PRIVACY POLICY BUEN SOL

This subpage presents you with information on how the Controller processes personal data. The Controller hopes that this document will help you understand why and how he processes personal data, including the use of cookies in connection with your use of the Controller’s website, i.e. www.buensoloil.com.

Within the framework of the presented Privacy Policy, the Controller discusses your rights, obligations and rules related to the use of the Service and the Controller’s processing of your personal data.

The Controller shall take special care to protect your interests, in particular to ensure that the data collected by the Controller, including the manner in which it is collected, remains in compliance with the provisions of generally applicable law.

The Controller of your personal data is BUEN SOL spółka z ograniczoną odpowiedzialnością with its registered office in Chrzanów and address at ul. Śląska 64A, 32-500, Chrzanów, entered in the register of entrepreneurs by the District Court for Kraków – Śródmieście in Kraków, XII Economic Division of the National Court Register under number: 0001046876, REGON: 525507652, NIP: 6282291559 with a share capital of PLN 49,000 fully paid up.

§1 Definitions

The following are definitions with which familiarisation is necessary in order to fully understand the meaning of the terms used by the Controller in this document.

  1. External Service – these are the websites of the Controller’s partners, service providers or service recipients who cooperate with the Service Controller.

  2. Controller of the Service or Controller – BUEN SOL spółka z ograniczoną odpowiedzialnością with its registered office in Chrzanów and address at ul. Śląska 64A, 32-500, Chrzanów, entered in the register of entrepreneurs by the District Court for Kraków – Śródmieście in Kraków XII Economic Division of the National Court Register under number: 0001046876, REGON: 525507652, NIP: 6282291559 with share capital of PLN 49,000 fully paid up.

  3. Service – means the website operated by the Controller.

  4. User – is a natural person (i.e. it will not be, for example, a limited liability company) for whom the Controller provides services electronically using the Controller’s Service.

  5. Cookies are text data which are usually collected automatically in the form of text files stored on the User’s Device.

  6. Newsletter – a service consisting of providing content about the Controller’s company, available products, promotions, advertising actions, etc.

  7. GDPR- an act of common law in Poland with the full name Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU. L. 2016 No. 119, p. 1 as amended).

  8. Personal data – any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

  9. Processing – an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  10. Restriction of processing – marking stored personal data to restrict future processing.

  11. Profiling – means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects relating to that individual’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  12. Consent – of a data subject means a freely given, specific, informed and unequivocal demonstration of will by which the data subject, by means of a statement or a clear affirmative action, consents to the processing of personal data concerning him or her.

  13. Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorised disclosure of or unauthorised access to personal data transmitted, stored or otherwise processed.

  14. Processor – means a natural or legal person, public authority, entity or other body that processes personal data on behalf of the Controller.

  15. Pseudonimisation – means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is covered by technical and organisational measures which make it impossible to attribute it to an identified or identifiable natural person;

  16. Anonymisation – this process involves a complete, irreversible operation on personal data, whereby they are destroyed or overwritten, making it impossible to identify or link the occurring record to a specific User.

§2 Cookies used by the Controller and Cookies of External Services

Within the Controller’s Service, cookies may be placed and read on the User’s device. They are usually placed automatically in the User’s device.

Cookies can be divided into:

  • Internal cookies – files placed and read from the User’s device by the Service’s ICT system.

  • External Cookies – files placed and read from the User’s device by the ICT systems of External Services. The scripts of External Services that can place Cookies on the User’s devices have been deliberately placed on the Service through the scripts and services made available and installed on the Service.

  • Session cookies – files placed and read from the User’s device by the Service during a single session of the device. When the session ends, the files are deleted from the User’s device.

  • Persistent cookies – files placed and read from the User’s device by the Service until they are manually deleted. The files are not deleted automatically after the end of the device session unless the configuration of the User’s device is set to delete cookies after the end of the device session.

The following types of cookies are used within the Service:

  • “necessary” cookies to enable the use of services available on the Service, e.g. authentication cookies used for services requiring authentication on the Service – these are processed based on the Controller’s legitimate interest;

  • cookies used for security purposes, e.g. used to detect misuse of authentication on the Service;

  • “performance” cookies, enabling the collection of information about the use of the Service’s websites;

  • “functional” cookies, enabling “remembering” the User’s chosen settings and personalising the User’s interface, e.g. with regard to the User’s chosen language or region of origin, font size, website design etc;

  • “advertising” cookies, enabling the User to be provided with advertising content more tailored to his/her interests – these are processed based on the User’s voluntary consent.

