Politik om beskyttelse af persondata
PRIVACY POLICY OF THE ONLINE STORE BEHEMOTH-STORE.COM
TABLE OF CONTENTS:
- GENERAL PROVISIONS
- BASIS FOR DATA PROCESSING
- PURPOSE, BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
- RECIPIENTS OF DATA IN THE ONLINE STORE
- PROFILING IN THE ONLINE STORE
- RIGHTS OF THE DATA SUBJECT
- COOKIES IN THE ONLINE STORE AND ANALYTICS
- FINAL PROVISIONS
1. GENERAL PROVISIONS
1.1. This Privacy Policy of the Online Store is for informational purposes only, meaning that it does not constitute a source of obligations for the Service Recipients or Customers of the Online Store. The Privacy Policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the grounds, purposes, and scope of personal data processing and the rights of the data subjects, as well as information on the use of cookies and analytical tools in the Online Store.
1.2. The Administrator of personal data collected through the Online Store is MACIEJ GRUSZKA conducting business under the name "BEHEMOTH WEBSTORE" MACIEJ GRUSZKA, entered into the Central Register and Information on Economic Activity of the Republic of Poland conducted by the Minister responsible for the economy, with the business address and delivery address: ul. Gdyńska 99, 80-297 Miszewo, NIP: 5842331183, REGON: 220949515, and email address: support@behemoth-store.com – hereinafter referred to as the “Administrator” and also being the Service Provider of the Online Store and the Seller.
1.3. Personal data in the Online Store are processed by the Administrator in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation is available at: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. Use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions: (1) conclusion of agreements with the Administrator – failure to provide personal data in the cases and to the extent indicated on the Online Store website and in the Online Store Terms and Conditions and this Privacy Policy, which are necessary for the conclusion and performance of the Sales Agreement or agreement for the provision of Electronic Services with the Administrator, will result in the inability to conclude such an agreement. Providing personal data in this case is a contractual requirement, and if the data subject wishes to conclude such an agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude an agreement is always indicated in advance on the Online Store website and in the Online Store Terms and Conditions; (2) legal obligations of the Administrator – providing personal data is a statutory requirement resulting from universally applicable laws imposing an obligation on the Administrator to process personal data (e.g. for maintaining tax or accounting records), and failure to provide them will prevent the Administrator from fulfilling these obligations.
1.5. The Administrator takes particular care to protect the interests of data subjects, and in particular ensures that the data collected is: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form allowing identification of data subjects for no longer than necessary for the purposes of processing; and (5) processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of the processing, as well as the risk of violation of the rights or freedoms of natural persons of varying probability and severity, the Administrator implements appropriate technical and organizational measures to ensure and demonstrate that processing is carried out in accordance with the GDPR. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized acquisition and modification of personal data transmitted electronically.
1.7. Any words, phrases, and acronyms used in this Privacy Policy and starting with a capital letter (e.g. Seller, Online Store, Electronic Service) should be interpreted in accordance with their definitions in the Terms and Conditions of the Online Store available on the Online Store website.
2. BASIS FOR DATA PROCESSING
2.1. The Administrator is entitled to process personal data when – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.2. Processing of personal data by the Administrator always requires the existence of at least one of the legal bases listed in point 2.1 of this Privacy Policy. Specific legal bases for processing the personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next section of this Privacy Policy – in relation to each specific purpose for which the Administrator processes personal data.
3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
3.1. The purpose, legal basis, duration, and recipients of the personal data processed by the Administrator result from actions undertaken by the Service Recipient or Customer in the Online Store, or by the Administrator. For example, if a Customer decides to make a purchase in the Online Store and chooses personal pickup instead of courier delivery, their personal data will be processed to perform the concluded Sales Agreement but will not be shared with the carrier.
