Privacy Policy and cookies



  1. Who is the administrator of personal data

The administrator of personal data is Cartel Foods Piotr Terlikowski, who is the administrator of the website In case of any doubts related to the privacy policy, please contact me via the e-mail address provided:

The administrator reserves the right to change the privacy policy and each time this change will be shown on the website. The reason for the changes may be circumstances beyond the control of the administrator, such as changes in applicable law or the development of the website and the use of new tools.

The personal data we collect is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, commonly known as the GDPR.


  1. How can you contact us?

Cartel Foods Piotr Terlikowski can be contacted by phone at + 48 604 937 261, by e-mail: (mail: or in writing to the address ul. Opolska 88, Walidrogi, 46-050 Tarnów Opolski.


  1. Type of data collected by the Holly Powder website

The following types of personal data may be collected, stored and used:

  1. computer information, including IP address, geographic location, operating system,
  2. information about your visits to the website and the use of the website, length of visit, number of page views,
  3. any other personal data that you provide to us by completing the contact forms on the website, i.e.: company name, tax identification number, name, surname, contact details, such as telephone number, shipping address, e-mail, bank account number (with where payments are made for the services we provide.

We only collect and store data that you share with us. We do not collect data of people who have not consented to it, or data of a person that has been provided by someone else.


  1. What is the purpose and legal basis for our processing of your personal data?

The Administrator uses personal data for the following purposes:

  1. conclusion and performance of a binding contract – for the duration of the contract and settlements after its completion (legal basis: Article 6(1)b) of the GDPR, in short “performance of the contract”);
  2. performance of legal obligations incumbent on the Administrator (legal basis of Article 6(1)(c), e.g.:
  • issuing and storing invoices and accounting documents,
  • responding to letters and inquiries within the time limit and in the form provided for by law,
  1. necessary for the implementation of the Administrator’s legitimate goals (monitoring of the facility to ensure security, marketing of the products or services we offer, pursuing claims), in accordance with art. 6 sec. 1 lit. f GDPR,
  2. sending marketing communications, commercial information regarding the Administrator, including staying in regular contact (i.e. Christmas cards, product offers, telephone calls, cooperation offers, information about services, products, events, etc.) – the legal basis for the processing of personal data is in this case, Art. 6 section 1 lit. a and f of the GDPR, i.e. the consent of the data subject (provided that the data subject expresses such consent) or the legitimate interest of the Administrator.
  3. Contact form – Completing the form requires the User to provide specific personal data. Providing personal data is voluntary, however, failure to provide data marked as necessary makes it impossible, for example, to handle a case sent via the contact form. If data processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract, providing the necessary and specific scope of data is necessary. Consent to the sending of commercial information via electronic means of communication is voluntary.
  4. Newsletter – Your data will be processed in order to send you commercial information by e-mail to the e-mail address provided, including in the form of a newsletter, with the latest information about works and campaigns, offers and news to promote specific attitudes, behaviors and our image – based on your voluntary consent to conduct such activities (the basis of Article 6(1)(a) of the GDPR). In the event that the processing of your personal data was to take place for a purpose other than those indicated above, each time it will take place after obtaining your consent to the processing of personal data, to the extent and for the purpose indicated in this consent (the basis of Article 6(1)(f) of the GDPR). a) GDPR).


  1. Sharing personal data

Personal data is transferred:

  1. entities processing data on behalf of the Administrator, participating in the performance of the Administrator’s activities:
  • supporting the Administrator’s ICT systems or providing the Administrator with ICT tools, as well as suppliers of systems for automating the newsletter service,
  • subcontractors supporting the Administrator,
  • entities providing the Administrator with advisory, consulting, auditing, legal, tax and accounting services, acting on behalf of the Administrator;
  1. other data controllers processing data on their own behalf:
  • entities conducting postal or courier activities;
  • entities conducting payment activities (banks, payment institutions);
  • entities cooperating with the Administrator in handling accounting, tax and legal matters – to the extent they become data administrators;

Personal data may be obtained by us directly (during a visit to a branch, via forms posted on the website, by phone or in writing). They may also be obtained from other entities when you have given your consent.


