bebobi.pl Privacy and Cookie Policy

First published on: 20.05.2018; updated on 07.02.2024.

Site Administrator: Agnieszka Przybyszewska, conducting sole proprietorship under the name "BeBobi Agnieszka Przybyszewska," with registered office at 19 Janiny Porazińskiej Street in Poznań, 60-195 Poznań, NIP: 5291698432, e-mail: hello@bebobi.pl.

Contact: For any questions or concerns regarding the Privacy Policy, feel free to contact us by sending a message to hello@bebobi.pl.

Definitions:

 

1.     Personal data – information about an identified or identifiable natural person through various factors, including device IP, location data, internet identifier, and information collected through cookies and other technologies.

2.     Policy – this Privacy Policy.

3.     GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

4.     Service – the website operated by the Administrator at www.bebobi.pl.

Key Information:

Here is a concise version of the most important principles related to the protection of your personal data.

        When you create a User Account through the website, place an Order, subscribe to the newsletter, file a complaint, withdraw from the Agreement, or simply contact us, you provide us with your personal data, and we guarantee that your data will remain confidential and secure.

        We share your personal data only with verified and trusted entities providing services related to the operation of the Store, whose implementation requires the processing of personal data.

        We use Google Analytics analytical tools that collect information about your website visits, such as pages viewed, time spent on the site, or transitions between individual subpages. Google LLC's cookies related to the Google Analytics service are used for this purpose.

        We use marketing tools such as Facebook Pixel to direct ads to you. This involves the use of Facebook's cookies. You can decide whether to allow us to use Facebook Pixel's marketing features in your case within the cookie settings.

        We use Google Ads remarketing tools, involving the use of Google LLC's cookies related to the Google Ads service. You have the option to decide whether we can use Google Ads in your case within the cookie settings.

        We embed video recordings from YouTube on the site. When you play such recordings, cookies from Google LLC related to the YouTube service are used.

        We provide the option to use social features such as sharing content on social media and subscribing to a social profile. The use of these features involves the use of cookies from social media administrators such as Facebook, Instagram, YouTube, Pinterest.

• We use our own cookies for the proper functioning of the site.

 

If the above information is not sufficient for you, you will find further details below.

 

Data Administrator

According to the GDPR regulations, the administrator of your personal data is Agnieszka Przybyszewska, conducting sole proprietorship under the name "BeBobi Agnieszka Przybyszewska," with the registered office at 19 Janiny Porazińskiej Street in Poznań, 60-195 Poznań, NIP: 5291698432.

Contact with the Administrator

You can contact the Administrator via email at hello@bebobi.pl or by mail at BeBobi Agnieszka Przybyszewska, Senatorska 37 Street, 60-326 Poznań.

 

Purposes, Legal Bases, and Processing Periods of Personal Data

We specify them below, separately for each purpose of data processing.

 

1. PROCESSING DATA IN CONNECTION WITH USING THE SERVICE

1.1. In connection with the User using the Service, the Administrator collects data necessary to provide specific services and information about the User's activity on the Service. Detailed rules and purposes of processing personal data collected during the use of the Service by the User are described below.

 

2. PURPOSES AND LEGAL BASES FOR PROCESSING DATA ON THE SERVICE

USING THE SERVICE

2.1. Personal data of all persons using the Service (including IP addresses or other identifiers and information collected through cookies or similar technologies), who are not registered Users (i.e., individuals without a Customer Account in the Service), are processed by the Administrator:

2.1.1. To provide electronic services regarding the provision of content in the Service to Users – the legal basis for processing is the necessity for processing to perform the contract (Art. 6(1)(b) GDPR);

2.1.2. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of analyzing User activity and preferences to improve functionalities and services provided;

2.1.3. For potential determination and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of protecting their rights;

2.1.4. For marketing purposes of the Administrator and other entities, especially related to behavioral advertising – principles of personal data processing for marketing purposes are described in the MARKETING section.

2.2. User activity in the Service, including their personal data, is recorded in system logs (a special computer program for storing a chronological record containing information about events and actions related to the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for service provision purposes. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and manage this system, as well as for analytical and statistical purposes – in this scope, the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR).

 

REGISTRATION ON THE SERVICE

2.3. Individuals registering on the Service are asked to provide data necessary for creating and managing a Customer Account. To facilitate user management, users may provide additional data, thereby giving their consent to its processing. Such data can be deleted at any time. Providing data marked as obligatory is required to create and manage a Customer Account, and failure to provide them results in the inability to create an account. Providing other data is voluntary.

2.4. Personal data is processed:

2.4.1. To provide services related to the operation and management of the Customer Account on the Service – the legal basis for processing is the necessity for processing to perform the contract (Art. 6(1)(b) GDPR), and for optionally provided data – the legal basis for processing is consent (Art. 6(1)(a) GDPR);

2.4.2. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of analyzing User activity on the Service, the use of the Account, and User preferences to improve applied functionalities;

2.4.3. For potential determination and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of protecting their rights;

2.4.4. For marketing purposes of the Administrator and other entities – principles of personal data processing for marketing purposes are described in the MARKETING section.

2.5. If a User posts any personal data of other individuals on the Service (including their name, address, phone number, or email address), they may do so only if it does not violate the law and the personal rights of those individuals.

 

PLACING ORDERS ON THE SERVICE

2.6. Placing an Order by a Service User involves the processing of their Personal Data. Providing data marked as obligatory is required to accept and process the Order, and failure to provide them results in the non-execution of the Order. Providing other data is optional.

2.7. Personal data is processed:

2.7.1. To fulfill the placed Order – the legal basis for processing is the necessity for processing to perform the contract (Art. 6(1)(b) GDPR); for optionally provided data, the legal basis for processing is consent (Art. 6(1)(a) GDPR);

2.7.2. To fulfill legal obligations incumbent on the Administrator, arising in particular from tax regulations and accounting regulations – the legal basis for processing is a legal obligation (Art. 6(1)(c) GDPR);

2.7.3. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of analyzing User activity on the Service and User purchasing preferences to improve applied functionalities;

2.7.4. For potential determination and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of protecting their rights.

2.7.5. In order to provide to the entity performing IT support for the issuance, maintenance, and access to e-receipts, the telephone number or email address of the Customer, which may be processed for the following purposes:

a. Verification whether a given telephone number or email address has been registered in the products owned by the servicing entity, and in the case of positive verification, providing the Customer with views of e-receipts within these products, as well as additional information derived from the issuance process.

b. Sending SMS messages and other notifications to Customers confirming the issuance of e-receipts to the IT system of the entity performing IT support for e-receipts.

 

FILING COMPLAINTS AND WITHDRAWAL FROM THE AGREEMENT

2.8. Submitting a complaint or withdrawing from the Agreement by a Service User involves the processing of their Personal Data. Providing data marked as obligatory is required to accept and process complaints and fulfill the right to withdraw from the agreement, and failure to provide them results in the inability to perform these services. Providing other data is optional.

2.9. Personal data is processed:

2.9.1. To accept and process complaints and fulfill the right to withdraw from the agreement – the legal basis for processing is the necessity for processing to fulfill a legal obligation (Art. 6(1)(c) GDPR); for optionally provided data, the legal basis for processing is consent (Art. 6(1)(a) GDPR);

2.9.2. For potential determination and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of protecting their rights.

 

 

CONTACT FORMS

2.10. The Administrator provides the option to contact them using a dedicated email address and electronic contact forms. Using the form requires providing personal data necessary to establish contact with the User and respond to the inquiry. Users may also provide additional data to facilitate contact or handle the inquiry. Providing data marked as obligatory is required to accept and process the inquiry, and failure to provide them results in the inability to provide assistance. Providing other data is voluntary.

2.11. Personal data is processed:

2.11.1. To identify the sender and handle their inquiry sent through the provided form – the legal basis for processing is the necessity for processing to perform a service contract (Art. 6(1)(b) GDPR); for optionally provided data, the legal basis for processing is consent (Art. 6(1)(a) GDPR);

2.11.2. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of conducting statistics on inquiries submitted by Users through the Service to improve its functionality.

 

3. MARKETING

3.1. The Administrator processes Users' Personal Data to carry out marketing activities, which may include:

3.1.1. Sending email notifications about interesting offers or content, which may contain commercial information in some cases (newsletter service);

3.1.2. Conducting other types of direct marketing activities for goods and services (sending commercial information electronically and telemarketing activities).

3.2. To carry out marketing activities, the Administrator sometimes uses profiling. This means that, through automated data processing, the Administrator assesses selected factors regarding Users to analyze their behavior or create forecasts for the future. This allows for better alignment of displayed content with individual preferences and interests of the User.

 

NEWSLETTER

3.3. The Administrator provides the newsletter service to individuals who have provided their email address for this purpose. Providing data is required to provide the newsletter service, and failure to provide them results in the inability to send it. This form of communication with the User may involve profiling.

3.4. Personal data is processed:

3.4.1. To provide the newsletter service – the legal basis for processing is the necessity for processing to perform the contract (Art. 6(1)(b) GDPR);

3.4.2. In the case of sending marketing content to the User as part of the newsletter – the legal basis for processing, including profiling, is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) in connection with the User's consent to receive the newsletter;

3.4.3. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of analyzing Users' activity on the Service to improve applied functionalities;

3.4.4. For potential determination and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of protecting their rights.

 

DIRECT MARKETING

3.5. The User's personal data may also be used by the Administrator to send them marketing content through various channels, i.e., via email, MMS/SMS, or by phone. Such actions are taken by the Administrator only if the User has given consent, which they can withdraw at any time.