3.2. The Administrator may process personal data within the Online Store for the following purposes, on the legal bases, and for the periods indicated in the table below:
| Purpose of data processing | Legal basis for data processing | Data retention period |
|---|---|---|
| Performance of the Sales Agreement or Electronic Service Agreement, or taking action at the request of the data subject prior to entering into such agreements | Article 6(1)(b) GDPR (contract performance) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract | The data is stored for the period necessary to perform, terminate, or otherwise expire the concluded Sales Agreement or Electronic Service Agreement |
| Direct marketing | Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator – involving the care of the Administrator's image and promoting sales of Products | The data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims. The limitation periods are specified by law, in particular the Civil Code (typically 3 years for business-related claims and 2 years for Sales Agreements). The Administrator cannot process the data for direct marketing if an effective objection is raised by the data subject |
| Marketing | Article 6(1)(a) GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator | The data is stored until the consent is withdrawn by the data subject |
| Keeping tax records | Article 6(1)(c) GDPR in conjunction with Article 86 §1 of the Tax Ordinance Act – processing is necessary for compliance with a legal obligation to which the Administrator is subject | The data is stored for the period required by law obligating the Administrator to retain tax records (until the statute of limitations for tax liability, unless otherwise provided by tax law) |
| Establishing, pursuing, or defending claims | Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which consist of establishing, pursuing, or defending claims | The data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims (typically 6 years) |
| Use of the Online Store and ensuring its proper operation | Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which consist of operating and maintaining the Online Store | The data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims (typically 3 years for business-related claims and 2 years for Sales Agreements) |
| Keeping statistics and analyzing traffic in the Online Store | Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which consist of keeping statistics and analyzing traffic in order to improve the functioning of the Online Store and increase sales | The data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims (typically 3 years for business-related claims and 2 years for Sales Agreements) |
4. RECIPIENTS OF DATA IN THE ONLINE STORE
4.1. For the proper functioning of the Online Store, including the performance of Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers, or payment service providers). The Administrator uses only such data processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
4.2. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in this Privacy Policy – the Administrator transfers data only when it is necessary to achieve the specific purpose of personal data processing and only to the extent necessary for its implementation. For example, if a Customer uses personal pickup, their data will not be shared with the carrier.
4.3. The personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.3.1. Carriers / forwarders / courier brokers – in the case of a Customer who uses postal or courier delivery, the Administrator provides the collected personal data of the Customer to the selected carrier, forwarder, or intermediary performing shipments on behalf of the Administrator to the extent necessary for delivery.
4.3.2. Entities handling electronic or card payments – in the case of a Customer who uses electronic or card payments, the Administrator provides the collected personal data of the Customer to the selected payment processor handling payments in the Online Store on behalf of the Administrator to the extent necessary to process the payment. Transaction data, including personal data, may be transferred to PayLane Sp. z o.o., with its registered office in Gdańsk at ul. Norwida 4, postal code: 80-280, KRS: 0000227278, to the extent necessary to handle payment for the order. The Customer has the right to access and correct their data. Providing data is voluntary, but necessary to use the service.
4.3.3. Service providers supplying the Administrator with technical, IT, and organizational solutions – enabling the Administrator to conduct business activities, including the Online Store and the Electronic Services provided through it (in particular, software providers for running the Online Store, email and hosting providers, and software providers for managing the company and providing technical support) – the Administrator makes the collected personal data of the Customer available to a selected provider acting on its behalf only if and to the extent necessary to achieve the specific purpose of data processing consistent with this Privacy Policy.
4.3.4. Providers of accounting, legal, and advisory services supporting the Administrator – including accounting firms, law firms, or debt collection agencies – the Administrator provides collected personal data of the Customer to a selected provider acting on its behalf only if and to the extent necessary to achieve the specific purpose of data processing consistent with this Privacy Policy.
4.3.5. Providers of social plugins, scripts, and similar tools embedded on the Online Store’s website – which allow the visitor’s browser to retrieve content from the providers of said plugins (e.g. login via a social network) and transmit data to those providers, including:
4.3.5.1 Meta Platforms Ireland Ltd. – The Administrator uses Facebook social plugins (e.g. Like, Share, or Facebook Login buttons) on the Online Store's website and in connection with this, collects and shares personal data of the Service Recipient using the Online Store website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and under the rules specified in Facebook’s privacy policy, available at: https://www.facebook.com/about/privacy/. This data may include information about actions on the Online Store’s website – including device information, visited websites, purchases, displayed ads, and how services are used – regardless of whether the Service Recipient has a Facebook account or is logged in to Facebook.
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Considering this, the Administrator provides information about possible profiling in this section of the Privacy Policy.
5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but decisions based on it made by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility to use Electronic Services in the Online Store. The effect of profiling in the Online Store may be, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending a product recommendation tailored to a person’s interests or preferences, or offering more favorable conditions compared to the standard offer of the Online Store. Despite profiling, it is always the individual who freely decides whether they want to take advantage of the discount or improved conditions and make a purchase in the Online Store.
