PRIVACY POLICY of www.beynd.com.pl


I. General Provisions
II. Purpose and Legal Basis for Data Processing
III. Data Recipients
IV. Retention Period of Personal Data
V. Rights of the Data Subject
VI. Profiling
VII. Cookies
VIII. Final Provisions

I. GENERAL PROVISIONS

  1. This document constitutes an information clause pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, for individuals (Clients) using the services of the Data Controller.
  2. The Data Controller (within the meaning of Article 4 point 4 of the GDPR) of personal data collected via the website www.beynd.com.pl is Mental Karolina Rychlik, with its registered office at ul. Kamienna 1B, 82-500 Kwidzyn, Poland, NIP: 5811716700, REGON: 542344524, email address: kontakt.beyond@gmail.com, hereinafter referred to as the “Controller” and also the Service Provider.
  3. In accordance with Article 32(1) of the GDPR, the Controller adheres to the principles of data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data processed in connection with its business activities.
  4. Providing personal data by the Service Recipient is voluntary, but necessary to conclude a contract for the services provided by the Controller. The Service Recipient is obliged to provide personal data, and failure to do so will result in the inability to use the Controller’s offer.
  5. All capitalized words or expressions used in this Privacy Policy shall be understood in accordance with their definitions in the Terms and Conditions of the website www.leszekfurmann.pl.

II. PURPOSE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING

  1. The Controller processes personal data for the following purposes:
    a) conclusion and performance of contracts for services or products offered by the Controller;
    b) provision of electronic services through the Controller’s website, including the ability to place orders via forms available on the site and maintaining a user account;
    c) sending marketing information regarding the Controller’s products or services;
    d) conducting surveys on the Controller’s programs, services, and content;
    e) responding to inquiries submitted via the contact form on the Controller’s website.
  2. The legal basis for data processing is:
    a) taking actions to conclude and perform a contract (Article 6(1)(b) GDPR) for purposes in points a–b above;
    b) the Controller’s legitimate interest and the data subject’s consent, if required by law (Article 6(1)(a) and (f) GDPR) for the purpose in point c;
    c) the Controller’s legitimate interest (Article 6(1)(f) GDPR) for the purposes in points d–e.

III. DATA RECIPIENTS. TRANSFER OF DATA TO THIRD COUNTRIES

  1. Recipients of personal data processed by the Controller may include entities involved in logistics or delivering products to customers, as well as electronic payment operators.
  2. The Controller may outsource personal data processing to entities acting on its behalf and under its instructions, including accounting firms, legal offices, and hosting service providers.
  3. Personal data will not be transferred to countries outside the European Economic Area (EEA).

IV. RETENTION PERIOD OF PERSONAL DATA

The Controller stores personal data for a period related to the duration of the agreement, and after its termination, no longer than:
a) for the duration of the agreement with the Service Recipient and thereafter for the period necessary for pursuing claims or fulfilling legal obligations – up to 10 years;
b) for 5 years for data contained in accounting documents (invoices) in accordance with the Accounting Act;
c) until the consent for data processing is withdrawn.

V. RIGHTS OF THE DATA SUBJECT

  1. Every person whose data is processed by the Controller has the right to access their data, rectify it, delete it (“right to be forgotten”), restrict processing, data portability, object to processing, and withdraw consent at any time.
  2. Any person who believes their data is being processed in violation of GDPR may lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland.

VI. PROFILING

  1. Personal data obtained by the Controller may be processed automatically, including through profiling. The profiling performed by the Controller involves evaluating selected personal data to analyze and predict individual preferences and interests, particularly for providing personalized offers.
  2. Automated data processing by the Controller does not produce any legal effects for the data subject. The data subject may object at any time to such automated processing.

VII. COOKIES

  1. The Service Provider’s website uses cookies. If the Service Recipient does not change browser settings, it is considered consent to their use.
  2. The installation of cookies is necessary for the proper operation of the website. Cookies contain information essential for the correct functioning of the site, particularly those requiring user authentication.
  3. The website uses three types of cookies: “session”, “persistent”, and “analytical”:
    a) Session cookies are temporary files stored on the user’s device until logout (exit from the website).
    b) Persistent cookies remain on the user’s device for a set period or until deleted.
    c) Analytical cookies help understand how users interact with website content and improve layout. These collect information such as how the user uses the website, what page they came from, and the number and duration of visits. They do not collect identifiable personal data but are used for statistical purposes.
  4. The Service Recipient may control cookie access through browser settings. Detailed information on cookie management is available in the browser’s help section.

VIII. FINAL PROVISIONS

  1. The Controller applies technical and organizational measures to ensure the protection of personal data appropriate to the risks and the nature of the data, including protection against unauthorized access, loss, alteration, or destruction.
  2. The Service Provider ensures technical safeguards to prevent unauthorized acquisition or alteration of data sent electronically.

In matters not covered by this Privacy Policy, the provisions of the Terms and Conditions of www.leszekfurmann.pl and applicable Polish law shall apply accordingly.