleted in the following cases: when the subject of the data asks for its removal or withdraws his/her consent; when the subject of the data has not remained in contact for more than 10 years (inactive contact, counted from January 1 following the date of the last contact); upon information that the stored data is out of date or inaccurate. Some data such as: e-mail address, name and surname, may be stored for the following 3 years for evidence purposes, handling complaints and claims related to services provided by the Website – this data will not be used for marketing purposes. Data regarding Orders for paid services, contests and loyalty programmes will be stored for 5 years from the end of the calendar year in which the event occurred, or the Order was placed. Data regarding non-logged Users is stored for that period of time which corresponds to the life cycle of the cookies stored on devices or until it is deleted by the User on the User’s device. Your personal data regarding preferences, behaviour and the selection of marketing content can be used as a basis for making automated decisions to determine the sales possibilities of the Website.

Recipients of personal data

We transfer your personal data to the following categories of recipients: state authorities, such as the prosecutor’s office, the Police, the President of the Office of Fair Trading, the President of the Personal Data Protection Office, if they ask us for it, service providers that we use to run the Website, for example in order to process an Order or process a payment. Depending on contractual arrangements and circumstances, these entities act on our behalf or determine their goals and methods of processing them.

Rights of the subject of the data

Based on the GDPR, you have the right to: request access to your personal data; request correction of your personal data; request removal of your personal data; request a limitation to the processing of personal data; object to the processing of personal data; request the transfer of personal data. The administrator of personal data without undue delay – and in any case within one month of receiving such a request – provides you with information about the actions taken in connection with the request you have made. If necessary, the monthly period may be extended by another two months due to the complex nature of the request or the number of requests. In any event, the Personal Data Administrator will inform you of such extension(s) within one month of receiving the request, stating the reasons for the delay.

The right to access personal data (Art. 15 GDPR)

You have the right to obtain from the Administrator of your personal information, details as to whether your personal data is actually being processed. If the Administrator processes your personal data, you have the right to: access your personal data; obtain information concerning the purposes of its processing, the categories of the personal data being processed, the recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, concerning your rights under the GDPR and the right to lodge a complaint to the supervisory body, on the source of such data, on automated decision-making, including profiling, as well as on the safeguards applied in connection with the transfer of this data outside the European Union; obtain a copy of your personal data. If you want to request access to your personal data, please submit your request to: [email protected]

The right to correct personal data (Art. 16 GDPR)

If your personal data is incorrect, you have the right to request the Administrator to correct your personal data without delay. You also have the right to request the Administrator to supplement your personal data. If you want to request the correction of your personal data or its supplementation, please submit your request to: [email protected] If you have registered on the Website, you can correct and complete your personal data after logging on to the Website.

The right to delete personal data, viz., the “right to be forgotten” –so-called- (Art. 17 of the GDPR)

You have the right to request the personal data Administrator to delete your personal data when: your personal data has ceased to be necessary for the purposes for which it was collected or processed; you withdrew your specific consent to the extent to which your personal data was processed; your personal data has been unlawfully processed; you have objected to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent to which the processing of personal data is related to direct marketing; you have objected to the processing of your personal data in connection with the processing necessary to perform the task carried out in the public interest, or processing necessary for purposes arising from legitimate interests pursued by the personal data Administrator or a third party. Despite the request to remove personal data, the personal data Administrator may process your data further, in order to determine, assert or defend claims, about which you will be informed. If you want to request access to your personal data, please submit your request to: [email protected]

The right to submit a request to limit the processing of personal data (Art. 18 of the GDPR)

You have the right to request a restriction on the processing of your personal data when: you question the accuracy of your personal data – the personal data Administrator will limit the processing of your personal data for a period of time to check the correctness of this data; if the processing of your data is against the law and, instead of deleting personal data, you request that the processing of your personal data be limited; your personal information is no longer needed for processing, but is needed to establish, assert or defend your claims; you have filed an objection to the processing of your personal data, until the legitimate interests of the Administrator of the personal data have been determined and subsequently override the grounds indicated in your objection. If you want to request access to your personal data, please submit your request to: [email protected]

The right to object to the processing of personal data (Art. 21 of the GDPR)

You have the right to object, at any time, to the processing of your personal data, including profiling, in connection with: the processing necessary to perform a task carried out in the public interest or the processing necessary for purposes arising from legitimate interests pursued by the personal data Administrator or a third party; processing for direct marketing. If you want to object to the processing of your personal data, please submit your request to: [email protected]

“Cookie policy"

This Policy applies to cookies and websites operated by Catch-a -Box GmbH with its headquarters in Berlin (10407) at Storkower Straße 115A (hereinafter referred to as the Operator).

What are “cookies”?

Cookies should be understood as information data, in particular text files stored on users' end devices which are intended for use on websites. These files allow the user's device to be recognised and the web page to be displayed, according to the individual preferences of the user.

"Cookies" usually contain the name of the website from which they came, the time they were stored on the final device and a unique number.

What do we use “cookies” for?