5.3. Profiling in the Online Store involves the automatic analysis or prediction of a given person’s behavior on the website, e.g., by adding a specific product to the cart, viewing a particular product page in the Online Store, or analyzing past purchases. The prerequisite for such profiling is that the Administrator possesses the personal data of the given person to be able to send, for example, a discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, erasure, or data portability – the data subject has the right to request from the Administrator access to their personal data, its rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the rights listed above are set out in Articles 15–21 of the GDPR.
6.2. Right to withdraw consent at any time – the data subject whose personal data is processed based on their consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.3. Right to lodge a complaint with a supervisory authority – the data subject has the right to lodge a complaint with a supervisory authority in the manner and under the procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO).
6.4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or exercise of official authority) or (f) (legitimate interests), including profiling based on those provisions. The Administrator shall no longer process such personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
6.5. Right to object to direct marketing – where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.
6.6. In order to exercise the rights mentioned in this section of the Privacy Policy, you can contact the Administrator by sending a written request or email to the address provided at the beginning of the Privacy Policy, or by using the contact form available on the Online Store’s website.
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small text files saved by a website on the visitor’s device (e.g. hard drive, laptop, smartphone memory card – depending on the device used). Detailed information about cookies, including their history, can be found, for example, here: https://en.wikipedia.org/wiki/HTTP_cookie.
7.2. Cookies sent by the Online Store website can be divided into the following categories:
| By provider | By duration | By purpose |
|---|---|---|
| 1) First-party (created by the Administrator’s Online Store site) 2) Third-party (created by external providers) |
1) Session cookies (stored until logging out or closing the browser) 2) Persistent cookies (stored for a defined time or until manually deleted) |
1) Necessary (enable correct functioning of the website) 2) Functional/Preference (adapt the site to user preferences) 3) Analytical/Performance (collect usage data) 4) Marketing/Advertising/Social media (collect data to display personalized ads, track conversions, etc.) |
7.3. The Administrator may use cookies on the Online Store website for the following purposes:
| Purpose | Description |
|---|---|
| User login identification | Indicates that a Service Recipient is logged in (necessary cookies) |
| Shopping cart memory | Allows orders to be placed by remembering added products (necessary cookies) |
| Form data memory | Stores data from order forms, surveys, or login fields (necessary and/or functional cookies) |
| Site personalization | Customizes content appearance (colors, fonts, layout) to user preferences (functional cookies) |
| Usage statistics | Anonymous statistics on how users interact with the site (analytical/performance cookies) |
| Advertising and personalization | Displays and customizes ads, limits frequency, measures effectiveness, personalizes content (marketing/social cookies) |
7.4. You can check which cookies are used by your browser on the Online Store site using these steps:
| Browser | Instructions | Notes |
|---|---|---|
| Chrome | Click the lock icon in the address bar > "Cookies" | |
| Firefox | Click the shield icon > "Allowed" or "Blocked" > review tracking settings | |
| Internet Explorer | Tools > Internet Options > General > Settings > View Files | |
| Opera | Click the lock icon in the address bar > "Cookies" | |
| Safari | Preferences > Privacy > Manage Website Data | |
| All browsers | Online tools are also available: |
cookiemetrix.com cookie-checker.com |
7.5. By default, most web browsers accept cookies. You can change your cookie settings at any time – for example, to block or limit cookies. Disabling cookies may impact certain features of the Online Store (e.g., shopping cart functionality).
7.6. Browser settings can also serve as consent for cookie usage, in accordance with applicable regulations. Detailed info on cookie settings is available in your browser’s help section or via these links:
7.7. The Administrator may use Google Analytics and Universal Analytics, provided by Google Ireland Ltd. These services help generate statistics and analyze traffic in the Online Store. The data is aggregated and includes sources, user behavior, devices, browsers, location, demographics (age, gender), and interests.
7.8. You can block Google Analytics from collecting your data by installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en
7.9. The full privacy policy of Google Ireland Ltd. and how they use data (including cookies) can be found here: https://policies.google.com/technologies/partner-sites
7.10. The Administrator may also use the Meta Pixel provided by Meta Platforms Ireland Ltd., which helps measure the effectiveness of ads, track actions taken on the Online Store, and deliver targeted ads. More information: Meta Pixel Help
7.11. You can manage your Meta ad preferences via your Facebook account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
8. FINAL PROVISIONS
8.1. The Online Store may contain links to other websites. The Administrator encourages you to review the privacy policies provided on those websites after navigating to them. This Privacy Policy applies only to the Administrator’s Online Store.