bebobi.pl Privacy and Cookie Policy

First published on: 20.05.2018; updated on 13.10.2021.

The administrator of the website is Agnieszka Przybyszewska, conducting business activity as BeBobi Agnieszka Przybyszewska, ul. Janiny Porazińskiej 19 in Poznań, VAT ID: 5291698432, e-mail: hello@bebobi.pl.

If you have any questions or concerns about our privacy policy, please, contact us at any time at hello@bebobi.pl.

Key information

We present an abbreviated version of the most important principles related to privacy protection below.

  • - When you create a user account on our website, place an order, subscribe to our newsletter, make a complaint, cancel a contract or only contact us, you provide us with your personal information. We assure you that your information will remain confidential, secure and will not be shared with any third party without your express consent.
  •  
  • - We entrust the processing of personal data only to verified and trusted providers of personal data processing services.
  •  
  • - We use Google Analytics tools that collect information about your visits to our website, e.g. the sub-pages you have viewed, the time you have spent on the site, and transitions between different sub-pages. To do so, Google Analytics uses Google LLC cookies.
  •  
  • - You can always use the mechanism for managing cookie settings to decide whether or not we will also be able to use marketing functions within the scope of Google Analytics services.
  •  
  • - We use marketing tools such as Facebook Pixel to serve you with targeted ads. It involves using cookies from Facebook. Go to cookie settings to decide whether or not you agree to our use of Facebook Pixel.
  •  
  • - We use Google AdWords remarketing tools. It involves using cookies from Google LLC for the Google AdWords service. Use the mechanism for managing cookie settings to decide whether or not we can use Google Analytics in your case.
  •  
  • - We embed YouTube videos on our website. When you play such recordings, Google LLC's YouTube cookies are used.
  •  
  • - We provide you with the possibility to use social features, such as sharing content on social networks and subscribing to your social profile. Using these features involves using cookies of social network administrators such as Facebook, Instagram, YouTube, and Pinterest.
  •  
  • - We use our own cookies to make the site work properly.

If the above information is not sufficient, there are more details below.

Personal data

The administrator of your personal data within the meaning of the provisions on personal data protection is Agnieszka Przybyszewska, conducting business activity as BeBobi Agnieszka Przybyszewska, ul. Janiny Porazińskiej 19 in Poznań, NIP: 5291698432, e-mail: hello@bebobi.pl.

Purpose, lawful basis for the processing and retention of personal data

We indicate these in the text below, separately for each purpose of data processing.

Rights

The GDPR (RODO) grants you the following potential rights concerning the processing of your personal data:

  • the right of access,
  • the right to rectification,
  • the right to erasure,
  • the right to restrict processing,
  • the right to object,
  • the right to data portability,
  • the right to lodge a complaint with a supervisory authority,
  • the right to revoke your consent to the processing of personal data if you have given such consent.

 

The rules related to the rights listed above are described in detail in Articles 16-21 of GDPR. The rights indicated above are not absolute and will not be granted to you in relation to all the activities connected with the processing of your personal data. We did our best to point out the rights you are entitled to as part of the description of each personal data processing operation.

 

One of the rights indicated above is always available to you. That is, if you believe that we have violated data protection regulations in the processing of your personal data, you can file a complaint to the supervisory authority (President of the Office for Personal Data Protection).

 

You can also always ask us to provide you with information on the data that we hold about you and the purposes for which we process it. Just send an e-mail to hello@bebobi.pl. You can also use the e-mail address given above if you have any questions regarding the processing of your data.

 

Security

We assure you that all personal information you provide us with is strictly confidential. We guarantee you that we take all security and data protection measures required by data protection legislation. Personal data shall be collected with due care and properly protected against access by unauthorized persons.

