Lobster House
ul. Królewska 2, Warsaw
tel. +48 731 000 847
Reserve a Table!

Privacy Policy

Lobster House Privacy Policy
Privacy Policy

Controller: Lobster House Sp. z o.o.,
ul. Królewska 2/1U-25A, 00-065 Warsaw, NIP 5252788131
Date of last update: February 1, 2026

  1. Preliminary Information
    1. Definitions
      1. For the purposes of this Privacy Policy:
        1. “Controller” means Lobster House Sp. z o.o., ul. Królewska 2/1U-25A, 00-065 Warsaw, NIP 5252788131;
        2. “IT Systems Administrator” means a person acting under the authority of the Controller who manages and supervises the Controller’s IT system;
        3. “Personal Data” means the following types of personal data concerning Data Subjects or their representatives: name, surname, e-mail address, contact telephone number, date of birth, residential address, correspondence address, health data;
        4. “Supplier” means an entity providing goods or services to the Controller;
        5. “Client” means an entity that has purchased or intends to purchase a product or service offered by the Controller, or remains in a permanent business relationship with the Controller, or has consented to the inclusion of its personal data in the database maintained by the Controller;
        6. “supervisory authority” means the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych);
        7. “Data Subject” means an entity whose personal data is processed by the Controller, including the Client, the Supplier, and their representatives;
        8. “Privacy Policy” means this document;
        9. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1);
      2. For the purposes of the Privacy Policy, the definitions set out in the GDPR shall also apply, unless they conflict with the definitions contained in point 1.1. above.
    2. Purpose of the Privacy Policy
      1. The Privacy Policy is a measure implemented by the Controller aimed at defining the activities undertaken by the Controller in the field of protection of Personal Data provided to the Controller by Data Subjects, and furthermore informing Data Subjects about the procedure for handling Personal Data applicable in the Controller’s enterprise, including in particular the purposes and legal grounds for processing, the categories of recipients to whom the Personal Data processed by the Controller are further transferred, and the fulfillment of the information obligation towards Data Subjects resulting from Art. 13 of the GDPR in other respects.
  2. Controller and Personal Data Processing
    1. The Controller of Personal Data within the meaning of the GDPR is Lobster House Sp. z o.o., ul. Królewska 2/1U-25A, 00-065 Warsaw, NIP 5252788131. This means that the Controller determines the purposes and methods of processing Personal Data on its own and on its own responsibility.
    2. The Controller has not appointed a Data Protection Officer (DPO) within the meaning of the GDPR.
    3. Processing of Personal Data means any activities and operations performed on Personal Data.
  3. Purposes and Legal Basis for Processing and the Period of Storage of Personal Data Concerning the Client
    1. The Controller processes Personal Data concerning the Client or its representatives for the following purposes:
      1. proper performance of the contract under which the Controller undertook to deliver goods or services to the Client;
      2. conducting direct marketing of services or goods offered by the Controller, including via e-mail correspondence such as a newsletter;
      3. fulfillment of obligations resulting from legal provisions, including tax and accounting regulations;
      4. conducting court, arbitration, administrative, judicial-administrative, enforcement, and mediation proceedings;
      5. pursuing, establishing, or defending claims or other rights resulting from legal provisions;
      6. handling complaints and claims.
    2. The legal basis for processing Personal Data for the purposes specified above in point 3.1. lit. a) is that it is necessary for the performance of a contract, whereby in the case of the purpose contained in point 3.1. lit. a), this concerns the performance of the contract under which the Controller undertook to deliver goods or services to the Client. The legal basis for processing Personal Data for the purpose specified above in point 3.1. lit. c) is that it is necessary to fulfill legal obligations incumbent on the Controller. The legal basis for processing Personal Data for the other purposes indicated above in point 3.1. is the legitimate interest pursued by the Controller.
    3. Processing of Personal Data within the purposes indicated above in point 3.1. includes in particular their collection, modification, storage, viewing, updating, analysis, and archiving.
    4. Personal Data concerning the Client may be transferred to public administration bodies or to other persons or third parties – to the extent and in cases where the obligation to provide them is imposed on the Controller by law. Furthermore, Personal Data concerning the Client, to the extent necessary for the realization of the purpose specified in point 3.1. lit. c) above, may also be transferred to entities performing bookkeeping and accounting services for the Controller on the basis of a separate agreement.
    5. Personal Data concerning the Client, to the extent necessary for the realization of the purposes specified in point 3.1. lit. d) above, may be transferred to courts or other bodies appointed to hear cases or enforce claims, as well as to entities performing debt collection or legal assistance services for the Controller on the basis of a separate agreement.
    6. Providing Personal Data by the Client is a condition for concluding a contract with the Controller under which the Controller undertakes to deliver goods or services to the Client; it is not mandatory, but failure to provide it will make it impossible to conclude this contract.
    7. The realization of the processing purposes described above, in the vast majority of cases, does not require the processing of special categories of personal data, i.e., including data concerning the Client’s health. Therefore, persons deciding to provide personal data to the Controller should not provide it to an excessive extent. The basis for processing data concerning the Client’s health is Art. 9(2)(h) of the GDPR.
