Privacy policy
Privacy Policy
Last updated: August 15, 2025
Behemoth Webstore operates this store and website, including all related information, content, features, tools, products and services (the “Services”), to provide you with a curated shopping experience. Behemoth Webstore is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy explains how Behemoth Webstore, operated by Behemoth Webstore Maciej Gruszka, located at Gdyńska 99, 80-297 Miszewo, Poland (“we”, “us”, “our”), collects, uses, and discloses your personal information when you visit, use, or make a purchase via the Services, or otherwise communicate with us, in accordance with Regulation (EU) 2016/679 (GDPR) and other applicable privacy laws. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
1. Data Controller
We are the data controller of your personal information. You can contact us at: support@behemoth-store.com.
2. What Is “Personal Information”
“Personal information” means information that identifies or can reasonably be linked to you. It does not include anonymized or de-identified information.
3. Personal Information We Collect or Process
- Contact data: name, billing/shipping address, email, phone number
- Account data: username/login, password, security questions, preferences, settings
- Order & transaction data: items viewed, cart/wishlist, purchases, returns, exchanges, cancellations, past transactions
- Payment data: payment method, provider details, payment confirmation and other payment details (payment card data is processed securely by our payment providers)
- Device data: device, browser, network connection, IP address, other unique identifiers
- Usage data: interaction with the Services (how/when you navigate and use the Services)
- Communications: the information you include when you contact us (e.g., customer support inquiries)
- Social login data: if you choose “Sign in with Google” or “Continue with Facebook”, we receive basic profile information from the provider (e.g., name, email address, profile image, locale, and a provider-specific user ID). We do not receive your password for those services.
Sources of Personal Information
- Directly from you (account creation, purchases, communications)
- Automatically via the Services (from your device; cookies and similar technologies)
- From service providers acting on our behalf (technology enablement, payment processing, analytics, fulfillment)
- From partners or other third parties, where permitted by law
- From third-party identity providers (Google and Meta/Facebook) when you use single sign-on (SSO) or link your account, subject to your settings with those providers.
4. Legal Basis for Processing (GDPR)
| Purpose | Legal Basis (GDPR) |
|---|---|
| Order fulfillment and customer service | Art. 6(1)(b) – Contract performance |
| Account registration and management | Art. 6(1)(b) |
| Tax and accounting compliance | Art. 6(1)(c) – Legal obligation |
| Marketing communication | Art. 6(1)(a) – Consent |
| Website performance analysis | Art. 6(1)(f) – Legitimate interest |
| Fraud prevention and security | Art. 6(1)(f) |
| Participation in Shopify Network Intelligence | Art. 6(1)(a) – Consent (EEA/UK/CH); Art. 6(1)(f) – Legitimate interest (other regions) |
| Single sign-on (SSO) authentication via Google/Facebook | Art. 6(1)(b) – Contract performance; Art. 6(1)(f) – Legitimate interest (account security and fraud prevention) |
| Optional account linking or importing profile details beyond what is necessary for authentication | Art. 6(1)(a) – Consent |
5. How We Use Your Personal Information
- Provide, tailor, and improve the Services (perform our contract with you, process payments, fulfill orders, manage your account, arrange shipping and returns, enable reviews, remember preferences, and recommend products).
- Marketing and advertising (send promotional communications where required by law and show online ads based on your activity and preferences).
- Security and fraud prevention (authenticate accounts, protect the Services, detect and investigate fraudulent, illegal, or unsafe activity).
- Communicating with you (customer support, responding to requests, maintaining our business relationship).
- Legal reasons (comply with law or valid legal process, enforce our terms and policies).
- Account authentication via single sign-on (Google/Facebook) and to help keep your account secure and reduce fraud.
- Account linking so you can access your account using your chosen identity provider.
6. How We Disclose Personal Information
- With Shopify and service providers who perform services on our behalf (e.g., IT, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
- With business and marketing partners to provide marketing services and advertise to you (e.g., Meta, Google, Trustpilot) in accordance with their privacy notices and applicable consent requirements.
- With identity providers you choose to use for login (Google Ireland Limited and Meta Platforms Ireland Limited) to enable single sign-on. These providers act as independent controllers for their own processing. See their privacy policies for details.
- When you direct or consent (e.g., shipping partners, social media widgets, login integrations).
- Within our corporate group or in connection with business transactions (e.g., merger, acquisition), or where required by law or to protect our rights and users.
