Privacy and Cookies Policy
for the websites www.mrcook.pl (“Store”) and b2b.mrcook.pl (“B2B Store”)

1) General Information
This Policy sets out the principles governing the processing and protection of personal data of individuals using the Store and/or the B2B Store (collectively referred to as the “Services”), as well as the rules regarding the use of cookies and similar technologies within the Services.

2) Data Controller and Contact Information
The data controller is Mr Cook Corp. sp. z o.o., with its registered office in Katowice, ul. Panewnicka 87, 40-761 Katowice, Poland, entered in the Register of Entrepreneurs under KRS no. 0000935998, NIP 6342932974, REGON 380634629 (hereinafter: the “Controller”, “Company”, or “we”).
Contact regarding data protection matters: info@mrcook.pl.

3) Scope and Sources of Data
We process data voluntarily provided by you through the forms available on the Services (e.g., account registration, order form, contact form), in particular: first name, last name, e-mail address, phone number, residential and/or delivery address, company details (for B2B customers: position and business address of the employer/entity represented), as well as IP address and technical information about your device/browser.
Additionally, we collect information via cookies and similar technologies – details are provided in sections 12–15.

4) Purposes and Legal Bases of Processing
- Registration and management of a customer account (Store / B2B Store), order processing, payments, and delivery – legal basis: Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract).
- Handling inquiries (via contact form or e-mail) – legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR (legitimate interest: communication with the user).
- Compliance with legal obligations (e.g., tax and accounting obligations) – legal basis: Art. 6(1)(c) GDPR.
- Establishment, exercise, or defence of legal claims and ensuring the security of the Services – legal basis: Art. 6(1)(f) GDPR.
- Direct marketing by electronic means (e.g., commercial information, promotional materials, including up-to-date price lists sent via e-mail) – legal basis: Art. 6(1)(a) GDPR (consent), in conjunction with the Electronic Communications Act of 10 November 2024 and the Act on Providing Services by Electronic Means.
- Analytics and statistical purposes concerning the use of the Services (Google Analytics, Google Tag Manager, Hotjar) – legal basis: Art. 6(1)(f) GDPR (legitimate interest: development of the Services) or Art. 6(1)(a) GDPR (consent via cookies banner).
- Advertising and measurement of advertising effectiveness (e.g., Facebook Pixel) – legal basis: Art. 6(1)(a) GDPR (consent).

5) Voluntary Nature of Data Provision
Providing data is voluntary, but necessary to create an account, place an order, or receive marketing communications (if you have given your consent). Failure to provide data may prevent us from performing these functions.

6) Data Recipients (Categories)
Data may be entrusted to entities providing services necessary for the operation of the Services and the performance of contracts, in particular: IT/hosting providers, courier companies, payment operators, accounting and legal service providers, as well as providers of analytical and advertising tools (Google Analytics, Google Tag Manager, Hotjar, Facebook Pixel). Data may also be disclosed to public authorities entitled to receive it under applicable law.

7) Transfer of Data Outside the EEA
The use of analytical and advertising tools may involve the technical transfer of data to third countries (outside the EEA). When such transfers occur, they are carried out in accordance with the GDPR based on appropriate safeguards (e.g., standard contractual clauses). Details are available in the privacy policies of the respective tool providers.

8) Data Retention Period
Data processed under a contract is retained for the limitation period of potential claims (typically 3 or 6 years, depending on the type of claim) and for the period required under tax and accounting regulations – generally 5 years from the end of the year in which the tax obligation arose.
Data processed based on consent (e.g., for marketing purposes) is stored until such consent is withdrawn.
Data processed based on the Controller’s legitimate interest is stored until an effective objection is raised or the processing purpose is achieved.

9) Your Rights
You have the right to request access to your data, rectification, erasure, restriction of processing, data portability (where applicable), and to object to processing based on legitimate interest.
If data is processed based on your consent, you may withdraw it at any time (e.g., by clicking “Unsubscribe” in the footer of an e-mail). Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

10) Automated Decision-Making / Profiling
We do not make decisions that produce legal effects concerning you solely through automated means. In relation to advertising cookies, marketing content may be tailored to your activity (advertising profiling) – this occurs only with your consent expressed via the cookies banner, which you may manage at any time.

11) Security
We implement organizational and technical measures appropriate to the risks involved, including encryption of connections (SSL) and restricting access to data solely to authorized persons.

12) Cookies and Similar Technologies – General Information
Cookies are small text files stored on your device by your browser. Upon subsequent visits to the Service, they allow recognition of your browser/device and adjustment of the Service’s operation. Our Services also use similar tracking technologies provided by analytical and advertising tool providers.

13) Types of Cookies Used (Categories)
- Necessary – required for the proper operation of the Services (e.g., login, cart, security).
- Functional – remembering your preferences (e.g., language, region).
- Analytical/performance – helping us understand how you use the Services (e.g., Google Analytics, Hotjar).
- Advertising – enabling personalization of advertising content and measurement of effectiveness (e.g., Facebook Pixel).
Analytical and advertising cookies are used only upon obtaining your consent via the cookies banner – you may change it at any time.

14) Third-Party Tools
The Services use Google Analytics, Google Tag Manager, Hotjar, and Facebook Pixel – solely to the extent necessary for statistics, performance improvements, and/or marketing, in accordance with your cookie consent settings.

15) Managing Cookies
You may modify or withdraw your consent for cookies (except for those strictly necessary) at any time via the cookies banner or your browser settings. Blocking certain cookies may limit the functionality of the Services.

16) External Links
The Services may contain links to external websites. We are not responsible for their content or privacy practices. We encourage you to review the privacy policies of those websites.

17) Changes to this Policy
This Policy may be updated periodically (e.g., due to legal changes or new functionalities of the Services). Any material changes will be clearly communicated within the Services. The current version is always published in this location.