  1. For how long do we process your personal data?

Period of processing and storing personal data:

  1. for the duration of the performance of obligations, e.g. issuing an invoice (legal basis: Article 6(1)(c) of the GDPR; in short “legal obligation”);
  2. for the time during which the regulations require the storage of data, e.g. tax data (legal basis: Article 6(1)(c) of the GDPR) or
  3. for the time during which the Administrator may suffer legal consequences of non-performance of the obligation, e.g. receive a financial penalty from state offices or further contractors of the Administrator (legal basis: Article 6(1)(f) of the GDPR; in short “legitimate interest”) ;
  4. for the duration of the contract (legal basis: performance of the contract), and then for the period after which the claims arising from the contract expire, and in the event of the Administrator pursuing claims or notifying the competent authorities – for the duration of such proceedings (legal basis: legally justified the Administrator’s interest in Article 6(1)(f) of the GDPR);
  5. establishing, defending and pursuing claims, which includes i.a. sale of the Administrator’s receivables under the contract to another entity – for the period after which the claims arising from the contract expire (legal basis: the Administrator’s legitimate interest in Article 6(1)(f) of the GDPR);
  6. direct marketing – for the duration of the contract (legal basis: legitimate interest of the Administrator, Article 6(1)(f) of the GDPR);
  7. creating statements, analyzes and statistics for the Administrator’s internal needs; this includes, in particular, reporting, marketing research, planning the development of services – for the duration of the contract, and then no longer than for the period after which the claims arising from the contract expire (legal basis: the Administrator’s legitimate interest, Article 6(1)(f) of the GDPR) f GDPR);
  8. verification of payment credibility – for the period necessary to make such an assessment when concluding, extending or extending the scope of this or subsequent contract and to consider related claims (legal basis: performance of the contract, Article 6(1)(b) of the GDPR); this also applies to data obtained by the Administrator from other sources;


  1. How do we protect your personal data?

ADO ensures that it applies appropriate technical and organizational conditions to ensure the security of processed personal data before their disclosure. For this purpose, appropriate procedures and documentation as well as security measures for IT systems have been introduced.


  1. What rights do you have in connection with the processing of your personal data by us?

You can submit a request to the Administrator (regarding personal data) for:

  1. rectification (correction) of data;
  2. deletion of data processed unjustifiably or placed on the Administrator’s websites
  3. limitation of processing (suspension of operations on data or non-deletion of data – according to the submitted application);
  4. access to data (for information about the data processed by the Administrator and for a copy of the data);
  5. transfer of data to another data administrator or to you (to the extent specified in Article 20 of the GDPR).

You can exercise these rights by sending a request by post or electronically to the Administrator’s address. To be sure that you are entitled to submit an application, the Administrator may ask you to provide additional information to authenticate the applicant. The scope of each of these rights and the situations in which they can be exercised result from the provisions of law. The right which you can exercise will depend, for example, on the legal basis for the use of data by the Administrator and the purpose of their processing.

Right to object

Regardless of the rights listed above, you can object to the processing of your data (including profiling) for direct marketing purposes at any time. After accepting the request in this case, the Administrator is obliged to stop processing data for this purpose. In special situations, you can object to the processing of personal data by the Administrator at any time (including profiling), if the basis for the use of data is the Administrator’s legitimate interest or public interest. In such a situation, after considering your request, the Administrator will not be able to process the personal data covered by the objection on this basis, unless the Administrator proves that there are:

  • important legitimate grounds for data processing, which according to the law are considered superior to your interests, rights and freedoms or
  • grounds for establishing, pursuing or defending claims.


If the Administrator’s use of your personal data is not necessary to perform the contract, fulfill a legal obligation or does not constitute the Administrator’s legitimate interest, the Administrator may ask for consent to certain ways of using your data. You can withdraw your consent at any time (this will not affect the lawfulness of the use of your data before such consent was withdrawn).


You have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the law.


  1. Do you have to provide your personal information?

Providing personal data is completely voluntary, however, failure to provide personal data or their removal will prevent the provision of services contained in point 4 or related services.


  1. Additional information

Personal data may be processed in an automated manner (including in the form of profiling), but in this case it will not cause any legal effects or significantly affect your situation to a similar extent.