7. Relationship with Shopify & Network Intelligence
The Services are hosted by Shopify. Information you submit to the Services will be transmitted to and shared with Shopify and certain third parties (including in countries outside your residence) to provide and improve the Services. We also use Shopify enhanced features that incorporate data from your interactions with our store, other merchants, and Shopify. To provide these enhanced features, Shopify may process personal information about your interactions with our store along with other merchants and with Shopify.
For these enhanced features, including Shopify Network Intelligence, Shopify acts as our processor and, for certain related activities, as an independent controller responsible for responding to your requests regarding its processing. If you are located in the EEA, UK, or Switzerland, we obtain your consent before participating in Network Intelligence. You may withdraw consent or object at any time via our Privacy Preferences page or by contacting us at support@behemoth-store.com.
Learn more about Shopify’s processing and your rights directly with Shopify here: Shopify Consumer Privacy Policy and Shopify Privacy Portal.
8. Single Sign-On (Google & Facebook)
You can choose to create or sign in to your account using Google or Facebook. When you do, the identity provider will share certain personal information with us (such as your name and email address) to authenticate you. We use this information to create or link your store account and to keep your account secure. We do not receive your Google or Facebook password.
Google and Meta/Facebook are independent controllers for their own services. Their processing is governed by their privacy policies. You can revoke our access at any time in your provider account settings:
• Google: myaccount.google.com/permissions
• Facebook: facebook.com/settings?tab=applications
You can also unlink social login from your store account by contacting us at support@behemoth-store.com.
9. International Transfers
We may transfer, store and process your personal information outside the EEA/UK. Where we do so, we rely on recognized transfer mechanisms (such as the European Commission’s Standard Contractual Clauses or UK equivalents) unless the destination country benefits from an adequacy decision.
10. Data Retention
- Accounting: 6 years
- Order history: 5 years
- Marketing: until you withdraw your consent
- Customer service: 2 years
- SSO identifiers and token metadata: retained while your account is active or as needed to secure your account and prevent fraud, and then deleted or anonymized.
Retention periods may be extended where necessary to establish, exercise, or defend legal claims or to comply with legal obligations.
11. Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below. These rights may apply only in certain circumstances, and we may decline requests as permitted by law.
- Access / Know (obtain a copy of personal information we hold about you)
- Delete (request deletion of personal information)
- Correct (rectify inaccurate personal information)
- Portability (receive a copy and request transfer to another controller, where applicable)
- Object and Restrict processing (including objection to marketing and profiling)
- Withdraw consent at any time (does not affect processing prior to withdrawal)
You can exercise these rights where indicated in the Services, via our Privacy Preferences page, or by contacting us at support@behemoth-store.com. For data processed by Google, Meta/Facebook, or Shopify as independent controllers (for example, your provider account details), please submit requests directly to those providers using their privacy tools. You can revoke our access to your Google or Facebook account at any time using the links above.
We will not discriminate against you for exercising your rights. We may need to verify your identity before processing your request. You may designate an authorized agent as permitted by law.
Complaints
You can lodge a complaint with your local Data Protection Authority. In Poland: https://uodo.gov.pl.
12. Cookies & Tracking Technologies
We use cookies and similar technologies for site analytics, personalization, marketing, participation in Shopify’s Network Intelligence program, and—where needed—enabling single sign-on (Google/Facebook). In the EEA/UK/CH, marketing and analytics cookies (and any non-essential SDK components) require your consent. Manage your preferences via our cookie banner or at any time via our Privacy Preferences page.
If you visit our website with the Global Privacy Control (GPC) opt-out preference signal enabled, we will treat this as an opt-out request for the browser and device you use (where applicable by law). Other browser “Do Not Track” signals may not be recognized.
13. Security
We apply technical and organizational measures to protect your personal information. However, no security measures are perfect or impenetrable, and information transmitted over the internet may not be fully secure in transit.
14. Children’s Data
The Services are not intended for users under 16 years of age. If you are a parent or guardian of a child who has provided us with personal information, please contact us to request deletion. We do not have actual knowledge that we “sell” or “share” personal information of individuals under 16 years of age.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website and update the “Last updated” date, and provide notice where required by law.
16. Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights, please email us at support@behemoth-store.com or write to us at Gdyńska 99, 80-297 Miszewo, Poland. For the purpose of applicable data protection laws, we are the data controller of your personal information.