Cookies are used by the Controller to:

  • to improve and modify the functionality of the Service;

  • to personalise the Service for the User (e.g. to adapt the design to the User’s device);

  • to carry out marketing and remarketing activities on external Services;

  • presentation of advertising;

  • to collect and analyse statistics (number of unique visits to the website, their number, from which devices the user logs on, internet connection speed, etc.);

  • playback and presentation of multimedia content;

  • playing and presenting community content.

Necessary cookies (2) help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Cookie name

Provider

Description

Type

Expiry

Cookieyes-consent

Buensol.com

CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.

HTTP

1 year

JSESSIONID

Linkedin.com

New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.

HTTP

Session

Preference cookies (3) enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Cookie name

Provider

Description

Type

Expiry

Lang

linkedin.com

LinkedIn sets this cookie to remember a user’s language setting.

HTTP

Session

Lidc

Linkedin.com

LinkedIn sets the lidc cookie to facilitate data center selection.

HTTP

1 day

Li_gc

Linkedin.com

Linkedin set this cookie for storing visitor’s consent regarding using cookies for non-essential purposes.

HTTP

180 days

Statistic cookies (3) help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Cookie name

Provider

Description

Type

Expiry

_ga

Buensol.com

Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.

HTTP

2 years

_ga_*

Buensol.com

Google Analytics sets this cookie to store and count page views.

HTTP

2 years

Consent

Youtube.com

YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data

HTTP

2 years

Marketing cookies (4) are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual User and thereby more valuable for publishers and third party advertisers.

Cookie name

Provider

Description

Type

Expiry

Bcookie

linkedin.com

LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.

HTTP

1 year

VISITOR_INFO1_LIVE

Youtube.com

YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.

HTTP

180 days

YSC

Youtube.com

Youtube sets this cookie to track the views of embedded videos on Youtube pages.

HTTP

Session

Bscookie

linkedin.com

LinkedIn sets this cookie to store performed actions on the website

HTTP

1 year

Other (1) – these are previously unclassified cookies

Cookie name

Provider

Description

Type

Expiry

VISITOR_PRIVACY_METADATA

.youtube.com

Under classification

HTTP

5 months 27 days

Any information on how to disable cookies by the User can be checked through information presented by some of the most popular web browser providers:

However, please note that restricting the use of cookies may affect some of the functionalities of the Service and as a consequence the User will not be able to use all the solutions made available to him/her. The Controller shall not be held liable for any malfunctioning of the Service resulting from the User’s limiting in any way the possibility of saving and reading cookies. The Service Controller may use javascript and other web components of the Controller’s partners (Third Party Services) that place their own cookies on the User’s device. As outlined above, the user can decide on the cookies to be used by individual websites at any time. Below, the Controller presents a list of partners (external sites) or services which the Controller uses within the framework of the Service and which may place cookies on the User’s browser

Social/connected services understood as registration, logging in, content sharing or communication, among other things:

  • Facebook;

  • LinkedIN;

  • WhatsApp;

  • Instagram;

  • Youtube.

Keeping statistics:

  • Google Analytics;

  • Hotjar;

  • Google Tag Manager.

It should be taken into account that the services that are provided by the above-mentioned portals do not fall within the sphere of competence of the Controller. Therefore, they are free to change the terms and conditions of their services at any time, including the privacy policies they apply and even the purpose of processing personal data and the use of cookies.

MailerLite 

MailerLite Limited, 38 Mount Street Upper, Dublin 2, D02 PR89 Ireland.

Privacy policy: https://www.mailerlite.com/legal/privacy-policy

Facebook and Instagram

Meta Platforms Ireland Limited (Facebook, Instagram), Block J, Serpentine Avenue, Dublin 4, Ireland.

Privacy policy: https://www.facebook.com/about/privacy

LinkedIN

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Privacy policy: https://pl.linkedin.com/legal/privacy-policy

Youtube

Google Ireland Limited (YouTube), Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Privacy policy: https://policies.google.com/privacy

Google Tag Manager

Using Tag Manager, the Controller is able to integrate and manage any software solutions, such as Google Analytics, on the Website through the appropriate code sections – also known as tags.

These code sections are also used to collect data about users’ browser, website visits or to set cookies. However, Google Tag Manager is only a domain that does not install cookies and does not process personal data. The processing of your personal data is done only through code sections, such as Google Analytics.

The data acquired by Google is described under this website: https://support.google.com/tagmanager/answer/9323295?hl=en

Hotjar

The Controller uses a tool called Hotjar, which allows him to better understand the interest in the content found on the Website. This tool depicts the User’s movement on the site within a so-called heat map. The Controller does not have access to data that would allow him to identify the User. The tool mainly shows the places where the User clicks the mouse, transitions between different sub-pages.

Hotjar’s privacy policy is available at: https://www.hotjar.com/legal/policies/privacy/

Google Analytics

The Controller uses Google Analytics tools to create website statistics. Within the framework of this tool, the Controller does not collect personal information that would identify the User. The information that the Controller has access to within the framework of this tool is mainly: the type of device and operating system, the web browser used, the language, the source from which the User reached the Website, the sub-pages that are viewed by the User within the Website, the time that the User spends on particular sub-pages, the age range of the User.

Google’s privacy policy is available at: https://policies.google.com/privacy?hl=en

§3 Methods and purposes of processing personal data

The personal data voluntarily provided to the Controller by the User are processed for one of the following purposes:

  • the provision of electronic services, i.e. the Newsletter service (where consent to receive it is given);

  • communication between the Controller and the User on matters related to the functioning of the Service or the protection of the User’s personal data;

  • to contact the User by means of electronic communication and traditional forms of contact (e.g. by post);

  • to ensure the legitimate interest of the Controller, which may be understood as, but is not limited to, keeping the relevant accounting documents relating to the provision of services to the User.

Your data may be transferred by us to countries outside the European Economic Area, specifically the United States.

Personal data will not be resold by the Controller to third parties.

Personal data for the Controller’s marketing purposes will be processed only with the User’s consent. The User may give such consent by filling in a form for receiving commercial information by electronic means (Newsletter) or by ticking the appropriate box next to the contact form.

This consent may be withdrawn at any time without prejudice to the services provided by the Controller to the User. Furthermore, the withdrawal of this consent will not affect the correctness of the data processing. The User’s use of the Controller’s Service shall not be affected by the granting of consent for the processing of data for marketing purposes.

§4 User rights

In accordance with the GDPR, with regard to the personal data processed by the Controller of your (your) personal data, you are entitled to:

  • the right to access personal data and to be issued with a copy;
  • rectification of personal data;
  • deletion of personal data;
  • restriction of the processing of personal data.
  • transfer of personal data.

Please note that you may always object to the processing of personal data concerning you. To the extent that personal data is used for direct marketing purposes, it is possible to withdraw the consent given to us by the User at any time. The Controller has not appointed a Data Protection Officer. If you wish to exercise your right, all you need to do is contact us using the email address info@buensoloil.com and specify the scope of your request. The Controller will respond to your message promptly, but no later than within 72 hours of your request. However, the Controller reserves the right to be able to verify your identity for the purpose of processing this application. In this case, you may be asked to send a scan of your identity card or passport or the bill on which the data is contained. The data submitted to us are not entered into any personal data file. Once the verification process is completed, they are immediately deleted by the Controller. Such measures are necessary for the Controller to protect your vital interests in accordance with Article 6(1)(d) of the GDPR. If you believe that, in relation to your personal data, the Controller is processing it in breach of data protection legislation, you are entitled to lodge an appropriate complaint with the supervisory authority having jurisdiction over your place of residence, place of business or place of the alleged breach.

§5 On what basis does the Controller process data

I. “Newsletter” service

Within the framework of the “Newsletter” service provided, we set out below your rights in connection with the services provided electronically.

  1. Purposes of personal data processing and legal basis of personal data processing

The data will be processed for the purpose of carrying out the Newsletter service to which you have voluntarily subscribed. The legal basis for the processing is the Controller’s legitimate interest in providing information to persons interested in information related to BUEN SOL’s commercial offer. This interest is expressed when you confirm your subscription to the Newsletter service (Art. 6(1)(a) and (f) GDPR

  1. Data retention period

We will process the Personal Data we have collected until you object, unless the purpose of the processing (provision of the Newsletter service) ceases earlier.

  1. Recipients of personal data

Your data will be passed on to the entities to which we outsource the Newsletter service (i.e. MAILERLITE). These entities will process your personal data on the basis of the contract concluded between us and this entity.

  1. Rights in relation to the processing of personal data

You have the following rights in relation to our processing of your personal data:

  • The right to object to the processing of data,
  • The right of access to your personal data,
  • The right to request the rectification of your personal data,
  • The right to request the erasure of your personal data,
  • The right to request the restriction of the processing of your personal data.

