I. General provisions
Monika Bednarek business activity under the name BEMOON Monika Bednarek entered into the Central Register and Information on Economic Activity of the Republic of Poland with its seat in Miechów 39C; 63-642 Perzów, NIP 619-204-65-37, REGON 381460864, e-mail address: firstname.lastname@example.org, telephone number: 695995850 as the Administrator of your personal data, hereinafter referred to as “PDA”, cares about your privacy, therefore based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection) (Journal of Laws UE L 119, p. 1) – hereinafter referred to as the GDPR (the official text of the GDPR Regulation: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), we provide you with the most important information about the principles of processing your personal data by ADO, including cookies that are used by our online platform.
II. Processing of personal data
PDA collects and processes personal data in accordance with the relevant provisions, in particular with the GDPR, and the data processing rules provided for therein. We strive to provide you with transparency of data processing, in particular, we always inform you about data processing at the time of collection, including the purpose and legal basis of processing – e.g. when creating an Account on the bemoon.pl website, concluding a contract, subscribing to the newsletter. PDA ensures that the data is collected only to the extent necessary for the indicated purpose and processed only for the period in which it is necessary.
III. Security of personal data
In the course of processing personal data, we ensure their security and confidentiality as well as access to information about this processing for data subjects. In the event that, despite the security measures applied, there is a breach of personal data protection (e.g. data leakage or loss), we apply the provisions of the GDPR and inform the supervisory authority and data subjects of such an event in a manner consistent with the provisions of the GDPR.
IV. Personal data administrator (“Administrator”)
- The administrator of personal data collected via the Online Store www.bemoon.pl or other communication channels with the Customer, e.g. Helpline, Post Office, Facebook, Instagram, etc. is BEMOON Monika Bednarek entered into the Central Register and Information on Economic Activity of the Republic of Poland with its seat in Miechów 39C; 63-642 Perzów. If you give additional consent, our partners may also process data obtained on the basis of your Internet activity using technologies such as cookies: Google Adwords (Google LLC), Google Analytics (Google LLC), HotJar (Hotjar Limited) , Facebook (Facebook Limited), Opineo (Opineo sp. Z oo).
- If you have any questions regarding the processing of your personal data and your rights, please contact us:
- in writting to the address: BEMOON Monika Bednarek; Miechów 39C; 63-642 Perzów, POLAND
- via mail: email@example.com
- call us: +48 695 995 850
V. For what purpose and on what basis do we process your personal data?
- PDA may process the following personal data of Users or Customers using the Website: name and surname; e-mail address; contact telephone number (if you provide it to us in connection with your inquiry); delivery address (street, house number, apartment number, zip code, city, country), address of residence/business/seat (if different from the delivery address), data related to the implementation of the order, including payment. In the case of Users or Customers who are not consumers, PDA may additionally process the company name and tax identification number (NIP) of the Customer. Providing personal data referred to in the above point may be necessary for the conclusion and implementation of the Sales Agreement or the contract for the provision of Electronic Services on the Website. Each time, the scope of data required to conclude a contract is indicated previously on the Website and in the Regulations of the Online Store.
- Depending on what functionalities of the Website you use, we process your data provided voluntarily by you, for the following purposes:
|Displaying website||legitimate interest (Article 6 (1) (f) of the GDPR), consisting of the provision of the service and the need to protect against abuse.|
Setting up and running a User Account, User authentication
|the legal basis is the necessity to perform the contract for the provision of the Account service (Article 6 (1) (b) of the GDPR).|
Services that require an Account
We process your personal data in order to provide services that require an Account.
|the necessity to perform the contract for the provision of services in accordance with the Regulations (Article 6 (1) (b) of the GDPR).|
|Sending newsletter||Your consent (Article 6 (1) (a) of the GDPR).|
|Guaranteeing the security of the online sales services provided by registering the IP addresses of the Website users||based on Article. 6 sec. 1 lit. (f) GDPR, our legitimate interest is to ensure the security of electronic services),|
in order to complete the order (including possible complaints)
|– the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);|
– the legal basis for processing is the legal obligation (Article 6 (1) (c) of the GDPR) in order to fulfill the statutory obligations incumbent on the controller, resulting in particular from tax and accounting regulations
|Statistics on the use of individual Website functionalities and facilitating the use of the Website and ensuring IT security of the Website||– the legal basis is a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services, conducting analyzes of users’ activity on the website, as well as their purchasing preferences,|
|Establishing, pursuing, and enforcing claims|
|– the legal basis for processing is the legitimate interest of PDA (Article 6 (1) (f) of the GDPR), consisting of establishing, investigating and enforcing claims and defending against claims in proceedings before courts and other state authorities.|
|For the purpose of sending a satisfaction survey||– the legal basis for processing is the legitimate interest of PDA (Article 6 (1) (f) of the GDPR), consisting in improving the functionality of services, conducting user satisfaction and satisfaction analyzes on the website, with making a purchase and their purchasing preferences,|
|– the legal basis for processing is the legitimate interest of PDA (Article 6 (1) (f) of the GDPR), consisting in answering an inquiry sent via the contact form or the ask for an offer option|
|Consideration of complaints, applications and appeals, pursuant to art. 6 sec. 1 point b-c and point f GDPR,||– the legal basis for processing is the legitimate interest of PDA (Article 6 (1) (f) of the GDPR), consisting in considering complaints, applications and appeals,|
VI. How long do we keep your personal data?
- The period of data processing depends on the type of service provided and the purpose of processing. The period of data processing may also result from the regulations if they constitute the basis for processing.
- We store your personal data for the period of having an Account on the Website for the purposes of providing the Account service and related functionalities and other services in accordance with the Regulations for the provision of electronic services. After deleting the account, your data will be anonymized, except for the following personal data, which we will leave for the purpose of considering complaints and claims related to the use of PDA services, investigation or defense against claims.
- If the basis for processing is the necessity to conclude and perform the contract, the data will be processed for the duration of the service or order completion until the contract is performed and the after-sale period ends entitling to specific claims against PDA (e.g. warranty/guarantee).
- If the processing is based on consent, the data is processed until it is withdrawn or until an effective objection or effective data deletion request is made.
- In the case of data processing on the basis of the legitimate interest of PDA – the data is processed for a period enabling its implementation or until an effective objection to data processing is raised or, in the absence of objection – until this legitimate interest exists.
- The data processed for the purpose of handling “Product Inquiries” will be stored for the duration of the correspondence. In the event of further interest in our product/service, acceptance of our price proposal, they will be processed for the purpose necessary to perform the contract in accordance with point 5 above.
- The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after this period, only if and to the extent that it will be required by law. We will process your data only for the period in which we will have a legal basis, i.e. until:
- the legal obligation that obliges us to process your data ceases to bind us
- the possibility of pursuing claims related to the contract concluded by the Store by any of the parties will cease
- you will withdraw your consent to the processing of data if it was its basis or you will object to the processing
– depending on what is applicable in a given case and what will happen at the latest.
- After the expiry of the processing period, the data is irretrievably deleted or anonymized.
VII. Categories of recipients of personal data
- In connection with the provision of services by PDA, your personal data may be disclosed to external entities, including in particular IT service providers, including those responsible for the operation of IT systems used to provide services via the Internet, entities such as banks and payment operators in the event that when placing an order, the data subject used the method of electronic payment, entities providing accounting and accounting services, companies providing courier and parcel services, a carrier or intermediary performing shipments at the request of PDA, marketing agencies (in the field of marketing services), entities providing legal or accounting services, couriers, entities providing PDA with other minor services necessary to perform the concluded contract.
- Your data may be disclosed to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis, which results from the legal obligation to provide information and in accordance with the provisions of applicable law – we provide your personal data if they request are authorized state authorities, in particular organizational units of the prosecutor’s office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
- PDA knows that the level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. PDA always informs about the intention to transfer personal data outside the EEA at the stage of their collection – currently, PDA does not use the services of such entities. The entities with which PDC cooperates are based mainly in Poland and other countries of the European Economic Area (EEA). PDA transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through: cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued; use of standard contractual clauses issued by the European Commission; application of binding corporate rules approved by the competent supervisory authority; in the event of data transfer to the USA – cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.
VIII. Your rights
- We ensure the implementation of your rights indicated below. You can exercise your rights by submitting a request with, contact details indicated in the point. IV above. The data subject has the following rights:
- The right to rectify data
You have the right to rectify and supplement the personal data provided by you. With regard to other personal data, you have the right to request us to correct this data (if it is incorrect) and to supplement it (if it is incomplete).
- The right to object to the use of data
You have the right to object at any time to the use of your personal data, including profiling, if we process your data based on our legitimate interest, e.g. in connection with keeping statistics on the use of individual Website functionalities and facilitating the use of the Website, as well as satisfaction surveys.
If your objection turns out to be justified and we have no other legal basis to process your personal data, we will delete your data, the use of which you objected to.
- Right to erasure (“right to be forgotten”)
You have the right to request the deletion of all or some of your personal data. We will treat the request to delete all personal data as a request to delete the Account. You have the right to request the deletion of personal data if:
- you have withdrawn your specific consent to the extent to which personal data was processed based on your consent;
- Your personal data are no longer necessary for the purposes for which they were collected or processed;
- you have objected to the use of your data for marketing purposes;
- you have objected to the use of your data to keep statistics on the use of the Website, and the objection was considered justified
- Your personal data is processed unlawfully.
Despite the request to delete personal data, in connection with the objection or withdrawal of consent, we may retain certain personal data to the extent necessary for the purpose of establishing, investigating or defending claims. This applies in particular to personal data including name, surname, e-mail address and application history, which we keep for the purpose of handling complaints and claims related to the use of our services.
- The right to limit data processing
You have the right to demand that the processing of your personal data be restricted. If you submit such a request, until it is considered, we will prevent you from using certain functionalities or services, the use of which will involve the processing of data covered by the request. We will also not send you any messages, including marketing messages.
You have the right to request the restriction of the use of your personal data in the following cases:
- when you question the correctness of your personal data – then we will limit their use for the time needed to verify the correctness of your data, but no longer than for 7 days;
- when the processing of your data is unlawful, and instead of deleting the data, you request the restriction of their use;
- when your personal data is no longer necessary for the purposes for which we collected or used it, but you need it for the purpose of establishing, investigating or defending claims;
- when you have objected to the use of your data – then the restriction takes place for the time needed to consider whether – due to your special situation – the protection of your interests, rights and freedoms outweighs the interests that we pursue when processing your personal data.
- The right to access data
You have the right to obtain confirmation from us as to whether we process your personal data, and if this is the case, you have the right to:
- access your personal data;
- obtain information about the purposes of the processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR and the right to lodge a complaint with the supervisory authority, data, about automated decision making, including profiling, and about the security measures used in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal data.
- The right to withdraw consent
If your data is processed on the basis of your consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn.
- The right to data portability
You have the right to receive your personal data that you provided to us, and then send it to another personal data administrator of your choice, e.g. to another operator of similar websites. You also have the right to request that personal data be sent by us directly to such other administrators, if technically possible. We will send your personal data in the form of a file in a commonly used, machine-readable format that allows you to send the received data to another personal data administrator.
- Right to lodge a complaint
if you believe that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, you can submit a complaint to the President of the Office for Personal Data Protection.
- If PDA is not able to identify the person submitting the application based on the submitted application, it will ask the applicant for additional information. The application may be submitted in person or through a proxy (e.g. a family member).
- Due to data security, PDC encourages to use of a power of attorney in a form certified by a notary public or an authorized legal advisor or attorney, which will significantly speed up the verification of its authenticity.
- The answer is provided in writing or electronically.
- When do we fulfill your request? If in exercising the above-mentioned rights, you make a request to us, we comply with this request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – we will not be able to meet your request within one month, we will comply with it within the next two months, informing you in advance about the intended extension of the deadline. For technical reasons, we always need 24 hours to update the settings you choose in our systems. Therefore, it may happen that you will receive from us when updating our Website or Systems, an e-mail from which you have opted out.
- Submitting complaints, inquiries and requests You can submit complaints, inquiries and requests to us regarding the processing of your personal data and the exercise of your rights.
As part of the Website, we can automatically adjust certain content to your needs, i.e. profiling, using the personal data provided by you. Before we perform profiling on the basis of which decisions will be made:
- having legal effects on you,
- affecting you in a similarly significant way,
we will ask you for your consent. Remember that you can revoke your consent at any time. The processing of data until you withdraw your consent remains lawful.
The data can be used in the profiling process. Profiling of personal data by PDC involves the processing of data (also in an automated manner), by using them to evaluate certain information, in particular, to analyze or forecast personal preferences and interests related to the PDC offer.
X. The requirement to provide personal data
Providing your personal data by you, dear User is voluntary, but in some cases, it may be necessary to conclude a contract. Depending on the purpose for which the data is provided:
- no possibility to register on the Website (service provided electronically),
- the inability to use the Website’s services (service provided electronically – ask for the offer and contact form),
XI. Data safety
PDA makes efforts to ensure the security of your personal data. The website uses encrypted data transmission (SSL) during registration and logging in, which ensures protection of the data that identifies you and significantly hinders the interception of access to your Account by unauthorized systems or persons. In order to ensure data integrity and confidentiality, PDA:
- implemented procedures enabling access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them.
- applies organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
- in addition, it takes the necessary steps for subcontractors and other entities cooperating with PDC to guarantee the application of appropriate security measures in each case when they process personal data on behalf of PDC,
- conducts risk analysis and monitors the adequacy of the data protection applied to the identified threats.
- if necessary, PDA implements additional measures to increase data security.
Who can we transfer your data to?
Each time, the catalog of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer.
The Administrator’s partners may participate in the processing of Personal Data to a limited extent, in particular:
- providers of hosting services or ICT services,
- carriers or brokers carrying out shipments of Orders,
- entities servicing electronic payments or payments with a payment card in the Online Store,
- companies that service the software support the Administrator in marketing campaigns, as well as providers of legal and advisory services
BEMOON Monika Bednarek collects data on the traffic of Users visiting the Website pages, which requires the registration of Users’ IP addresses. This information is used only for statistical calculations and is not shared with third parties, except when required by applicable law.
What are cookies?
Cookies are understood as IT data, in particular text files, stored in users’ end devices, intended for the use of websites. These files allow to recognize the user’s device and properly display the website tailored to his individual preferences. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
Cookies are used to adapt the content of websites to the user’s preferences and to optimize the use of websites. They are also used to create anonymous, aggregated statistics that help to understand how the user uses websites, which allows improving their structure and content, excluding personal user identification.
By default, the web browsing software allows cookies to be placed on the end device by default. These settings can be changed in such a way as to block the automatic handling of “cookies” in the web browser settings or inform about their every transfer to the user’s device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings. Limiting the use of “cookies” may affect some of the functionalities available on the website.
PDA also processes anonymized operational data related to the use of the Website (IP address, domain) to generate statistics helpful in administering the Website. These data are aggregated and anonymous, i.e. they do not contain features that identify visitors to the Website. These data are not disclosed to third parties.
As part of the Website, links to other websites may appear from time to time. Such websites operate independently of the Website and are not in any way supervised by the online store. These websites may have their own privacy policies, which we recommend that you read. The online store is not responsible for the rules of handling data on these pages.
XIII. Final provisions