GDPR - Barbi Ocean

0Basket

Cookie settings

PRIVACY AND PERSONAL DATA SAFETY POLICY

OF THE BARBIOCEAN PLATFORM

(hereinafter referred to as "Privacy Policy")

This Privacy Policy defines the principles applicable to the processing of personal data obtained through the platform available at www.barbiocean.com.

Unless clearly indicated otherwise in the further part of this Privacy Policy, capitalised terms used herein should be understood as follows:

PERSONAL DATA CONTROLLER: Barbara Pente, the owner of company: BarbiOcean Sp. z o.o. with its registered office at ul. Długa 29, 00-238 Warsaw with National Court Register number: 859155 and VAT ID: 5252835250, email: info@barbiocean.com , being the owner of the Platform, which alone or jointly with others defines the purposes and methods of processing personal data, hereinafter also referred to as PLATFORM ADMINISTRATOR.

PERSONAL DATA: all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected via cookies and other similar technology, collected and processed by the Personal Data Controller on the terms set out in this Privacy Policy.

GDPR: Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

USER ACCOUNT: a service available on the Platform to registered Users, thanks to which the User can post, among others: Personal Data for the purposes of using the Platform, which is collected and processed by the Platform Administrator under the conditions set out in the Terms of Use and this Privacy Policy.

PLATFORM: space available at www.barbiocean.com, making it possible for logged in Users to use the services provided by the Platform Administrator.

PROFILING: automated processing of personal data, which serves, in particular, to analyse and evaluate the movement, behaviour, interests, personal preferences, and economic situation of a natural person.

PROCESSING ENTITY: all entities processing personal data on behalf of the Personal Data Controller.

REGISTRATION: an activity involving the setting up of an account by the User, completed using the registration form provided by the Platform Administrator via the Platform.

TERMS: Terms of Use of the BARBIOCEAN platform and the provision of services by the Platform Administrator via the Platform.

PRODUCTS: all products presented on the Platform by the Manufacturer or searched for via the Platform by the Wholesaler, which may be the subject of a sales or donation agreement under applicable laws.

PERMANENT MEDIUM: material or tool that enables the User or Service Provider to store information addressed personally to them in a way that enables access to them in the future, for a time appropriate for the purposes of the data stored on it, and which make it possible to restore the stored data in an unaltered format.

AGREEMENT: an agreement for the provision of Services available on the Platform concluded between the User and the Platform Administrator by electronic means.

END DEVICE: device intended for connection to a network terminal, e.g. computer, telephone, tablet, or smartphone, used to collect and save data.

SERVICE: all services provided by the Platform Administrator by electronic means, including enabling the User to present their Products.

USER: any natural person visiting the Platform or using the services available through the Platform.

§ 1 Principles of personal data processing

1. The Personal Data Controller of data belonging to users visiting the Platform or using the services available on the Platform is Barbara Pente, who runs a sole proprietorship under the name BarbiOcean Barbara Pente, with its registered office at ul. Długa 29, 00-238 Warsaw, with REGON number: 022290908 and VAT ID: 6312599228, email: info@barbiocean.com.

2. It is necessary to collect and process some of the User's personal data in order to register and set up an account on the Platform. Personal data necessary to register and set up an account is processed by the Personal Data Controller in accordance with the GDPR, as well as the Personal Data Protection Act of 10 May 2018.

3. The Personal Data Controller acts with due care to respect the privacy of Users using the Platform.

4. The Personal Data Controller uses technical and organisational measures to protect the processing of personal data, and to protect personal data against unauthorised disclosure, acquisition by unauthorised entities, processing in violation of the applicable law on the protection of personal data, as well as change, loss, or destruction.

5. The Personal Data Controller does not transfer Personal Data to third-party countries, i.e. outside the EEA (European Economic Area) or to any international organisations, with reservation of Personal Data processed for direct marketing purposes. In the case of processing Personal Data for marketing purposes, Personal Data may be transferred to IT service providers in the USA subject to certification under the Privacy Shield, i.e. pursuant to Article 45(1) of GDPR. If Personal Data were to be transferred outside the EEA for purposes other than direct marketing, their transfer would take place on the basis of the legal grounds indicated in Article 44-49 of GDPR, upon prior notification of the data subject.