 

Entrustment agreements

We entrust the processing of personal data to the following entities:

  1. MD Target Sp. z o.o with its registered office in Poznań to store personal data on their server
  2. MD Target Sp. z o.o. with its registered office in Poznań and Fakturownia Sp. z o.o. with its registered office in Warsaw - We use their invoicing system, where your data is processed whenever we issue an invoice for you.
  3. MD Target Sp. z o.o. with its registered office in Poznań - We use their accounting services, which involves processing your data when we issue an invoice to you. They also provide us with IT support services, which may require obtaining access to your data by the service provider.
  4. General Logistics Systems Poland Sp. z o.o. - We use their courier services, which involves processing your data when we send a parcel to you.
  5. FedEx Express Poland sp. z o.o. - We use their courier services, which involves processing your data when we send a package to you.
  6. Inpost Sp. z o.o. - We use their courier services, which involves processing your data when we send a package to you.
  7. PayU - We use this online payment system, which means that whenever you make an online payment, it processes your personal data
  8. PayPal - We use this online payment system, which means that whenever you make an online payment, it processes your personal data
  9. Paynow - We use this online payment system, which means that whenever you make an online payment, it processes your personal data.

 

All entities to which we entrust the processing of personal data guarantee that they apply all the necessary measures required by law for the protection and security of personal data.

 

Purposes and processing activities

 

User account

When you create a user account, you have to enter your e-mail address and define a password that will give you access to your account. Providing this data is voluntary but necessary to create an account. While setting up your user profile, you can enter more personal details, i.e., your name, billing address, and shipping address. It is entirely voluntary to provide this data. It is possible to create an account without providing these additional details. In such a case, when placing an order, you will have to enter this data manually.

 

The data you have entered as part of your user account is processed for the sole purpose of maintaining this account and also making it available to you. The purpose of providing the data in the user's account is to make it easier for you to place orders, as the system will automatically fill in the data in the order form.

 

The legal basis for processing data provided in your user account is to perform the user agreement, which you have concluded according to the shop rules and regulations - Article 6(1)(b) GDPR.

 

We will process your personal data, which you have provided us with when creating a user account, as long as you decide to keep the account. After deleting your account, your personal data will also be deleted from the database, except for the data referring to your orders.

 

You can access your personal data processed under your account at any time by logging into your user account. After logging into your account, you can modify or delete your data at any time, except for the data referring to the orders you have placed. You can decide to delete your account at any time.

 

You also have the right to data portability, referred to in Article 20 of the GDPR, concerning the data collected in your user account. 

 

Placing an order

When placing an order, you will provide us with the data we need to complete the order, i.e., name and surname, billing address, delivery address, e-mail address, telephone number. Providing this data is voluntary but necessary if you want to place an order.

 

The data provided to us in connection with your order is processed for the purpose of managing your order (Article 6(1)(b) of the GDPR), issuing an invoice (Article 6(1)(c) of the GDPR), recording the invoice in our accounting (Article 6(1)(c) of the GDPR), and for archival and statistical purposes (Article 6(1)(f) of the GDPR).

 

If you have a user account, your order will be visible within the order history of that account.

 

Orders are also recorded in our internal database for archival and statistical purposes.

 

The order data will be processed as long as it is necessary for its completion and until the expiry of the limitation period for contract claims. In addition, we may still process your data for statistical purposes after this period has expired. Remember that we are obliged to keep invoices with your data for five years from the end of the tax year in which the tax obligation arose.

 

You cannot rectify the data on your orders after an order has been completed. Also, you cannot object to the processing of data nor demand its deletion until the expiry of the limitation period for contract claims. Likewise, you cannot object to the processing of data and request the erasure of data contained in invoices. After the expiry of the limitation period for contract claims, you may object to our processing of data for statistical purposes, as well as demand the deletion of it from our database.

 

You also have the right to data portability, referred to in Article 20 of the GDPR.

 

Newsletter

If you wish to subscribe to our newsletter, you must provide us with your email address via the newsletter sign-up form.

 

The data provided to us when signing up for the newsletter is used for the purpose of sending you the newsletter, and the legal basis for its processing is your consent (Article 6(1)(a) of the GDPR) expressed when signing up for the newsletter.

 

The data will be processed for the duration of the newsletter unless you unsubscribe earlier, which will delete your data from the database.