The rights described can be exercised by contacting us using the contact form.

Right to object

To the extent that your data is processed on the basis of our legitimate interest – you have the right to object to the processing. The objection can be made by emailing info@buensoloil.com or via a link included in any email from us containing the selected newsletter.

Right to lodge a complaint with an authority

You also have the right to lodge a complaint with the supervisory authority in charge of data protection, i.e. the President of the Office for Personal Data Protection.

II. “Become a Partner” service

As part of the “Become a Partner” service, you can become a BUEN SOL business partner. On this basis, a relevant business relationship may be established in the course of correspondence between us and you. As part of this service, we set out below how BUEN SOL processes your Personal Data.

  1. Purposes of personal data processing and legal basis of personal data processing

The data will be processed for the purposes of the “Become a Partner” service to which you have voluntarily subscribed. The legal basis for the processing is the Controller’s legitimate interest in providing information to persons interested in establishing a business relationship with BUEN SOL (Art. 6(1)(a) and (f) GDPR

  1. Data retention period

We will process the Personal Data collected by us until you raise an objection, unless the purpose of the processing (provision of the Newsletter service) ceases earlier, and, in the case of the establishment of a business relationship, until the statute of limitations for tax obligations related to our business activities (as a general rule, a period of five years calculated from the end of the tax year in which the deadline for payment of taxes resulting from our business relationship has expired).

  1. Recipients of personal data

Your data will be passed on to entities to whom we outsource accounting or legal services to us.

  1. Rights in relation to the processing of personal data

You have the following rights in relation to our processing of your personal data:

  • The right to object to the processing of data,
  • The right of access to your personal data,
  • The right to request the rectification of your personal data,
  • The right to request the erasure of your personal data,
  • The right to request the restriction of the processing of your personal data.

The rights described can be exercised by contacting us using the contact form.

Right to object

To the extent that your data is processed on the basis of our legitimate interest – you have the right to object to the processing. You can raise an objection by emailing info@buensoloil.com.

Right to lodge a complaint with an authority

You also have the right to lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Office for Personal Data Protection.

III. “Free sample” service

As part of the “Free sample” service provided, we set out below your rights in connection with the services provided electronically.

  1. Purposes of personal data processing and legal basis of personal data processing

The data will be processed for the purpose of providing the “Free Sample” service to which you have voluntarily subscribed. The legal basis for the processing is the legitimate interest of the Controller to establish the conditions for the provision of free samples of the BUEN SOL product .This interest has been expressed in the situation of confirmation of your subscription to the “Free Sample” service (Art. 6(1)(a) and (f) GDPR.

  1. Data retention period

We will process the Personal Data collected by us until you raise an objection, unless the purpose of the processing (provision of the Newsletter service) ceases earlier, and, in the case of the establishment of a business relationship, until the statute of limitations for tax obligations related to our business activities (as a general rule, a period of five years calculated from the end of the tax year in which the deadline for payment of taxes resulting from our business relationship has expired).

  1. Recipients of personal data

Your data will be passed on to entities to whom we outsource accounting or legal services to us.

  1. Rights in relation to the processing of personal data

You have the following rights in relation to our processing of your personal data:

  • The right to object to the processing of data,
  • The right of access to your personal data,
  • The right to request the rectification of your personal data,
  • The right to request the erasure of your personal data,
  • The right to request the restriction of the processing of your personal data.

The rights described can be exercised by contacting us using the contact form.

Right to object

To the extent that your data is processed on the basis of our legitimate interest – you have the right to object to the processing. You can raise an objection by emailing info@buensoloil.com.

Right to lodge a complaint with an authority

You also have the right to lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Data Protection Authority.

IV „Contact Form” service

As part of the “Contact Form” service provided, we set out below your rights in connection with the electronic services provided.

  1. Purposes of personal data processing and legal basis of personal data processing

The data will be processed for the purpose of carrying out the “Contact Form” service to which you have voluntarily subscribed. The legal basis for the processing is the Controller’s legitimate interest in providing information to persons interested in information related to BUEN SOL’s commercial offer. This interest is expressed when you confirm your subscription to the Newsletter service (Art. 6(1)(a) and (f) GDPR

  1. Data retention period

We will process the Personal Data we have collected until you object, unless the purpose of the processing (provision of the “Contact Form” service) ceases earlier.

  1. Recipients of personal data

Your data will be passed on to entities to whom we outsource accounting or legal services to us.