 

SOCIAL MEDIA

4.1. The Administrator processes Users' personal data who visit the Administrator's profiles on social media (Facebook, YouTube, Instagram, Twitter). These data are processed solely in connection with managing the profile, including informing Users about the Administrator's activities and promoting various events, services, and goods. The legal basis for processing personal data by the Administrator for this purpose is their legitimate interest (Art. 6(1)(f) GDPR), consisting of promoting their own brand.

 

POSTING COMMENTS

5.1. The Administrator provides the opportunity to post comments on the Service. Providing data in fields marked as "required" is voluntary, but failure to provide them results in the inability to post a comment. Data visible publicly to all Users include: [User's nickname/login].

5.2. Personal data is processed:

5.2.1. To publish a comment as part of the functionalities provided by the Administrator – the legal basis for processing is the necessity for processing to provide the service (Art. 6(1)(b) GDPR);

5.2.2. For comment moderation (including spam elimination) and identification of the person posting the published comment – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of approving comments added by Users and making them public.

 

COOKIES AND SIMILAR TECHNOLOGY

6.1. Cookies are small text files installed on the User's device browsing the Service. Cookies collect information that facilitates the use of the website – for example, by remembering the User's visits to the Service and actions performed by them.

 

COOKIES "SERVICE"

 

6.2. The administrator primarily uses so-called service cookies to provide the user with electronically provided services and improve the quality of these services. Therefore, the administrator and other entities providing analytical and statistical services on his behalf use cookies, storing information or gaining access to information already stored in the user's telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:

 

6.2.1. Cookies with data entered by the user (session identifier) for the duration of the session (eng. user input cookies);

 

6.2.2. Authenticating cookies used for services requiring authentication for the duration of the session (eng. authentication cookies);

 

6.2.3. Cookies used to ensure security, e.g., used to detect abuses in authentication (eng. user-centric security cookies);

 

6.2.4. Session cookies of multimedia players (e.g., flash player cookies) for the duration of the session (eng. multimedia player session cookies);

 

6.2.5. Persistent cookies used to customize the user interface for the duration of the session or slightly longer (eng. user interface customization cookies).

 

COOKIES "MARKETING"

 

6.3. The administrator and his trusted partners also use cookies for marketing purposes. To achieve this, the administrator and trusted partners store information or gain access to information already stored in the user's telecommunications end device (computer, phone, tablet, etc.).

 

ANALYTICAL AND MARKETING TOOLS USED BY THE ADMINISTRATOR'S PARTNERS

 

7.1. The administrator and his partners use various solutions and tools for analytical and marketing purposes. Below are basic pieces of information about these tools. Detailed information in this regard can be found in the privacy policy of each partner.

 

GOOGLE ANALYTICS

7.2. Google Analytics cookies are files used by Google to analyze the way the user uses the service, create statistics, and reports on the functioning of the service. Google does not use the collected data to identify the user or combine this information to enable identification. Detailed information about the scope and rules of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.

 

GOOGLE ADS

7.3. Google Ads is a tool that allows measuring the effectiveness of advertising campaigns carried out by the administrator, allowing analytics of data such as keywords or the number of unique users. The Google Adwords platform also allows displaying our ads to people who have visited the service in the past. Information about data processing by Google regarding this service is available at: https://policies.google.com/technologies/ads?hl=pl.

 

FACEBOOK PIXEL

 

7.4. Facebook pixels are tools that enable measuring the effectiveness of advertising campaigns carried out by the Administrator on the Facebook portal. The tool allows for advanced data analytics to optimize the Administrator's activities, also using other tools offered by Facebook. Detailed information regarding data processing by Facebook can be found at this link: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.

 

SOCIAL PLUGINS

7.5. Social media plugins (Facebook, Google+, LinkedIn, Twitter, Instagram, Pinterest) are used on the Service. Plugins allow the user to share content published on the Service on selected social media platforms. Using plugins in the Service means that the social media platform receives information about the user's use of the Service and can attribute it to the user's profile created on that social media platform. The Administrator has no knowledge of the purpose and scope of data collection by social media platforms. Detailed information can be found at the following links:

 

7.5.1. Facebook: https://www.facebook.com/policy.php

 

7.5.2. Google: https://privacy.google.com/take-control.html?categories_activeEl=sign-in

 

7.5.3. LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL

 

7.5.4. Twitter: https://twitter.com/en/privacy

 

7.5.5. Instagram: https://about.instagram.com/blog/announcements/instagram-community-data-policy

 

7.5.6. Pinterest: https://policy.pinterest.com/en/privacy-policy

 

COOKIE SETTINGS MANAGEMENT

8.1. The use of cookies to collect data, including accessing data stored on the user's device, requires the user's consent. This consent can be withdrawn at any time.

 

8.2. Permission is not required only for cookies whose use is necessary for providing telecommunication services (data transmission to display content).

 

8.3. Withdrawal of consent for the use of cookies is possible through browser settings. Detailed information can be found at the following links:

 

8.3.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

 

8.3.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

 

8.3.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

 

8.3.4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html

 

8.3.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB

 

8.4. The user can verify the status of their current privacy settings for the used browser at any time using tools available at the following links:

 

8.4.1. http://www.youronlinechoices.com/pl/twojewybory

 

8.4.2. http://optout.aboutads.info/?c=2&lang=EN

 

9. OKRES PRZETWARZANIA DANYCH OSOBOWYCH

 

9.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. In principle, data is processed for the duration of the service or order fulfillment, until the withdrawal of the given consent or the effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

 

9.2. The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against claims, and after this time, only to the extent required by applicable law. After the processing period, data is irreversibly deleted or anonymized.

 

10. USER PERMISSIONS

 

10.1. The user has the right to access their data, request correction, deletion, restriction of processing, the right to data portability, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority for personal data protection.

 

10.2. In cases where the user's data is processed based on consent, this consent can be withdrawn at any time by contacting the Administrator at the email address hello@bebobi.pl.

 

10.3. The user has the right to object to the processing of data for marketing purposes if the processing is related to the legitimate interests of the Administrator, and also – for reasons related to the user's specific situation – in other cases when the legal basis for data processing is the legitimate interest of the Administrator (e.g., in the context of analytical and statistical purposes).

11. DATA RECIPIENTS

 

11.1. In connection with the provision of services, personal data will be disclosed to external entities, including but not limited to service providers responsible for IT system support, entities such as banks and payment operators, entities providing accounting services, couriers (for order fulfillment), and marketing agencies (for marketing services).

 

11.2. The recipients of customer personal data are the following entities:

 

HOSTIDO PL Gałązka Sp.j. based in Gdańsk for storing personal data on the server,

MD Target Sp. z o.o based in Poznań and Fakturownia Sp. z o.o. based in Warsaw – for using the invoicing system where your data is processed if we issue an invoice for you,

MD Target Sp. z o.o. based in Poznań – for using accounting services that involve the processing of your data when we issue an invoice for you, and for using IT support services that involve the possibility of access to your personal data by the entity providing IT services.

General Logistics Systems Poland Sp. z o.o– for using courier services that involve the processing of your data when we send you a shipment.

FedEx Express Poland sp. z o.o. / DPD / DHL PARCEL / DHL EXPRESS - for using courier services that involve the processing of your data when we send you a shipment.

Inpost Sp. z o.o. - for using courier services that involve the processing of your data when we send you a shipment.

PayU – for using the online payment system, which involves the processing of your data when you choose the online payment method.

PayPal – for using the online payment system, which involves the processing of your data when you choose the online payment method.

Paynow – for using the online payment system, which involves the processing of your data when you choose the online payment method.

Przelewy24 – for using the online payment system, which involves the processing of your data when you choose the online payment method.

PayPO – for using the online payment system, which involves the processing of your data when you choose the online payment method.

Platforma Detalistów sp. z o.o - for the purpose of handling e-receipts sent via email during order fulfillment.

11.3. In the case of obtaining the user's consent, their data may also be shared with other entities for their own purposes, including marketing purposes.

11.4. The Administrator reserves the right to disclose selected information about the user to relevant authorities or third parties that request such information, based on the appropriate legal basis and in accordance with applicable law.

 

11.5. In the case of adding a comment on the Service, the content of the comment, along with the information provided by the user, will be made public.

 

12. DATA TRANSFER OUT OF EOG

 

12.1. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary, ensuring an adequate level of protection, primarily through:

12.1.1. cooperation with entities processing personal data in countries for which the European Commission has issued a relevant decision regarding the adequacy of personal data protection;

12.1.2. application of standard contractual clauses issued by the European Commission;

12.1.3. application of binding corporate rules approved by the relevant supervisory authority.

 

12.2. The Administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.

 

13. PERSONAL DATA SECURITY

13.1. The Administrator continuously conducts a risk analysis to ensure that personal data is processed securely – ensuring, above all, that access to data is granted only to authorized persons and only to the extent necessary for the tasks they perform. The Administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and collaborators.

 

13.2. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities provide a guarantee of applying appropriate security measures whenever they process personal data on behalf of the Administrator.

 

14. PRIVACY POLICY CHANGES

 

14.1. The Administrator reserves the right to change this Privacy Policy for important reasons, such as changes in the law or technological advancements. Each change to the Privacy Policy is published on the Store's website and applies to orders placed after its effective date.

 

14.2. The current version of the Policy is effective from February 7, 2024.