Befame - We design furniture for you - Bielsko - Biała
en

Privacy Policy

BFM Home Sp. z o.o.

This Privacy Policy has been adopted in connection with the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”). The purpose of this policy is, in particular, to fulfill the information obligation referred to in Articles 13 and 14 of the GDPR.

1. Definitions

  1. Data Controller – BFM Home Sp. z o.o., headquartered in Bielsko-Biała, Piekarska Street 130, NIP: 937-218-63-13.
  2. You – individuals whose personal data is processed by BFM Home Sp. z o.o.

2. Data Controller

The Data Controller is the entity that determines the purposes and means of processing personal data. The controller of your personal data is BFM Home Sp. z o.o., headquartered in Bielsko-Biała.

3. Data Processing

In connection with our business operations, we process personal data of:

  • Individual contractors (including suppliers, etc.),
  • Customers,
  • Contact persons designated by contractors and customers (including sales representatives, individuals responsible for project implementation, drivers, etc.),
  • Individuals with whom we correspond,
  • Individuals who gain access to our premises, and
  • Individuals interested in employment with us.

The scope of processed data is always appropriate to the purpose of processing.

4. Purpose of Data Processing

Your personal data may be processed for the following purposes:

  1. Performance of contracts or actions taken at your request before entering into a contract (Article 6(1)(b) GDPR). Data will be processed for the duration of the contract and any further period necessary to fulfill associated rights and obligations.
  2. Compliance with legal obligations (especially tax laws, accounting regulations, or archiving requirements) (Article 6(1)(c) GDPR). Data will be processed for the period specified by the relevant legal provisions.
  3. Our legitimate interests (Article 6(1)(f) GDPR), including:
    • Direct marketing of our goods or services,
    • Preparing summaries, analyses, and statistics for marketing research and business analysis purposes,
    • Establishing, exercising, or defending legal claims,
    • Corresponding via all available technologies, such as traditional mail, email, or other communication methods (e.g., internet messengers),
    • Initiating and maintaining business contacts,
    • Conducting video monitoring of our facilities to ensure the safety of individuals and property on the premises.
    For cases listed in point 3, data will be processed for the duration of the legitimate interest. For marketing activities, this continues until you object. Video monitoring data is retained for no more than 30 days unless otherwise required by law.
  4. Based on your consent (Article 6(1)(a) GDPR), such as for recruitment purposes (e.g., data in CVs). Data will be processed for the period specified in the consent. You may withdraw consent at any time without affecting the legality of processing prior to withdrawal.

5. Voluntariness of Providing Data

You are not required to provide personal data. However, refusal to do so may result in the inability to conclude or perform a contract, send correspondence, access our premises, or participate in recruitment processes.

6. Automated Decision-Making, Including Profiling

Decisions regarding contract terms may be automated but are currently not subject to profiling. Should profiling be implemented in the future, it will comply with applicable regulations, including Article 22 of the GDPR.

7. Sharing Personal Data

Your personal data may be shared with:

  • Entities processing data on our behalf under processing agreements (e.g., IT infrastructure providers, data disposal services, subcontractors, payment intermediaries, couriers, auditors, legal or tax advisors).
  • Other entities based on legal provisions.

We will not disclose your data to unauthorized parties.

8. Data Transfers Outside the European Economic Area (EEA)

Some personal data may be transferred outside the EEA due to technical reasons related to hosting services. Such data is safeguarded under standard contractual clauses or other required measures.

9. Your Rights

You have the right to:

  1. Access your data (including receiving a copy),
  2. Rectify or correct data,
  3. Restrict processing,
  4. Request data deletion (“right to be forgotten”),
  5. Transfer data to another controller.

Requests can be submitted as described in section 13 and will be processed per Articles 15–20 GDPR.

10. Right to Object

You may object to data processing based on legitimate interests. If data is processed for marketing purposes, we will immediately cease such processing. For other legitimate interests, processing will cease unless overriding reasons exist.

11. Complaint to Supervisory Authority

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

12. Updates to the Privacy Policy

This Privacy Policy may be updated. The current version will always be available on our website: www.befame.com.

13. Contact

If you have questions about the use of your personal data, please contact us via email or postal mail at the addresses provided on our website.

PURPOSES AND ACTIVITIES OF DATA PROCESSING

1. Orders
When placing an order, we require you to provide data necessary for its fulfillment, such as company name, company address, delivery address, VAT ID, and email address. Providing this data is voluntary but necessary to process your order.

Data provided in connection with an order are processed for the following purposes:

  • Order fulfillment (Article 6(1)(b) GDPR),
  • Issuing invoices,
  • Including the invoice in our accounting documentation (Article 6(1)(c) GDPR),
  • Archival and statistical purposes (Article 6(1)(f) GDPR).

Data related to the order is stored in our system and archived on our server. Each order is documented with an invoice issued through our software. Orders are also recorded in our internal database for archival and statistical purposes.

Data regarding orders will be processed for the duration necessary to fulfill the order and until the expiration of claims arising from the contract. After this period, data may still be processed for statistical purposes. In addition, invoices containing your personal data are retained for five years from the end of the tax year in which the tax obligation arose.

For order data:

  • You cannot request correction of the data after the order is completed,
  • You cannot object to processing or request deletion of the data until the expiration of the claim period,
  • You cannot object to processing or request deletion of data contained in invoices.

After the claim period expires, you may object to data processing for statistical purposes and request data deletion from our database.

2. Complaints
During the complaint process, you provide personal data such as name, residential address, delivery address, company name, company address, phone number, and email address.

Data provided in connection with a complaint are processed to handle the complaint procedure (Article 6(1)(c) GDPR).

Data will be processed for the time necessary to handle the complaint. Complaints may also be archived for statistical purposes.

For complaint data:

  • You cannot object to processing or request deletion of the data until the expiration of claims arising from the contract.
  • After the claim period expires, you may object to data processing for statistical purposes and request data deletion from our database.

3. Email Contact
When you contact us via email or a contact form, your email address is naturally shared with us, along with any additional personal data included in the message.

Your data in this context is processed to respond to your inquiry, and the legal basis for processing is your consent implied by initiating contact (Article 6(1)(a) GDPR). The legal basis for processing after the conclusion of contact is our legitimate interest in archiving correspondence for internal needs (Article 6(1)(f) GDPR).

Correspondence content may be archived, but we cannot precisely determine when it will be deleted. You have the right to request access to your correspondence history and request its deletion unless archiving is justified by our overriding interests (Article 6(1)(f) GDPR).

COOKIES

Our website, like most websites, uses cookies to improve and simplify your experience.

1. What are Cookies?
Cookies are small text files stored on your device (e.g., computer, tablet, smartphone) that can be read by our IT system.

2. Types of Cookies Used:

  • Own Cookies: Used to ensure the proper functioning of the website.
  • Third-Party Cookies: Used for functionalities provided by third parties, such as analytics or social media tools.

3. Analytics and Statistics
We use cookies for tracking site statistics, such as visitor numbers, operating systems, browsers, time spent on the site, and visited subpages. We use Google Analytics for this purpose, which involves using cookies from Google LLC and their tracking codes. You can decide whether we may use marketing functionalities in Google Analytics through cookie settings.

4. Social Media Tools
Our website offers social media functions, such as sharing content or subscribing to social media profiles. Using these functions may involve cookies from platforms such as Facebook, Instagram, YouTube, Twitter, LinkedIn, Pinterest.

We also embed videos from YouTube. Watching these videos may involve cookies from Google LLC related to YouTube services.

SERVER LOGS

Using our website involves sending requests to the server hosting the site. Each request is logged, including your IP address, server date and time, browser information, and operating system details.

Server logs are stored for administrative purposes and are not used to identify users. Only authorized personnel managing the server have access to these logs.