Privacy Policy

We ensure full respect for privacy and the protection of personal data for our Customers. Personal data provided to us by Customers during registration or purchase is processed in accordance with the Personal Data Protection Act and applicable legal acts, including the GDPR. Customers’ personal data is stored in a manner that ensures complete security, and only authorized Store employees have access to the database.

Data Controller

The data controller, within the meaning of the Act of August 29, 1997 (Journal of Laws 1997, No. 133, item 883, as amended), is BOMAF sp. z o.o.

ul. Lipowska 190A
34-324 Lipowa
NIP: 5532552501

Contact details of the Data Controller:
e-mail: biuro.bomaf@gmail.com
phone: +48 733 991 996

Purpose of Data Collection and Processing

Data is collected and processed to create individual accounts in the store biuro.bomaf@gmail.com and to conclude and perform (including delivery to the Customer’s address) a purchase-sale agreement, as well as for possible complaint procedures (Art. 6(1)(b) of the GDPR).

The Store may use personal data for marketing purposes, i.e. to send information about the Store’s offer and purchase promotions via email/SMS Newsletter:

  • only if the Customer gives consent by subscribing to the Newsletter (legal basis: Art. 6(1)(f) of the GDPR);
  • Withdrawal of consent is possible by contacting the Store at: biuro.bomaf@gmail.com (email subject: “Unsubscribe from Newsletter”).

Newsletter subscription is declared:

  • during Account registration in the Store by checking the “I want to receive the Newsletter and SMS Newsletter” box,
  • by entering the email address in the designated box on the Store’s website.

Consent to receive the Newsletter and acceptance of the Terms and Privacy Policy is given at the time of subscribing to this electronic service.

The Store may use the collected personal data to create customer groups and assign accounts to these groups based on Customer status or purchase history.

Data may also be processed for monitoring, reporting, and improving the Store’s services and operations (legal basis: Art. 6(1)(f) of the GDPR).

In other cases, personal data will only be processed based on prior consent within a specified scope and purpose.

Obligation to Provide Personal Data

Failure to provide all required data may prevent the conclusion of the purchase-sale agreement or account registration.

Providing personal data is voluntary where it is collected based on consent.

Information About Recipients of Customers’ Personal Data

In connection with processing personal data to conclude and perform (deliver to the Customer’s address) a purchase-sale agreement, Customers’ personal data may be shared with the following recipients or categories of recipients:

  • entities involved in processes necessary to complete and deliver orders placed in the online store,
  • public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes arising from legal provisions.

Data Retention Period

Customers’ personal data is processed by the Store for the duration necessary to provide electronic services related to user account maintenance and order fulfillment.

After this period, the data may still be processed as required by law or for the legitimate interest of the Data Controller.

For marketing purposes, the data may be processed until consent is withdrawn.

Data Profiling

Personal data may be used to prepare and send personalized offers or messages.

Personal data is processed based on profiling performed using the Customer’s activity, group membership, or purchase history.

Customer Rights Regarding Personal Data

Every Customer who has provided their personal data has the right to:

  • full access to their data for verification (including the right to obtain a copy),
  • modify personal data if it is incomplete, incorrect, or outdated,
  • request deletion of data when: a. the data is no longer necessary, b. the person objects to processing, c. the person withdraws consent and there is no other legal basis, d. data is processed unlawfully, e. data must be deleted to comply with legal obligations,
  • request restriction of processing when: a. the accuracy of the data is contested, b. processing is unlawful and the person opposes deletion, c. the data is no longer needed by the controller but is needed to establish or defend claims, d. an objection has been filed and a balance of interests is being assessed,
  • data portability, when: a. the data is processed based on a contract or consent, b. processing is automated,
  • object to processing by the controller when: a. the person is in a particular situation, b. data is processed automatically.

The Customer can edit their data after logging into their account or by submitting a request to Store staff.

Withdrawal of Consent

The Customer has the right to withdraw their consent to the processing of personal data at any time. The withdrawal does not affect the legality of the processing carried out based on consent before its withdrawal.

Right to File a Complaint

The Customer has the right to file a complaint with the supervisory authority (President of the Personal Data Protection Office) if they believe that the controller violates GDPR regulations.

Data Security

Customers’ personal data is stored on secure servers. Access is limited to selected employees who have received appropriate data protection training.

Sign In

Don't have an account yet? Register

Forgot password?

Register

Reset Password

Please enter your username or email address, you will receive a link to create a new password via email.

en_USEnglish
pl_PLPolish es_ESSpanish de_DEGerman ukUkrainian sk_SKSlovak en_USEnglish
Find Business or Service