  1. Rights in relation to the processing of personal data

You have the following rights in relation to our processing of your personal data:

  • The right to object to the processing of data,
  • The right of access to your personal data,
  • The right to request the rectification of your personal data,
  • The right to request the erasure of your personal data,
  • The right to request the restriction of the processing of your personal data.

The rights described can be exercised by contacting us using the contact form.

Right to object

To the extent that your data is processed on the basis of our legitimate interest – you have the right to object to the processing. You can raise an objection by emailing info@buensoloil.com.

Right to lodge a complaint with an authority

You also have the right to lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Office for Personal Data Protection.

V. Performance of a commercial contract

If we enter into a business relationship in the course of its execution, we may collect your Personal Data. In this case, we describe how we will process your Personal Data.

  1. Purposes of personal data processing and legal basis of personal data processing

The data will be processed for the performance of the commercial contract concluded between BUEN SOL and your company.  The legal basis for the processing is that it is necessary for the performance of the contract to which you are a party or to take action at the request of the data subject prior to entering into the contract. This interest is expressed when you confirm your subscription to the Newsletter service (Art. 6(1)(b).

  1. Data retention period

We will process the Personal Data collected by us until you raise an objection, unless the purpose of the processing (provision of the Newsletter service) ceases earlier, and, in the case of the establishment of a business relationship, until the statute of limitations for tax obligations related to our business activities (as a general rule, a period of five years calculated from the end of the tax year in which the deadline for payment of taxes resulting from our business relationship has expired).

  1. Recipients of personal data

Your data will be passed on to entities to whom we outsource accounting or legal services to us.

  1. Rights in relation to the processing of personal data

You have the following rights in relation to our processing of your personal data:

  • The right to object to the processing of data,
  • The right of access to your personal data,
  • The right to request the rectification of your personal data,
  • The right to request the deletion of your personal data,
  • The right to request the restriction of the processing of your personal data.

The rights described can be exercised by contacting us using the contact form.

Right to object

To the extent that your data is processed on the basis of our legitimate interest – you have the right to object to the processing. You can raise an objection by emailing info@buensoloil.com.

Right to lodge a complaint with an authority

You also have the right to lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Office for Personal Data Protection.

§6 How long the Controller stores your personal data

Depending on the type of personal data, it may be stored for a period of time:

  1. 30 days – if the User unsubscribes from the Newsletter;
  2. As a general rule – 5 years from the expiry of the deadline for payment of the tax for which the tax obligation has arisen in connection with the service provided by the Controller to you – in the case of personal data which are processed for the purpose of keeping tax records.

§7 Who may also have access to your personal data

As a rule, the recipient of the personal data provided by the User is the Controller. This data is not passed on or resold to third parties.

However, on the basis of a data entrustment agreement, your personal data may also be accessed by entities responsible for the maintenance of the Controller’s infrastructure or the provision of services necessary for the operation of the Service, i.e. the Controller:

  1. hosting company, i.e. an entity which provides the Controller with hosting or related services in order to maintain the Service;

  2. companies through which the Controller delivers the Newsletter to the User;

  3. companies that are responsible for the Controller’s bookkeeping, including providing us with accounting and tax record-keeping services;

  4. firms that are responsible for providing legal services, including tax advice, to the Controller;

  5. companies that provide advertising and marketing services to the Controller.

Entrusting the processing of personal data for the provision of the Newsletter service

In order to provide the Newsletter service, the Controller uses the company .

Entrusting the processing of personal data in order to obtain Hosting, VPS services

In order for the Controller to run the Service, the services of a third party hosting provider, VPS, are used. All data collected by the Controller and processed on the Service is stored and processed on the infrastructure of one of the service providers, which is located within the borders of the European Union. Personal data processed by the Controller may be accessed by the above-mentioned entities as a result of maintenance work carried out by the service provider’s staff. This access is regulated within the framework of the contract in force between the Controller and these entities.

Transfer of personal data in the case of accounting or legal services

Some of the data is entered into the Controller’s accounting system or transferred to the entity providing accounting or legal services to the Controller. The transfer of this data results primarily from an agreement between the Controller and the entity providing an accounting or legal service to the Controller or providing an accounting software service to the Controller.

§8 Contact to the Controller

Contact with the Controller is possible through:

E-mail address: info@buensoloil.com

Postal address – ul. Śląska 64A, 32-500, Chrzanów

§9 Changes to the Privacy Policy

Any changes to the Privacy Policy shall be made available on the Controller’s te and the fact of their implementation shall be communicated via the indicated e-mail address (in case the User has subscribed to the Newsletter service).