6. Your personal data will not be subject to automated decision making, including profiling.

7. The provision of personal data to the Personal Data Controller is voluntary in relation to the concluded contracts for the provision of services available on the Platform, with the reservation that failure to provide the data specified in the form will prevent registration and use of the services available on the Platform; it will only be possible to view it.

§ 2 Type of personal data processed, purposes, and legal basis

1. The Personal Data Controller collects information regarding natural persons who perform legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organisational units that are not legal persons, to whom the law grants legal capacity, managing a business or professional activity on their own behalf, who visit or use the Platform.

2. Users' personal data is collected in particular through registration or contact forms, and the User Account on the Platform, for the following purposes:

a) communication, identification, and answering the User's enquiries via the contact form available on the Platform

The legal basis for the processing of Personal Data for the above purpose is the User's consent, i.e. Article 6 (1)(a) of GDPR. The User's personal data will be processed for the period necessary to respond to the enquiry.

a) communication, identification, and answering the User's enquiries via email or telephone

The legal basis for the processing of Personal Data for the above purpose is the legitimate interest of the Personal Data Controller i.e. Article 6 (1)(f) of GDPR. Personal data will be processed for the period necessary to respond to the enquiry.

c) handling complaints regarding Services provided on the Platform, submitted via the contact form or email

The legal basis for the processing of Personal Data is the fulfilment of the legal obligation, i.e. Article 6(1)(c) of GDPR, and the legitimate interest of the Personal Data Controller, i.e. Article 6 (1)(f) of GDPR, consisting of the pursuit of possible claims by the Personal Data Controller and defence against such claims. Personal data will be processed for the above purposes for the period necessary to process the complaint, the period of limitation of claims arising from the complaint, and the period necessary to defend against the claims of the claimant.

d) conclusion and performance of the Agreement for the provision of electronic services available on the Platform

The legal basis for personal data processing is Article 6 (1)(b) of GDPR. Personal data will be processed for the duration of the Agreement.

e) creating and analysing statistics, managing the Platform, presenting advertisements, adjusting the content of the Platform to the User's preferences, conducting surveys, as well as detecting bots and fraud in the analysis services of marketing tools using cookies, etc.

The processing of the User's Personal Data for the above purposes is necessary for the purposes of the legitimate interests of the Personal Data Controller, i.e. to ensure proper functioning of the Platform, as well as to protect the Platform against attempts of illegal interference with it, e.g. attempts to break into the Platform by unauthorised persons, i.e. Article 6 (1)(f) of GDPR. Personal data will be processed until an objection is raised by the data subject.

f) sharing the User's personal data with other Platform Users, or marketing of products and services of other Platform Users

The legal basis for the processing of Personal Data for the above purposes is the User's consent to the processing of personal data in order to transfer such data to another User of the Platform or for direct marketing of products and services of another User, i.e. Article 6 (1)(a) of GDPR. Personal data for these purposes will be processed for the duration of the Agreement, but no longer than until the User withdraws the consent.

g) use of direct marketing of products and services of the Platform Administrator

The legal basis for the processing of Personal Data for direct marketing purposes is the legitimate interest of the Personal Data Controller, consisting in promoting products from its own offer, i.e. Article 6(1)(f) of GDPR. Personal data will be processed for this purpose for the duration of the Agreement.

h) subscribing to the Newsletter and sending the Newsletter to the User

The legal basis for the processing of Personal Data for the above purpose is the User's consent to the processing of personal data in order to receive the Newsletter, i.e. Article 6 (1)(a) of GDPR. Subscribing to the Newsletter by the User is considered to be equal to granting a consent to its receipt. Personal data will be processed for this purpose for the duration of the Agreement, but no longer than until the User withdraws the consent.

i) issuing and storing invoices by the Platform Administrator

Personal Data processing for the above purpose is necessary to fulfil the legal obligation of the Platform Administrator, i.e. Article 6 (1)(c) of GDPR. Personal data will be processed for this purpose for the period for which invoices should be kept in accordance with generally applicable law.

3. In the case of registration on the Platform, the User provides the following data:

a) name and surname;

b) telephone number and email address;

c) Tax Identification No.

4. In the case of Users who are entrepreneurs, the above scope of data is additionally extended by:

a) the entrepreneur's company;

b) details of the contact person;

c) address of the registered location.

5. When visiting and using the Platform, additional information may be collected, in particular: IP address assigned to the User's computer or an external IP address of the Internet provider, domain name, browser type, access time, operating system.

6. Browsing data may also be collected from the Users, including information about links they clicked or other actions undertaken on the Platform, in order to facilitate the use of services provided electronically by the Platform Administrator and to improve the functionality of these services.

7. In order to determine, pursue, and enforce claims, some personal data provided by the User may be processed as part of using the Services available on the Platform, such as: name, surname, data on the use of services, and, if the claims result from the manner in which the User uses the Services, other data necessary to prove the existence of the claim, including the extent of the damage suffered.

§ 3 Providing and entrusting data and the time of their storage

1. Sharing Personal Data: The User's personal data may be transferred to authorised employees and associates of the Personal Data Controller, entities authorised to receive personal data on the basis of generally-applicable laws, entities providing postal and courier services, advisory services, and services supporting the Personal Data Controller in pursuing claims, in particular: law firms, tax and debt collection companies, as well as authorised employees of the above-mentioned entities, and service providers used by the Platform Administrator when managing the Platform. Service providers to whom personal data is provided, depending on contractual arrangements and circumstances, are either subject to the Personal Data Controller's instructions regarding the purposes and methods of processing such data (processors), or independently define the purposes and methods of its processing (controllers).

a) Processors: The Platform Administrator uses services of suppliers who process personal data only upon request and on behalf of the Administrator. They include, IT and hosting service providers (Tárhely.EU Kft. based at Ormánság utca 4. X. em. 241., 1144 Budapest, Hungary, entered in the Hungarian company register under the following number: Cg.01-09-909968, www.tarhely.eu), traffic analysis systems (Google Analytics provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) on the Platform.

2. Location. Service providers are based mainly in Hungary and Poland, but also in other countries of the European Economic Area (EEA).

3. Storage time. The Users' personal data is stored:

a) If consent is the basis for the processing personal data, then the User's personal data is processed by the Personal Data Controller until the consent is revoked, and after the consent is revoked for a period corresponding to the period of limitation of claims that may be raised by the Personal Data Controller and which may be raised against the Personal Data Controller. Unless a special provision states otherwise, the general limitation period is six years, and for claims pertaining to temporary provisions and claims related to conducting business activity – three years.

b) If the basis for data processing is the performance of the Agreement for the provision of Services available on the Platform, the User's personal data is processed by the Personal Data Controller as long as it is necessary to perform the Agreement, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision states otherwise, the general limitation period is six years, and for claims pertaining to temporary provisions and claims related to conducting business activity – three years.

4.If you register on the Platform and use the Services available there, personal data may be transferred to another registered User for the purpose and to the extent necessary to establish communication between Platform Users and thus enable contact, sending commercial information regarding products from the sales offer of Users.

5. In the event of a request, the Platform Administrator provides Personal Data to authorised state authorities, in particular, organisational units of a prosecutor's office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 4 Cookie policy and IP address

1. The platform uses small files called cookies. They are saved by the Platform Administrator on the end device of the person browsing the Platform, if the web browser allows for it. A cookie file usually includes the name of the domain it comes from, its expiry date, and an individual randomly-chosen number identifying the file. Information collected using this type of files helps to adjust the services offered by the Platform Administrator to the individual preferences and actual needs of people visiting the Platform. They also make it possible to prepare general statistics of browsing the presented products and services on the Platform.

2. The Platform Administrator uses two types of cookies:

a) Session cookies: after closing a given browser session or shutting down the computer the recorded information is deleted from the device memory. The mechanism of session cookies does not make it possible to collect any personal data or confidential information from the Users’ computers.

b) Persistent cookies: they are stored in the memory of the User's end device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow retrieving any personal data or any confidential information from the User's computer.

3. The Platform Administrator uses their own cookies for the following purpose of:

a) analysis and research, as well as audience auditin; in particular, to create anonymous statistics that help with understanding how Users browse the Platform, which makes it possible to improve its structure and content.

