Privacy Policy

PRIVACY POLICY

BESCO.EU ONLINE STORE

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. BASIS FOR DATA PROCESSING
  3. PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
  4. DATA RECIPIENTS IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES IN THE ONLINE STORE AND ANALYTICS
  8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This Online Shop Privacy Policy is for information purposes only, which means that it does not impose any obligations on Users or Customers of the Online Shop. The privacy policy primarily sets out the rules governing the processing of personal data by the Controller in the Online Shop, including the legal basis, purposes and duration of personal data processing, as well as the rights of data subjects, and information regarding the use of cookies and analytics tools in the Online Shop.

1.2. The Controller of personal data collected via the Online Store is BESCO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Besko (registered office and address for service: ul. Kościelna 21, 38-524 Besko); entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000250199; the registry court where the company’s documentation is held: District Court in Rzeszów, 12th Commercial Division of the National Court Register; share capital: PLN 2,000,000.00; Tax Identification Number (NIP): 6871838293; National Business Registry Number (REGON): 180097110; email address: sklep@besco.eu and contact telephone number: (+48) 600 700 336 – hereinafter referred to as the “Controller” and acting simultaneously as the Online Shop Service Provider and the Seller.

1.3. Personal data in the Online Shop is processed by the Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the “GDPR” or “GDPR Regulation”. Official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. Use of the Online Shop, including making purchases, is voluntary. Similarly, the provision of personal data by the Service User or Customer using the Online Shop is voluntary, subject to two exceptions: (1) entering into contracts with the Controller – failure to provide, in the cases and to the extent specified on the Online Shop website, in the Online Shop Terms and Conditions and in this privacy policy, the personal data necessary to conclude and perform a Sales Contract or a contract for the provision of an Electronic Service with the Controller will result in the inability to conclude such a contract. In such cases, the provision of personal data is a contractual requirement and if the data subject wishes to conclude a given contract with the Controller, they are obliged to provide the required data. In each instance, the scope of data required to conclude a contract is specified in advance on the Online Shop website and in the Online Shop Terms and Conditions; (2) the Controller’s statutory obligations – the provision of personal data is a statutory requirement arising from generally applicable legal provisions imposing on the Controller the obligation to process personal data (e.g. processing data for the purpose of maintaining tax or accounting records) and failure to provide such data will prevent the Controller from fulfilling these obligations.

1.5. The Controller exercises particular care to protect the interests of data subjects whose personal data it processes, and in particular is responsible for and ensures that the data it collects is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually accurate and relevant to the purposes for which they are processed; (4) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

1.6. Taking into account the nature, scope, context and purposes of the processing, as well as the risk of infringement of the rights or freedoms of natural persons, with varying likelihood and severity of the risk, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Controller applies technical measures to prevent unauthorised persons from accessing or modifying personal data transmitted electronically.

1.7. All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Shop, Electronic Service) shall be understood in accordance with their definitions contained in the Online Shop Terms and Conditions available on the Online Shop website.

2. BASIS FOR DATA PROCESSING

2.1. The Controller is authorised to process personal data where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. The processing of personal data by the Controller requires, in each case, the existence of at least one of the grounds specified in point 2.1 of the privacy policy. The specific grounds for the Controller’s processing of the personal data of Service Users and Customers of the Online Store are set out in the following section of the privacy policy – in relation to the specific purpose of the Controller’s processing of personal data.

3. PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE

3.1. In each case, the purpose, legal basis, duration and recipients of the personal data processed by the Controller result from the actions taken by the relevant Service User or Customer in the Online Shop or by the Controller. For example, if a Customer decides to make a purchase in the Online Shop and chooses to collect the purchased Product in person rather than having it delivered by courier, their personal data will be processed for the purpose of performing the concluded Sales Contract, but will no longer be made available to the carrier delivering the goods on behalf of the Controller.

3.2. The Controller may process personal data within the Online Shop for the following purposes, on the grounds and for the periods indicated in the table below:

Purpose of data processing Legal basis for data processing Data retention period
Performance of the Sales Agreement or the agreement for the provision of Electronic Services, or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract The data is stored for the period necessary for the performance, termination or expiry of the Sales Contract or the contract for the provision of Electronic Services.
Sending commercial communications, including direct marketing, using telecommunications terminal equipment (e.g. email, telephone) or automated calling systems Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the Controller’s legitimate interests, which include direct marketing – consisting of safeguarding the interests and good reputation of the Controller and its Online Shop, and promoting the sale of Products – for example, in connection with the prior consent given by the data subject (e.g. when subscribing to the Newsletter), to the sending of commercial communications using telecommunications terminal equipment, such as email or telephone, depending on the scope of the consent given Data is stored for the duration of the legitimate interest pursued by the Controller, but for no longer than the limitation period for the Controller’s claims against the data subject arising from the Controller’s business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims relating to the conduct of business activities is three years, and for a Sales Contract two years). The Controller may not process data for direct marketing purposes if the data subject has effectively objected to such processing. Furthermore, where the basis for processing is consent, the data is retained until the data subject withdraws their consent to the further processing of their data for the purpose specified in that consent, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
Keeping of accounts Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act, i.e. of 30 January 2018 (Journal of Laws of 2018, item 395, as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject Data is retained for the period required by the legal provisions obliging the Controller to retain accounting records (5 years, counting from the start of the year following the financial year to which the data relates).
Establishing, exercising or defending claims that may be raised by the Controller or against the Controller Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in the establishment, exercise or defence of legal claims which the Controller may bring or which may be brought against the Controller Data is retained for the duration of the legitimate interest pursued by the Controller, but for no longer than the limitation period for claims that may be brought against the Controller (the basic limitation period for claims against the Controller is six years).
Use of the Online Shop website and ensuring its proper functioning Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in the operation and maintenance of the Online Shop website Data is stored for the duration of the legitimate interest pursued by the Controller, but for no longer than the limitation period for the Controller’s claims against the data subject arising from the Controller’s business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims relating to the conduct of business activities is three years, and for a Sales Contract two years).
Compilation of statistics and analysis of traffic on the Online Store Article 6(1)(f) of the GDPR (the Controller’s legitimate interests) – processing is necessary for the purposes of the Controller’s legitimate interests – consisting of maintaining statistics and analysing traffic on the Online Store in order to improve the functioning of the Online Store and increase sales of Products Data is stored for the duration of the legitimate interest pursued by the Controller, but for no longer than the limitation period for the Controller’s claims against the data subject arising from the Controller’s business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims relating to the conduct of business activities is three years, and for the Sales Contract two years).

4. RECIPIENTS OF DATA IN THE ONLINE STORE

4.1. For the proper functioning of the Online Shop, including the fulfilment of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as, for example, a software provider, courier or payment processor). The Controller uses only the services of such processors who provide sufficient guarantees that appropriate technical and organisational measures will be implemented so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

4.2. Personal data may be transferred by the Controller to a third country; in such cases, the Controller ensures that the transfer will take place to a country providing an adequate level of protection – in accordance with the GDPR – and, in the case of other countries, that the transfer will be based on standard data protection clauses. The Controller ensures that the data subject has the opportunity to obtain a copy of their data. The Controller transfers the collected personal data only where and to the extent necessary to fulfil the specific purpose of data processing in accordance with this privacy policy.

4.3. The Controller does not transfer data in every instance, nor to all recipients or categories of recipients specified in the privacy policy – the Controller transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary to achieve that purpose. For example, if a Customer opts for collection in person, their data will not be transferred to a carrier cooperating with the Controller.

4.4. The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

      1. carriers / freight forwarders / courier brokers / entities managing the warehouse and/or the dispatch process – in the case of a Customer who selects delivery of the Product via post or courier in the Online Shop, The Controller shares the collected personal data of the Customer with the selected carrier, freight forwarder or intermediary handling shipments on behalf of the Controller, and if the shipment originates from an external warehouse – with the entity managing the warehouse and/or the dispatch process – to the extent necessary to deliver the Product to the Customer.

      2. entities handling electronic or card payments – in the case of a Customer who uses electronic or card payment methods in the Online Store, the Controller discloses the Customer’s personal data to the selected entity handling such payments in the Online Store on the Controller’s behalf, to the extent necessary to process the payment made by the Customer.

      3. credit providers / lessors – in the case of a Customer who uses an instalment payment scheme or a leasing payment method in the Online Shop, the Controller discloses the Customer’s collected personal data to the selected credit provider or lessor handling such payments in the Online Shop, at the Controller’s request, to the extent necessary to process the payment made by the Customer.

      4. service providers supplying the Controller with technical, IT and organisational solutions, enabling the Controller to conduct business activities, including the Online Shop and the Electronic Services provided through it (in particular, suppliers of computer software for operating the Online Shop, email and hosting providers, and suppliers of business management software and technical support to the Controller) – The Controller shall make the collected personal data of the Customer available to a selected supplier acting on its behalf only where and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.