 

You can correct your data stored in the newsletter database at any time. You can also ask to delete your data, at the same time cancelling your subscription. You also have the right to move your data, referred to in Article 20 of the GDPR.

 

Complaints and contract withdrawal

Whenever you file a complaint or withdraw from an agreement, you provide us with your personal data such as name and surname, address of residence, telephone number, e-mail address, bank account number in the complaint or statement of withdrawal.

 

The data provided to us in connection with the submission of a complaint or contract withdrawal is used for the purpose of processing the complaint or the withdrawal procedures (Article 6(1)(c) of the GDPR).

 

The data will be processed as long as it takes to carry out the complaint or withdrawal procedure. Complaints and withdrawal declarations may also be archived for statistical purposes.

 

The data included in complaints and declarations of withdrawal from the contract is not available for rectification. Also, you cannot object to the processing of data or demand the deletion of it until the expiry of the limitation period for contract claims. After the expiry of the limitation period for contract claims, you may object to our processing of data for statistical purposes, as well as demand the deletion of it from our database.

 

E-mail contact

When contacting us by e-mail, including sending an inquiry via the contact form, you naturally provide us with your e-mail address as the message sender. In addition, you may also include other personal information in the text of your message.

 

Your data is processed in this case for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the GDPR, i.e., your consent resulting from initiating contact with us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) of the GDPR).

 

The content of the correspondence may be subject to filing. Therefore, we cannot equivocally state when it will be deleted. You have the right to request the history of any correspondence you have had with us (if it is archived). Also, you can request its deletion unless its archiving is justified by our overriding interests, such as defending against potential claims.

 

Cookies and other tracking technologies

Our website, like almost all websites, uses cookies to provide you with the best user experience.

 

Cookies are small text information stored on your terminal device (e.g., computer, tablet, smartphone), which can be read by our data communications system.

 

Cookies can be divided into own cookies and third-party cookies.

 

See below for more details.

 

Consent to cookies

During your first visit to our website, you will be presented with information on the use of cookies and asked whether you agree to them. Thanks to a specialised tool, you can manage cookies from the level of the website. You can always change the cookie settings from your browser or delete cookies altogether. Please note, however, that disabling cookies may cause difficulties in using ours and many other websites.

 

Own cookies

We use our own cookies to ensure the proper functioning of the website, in particular for the proper operation of the sales system.

 

Third-party cookies

Our website, just like other websites, uses features provided by third parties, which involves using cookies from third parties. The use of such cookies is described below.

 

Analysis and statistics

We use cookies to track site statistics such as the number of visitors, the type of operating system and browser used to view the site, the time spent on the site, the sub-pages visited, etc. To do this, we use Google Analytics, which involves the use of cookies from Google LLC. You can always use the mechanism for managing cookie settings to decide whether or not we will also be able to use marketing functions within the scope of Google Analytics services.

 

Marketing

We use marketing tools such as Facebook Pixel to serve you with targeted ads. It involves using cookies from Facebook. Go to cookie settings to decide whether or not you agree to our use of Facebook Pixel.

 

We use Google AdWords remarketing tools. It involves using cookies from Google LLC for the Google AdWords service. Use the mechanism for managing cookie settings to decide whether or not we can use Google Analytics in your case.

 

Social media tools

We provide you with the possibility to use social media features, such as sharing content on social networks and subscribing to your social profile. Using these features involves using cookies of social network administrators such as Facebook, Instagram, YouTube, and Pinterest.

 

We embed YouTube videos on our website. When you play such recordings, Google LLC's YouTube cookies are used.

 

Server logs

Using the website involves sending requests to the server where the site is stored. Every query made to the server is recorded in the server logs.

 

The logs include, among other things, your IP address, the date and time of the server, information about your web browser and the operating system you are using. Logs are saved and stored on the server.

 

The data recorded in the server logs are not associated with specific site users and aren't used to identify you.

 

Server logs constitute only auxiliary material used to administer the website, and their content is not disclosed to anyone except persons authorized to administer the server.