PRIVACY AND COOKIES POLICY
General Provisions
This Privacy Policy sets out detailed rules and purposes for the processing of personal data obtained via the online store operating at:www.phytbeat.com (hereinafter: the "Online Store").
- The Data Controller is PHYTBEAT Spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office atul. Puszkarzy 7, 04-436 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for Warsaw under KRS No.0001146883, NIP (Tax ID) 9522264576, REGON 540512466, share capital: PLN 5,000.00, e-mail: info@phytbeat.com(hereinafter also referred to as: the “Seller” or the “Service Provider”).
- The telephone number under which the Seller may be contacted is available in the footer of the website www.phytbeat.com and is also provided to the Customer together with the e-mail confirmation of an Order.
- Any capitalized terms used in this Privacy Policy shall be understood in accordance with the definitions contained in the Terms and Conditions of the Online Store available on the Store’s website.
Definitions
- Privacy Policy – this Privacy and Cookies Policy of the Online Store.
- Administrator / Data Controller – PHYTBEAT Spółka z ograniczoną odpowiedzialnością, Warsaw.
- Personal Data – any information relating to an identified or identifiable natural person, in particular by reference to such identifiers as: name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person, including device IP address, location data, online identifiers, and information collected via cookies or similar technologies.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
- Act – the Personal Data Protection Act of 10 May 2018 (consolidated text: Journal of Laws of 2019, item 1781, as amended).
- User – any natural person browsing the Online Store’s website or using one or more services or functionalities described in this Privacy Policy.
- Device – an electronic device through which the User gains access to the Online Store.
Purposes and Legal Bases of Data Processing
Personal data of Users is collected in the following cases:
- Browsing the Online Store’s website;
- Registration in the Online Store (creating an Account);
- Placing an Order (including handling complaints and returns).
1. Browsing the Online Store
Personal data of persons using the Online Store without an Account (unregistered Users), including IP address, identifiers, and information collected via cookies or similar technologies, is processed by the Controller for one or more of the following purposes:
- - Provision of electronic services by making available content published in the Online Store (legal basis: necessity for the performance of a contract – Art. 6(1)(b) GDPR);
- - Handling complaints (legal basis: compliance with a legal obligation imposed on the Controller – Art. 6(1)(c) GDPR);
- - Establishing, pursuing, or defending legal claims (legal basis: legitimate interests pursued by the Controller – Art. 6(1)(f) GDPR);
- - Analytical and statistical purposes – analysis of User behavior, activity, and preferences to improve quality and relevance of functionalities and services (legal basis: legitimate interests of the Controller – Art. 6(1)(f) GDPR).
2. Registration in the Online Store (creating an Account)
When registering, Users are asked to provide data necessary to create and maintain an Account (first and last name, contact details, e-mail address). Providing data is voluntary but required for account creation. Data is processed for:
- - Provision of services related to maintaining and operating the Account (Art. 6(1)(b) GDPR);
- - Handling complaints (Art. 6(1)(c) GDPR);
- - Establishing, pursuing, or defending legal claims (Art. 6(1)(f) GDPR);
- - Analytical and statistical purposes (Art. 6(1)(f) GDPR).
3. Placing Orders (including complaints and returns)
When placing an Order, the User provides personal data necessary for Order fulfillment (name, e-mail, phone, delivery address). For business entities: company name, address, and VAT number. Providing data is voluntary but required for Order fulfillment. Data is processed for:
- - Execution of the Order (Art. 6(1)(b) GDPR);
- - Handling complaints and returns (Art. 6(1)(c) GDPR);
- - Compliance with statutory obligations (tax and accounting laws) (Art. 6(1)(c) GDPR);
- - Establishing, pursuing, or defending legal claims (Art. 6(1)(f) GDPR);
- - Analytical and statistical purposes (Art. 6(1)(f) GDPR);
- - Customer satisfaction surveys, including sending e-mails requesting reviews or survey completion (Art. 6(1)(f) GDPR).
Data Retention Periods
Personal data is processed for the period necessary to fulfill the purposes indicated above, depending on the legal basis (performance of a contract, compliance with law, or legitimate interest). Data may be retained until the expiry of limitation periods for claims.
Data Subject Rights
Users have the following rights under GDPR:
- Right to information on data processing;
- Right to obtain a copy of data;
- Right to rectification;
- Right to erasure (“right to be forgotten”);
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing based on legitimate interests;
- Right to object to direct marketing;
- Right to withdraw consent at any time (without affecting prior lawful processing);
- Right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
Requests may be submitted via e-mail to info@phytbeat.com. The Controller will respond within one month.
Data Recipients
Personal data may be transferred to service providers engaged by the Controller, including:
- - IT and technology service providers,
- - Logistics, transport, and delivery services,
- - Customer support,
- - Accounting services,
- - Marketing and advertising services.
The Controller may also be legally obliged to disclose data to public authorities.
Data Transfers Outside the EEA
Where necessary, data may be transferred outside the European Economic Area (e.g., to the USA, Singapore, India, China, Hong Kong, Canada) with appropriate safeguards, such as:
- - European Commission adequacy decisions,
- - Standard Contractual Clauses,
- - Binding Corporate Rules,
- - Other legally compliant safeguards.
Cookies Policy
The Online Store uses cookies – safe text files stored on the User’s Device – enabling, among other things, customization of the website to User preferences, login facilitation, statistical analysis, and traffic monitoring.
Users can manage cookie preferences in their browser settings. Restricting cookies may affect website functionality.
Profiling
With the User’s prior consent, personal data (name, contact details, e-mail, phone) may be processed for profiling and marketing purposes to deliver personalized offers and content. Users may withdraw consent or object to profiling at any time.
Final Provisions
In matters not regulated herein, the provisions of the GDPR and the Personal Data Protection Act shall apply.
This Privacy Policy is effective as of 01 January 2025.