      5. accounting, legal and advisory service providers providing the Controller with accounting, legal or advisory support (in particular an accounting firm, a law firm or a debt collection agency) – The Controller discloses the collected personal data of the Customer to a selected service provider acting on its behalf only to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.

      6. providers of social media plugins, scripts and other similar tools enabling the browser of a visitor to the Online Store website to retrieve content from the providers of the aforementioned plugins (e.g. logging in using social media login credentials) and, for this purpose, to transfer the visitor’s personal data to these providers, including:

        1. Meta Platforms Ireland Ltd. – The Controller uses Facebook social media plugins on the Online Shop website (e.g. logging in using Facebook login details) and, as a result, collects and discloses the personal data of the Service User accessing the Online Shop website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the privacy policy available here: https://www.facebook.com/about/privacy/ (this data includes information about activities on the Online Shop website – including information about the device, websites visited, purchases, advertisements displayed and how the services are used – regardless of whether the User has a Facebook account and is logged into Facebook).

        2. Google Ireland Ltd. – The Controller uses Google social plugins on the Online Store website (e.g. logging in using Google credentials) and, as such, collects and shares the personal data of the User accessing the Online Store website with Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) to the extent and in accordance with the privacy policy available here: https://policies.google.com/privacy?hl=pl (this data includes information about activities on the Online Shop website – including information about the device, websites visited, purchases, advertisements displayed and how the services are used – regardless of whether the User has a Google account and whether they are logged into that account.

5. PROFILING ON THE ONLINE STORE

5.1. The GDPR imposes an obligation on the Controller to provide information regarding automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR, and – at least in such cases – relevant information on the principles governing such decision-making, as well as on the significance and anticipated consequences of such processing for the data subject. With this in mind, the Controller provides information regarding possible profiling in this section of the privacy policy.

5.2. The Controller may use profiling in the Online Store for direct marketing purposes, but decisions made by the Controller on this basis do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The result of using profiling in the Online Store may be, for example, granting a discount to a given person, sending them a discount code, reminding them of unfinished purchases, sending a suggestion for a Product that may match the person’s interests or preferences, or offering better terms compared to the Online Store’s standard offer. Despite profiling, the individual is free to decide whether they wish to take advantage of the discount or better terms received in this way and make a purchase in the Online Shop.

5.3. Profiling in the Online Shop involves the automatic analysis or prediction of a person’s behaviour on the Online Shop website, e.g. by adding a specific Product to the basket, viewing a specific Product page in the Online Shop, or by analysing the person’s previous purchase history in the Online Shop. A prerequisite for such profiling is that the Controller holds the data subject’s personal data in order to subsequently send them, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT

6.1.Right of access, rectification, restriction, erasure or data portability – the data subject has the right to request from the Controller access to their personal data, its rectification, erasure (‘right to be forgotten’) or restriction of processing, and has the right to object to the processing, as well as the right to data portability. The specific conditions for exercising the above rights are set out in Articles 15–21 of the GDPR.

6.2. Right to withdraw consent at any time – a data subject whose data is processed by the Controller on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure set out in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4. Right to object – the data subject has the right at any time to object – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (the controller’s legitimate interest), including profiling based on these provisions. In such a case, the controller may no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.

6.5. Right to object to direct marketing – where personal data are processed for direct marketing purposes, the data subject has the right at any time to object to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

6.6. To exercise the rights referred to in this section of the privacy policy, you may contact the Controller by sending a written message or an email to the Controller’s address indicated at the beginning of the privacy policy, or by using the contact form available on the Online Shop’s website.

7. COOKIES ON THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small pieces of information in the form of text files, sent by the server and stored on the device of the person visiting the Online Shop (e.g. on the hard drive of a computer, laptop, or on a smartphone’s memory card – depending on the device used by the visitor to our Online Shop). Detailed information on cookies, as well as their history, can be found, amongst other places, here: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies that may be sent by the Online Shop website can be divided into different types according to the following criteria:

By provider:
  1. first-party (created by the Administrator’s Online Shop website) and
  2. those belonging to third parties (other than the Administrator)
 Based on their storage period on the device of the person visiting the Online Shop:
  1. session cookies (stored until the user logs out of the Online Shop or closes their web browser) and
  2. persistent (stored for a specified period, defined by the parameters of each file, or until manually deleted)
 Based on their purpose:
  1. necessary (enabling the Online Shop website to function correctly),
  2. functional/preference (enabling the Online Shop website to be tailored to the visitor’s preferences),
  3. analytical and performance cookies (collecting information on how the Online Store website is used),
  4. marketing, advertising and social media (collecting information about the visitor to the Online Shop website in order to display advertisements to that person, personalise them, measure effectiveness and carry out other marketing activities, including on websites separate from the Online Shop website, such as social media platforms or other websites belonging to the same advertising networks as the Online Shop)