Profiling of personal data by the Administrator consists in processing your data (also in an automated manner) to evaluate certain information about you, including analyses, statistics or forecasts of interests and personal preferences, as well as in connection with our marketing activities, sending advertisements and offers commercial.


  1. Cookies

Cookies are small text files placed on your computer’s hard drive to identify your computer to our servers. If your browser is configured to accept cookies, we will use cookies to recognize your computer when you visit the site so that we can provide a more personalized and streamlined experience and improve the quality of the site. You can configure your browser to block cookies.


12.Google Analytics

Monitoring your activity on the website – your personal data will be processed in an automated manner (including in the form of profiling), but it will not have any legal effects on you. Profiling of personal data consists in processing data (also in an automated manner) to forecast personal preferences and interests.

The entity uses the Google Analytics service offered by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyze user behavior on our website. Google Analytics uses cookies, which are saved on the user’s computer and enable the analysis of the use of the website by him. The information obtained by the cookie on how the User uses the website is usually transferred to Google servers and stored there.

Users can disable all cookies or delete selected ones through the appropriate settings in the browser software. However, we would like to point out that in this case the user will not be able to fully use all the functions of the website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:

Google Analytics also collects IP addresses to ensure safe use of the service and to recognize which countries, regions and cities users come from (geolocation by IP).

Data is stored in a performance-optimized encoded format rather than a traditional file system or database. They are distributed across multiple physical and logical volumes, which provides redundancy and convenient access, and thus protection from outside interference.

The data of all Google users (consumers, companies, and even Google’s own data) is distributed in a shared infrastructure consisting of many homogeneous computers and located in Google’s data centers.

Google Analytics additionally ensures secure transmission of its JavaScript libraries and measurement data. By default, Google Analytics uses HTTP Strict Transport Security (HSTS), which instructs browsers that support HTTP SSL Secured (HTTPS) to use this encryption protocol for all communications between Google Analytics users, sites, and servers.

Our website uses the anonymizeIP function in Google Analytics. This means that IP addresses are further processed after shortening in order to exclude any personal reference. If the personal data collected about you is related to a specific person, such reference is immediately excluded and the personal data is immediately deleted.

We use Google Analytics to analyze the use of the website and improve it on a regular basis. Thanks to the obtained statistics, we can improve our offer and make it more interesting for the user. The legal basis for the use of Google Analytics is Art. 6 sec. 1 lit. f GDPR.

Google’s privacy policy can be found at this link: Keep in mind that Google changes this policy from time to time, so make sure it’s the current version each time.


13.Google Ads

We use the Google Ads advertising program operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA to conduct advertising campaigns, including remarketing. We carry out activities in this area based on our legitimate interest in marketing our own products or services (Article 6(1)(f) of the GDPR). When you visit our website, a Google remarketing cookie file is automatically left on your device, which, with the help of a pseudonymous identifier (ID) and based on the pages you visit, allows you to display interest-based advertisements. Further processing of information takes place only if you have consented to Google linking your browsing history and application use with your account and using information from your Google account to personalize advertisements that are displayed on websites. In this case, if you are logged in while visiting my website on Google, Google will use your data together with Google Analytics data to create and define lists of target groups for cross-device remarketing. For this purpose, Google temporarily combines the information collected with Google Analytics data to create target groups. We emphasize that when using Google Ads, we do not collect any data that would allow your identification. Possible compilation of data in such a way that they take on the nature of personal data may be made on the part of Google, but in this respect we are no longer responsible for it, because Google performs these activities on the basis of an agreement concluded with you as a user of Google services. We, using Google Ads, are only able to define the groups of recipients to whom we would like our ads to reach. On this basis, Google decides when and how to present our advertisement to you. In order to use Google Ads, we have implemented a special Google Ads conversion pixel in the code of our website. Pixel uses Google LLC cookies for the Google Ads service. From the level of our website, using the mechanism used to manage cookies, you can disable these cookies. You can manage your ad settings directly on Google’s website: If you are interested in details related to data processing under Google Ads, we encourage you to read Google’s privacy policy:


Learn about our brands: