To find out prices and place an order – register here

Privacy policy

I. GENERAL PROVISIONS

  1. The owner of the online store www.yeastsidelabs.com and the administrator of personal data collected through the website www.yeastsidelabs.com is Kamil Filip Tomaszewski conducting business as Yeast Side Labs – Kamil Filip Tomaszewski, operating under Tax Identification Number (NIP): 6070067478, National Business Registry Number (REGON): 525322007, email address: hello@yeastsidelabs.com, hereinafter referred to as the “Administrator,” also acting as the Service Provider.
  2. Personal data collected by the Administrator through the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR,” and the Personal Data Protection Act of 10 May 2018.

II. TYPES OF PROCESSED PERSONAL DATA, PURPOSE, AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS: The Administrator processes personal data through the website www.yeastsidelabs.com for the following purposes:
    • Registration of an account in the Online Store to create an individual account and manage it. Legal basis: necessity for the performance of a contract (Art. 6(1)(b) GDPR); 
    • Placing an order in the Online Store for the purpose of executing a sales contract. Legal basis: necessity for the performance of a sales contract (Art. 6(1)(b) GDPR); 
    • Subscribing to the informational newsletter (Newsletter) for the purpose of executing a contract for services provided electronically. Legal basis: consent of the data subject to the performance of the Newsletter service contract (Art. 6(1)(a) GDPR); 
    • Using the contact form service in the Online Store for the purpose of executing a contract for services provided electronically. Legal basis: necessity for the performance of the contact form service contract (Art. 6(1)(b) GDPR).
  2. TYPES OF PROCESSED PERSONAL DATA: The Administrator processes the following categories of user’s personal data:
    • First and last name,
    • Company name,
    • Business address,
    • Tax Identification Number (NIP),
    • Email address,
    • Phone number,
    • Position held in the company.
  3. DATA RETENTION PERIOD: User’s personal data is stored by the Administrator:
    • In the case where the processing is based on the execution of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations. Unless a specific regulation provides otherwise, the limitation period is three years.
    • In the case where the processing is based on consent, until such consent is revoked, and after the revocation of consent for a period corresponding to the statute of limitations for claims that may be raised against the Administrator and by the Administrator.
  4. During the use of the website, additional information may be collected, including but not limited to: IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, and the operating system type.
  5. User’s navigational data may also be collected, including information about the links and references they decide to click on or other actions taken on the website. The legal basis for such activities is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) in facilitating the use of electronically provided services and improving the functionality of these services.
  6. The provision of personal data by the user is voluntary. Personal data will also be processed in an automated form of profiling if the user gives their consent based on Art. 6(1)(a) GDPR. The consequence of profiling will be assigning a profile to a specific person for the purpose of making decisions about them or analyzing or predicting their preferences, behavior, and attitudes.
  7. The Administrator takes particular care to protect the interests of data subjects, ensuring that the data collected by the Administrator are:
    • Processed lawfully,
    • Collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
    • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and
    • Stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

III. SHARING OF PERSONAL DATA

  1. Personal data of users are shared with service providers that the Administrator uses when operating the website. Depending on contractual agreements and circumstances, service providers receiving personal data either follow the Administrator’s instructions regarding the purposes and methods of processing (data processors) or independently determine the purposes and methods of their processing (data administrators).
  1. User’s personal data are stored solely within the European Economic Area (EEA).
  1. Customer’s personal data are shared with service providers used by Yeast Side Labs – Kamil Filip Tomaszewski when operating the Online Store. Depending on contractual agreements and circumstances, service providers receiving personal data either follow Yeast Side Labs’ instructions regarding the purposes and methods of processing (data processors) or independently determine the purposes and methods of their processing (data administrators).
    1. Data Processors: The Service Provider uses suppliers who process personal data solely on its behalf. These include, among others, hosting service providers, accounting services, providers of marketing systems, systems for analyzing traffic on the Online Store, and systems for analyzing the effectiveness of marketing campaigns.
    2. Administrator of www.yeastsidelabs.com: The Administrator uses suppliers who do not act solely on instructions and independently determine the purposes and methods of using Customer’s personal data. They provide electronic payment and banking services.
  1. Location: Service providers have offices in Poland and other countries within the European Economic Area (EEA).
  1. In the event that the Customer chooses to pay through the PayU system, their personal data will be transferred to PayU SA, with its registered office in Poznań, 60-166 Poznań, at ul. Grunwaldzka 186. PayU SA is registered in the entrepreneurs’ register kept by the District Court for Poznań – Nowe Miasto and Wilda in Poznań, 8th Economic Division of the National Court Register under KRS number 0000274399, NIP: 779-23-08-495, REGON 300523444, to the extent necessary for the payment.

IV. RIGHT TO CONTROL, ACCESS TO OWN DATA CONTENT, AND THEIR CORRECTION

  1. The person to whom the data relates has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  1. Legal bases for the user’s requests:
    • Access to data – Art. 15 GDPR
    • Rectification of data – Art. 16 GDPR.
    • Erasure of data (the “right to be forgotten”) – Art. 17 GDPR.
    • Restriction of processing – Art. 18 GDPR.
    • Data portability – Art. 20 GDPR.
    • Objection – Art. 21 GDPR.
    • Withdrawal of consent – Art. 7(3) GDPR.
  1. To exercise the rights mentioned in point 2, the user can send a relevant email to: hello@yeastsidelabs.com
  1. If a user exercises a right resulting from the above rights, the Administrator will comply with the request or refuse to do so immediately, but no later than within one month of receiving it. However, due to the complex nature of the request or the number of requests, the Administrator may extend this period by two months, informing the user of the intended extension and the reasons for it within one month of receiving the request.

If it is found that the processing of personal data violates the provisions of the GDPR, the person to whom the data relates has the right to lodge a complaint with the President of the Office for Personal Data Protection.

V. “COOKIES” FILES

  1. The Administrator’s website uses “cookies” files.
  2. The installation of “cookies” files is necessary for the proper provision of services on the website. “Cookies” files contain information necessary for the proper functioning of the website, and they also provide the ability to compile general statistics of website visits.
  3. Within the website, the following types of “cookies” files are used: session cookies.”Session” cookies are temporary files that are stored on the user’s end device until they log out (leave the site).
  4. The Administrator uses its own cookies to better understand how users interact with the website’s content. The files collect information about the user’s use of the website, the type of site from which the user was redirected, and the number of visits and the time of the user’s visit to the website. This information does not record specific personal data of the user but is used to compile statistics on the use of the website.
  5. The user has the right to decide on the access of “cookies” files to their computer by selecting them in advance in their browser’s window. Detailed information on the possibilities and methods of handling “cookies” files are available in the software settings (web browser).

VI. FINAL PROVISIONS

  1. The Administrator employs technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data covered by protection, particularly by securing data against unauthorized disclosure, taking by an unauthorized person, processing in violation of applicable regulations, as well as alteration, loss, damage, or destruction.
  1. The Administrator provides appropriate technical means to prevent the acquisition and modification of personal data sent electronically.
  1. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish legal regulations apply.