4. The Platform Administrator uses third party cookies to:

a) popularising the Platform through Facebook (administrator of external cookies: Facebook Inc. based in the USA or Facebook Ireland based in Ireland) and Linkedin.com (administrator of external cookies: LinkedIn Corporation based in the USA);

b) popularising the Platform through YouTube (administrator of external cookies: Google LLC based in the USA)

c) collecting general and anonymous statistical data via Google Analytics tools (third party cookies administrator: Google Inc with its registered office in the USA)

5. The cookie mechanism is safe for the computers of Platform Users. In particular, it is not possible for cookies to transfer viruses, other unwanted software, or malware to the Users’ computers. However, Users have the possibility to restrict or block cookies by changing their computer browser settings. In the event of using that option, use of the Platform will be possible except for the features that require using cookie files.

6. In many cases, web browsers allow cookies to be stored on the end device of the Platform visitors by default. Platform visitors may change settings related to cookies at any time. In particular, these settings can be changed to block automated support for cookies in the settings of the browser, or to inform the User about them every time they are placed on the device. Detailed information on the possibility and methods of handling cookies are available in the settings of the web browser.

7. The Personal Data Controller may collect Users' IP addresses. An IP address is a number assigned to the computer of a Platform visitor through an Internet service provider. IP numbers make Internet access possible. In most cases, it is assigned to a computer in a dynamic way, i.e. it changes every time you connect to the Internet. An IP address is used by the Platform Administrator to diagnose technical issues with the server, create statistical analyses (e.g. specifying which regions most visits come from), or facilitate Platform administration and optimisation. It can also used for security purposes, or possible identification of server loads or undesirable automatic software for Website content viewing which overload the server.

8. The Platform may contain links to other websites. The Platform Administrator will not be responsible for the privacy protection rules applicable to them.

§ 5 Rights of persons sharing personal data

1. Revoking consent: The User has the right to withdraw their consent to the processing of Personal Data, which they granted to the Personal Data Controller on the following terms:

a) A revoked consent will take effect from the moment that consent is revoked.

b) Revoking consent does not affect the processing carried out by the Personal Data Controller in accordance with the law before its revoking.

c) Revoking consent does not involve any negative consequences for the User; however, it may prevent further use of services or features that the Platform Administrator may legally provide only with consent.

2. Objection: For reasons related to their particular situation, the User has the right to object the processing of their personal data at any time, including profiling, if the Personal Data Controller processes their data based on the legitimate interest of the Personal Data Controller, e.g. marketing of the Platform Administrator's services, keeping statistics of the use of individual features/services of the Platform, and facilitating the use of the Platform, as well as satisfaction surveys, on the following principles:

a) Email-based resignation from receiving marketing messages regarding products or services will mean the User's objection to the processing of their personal data;

b) If the User's objection turns out to be justified and the Personal Data Controller has no other legal basis to process personal data, the User's personal data, in relation to the processing of which the User has objected, will be deleted.

3. Deleting Personal Data: The User has the right to request the deletion of all or some personal data.

a) The User has the right to request the deletion of personal data in the following cases:

a. personal data is no longer required for the purpose for which it was collected or processed;

b. their consent in the scope in which personal data had been processed was revoked;

c. the User objected to the use of their data for marketing purposes;

d. personal data was processed against the law;

e. personal data has to be erased for compliance with a legal obligation applicable in the EU law or Member State law to which the Platform Administrator is subject;

f. personal data has been collected in connection with offering information society services.

b) Despite the request to delete personal data, in connection with the objection or revoking consent, the Platform Administrator may retain certain personal data to the extent that processing is necessary to establish, assert, or defend claims, as well as to fulfil a legal obligation requiring processing under the law of the European Union or the law of the Member State to which the Platform Administrator is subject. This applies in particular to personal data including: name, surname, and email address, which are kept for the purpose of processing complaints and claims related to the use of the Platform Administrator's services, or, additionally, the address of residence/mailing, which are kept for the purpose of processing complaints and claims related to concluded contracts for the provision of services available on the Platform.

4. Restriction: The User has the right to demand that the processing of their personal data be restricted. Submitting a request, until its processing, prevents the use of certain features or services which involve the processing of data covered by the request. The Platform Administrator will also not send any messages, including marketing ones.

a) The User has the right to request restriction of use of Personal Data in the following cases:

a. when the User questions the correctness of their personal data, the Platform Administrator will restrict data use for the time needed to verify the correctness of the data, but for no longer than 7 days;

b. if the processing of data is unlawful, and instead of deleting the data, the User requests to restrict their use;

c. when personal data ceases to be necessary for the purposes for which it was collected or used but it is needed by the User in order to establish, assert, or defend claims;

d. when the User objected to the use of their data, then the restriction occurs for the time needed to find whether, due to a special circumstance, the protection of the User's interests, rights, and freedoms prevail over the interests that the Controller carries out by processing the User's personal data.

5. Confirmation, access: The User has the right to obtain a confirmation from the Personal Data Controller whether it processes personal data, and, if so, the User has the right to:

a) access their personal data;

b) obtain information about: the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of storing User data, the criteria for determining this period (when determining the planned period of data processing is not possible), the User's rights under GDPR, the right to submit a complaint with the supervisory authority, the source of this data, automated decision-making, including profiling, and on the safeguards used in relation to the transfer of such data outside the European Union;

c) acquire a copy of their personal data.

6. Rectification, supplement: The User has the right to request that the Personal Data Controller immediately rectify their incorrect personal data. Taking into account the purposes of processing, the data subject has the right to request supplementing incomplete personal data, including by submitting an additional statement, directing the request to the email address in accordance with §7 of the Privacy Policy.

7. The User has the right to receive their personal data, which the User provided to the Controller, and then send it to another personal data controller of their choice. Furthermore, the User has the right to request that personal data is sent by the Controller directly to such a controller, if it is technically possible. In such a case, the Platform Administrator will send the User's personal data in the form of a csv file, which is a commonly used, machine-readable format that allows sending the received data to another personal data controller.

8. In the event that the User submits a request resulting from the above-mentioned rights, the Platform Administrator will fulfil the request or reject its fulfilment immediately, but no later than within one month from receiving it. However, if – due to the complicated nature of the request or the number of requests – the Platform Administrator will not be able to fulfil the request within a month, the Administrator will fulfil it within the next two months, informing the user in advance, within one month of receiving the request, about the anticipated extension of the deadline and the reasons for it.

9. The User may submit complaints, queries, and requests to the Personal Data Controller regarding the processing of the User's personal data and the exercising of their rights.

10. The User has the right to request that the Platform Administrator provide copies of standard contractual clauses by submitting an inquiry in the manner indicated in § 7 of the Privacy Policy.

11. The User has the right to submit a complaint to the President of the Personal Data Protection Office regarding the violation of their rights to the protection of personal data or other rights granted under the GDPR.

§ 6 Security management - password

1. The Platform Administrator provides Users with a secure and encrypted connection when sending personal data. The Platform Administrator uses an SSL certificate issued by one of the leading global companies in the field of security and encryption of data sent over the Internet.

§ 7 Changing the Privacy Policy

1. The Privacy Policy may be changed. The Platform Administrator will inform the Users about any changes 7 days in advance.

2. Questions related to the Privacy Policy should be sent to the following address: info@barbiocean.com.

3. The Privacy Policy is an integral part of the Terms of Use applicable to the provision of services on the Barbiocean platform.

Plants

Animals

Food

Alcohol free drinks

Alcoholic drinks

Apparel

Textile, Leather Product

Accessories

Bags, suitcases, wallets

Shoes, Accessories

Timepieces, Jewelry, Eyewear

Vehicles

Transportation

Agricultural vehicles

Consumer Electronic

Home Appliance

Security & Protection

Electrical equipment, Telecommunications

Sports, Music

Gifts, Crafts

Playing, Hobbies

Health

Beauty, Body care

cleanliness

Construction trade, Real Estate

Home, Garden

Lighting

Furniture

Furnishings

Industrial machines, Containers

To fix things

Inorganic materials, Metallurgy

Tires, Plastics

Energy

Packaging, Printing

Office, School supplies