Seez Platform Privacy Policy
Last updated: April 17, 2026
§1 Data Controller
The controller of personal data processed through the Seez platform (hereinafter: Platform) is Honeybit, registered at Os. 700-lecia 2/70, 34-300 Żywiec, Poland, Tax ID (NIP): 553 25 84 553, email for data protection matters: kontakt@seez.pl.
§2 Scope of Collected Data
The Platform collects and processes only the minimum necessary data:
- Guest Identifier (Guest ID) — a unique GUID stored in an HttpOnly cookie with a 30-day expiry. Used to associate orders with the user's session.
- Language preference — the selected interface language, stored in the browser's localStorage.
- Order data — menu items, quantities, annotations (e.g., notes for a dish), and timestamps of order placement and fulfillment.
- IP address — passed to the PayU payment operator solely for payment fraud detection. Not stored by the Platform Operator.
- Technical device data — browser information (user agent), implicitly transmitted in HTTP headers. Used solely to ensure proper Platform operation.
The Platform does not require creating an account, providing a name, email address, or phone number.
§3 Purposes and Legal Bases for Processing
Personal data is processed on the following legal bases:
| Purpose | Legal basis (GDPR) | Description |
|---|---|---|
| Order fulfillment | Art. 6(1)(b) | Processing necessary for performance of a contract — order handling, guest session identification |
| Security and fraud prevention | Art. 6(1)(f) | Legitimate interest of the controller — fraud protection, ensuring proper system operation |
| Legal obligations | Art. 6(1)(c) | Compliance with legal obligation — invoicing, tax documentation |
§4 Data Recipients
Data may be shared with the following categories of recipients:
- Restaurant — receives order data (items, quantities, annotations) necessary for order fulfillment.
- PayU S.A. — payment operator, receives the IP address and order amount for payment processing and fraud detection.
- InFakt — invoicing service provider, receives data necessary for issuing invoices to restaurants.
- Hosting and IT service providers — entities providing the Platform's technical infrastructure, processing data under data processing agreements.
Data is not shared with third parties for marketing, advertising, or profiling purposes.
§5 Data Retention Period
| Data type | Retention period |
|---|---|
| Guest ID cookie | 30 days (automatic expiration) |
| Order data | Duration of service + period required by law |
| System logs | 30–90 days |
| Invoice data | 5 years (under Polish tax law — Tax Ordinance Act) |
After the retention period expires, data is deleted or anonymized.
§6 User Rights
Under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), you have the following rights:
- Right of access — you have the right to obtain information about whether your data is being processed and to access it (Art. 15 GDPR).
- Right to rectification — you may request correction of inaccurate data (Art. 16 GDPR).
- Right to erasure — you may request deletion of data when it is no longer necessary for the purposes of processing (Art. 17 GDPR).
- Right to restriction of processing — you may request restriction of processing in certain circumstances (Art. 18 GDPR).
- Right to data portability — you may receive your data in a structured, commonly used format (Art. 20 GDPR).
- Right to object — you may object to processing based on legitimate interest (Art. 21 GDPR).
- Right to lodge a complaint — you have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl.
To exercise your rights, send a message to: kontakt@seez.pl.
§7 Cookies
The Platform uses only essential cookies:
-
Guest identifier cookie — essential for the ordering service to function.
- Type: HttpOnly, Secure, SameSite=Lax
- Lifetime: 30 days
- Purpose: associating orders with the user's session
-
Language preference — stored in the browser's localStorage (not a cookie).
- Purpose: remembering the selected interface language
The Platform does not use analytics, advertising, or tracking cookies.
Users can manage cookies in their browser settings. Deleting the guest identifier cookie will result in loss of association with previous orders.
§8 Data Security
The Operator applies appropriate technical and organizational measures to protect data:
- HTTPS encryption — all communication with the Platform is encrypted.
- Cookie security flags — cookies are set with HttpOnly and Secure flags, protecting against script access and unencrypted transmission.
- No payment card data storage — payment data is processed exclusively by the PayU payment operator.
- Rate limiting — protection against abuse and automated attacks.
§9 Changes to the Privacy Policy
- The Operator reserves the right to update this Privacy Policy.
- Users will be notified of changes through the Platform.
- The date of the last update is indicated at the beginning of this document.