PRIVACY POLICY

§ 1 General Provisions

1. The controller of the personal data of users of the website located under the domain www.beesblooms.eu is MATHILDE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Kołobrzeg, at ul. Witkowice 1, 78-100 Kołobrzeg, entered into the National Register of Entrepreneurs kept by the District Court in Koszalin, 9th Commercial Division of the National Court Register under KRS number: 0001182819, NIP: 6711867819, REGON: 542199358 (hereinafter: the "Controller").

2. Contact with the Controller is possible:

  • via email: info@beesblooms.eu,
  • in writing to the Controller's address: ul. Witkowice 1, 78-100 Kołobrzeg.

3. The purpose of this Policy is to define the actions taken regarding personal data collected via the Controller's website and related services and tools used by its users, as well as within the framework of concluding and performing contracts outside the website.

4. If necessary, the provisions of this Policy may change. Changes will be communicated to users by publishing the new content of the Policy. Users who have consented to data processing via email or provided email addresses during contract performance will also be notified of changes via email.

§ 2 Grounds, Purposes, and Storage of Personal Data

1. Users' personal data is processed in accordance with the General Data Protection Regulation (GDPR), the Act on the Protection of Personal Data of May 10, 2018, and the Act on the Provision of Electronic Services of July 18, 2002.

2. Data processing initiated by a user's email or complaint is based on Art. 6(1)(b) of the GDPR (processing is necessary to take steps at the request of the data subject).

3. Based on separate consent, data may be processed for marketing purposes, including sending commercial information electronically (Art. 6(1)(a) of the GDPR).

4. For the conclusion and performance of sales or service agreements, the provision of data is a contractual (and for tax IDs, a statutory) requirement under Art. 6(1)(b) of the GDPR.

5. Research and analysis to improve services (e.g., tracking tools) are based on Art. 6(1)(f) of the GDPR (legitimate interest).

Table: Purposes, Legal Grounds, and Scope of Data

Purpose of Processing Legal Basis & Retention Period Scope of Data
Performance of contract or pre-contractual steps Art. 6(1)(b) GDPR. Stored for the duration necessary to perform, terminate, or expire the contract. Name, email, phone, address, company name, NIP (Tax ID).
Direct Marketing Art. 6(1)(f) GDPR. Stored for the duration of the Controller's legitimate interest, not exceeding the statute of limitations for claims. Email, phone number.
Marketing (Consent) Art. 6(1)(a) GDPR. Stored until consent is withdrawn. Name, email, phone, address.
Customer Reviews Art. 6(1)(a) GDPR. Stored until consent is withdrawn. Name, email, phone.
Accounting / Tax Art. 6(1)(c) GDPR in connection with tax/accounting laws. Stored for 5 years from the start of the year following the relevant fiscal year. Name, email, phone, address, NIP, company name.
Defense of Claims Art. 6(1)(f) GDPR. Stored for the duration of the legitimate interest (statute of limitations). Name, email, phone, address, NIP, company name.

6. Profiling: The Controller may use profiling for direct marketing (e.g., granting discounts, cart reminders). Decisions are automated, but the user freely decides whether to use the offer. Profiling analyzes behavior like adding products to the cart or page views.

7. Technical Data: The website may collect IP addresses, device identifiers (IDFA, AAID), browser types, and approximate geolocation to ensure proper functionality.

8. Security: The Controller implements appropriate technical and organizational measures to protect data against unauthorized access or modification.

§ 3 Data Sharing

1. Personal data is used to fulfill obligations to users and is not shared with third parties except:

  • with explicit consent,
  • when required by law (e.g., law enforcement).

2. Categories of Recipients:

  • Technical Providers: Hosting, email, marketing agencies, software providers.
  • Professional Services: Accounting firms, law firms, debt collection agencies.

3. Third-Country Transfers: Data may be transferred to entities outside the EEA (e.g., USA) that ensure standard contractual clauses or are authorized under bilateral agreements. These include:

  • Google LLC: For Google Analytics, Tag Manager, and Google Ads.
  • Meta Platforms, Inc.: For Facebook Pixel tracking and optimization.

4. Google Analytics: This service uses cookies to analyze website use. Data is generally stored on US servers. You can opt-out by installing the browser plugin: http://tools.google.com/dlpage/gaoptout.

§ 4 User Rights

Every data subject has the right to:

  1. Access, Rectification, Restriction, and Erasure: The right to access data, correct it, request deletion ("right to be forgotten"), or restrict processing.
  2. Withdrawal of Consent: The right to withdraw consent at any time without affecting the legality of processing performed before the withdrawal.
  3. Lodge a Complaint: The right to complain to a supervisory authority (In Poland: President of the Personal Data Protection Office - PUODO).
  4. Object: The right to object to processing based on legitimate interest (Art. 6(1)(f)) or public interest.
  5. Object to Direct Marketing: The right to object to processing for marketing purposes (including profiling) at any time.

§ 5 Cookies Policy

1. What are Cookies? Small text files stored on your device to remember settings and preferences (visits, clicks, previous actions).

2. Purpose:

  • Adapting content to user preferences.
  • Creating anonymous statistics.
  • Delivering tailored advertising.

3. Types of Cookies used:

  • Strictly Necessary: Essential for website functioning and security.
  • Functional: Enrich functionality and personalization.
  • Business/Advertising: Support the business model by delivering relevant ads.
  • Analytical: Used to understand user preferences and improve products.

4. Managing Cookies: Most browsers allow cookies by default. You can change settings or delete cookies at any time via your browser settings. Disabling cookies may affect the website's functionality.

5. Tracking Technologies: The Controller may use tracking pixels (clear GIFs) to monitor service use and response to marketing emails. Direct connections to third-party servers (e.g., Facebook Pixel) are subject to the partner's privacy policy.

6. Do Not Track: The website currently does not respond to DNT signals, but users can manage tracking via browser settings or consent tools.