    8. Personal Data concerning the Client will be stored by the Controller for the following period:
      1. in the case of Personal Data for which the legal basis for processing by the Controller is the fact that it is necessary for the proper performance of a contract – until the expiry of the limitation period for claims arising from that contract;
      2. in the case of Personal Data for which the basis for processing by the Controller is a legitimate interest – until such processing basis ceases to exist, in particular until the expiry of the limitation period for the Controller’s claims and the Client’s claims arising from their legal relationship, the termination of the Controller’s legal existence, or the final or definitive determination, awarding, satisfaction, or defense of a claim or other right of the Controller or the Client in court, arbitration, administrative, judicial-administrative, enforcement, or mediation proceedings;
      3. in the case of Personal Data for which the basis for processing is that it is necessary to fulfill legal obligations incumbent on the Controller – until such processing basis ceases to exist.
  4. Purposes and Legal Basis for Processing and the Period of Storage of Personal Data Concerning the Supplier
    1. The Controller processes Personal Data concerning the Supplier or its representatives for the following purposes:
      1. proper performance of the contract under which the Supplier undertakes to provide the Controller with goods or services;
      2. fulfillment of obligations resulting from legal provisions, including tax and accounting regulations;
      3. conducting court, arbitration, administrative, judicial-administrative, enforcement, and mediation proceedings;
      4. pursuing, establishing, or defending claims or other rights resulting from legal provisions;
    2. The legal basis for processing Personal Data for the purpose specified above in point 4.1. lit. a) is that it is necessary for the performance of the contract under which the Supplier undertook to deliver goods or services to the Controller. The legal basis for processing Personal Data for the purpose specified above in point 4.1. lit. b) is that it is necessary to fulfill legal obligations incumbent on the Controller. The legal basis for processing Personal Data for the other purposes indicated above in point 4.1. is the legitimate interest pursued by the Controller.
    3. Processing of Personal Data concerning the Supplier includes in particular their collection, modification, storage, viewing, updating, analysis, and archiving.
    4. Personal Data concerning the Supplier may be transferred to public administration bodies or to other persons or third parties – to the extent and in cases where the obligation to provide them is imposed on the Controller by law. Personal Data concerning the Supplier, to the extent necessary for the realization of the purpose specified in point 4.1. lit. b), may also be transferred to entities performing bookkeeping and accounting services for the Controller on the basis of a separate agreement.
    5. Personal Data concerning the Supplier, to the extent necessary for the realization of the purposes specified in point 4.1. lit. c) and d) above, may be transferred to courts or other bodies appointed to hear cases or enforce claims, as well as to entities performing debt collection or legal assistance services for the Controller on the basis of a separate agreement.
    6. Providing Personal Data by the Supplier is a condition for concluding a contract with the Controller under which the Supplier assumes the obligation to provide the Controller with goods or services; it is not mandatory, but failure to provide it will make it impossible to conclude this contract.
    7. Personal Data concerning the Supplier will be stored by the Controller for the following period:
      1. in the case of Personal Data for which the legal basis for processing by the Controller is the fact that it is necessary for the proper performance of a contract – until the expiry of the limitation period for claims arising from that contract;
      2. in the case of Personal Data for which the basis for processing by the Controller is a legitimate interest – until such processing basis ceases to exist, in particular until the expiry of the limitation period for the Controller’s claims and the Supplier’s claims arising from their legal relationship, the termination of the Controller’s legal existence, or the final or definitive determination, awarding, satisfaction, or defense of a claim or other right of the Controller or the Supplier in court, arbitration, administrative, judicial-administrative, enforcement, or mediation proceedings.
  5. Data Subject’s Rights Related to Personal Data Protection
    1. Right to information
      1. The Controller, when obtaining personal data, is obliged to provide the person from whom the data originates with all the following information:
        1. its identity and contact details and, where applicable, the identity and contact details of its representative;
        2. where applicable – contact details of the data protection officer;
        3. the purposes of the processing of Personal Data, as well as the legal basis for the processing;
        4. information on the recipients of the Personal Data or categories of recipients, if they exist;
        5. where applicable – information on the intention to transfer Personal Data to a third country or an international organization;
        6. the period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period;
        7. information whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the data and what the possible consequences of failure to provide such data are.
      2. If the Data Controller plans to further process personal data for a purpose other than that for which the personal data were collected, prior to such further processing, it is obliged to inform the Data Subject about this other purpose and provide them with any other relevant information.
    2. Right to withdraw consent for Personal Data processing
      1. The data subject has the right to withdraw consent to the processing of Personal Data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    3. Right of access to Personal Data
      1. The Data Subject is entitled to obtain from the Controller confirmation as to whether or not Personal Data concerning them are being processed, and, where that is the case, access to the Personal Data and the following information:
        1. the purposes of the processing;
        2. the categories of Personal Data concerned;
        3. information on the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
        4. where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
        5. information on the right to request from the Controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing;
        6. information on the right to lodge a complaint with a supervisory authority;
        7. where the personal data are not collected from the Data Subject, any available information as to their source;
        8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
      2. The Controller shall provide a copy of the Personal Data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic form.
    4. Right to request rectification and erasure of Personal Data
      1. The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning them. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
      2. The Data Subject shall have the right to obtain from the Controller the erasure of Personal Data concerning them without undue delay and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
        1. the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
        2. the Data Subject withdraws consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and where there is no other legal ground for the processing;
        3. the Data Subject objects to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Art. 21(2) of the GDPR;
        4. the Personal Data have been unlawfully processed;
        5. the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
        6. the Personal Data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
      3. The rights of the Data Subject indicated in point 5.2. above shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for the establishment, exercise or defense of legal claims; for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR in so far as the right is likely to render impossible or seriously impair the achievement of the objectives of that processing.
      4. The Controller shall communicate any rectification or erasure of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort.
    5. Right to restriction of processing Personal Data
      1. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
        1. the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
        2. the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
        3. the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims;
        4. the Data Subject has objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
      2. The Controller shall inform the Data Subject about the restriction of processing of Personal Data, unless this proves impossible or involves disproportionate effort.
    6. Right to Personal Data portability
      1. The Data Subject shall have the right to receive the Personal Data concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller, where the processing is carried out by automated means and a) is based on consent or b) is necessary for the performance of a contract.
      2. In exercising their right to data portability pursuant to point 5.1. above, the Data Subject shall have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. This right shall also not adversely affect the rights and freedoms of others.
    7. Right to object and rights related to automated individual decision-making
      1. The Data Subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of Personal Data concerning them which is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
      2. Where Personal Data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of Personal Data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
      3. The Data Subject shall have the right to obtain the information indicated above in points 5.1. and 5.2. separately from any other information and in a clear and distinct manner. The Data Subject shall have the right to exercise their right to object by automated means using technical specifications.
      4. Where the Data Subject objects to processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes.
      5. Where Personal Data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, the Data Subject, on grounds relating to their particular situation, shall have the right to object to processing of Personal Data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
      6. The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for entering into, or performance of, a contract between the Data Subject and a Controller; is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or is based on the Data Subject’s explicit consent.
  6. Security of Personal Data
    1. The Controller processes Personal Data in a manner consistent with the provisions of generally applicable law in the territory of the Republic of Poland. The Controller declares that it has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data entrusted to it, as referred to in Art. 32 of the GDPR. The Controller regularly reviews and updates the technical and organizational measures used by it to ensure an adequate level of protection for the entrusted Personal Data.
    2. The Controller declares that in order to ensure the security of Personal Data processing, it has introduced a Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Controller in accordance with Art. 24(1) and (2) of the GDPR, the purpose of which is to introduce a procedure for handling Personal Data in the enterprise run by the Controller, based on which their processing by the Controller will take place in accordance with the GDPR.
  7. Contact Details of the Controller
    1. In all matters related to the processing of Personal Data, including in particular matters related to the provisions of this Privacy Policy, the Data Subject should contact the Controller using the following contact details: XXX
    2. The ongoing management of the Controller’s IT system is handled by the IT Systems Administrator.

Welcome

Reserve a Table

Warsaw

Gdańsk

ul. Królewska 2,
Warsaw
+48 731 000 847
restauracja@lobsterhouse.pl
pon.-czw.: 11:00-23:00
pt.-nd.: 11:00-00:00
Długie Pobrzeże 24,
Gdańsk
+48 733 000 514
gdansk@lobsterhouse.pl
pon.-czw.: 11:00-23:00
pt.-nd.: 9:00-00:00
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance