Privacy Policy

This Privacy Policy sets out the rules for the processing of personal data obtained through the https://shop.bestler.pl/ website (hereinafter: the „Website”).

1. Data of the Administrator
   The Administrator of your personal data within the meaning of RODO is Paweł Jędrychowicz conducting a sole proprietorship under the business name: BESTLER Paweł Jędrychowicz, entered into the Central Register and Information on Business Activity (CEIDG) maintained by the Minister responsible for economy, NIP: 8361761641, REGON: 141840989, with its registered office at ul. Akacjowa 25, 08-110 Siedlce (hereinafter referred to as the „Administrator”). In matters concerning personal data protection, the Administrator can also be contacted via e-mail address: bestler@bestler.pl.
   The personal data collected by Paweł Jędrychowicz, conducting a sole proprietorship under the name: BESTLER Paweł Jędrychowicz, via the Bestler online shop, hereinafter referred to as: the Administrator, shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as RODO.
2. Aims and legal bases of data processing
   Your personal data may be processed by the Administrator on the basis of:
   • Necessity for the performance of the contract or for taking steps prior to the conclusion of the contract (Article 6(1)(b) RODO),
   • consent (Article 6(1)(a) of the DPA), for the purpose of marketing of entities cooperating with the Administrator;
   • legitimate interest of the Administrator (Article 6(1)(f) RODO), separately for the purpose:
     • marketing of the Administrator's own products and services, including for analytical and profiling purposes, where the Administrator's legitimate interest is to conduct direct marketing of its own products and services. The profiling of data is aimed at preparing product offers that take into account the preferences of the users of the Website,
     • use of contact forms provided by the Service Administrator, where the Administrator's legitimate interest is to take care of Service users and answer their questions,
     • defence against possible claims, where the Administrator's legitimate interest is the assertion or defence of claims.
3. Transfer of personal data
   Data may be transferred to contracted processors on the basis of contracts concluded with the Administrator, but only for the purpose and to the extent necessary for the fulfilment of the aforementioned purposes, including, inter alia, to entities providing IT services or other services ensuring the proper functioning of the Website, with such entities processing the data only in accordance with the Administrator's instructions.
   Your data will only be transferred to entities located within the European Economic Area and thus subject to strict EU data protection regulations or which are bound by an adequate security standard.
4. Period of retention of personal data
   Your personal data will only be processed for the period necessary to fulfil the purpose for which they are stored or for as long as this is required by law, in particular until the statute of limitations for possible claims or the expiry of legal archiving obligations, including those concerning the retention of accounting documents.
   In the case of the processing of personal data for the provision of the newsletter service, the use of forms, your personal data will be processed for the period necessary for the provision of this service, until you opt out.
   Where personal data is processed based on your consent, your data will be stored until you withdraw it. At any time, it is possible to withdraw consents expressed on the website, including consent to the processing of data for marketing purposes of entities cooperating with the Administrator. The withdrawal of your consent to processing will not affect the lawfulness of the processing carried out before its withdrawal.
   In the case of processing of your data on the basis of a legitimate interest of the controller, the controller will stop processing your data earlier if you successfully object to the processing.
5. Rights
   1. Right of access to data
      You have the right to obtain information regarding the personal data held by the Administrator about you, including a copy of that data (Article 15 of the DPA).
   2. Right of rectification
      You have the right to request the rectification of your personal data that is incorrect. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by providing an additional statement (Article 16 of the DPA).
   3. Right to erasure (Article 17 RODO).
      You have the right to request the deletion of your personal data held by us in the following cases:
      • Your personal data is no longer necessary for the purposes for which it was collected,
      • you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing,
      • you have lodged an objection to the processing and there are no overriding legitimate grounds for the processing or the objection relates to the processing for direct marketing purposes,
      • personal data were processed unlawfully,
      • personal data must be deleted in order to comply with a legal obligation under Union or national law,
      • personal data was collected in connection with the offering of information society services, as referred to in Article 8(1) of the RODO.
   4. Right to data portability (Article 20 RODO).
      You have the right to receive, in a commonly used machine-readable format, personal data concerning you which you have provided to the Administrator, where the processing of such data is based on consent or contract and by automated means.
      If you request that this data be sent to another data controller, this will be done if there is a technical possibility.
   5. Right to restrict data processing (Article 18 RODO).
      You have the right to request that the processing of your personal data be restricted, in the following cases:
      • you question the accuracy of your personal data, for a period allowing the Administrator to verify the accuracy of the data,
      • processing is unlawful and you object to the erasure of the personal data, requesting instead that the use of the data be restricted,
      • The controller no longer needs your personal data for the purposes of processing, but you need them to establish, assert or defend your claims,
      • you have raised an objection under Article 21(1) to the processing - until such time as it is determined whether the legitimate grounds on the part of the controller override the grounds for the objection.
   6. Right to object to the processing
      If your personal data is processed on the basis of a legitimate interest of the controller, you have the right to object at any time to the processing, in accordance with Article 21 of the DPA.
   7. Right to withdraw consent (Article 7(3) RODO)
      • You have the right to withdraw your consent to the processing of your data   
        personal data at any time. The withdrawal of consent will not affect the lawfulness of the processing carried out before the withdrawal.
      • If you wish to exercise your rights, please send us an email to the Data Controller or by post to the Data Controller.
   8. The security of your personal data for the Administrator is a priority, however, if you consider that by processing your personal data the Administrator is in breach of the provisions of the RODO, you have the right to lodge a complaint with the President of the Data Protection Authority. 
   9. If the User makes a request resulting from the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month after receiving it. If, however, the Administrator is not able to comply with the request within one month, he shall comply with it within the next two months by informing the User earlier - within one month of receiving the request - about the intended extension of the deadline and the reasons for it.
   10. The User may lodge complaints, queries and requests with the Administrator regarding the processing of his/her personal data and the exercise of his/her rights.
   11. You have the right to request a copy of the standard contractual clauses from the Administrator by submitting a request. 
       
6. Selected data protection methods used by the Controller
   The login and personal data entry sites are protected in the transmission layer (SSL certificate). This ensures that the personal and login data entered on the site are encrypted on the user's computer and can only be read on the target server.
   User passwords are stored in hashed form. The hash function operates in a one-way fashion - it is not possible to reverse it, which is now the modern standard for storing user passwords.
   In order to protect the data, the Operator makes regular backups.
   An important element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.
7. Information on the use of personal data
   In certain situations, the Administrator is entitled to transfer your personal data to other recipients if this is necessary for the performance of a contract concluded with you or for the fulfilment of obligations incumbent on the Administrator. This applies to the following groups of recipients:
   • postal operators
   • couriers
   • hosting company on a delegated basis
   • law firms and debt collectors
   • payment operators
   • operators of the commentary system
   • operators of online chat solutions
   • authorised employees and associates who use the data for the purpose of carrying out the
   • operation of the site
   • companies providing marketing services to the Administrator
   • company providing IT care and hosting/technical support.
     
8. Purposes of the use of personal data
   • The Service additionally uses personal data for the following purposes:
     • Running a commenting system
     • Handling of enquiries via the form
     • Preparation, packaging, dispatch of goods
     • Provision of the services requested
     • Debt collection
     • Presentation of an offer or information
     • Newsletter management.
     • through the data voluntarily entered in the forms, which are entered into the Operator's systems.
     • by storing cookies („cookies”) on terminal equipment. 
     • Running a commenting system
     • Handling of enquiries via the form
     • Preparation, packaging, dispatch of goods
     • Provision of the services requested
     • Debt collection
     • Presentation of an offer or information
     • Newsletter management.
   • The Service performs functions to obtain information about users and their behaviour in the following ways: 
     • through the data voluntarily entered in the forms, which are entered into the Operator's systems.
     • by storing cookies („cookies”) on terminal equipment. 
       
9. Essential marketing techniques
   The operator uses statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The operator does not transmit personal data to the operator of this service, only anonymised information. The service is based on the use of cookies on the user's terminal device. With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using a tool: https://www.google.com/ads/preferences/