Information on personal data and privacy

Yattai Sushi Bar s.c. Gabriela Wysocka-Kaczmarek, Marcin Kaczmarek – attaches great importance to the privacy of its guests and other persons whose personal data is processed.
In its activities, our company complies with the provisions protecting privacy, including in particular the General Regulation on the Protection of Personal Data No. GDPR.
Our company strives to ensure that each person whose personal data is processed has full information about the scope, purpose and method of processing their personal data and information about their rights. In our activities, we only use data necessary to achieve each of the purposes for which personal data are processed.

Processing of personal data obtained for marketing or similar purposes

If our company has obtained your personal data for marketing or similar purposes, you have the right to object to such processing. An objection may be filed at any time. If we have no other legal basis to process your personal data, the data processing will be terminated. The legal basis for the objection is Art. 21 RODO.

Processing of personal data obtained on the basis of consent, including for marketing purposes
If we have obtained your personal data on the basis of consent, you have the right to withdraw this consent at any time. This does not affect the validity of the processing of personal data at the time the consent was in force. The basis for the withdrawal of consent is Art. 7 GDPR. If you object to the processing of personal data, we will consider that you have withdrawn your consent to the processing of your personal data.

The Guest’s personal data is processed on the basis of a contract for the provision of catering services concluded between the Guest and us. In addition, the Guest’s personal data may be processed by video surveillance used in the building and around it. The purpose of video monitoring is to protect the Guest and other people staying on the premises or in its vicinity.
Please be advised that providing personal data is a contractual as well as statutory requirement (when documenting a sale made to the Guest with a VAT invoice). Failure to provide personal data makes it impossible to conclude a contract provided with a VAT invoice.
The Guest’s personal data may also be processed for the purpose of conducting Guest satisfaction surveys in connection with the services we provide. The legal basis for the processing of personal data for this purpose is the legitimate interest of our company (Article 6 (1) (f) of the GDPR). We have assessed the privacy impact of activities undertaken for this purpose. This assessment led us to the conclusion that the processing of personal data as part of a legitimate interest does not interfere too much with the privacy of the Guest. In addition, this way of processing the Guest’s personal data is to lead to an improvement in the quality of our services, which is to bring benefits to the Guest in the form of a better understanding of the Guest’s needs. Therefore, the interests of the Guest will not be affected.
Please be advised that the Guest’s personal data will be kept for the entire period of providing the accommodation service to the Guest, as well as the data will be stored for the period of limitation of any claims, including tax and civil claims. On the other hand, personal data processed by video surveillance will be stored for a period of 30 days, unless due to a special circumstance (e.g. an accident) it will be necessary to store the surveillance recording for a longer period.
In the case of booking services through or through the booking portal, the categories of the Guest’s personal data provided to us by these entities may include, in particular, name and surname, date, delivery address, e-mail address, and telephone number of the Guest. The exact source from which we obtained the Guest’s personal data can be obtained from the restaurant.

Common information

Please be advised that personal data may be disclosed to the following categories of recipients:
Accounting / auditing companies cooperating,
cooperating law firms,
Cooperating insurance companies,
IT companies and companies providing IT infrastructure support and management
Courier and postal companies,
The restaurant informs that everyone has the right to access their personal data (Article 15 of the GDPR) and to correct and update them (Article 16 of the GDPR). Everyone also has the right to transfer data (Article 20 of the GDPR), object to processing (Article 21 of the GDPR) and to delete personal data (Article 17 of the GDPR), limit processing (Article 18 of the GDPR), if there are grounds for this legal.
We would like to inform you about the right to lodge a complaint with the supervisory body supervising the processing of personal data.