We use cookies to:

customise the content of the site's web pages according to the user's preferences and also to optimise the use of websites; in particular, these files allow the device of the site’s user to be recognised and the web page to be displayed, according to the individual needs of the user.

create statistics that will help in understanding how site users use websites, thus allowing structure and content to be improved.

maintain a site user session, once logged in, so that the user does not need to re-enter the username and password on each page of the site.

What “cookies” do we use?

There are two main types of cookies used on websites: session cookies and persistent cookies. Session cookies are temporary files that are stored on the user's end device until log out from the system, or the website has been left, or the software / web browser has been disabled.

"Persistent" cookies are stored on the user's end device for the time specified in the cookie settings, or until the user deletes them.

The following types of “cookies” are used on websites:

"indispensable" cookies that allow the services available on websites, to be used such as authentication cookies used for services that require authentication on websites

security” cookies used for that purpose and to detect authentication abuses on websites

"productive" cookies that allow information to be collected about how websites are used

"functional" cookies that allow the user's chosen settings to be ‘remembered’ and the user interface to be personalised, for example, in relation to the selected language or region from which the user came, the font size, the appearance of the website and so on.

"advertising" cookies that allow users to provide advertising content that is more suited to their interests

web analytics” cookies which allow how users interact with the content of web pages to be better understood in order to better organise the layout of our site. They collect information about how visitors use our site, the type of page from which users were redirected and the number of visits and times users visited this site. This information does not register the specific personal data of the user, but is used to compile statistics on the use of the site to an aggregate extent. To do this, we use the Google Analytics solution.

“Cookies” of independent companies placed on the operator's websites:

Google Analytics, HotJar - web analytics cookies collect information about how visitors use our site, the type of page from which users were redirected, as well as the number of user visits and the time spent on this site. This information does not register the specific personal data of the user, but is used to compile statistics on the use of the site, to an aggregate extent.

Additional information and a browser add-in, that blocks Google Analytics: tools. google.com, are available on the https://hotjar.com site.

Refericon – the website uses an application that serves Maczfit products and the users; thanks to cookies, we can quickly verify your identity, which makes using our services much easier and more accessible.

"Cookies" are used by Refericon solely for the purpose of personalising a particular user; for more detailed information visit the https://www.refericon.pl site.

RTB House, Criteo – these cookies use information collected about you, to personalise the ads displayed according to your preferences. Cookies are only used by providers to personalise a specific user.

 For more information, visit: https://www.criteo.com and https://www.rtbhouse.com/pl/

OTHER “COOKIES”

Used on webpages -cookies _cfduid

Thulium - this site uses an application that facilitates the user's contact with the support service, as well as improve contact with users by phone; thanks to cookies, we have the opportunity to respond to a request sent by a user, requesting contact with us by phone. "Cookies" are used by Thulium, solely in order to properly view the applet of the order, in order to call; they do not store any personal data.

For more information, visit: https://thulium.pl/

Facebook tracker-cookies _fr

Facebook - Facebook's website uses cookies that store the browser ID and an encrypted version of the identity of the user, logged in, to Facebook. These cookies allow us to analyse the number of user visits redirected to the page from links published on Facebook and to adjust communication and offers in order to meet the visitors’ needs.

For more information, visit: https://www.facebook.com/policies/cookies/

The legal basis for processing

We collect the above data on the basis of your consent (Par 6-point 1 letter a GDPR), in order to fulfil a contract or to take measures before concluding a contract (Par 6-point 1 letter b GDPR). We can also process data based on the justified purpose of the Data Controller (para. 6, point 1 letter f GDPR).

Do “Cookies” contain personal data?

Personal data collected through cookies can only be collected to perform certain functions for the user. Such data is encrypted so that no unauthorised persons are allowed to access it.

How long do we handle "cookies"?

If you have consented to the storage of cookies, then every 365 days from the date of your consent to their storage, we will ask you to agree to their storage again, during your next visit to our sites.

Deleting "cookies"

The standard software used for viewing web pages allows you to place cookies on the destination device by default. These settings can be changed in such a way as to block the automatic processing of cookies in the web browser settings or to inform you each time they are downloaded to the user's device. Detailed information about the possibilities and methods of working with cookies is available in the software settings (web browser).

Internet Explorer (https://support.microsoft.com/de-de/help/17441/windows-internet-explorer-change-reset-settings)

Firefox (https://support.mozilla.org/de/kb/firefox-einstellungen

Opera (https://help.opera.com/de/touch/settings/ )

Chrome (https://support.google.com/accounts/answer/3118621?hl=de)


Restricting the use of cookies may affect some of the functionality available on the website.

What security measures do we use on our sites?

The operator's websites are equipped with security measures designed to protect data under our control, from loss, misuse or alteration. We are committed to protecting any information disclosed to us by customers, in accordance with standards for the protection of security and privacy.

The website operator offers users the option to opt out of receiving advertising materials and ordered newsletters.

The operator provides users with the ability to delete information about themselves from databases and allows them to suspend the receipt of information sent via e-mails.