Privacy Policy


Dear All,
As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”) entered into force throughout the European Union and therefore in the Republic of Poland. With your security as our top priority, we ensure that we take all measures permitted by law to protect your personal data, and we also apply the principle of special care. Below, we intend to provide you with an overview of the rules according to which we collect and store your data, the rights you have, and the persons responsible for the security of your personal data processed by us. We kindly ask you to read the following information and to accept the terms
of use of our website. All processing of personal data will be
based on the provisions of generally applicable law, in particular the above-mentioned GDPR regulation, as well as the provisions of the Polish Act of May 10, 2018 on
the protection of personal data.


What is personal data and what does the processing involve?

“GDPR” in Art. 4 point 1 defines personal data as any information on the basis of which a natural person can be directly or indirectly identified. These include, among others, name and surname, personal identification number (PESEL), telephone number, e-mail address, IP address, physical or physiological characteristics. In addition, such data also includes information about your location sent by smartphones, tablets, and other electronic devices.
In addition, we would like to inform you that, in accordance with the “GDPR”, the protection of personal data applies only to the data of natural persons, and therefore does not extend to legal persons.
The processing of personal data is essentially any action on personal data, whether carried out by automated means or not, such as collection, storage, recording, structuring, alternation, consultation, use, disclosure, restriction, erasure or destruction.


Who is the Personal Data Controller?

The Controller is the entity responsible for collecting personal data. The controller is also the addressee to whom you can address any requests you may have in relation to
the collection and processing of your personal data by us. In our case, the Controller is FOOD CONCEPT F&F INWESTYCJE SP. Z O.O. SP. K., with its registered office in Krakow, address: ul. Grodzka 40, 31-044 Kraków, NIP (taxpayer identification number): 6762477821. (MSHG). The controller of personal data may be contacted by letter or via e-mail at or by phone at 533-152-552.


What sensitive personal data do we process?

In principle, we only process personal data if this is genuinely necessary for the provision of a service or the performance of a contract. In this case, we process the personal data of MSHG customers, persons contacting MSHG in order to obtain information about the offer, share comments regarding services or products, start cooperation or conclude a contract, i.e.
in particular the following personal data: name and surname, position, company address, home address, dietary information, email address, and telephone number.
In addition, if you give your consent for the proper performance of our services, we will not process sensitive data. At the same time, please note that each time you provide information from a special category of personal data, such as sensitive data, in person, via websites, email or in the course of a telephone conversation, you will be expressly consenting to our collection and use of such information in the manner specified in this document or as specified in the place where the information is disclosed.


On what grounds and for what purpose do we process data?

We process your personal data in accordance with the law, in a fair
and transparent manner. We process your personal data on the grounds of:
a) your voluntary consent (e.g. by sending us an e-mail or consenting to receive a newsletter or other form of marketing),
b) performance of the concluded contract, as well as commencement of cooperation or signing the contract,
c) legally justified interest of MSHG as a Data Controller (e.g. in terms of creating a database, analytical and profiling activities, including activities concerning the analysis of the use of products, direct marketing of own products, securing documentation for the purpose of defence against possible claims or for the purpose of asserting claims),
d) obligations under the law (e.g. tax law or accounting regulations).
The purposes for which we process your personal data are as follows:
a) ensuring the highest quality of our services, i.e. where you are or become a party to a contract between us we will only process personal data which is necessary for the performance of the contract, for example, your name, telephone number, or home or delivery address.
b) legitimate interests pursued by the Administrator, which are: execution of contracts and fulfilment of orders, proper provision of services to you, keeping statistical data related to visits to our website, improving our services and adapting them to your personalised needs, as well as marketing and self-promotion in the services market.


To whom can we pass your data?

If you have given your consent, your data will only be passed on to trusted partners of ours, i.e. in particular your data may be passed on to our partner restaurant companies providing catering services, to our co-operating hotel companies providing accommodation services, to our subcontractors, co-operators or service providers who assist us in providing the service (e.g. postal,courier, accounting, order processing companies). The transfer of personal data to another entity does not entitle it to any use, but only to processing for the purposes set out in the contract of entrustment of data processing, ensuring the security of processing and to the extent necessary for the proper provision of services to you and the performance of contracts binding us. The provision of personal data does not relieve us (as the provider) of our responsibility for its processing. We point out that your data may also be transmitted to a public authority, but only if this is authorised by generally applicable law and if the authority so requests.


How long will we process your personal data?

Your personal data will be processed as long as it is appropriate from the point of view of the legal relations between us, i.e. as long as there is a basis for the processing of your personal data. For example, when your consent has been granted until it is withdrawn, restricted or otherwise acted upon by you to restrict that consent; in the case your data is necessary for the performance of a contract, for the duration of its performance and, following its performance, until the expiry of the limitation periods for claims arising therefrom; and in the case the data processing is based on the legitimate interest of the Controller, for the duration of that legitimate interest. In addition, your personal data will be processed by us as long as it is necessary
due to applicable law, the periods of data processing for this purpose are determined by these provisions.


What are your rights?

The “GDPR” provides a number of rights for persons whose personal data is collected and processed. According to the GDPR, you have:
a) the right to access your personal data,
b) the right to request the rectification of your personal data,
c) the right to request its erasure or to restrict the processing,
d) in the event of giving the consent to the processing of personal data – the right to withdraw it,
e) the right to data portability
f) the right to object to the processing of your personal data.
Should you have any questions, objections or concerns regarding the content of this notice or the way we process personal data, as well as any complaints about these matters (although we hope you will not need to make such complaints), please send an email with details of your complaint to Any complaints received will be investigated and responded to.
In addition, you also have the right to lodge a complaint with the supervisory authority, i.e. President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warszawa), if you believe that the processing of your personal data by us violates the provisions of the EU GDPR Regulation.
You may contact the Controller at any time to exercise any of your rights, for which purpose we have provided you with our exact contact details:
Rynek Główny 26
31-008 Krakow