7.3. The Controller may process data contained in cookies whilst visitors are using the Online Store website for the following specific purposes:

Purposes of using cookies on the Administrator’s Online Shop to identify Users as logged in to the Online Shop and to show that they are logged in (strictly necessary cookies)
to remember Products added to the basket for the purpose of placing an Order (strictly necessary cookies)
to remember data from completed Order Forms, surveys or login details for the Online Shop (necessary and/or functional/preference cookies)
customising the content of the Online Shop website to the Service User’s individual preferences (e.g. regarding colours, font size, page layout) and optimising the use of the Online Shop website (functional/preference cookies)
compiling anonymous statistics showing how the Online Shop website is used (analytical and performance cookies)
displaying and rendering advertisements, limiting the number of ad impressions and ignoring advertisements that the User does not wish to view, measuring the effectiveness of advertisements, as well as personalising advertisements, i.e. analysing the behavioural characteristics of visitors to the Online Shop through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create a profile of them and deliver advertisements tailored to their anticipated interests, including when they visit other websites within the advertising networks of Google Ireland Ltd. and Facebook, i.e. Meta Platforms Ireland Ltd. (marketing, advertising and social media cookies)

7.4. You can check which cookies (including their duration and provider) are currently being sent by the Online Shop website in the most popular web browsers as follows:

In Chrome:
(1) in the address bar, click the padlock icon on the left, (2) go to the ‘Cookies’ tab.		 In Firefox:
(1) in the address bar, click the shield icon on the left, (2) go to the ‘Allowed’ or ‘Blocked’ tab, (3) click the ‘Cross-site tracking cookies’ box, “Social tracking elements” or “Content with tracking elements”		 In Internet Explorer:
(1) click the ‘Tools’ menu, (2) go to the ‘Internet Options’ tab, (3) go to the ‘General’ tab, (4) go to the ‘Settings’ tab, (5) click the ‘View Files’ box
In Opera:
(1) in the address bar, click the padlock icon on the left, (2) go to the “Cookies” tab.		 In Safari:
(1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click the “Manage Website Data” field		 Regardless of the browser, using tools available, for example, on the website: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

7.5. By default, most web browsers available on the market accept the storage of cookies. Everyone has the option to specify the conditions for the use of cookies via their own web browser settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the saving of cookies – in the latter case, however, this may affect certain functionalities of the Online Shop (for example, it may not be possible to complete the Order process via the Order Form because the Products in the basket are not remembered during the subsequent steps of placing the Order).

7.6. Your web browser settings regarding cookies are important in terms of consenting to the use of cookies by our Online Store – in accordance with the regulations, such consent may also be given via your web browser settings. Detailed information on changing cookie settings and deleting cookies yourself in the most popular web browsers is available in the browser’s help section and on the following pages (simply click on the relevant link):

in Chrome

in Firefox

in the Opera browser

in Safari

in Microsoft Edge

7.7. The Administrator may use the Google Analytics and GA4 services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator to compile statistics and analyse traffic on the Online Store. The data collected is processed within the framework of the above services to generate statistics that assist in the administration of the Online Store and the analysis of traffic on the Online Store. This data is of an aggregated nature. By using the above services on the Online Shop, the Controller collects data such as the sources and channels through which visitors access the Online Shop, their behaviour on the Online Shop website, information about the devices and browsers they use to visit the site, IP addresses and domains, geographical data, demographic data (age, gender) and interests.

7.8.It is possible for a person to easily block the sharing of information about their activity on the Online Store website with Google Analytics – for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9. In connection with the Administrator’s use of advertising and analytics services provided by Google Ireland Ltd. on the Online Store, the Controller notes that full information regarding the rules for the processing of data of visitors to the Online Store (including information stored in cookies) by Google Ireland Ltd. can be found in Google’s privacy policy available at: https://policies.google.com/technologies/partner-sites.

7.10.The Controller may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the Online Store. This service helps the Controller measure the effectiveness of advertisements and understand the actions taken by visitors to the Online Store, as well as display tailored advertisements to these individuals. Detailed information on how the Meta Pixel works can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.11.You can manage the Meta Pixel via the ad settings in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Shop may contain links to other websites. The Administrator urges you to familiarise yourself with the privacy policy set out on those sites when visiting them. This privacy policy applies only to the Administrator’s Online Shop.