Privacy Policy

At Beyston, we respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

This Privacy Policy explains how Beyston (the “Platform”) collects, uses, shares, and protects your personal data when you visit our website, use our mobile apps, register an account, browse products, place orders, interact as a buyer or seller, or otherwise use our services (collectively, the “Services”).

1. Who we are

Beyston is operated by [Insert Full Legal Entity Name, e.g., Beyston Sp. z o.o. or equivalent], registered in [Country, e.g., Poland], company registration number [number], with registered address at [full address].

We are the data controller for personal data processed via the Platform, except where we act only as a processor (e.g., when processing data solely on behalf of a third-party seller for their own purposes).

For data protection inquiries: Contact our [Data Protection Officer / Privacy Team] at [email protected] or [postal address].

2. What personal data we collect

We collect the following categories of personal data:

• Identity and contact data: Name, email address, phone number, delivery/billing address.
• Account and profile data: Username, password (hashed), preferences, saved items/wishlists.
• Transaction data: Order details, purchased products, payment method (not full card details — handled by processors), invoices.
• Communication data: Messages with support or sellers, reviews, ratings, feedback.
• Technical and usage data: IP address, browser type, device info, operating system, pages visited, time spent, referral sources (via cookies/analytics).
• Marketing and preferences data: Consent records, opt-ins/outs for newsletters/promotions.
• Seller-specific data (if you are a seller): Business name, tax/VAT ID, bank details for payouts, identification documents (for verification).

3. How we collect your data

• Directly from you (e.g., registration, orders, forms, communications).
• Automatically (cookies, server logs, analytics tools like Google Analytics).
• From third parties (e.g., payment providers for transaction confirmation, shipping carriers for delivery updates).
• From sellers (e.g., order fulfillment status).

4. Purposes and legal bases for processing

We process your personal data for the following purposes, with corresponding GDPR legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): To register accounts, process orders, facilitate payments/shipping, handle returns/refunds, enable buyer-seller communication.
• Compliance with legal obligations (Art. 6(1)(c)): Tax/VAT reporting, consumer protection laws, anti-fraud measures.
• Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, improving Services, direct marketing (non-consent-based where allowed), analytics for business insights.
• Consent (Art. 6(1)(a)): Marketing emails/newsletters, certain cookies/non-essential trackers (withdrawable anytime).

5. Sharing your personal data

We share data only when necessary:

• With third-party sellers: Your name, delivery address, phone (if provided), order details (to fulfill and ship orders).
• With service providers: Payment gateways (e.g., Stripe/PayPal), shipping carriers (e.g., DHL/UPS), cloud hosting, analytics.
• With authorities: If required by law (e.g., tax/customs, fraud investigations).
• In business transfers: To potential acquiring entities (with safeguards).

6. International data transfers

Some recipients may be outside the EEA (e.g., US-based providers). We use safeguards such as:

• EU–US Data Privacy Framework certification (where applicable)
• Standard Contractual Clauses (SCCs)
• Adequacy decisions

Details available on request.

7. Data retention

We retain data only as long as necessary:

• Account data: While active + up to 1 year after closure (or longer for legal claims).
• Order data: 10 years for tax/accounting (statutory in many EU countries).
• Marketing data: Until consent withdrawn or objection.
• Logs/technical data: Up to 26 months (analytics default).

We anonymize or delete when no longer needed.

8. Your GDPR rights

As an EU/EEA resident, you have rights (subject to verification and exceptions):

• Access your data
• Rectify inaccurate data
• Erase data (“right to be forgotten”)
• Restrict processing
• Object to processing (especially legitimate interests/marketing)
• Data portability
• Withdraw consent (where based on consent)

To exercise rights: Contact [email protected]. We respond within 1 month (extendable). You can also lodge a complaint with your national supervisory authority (e.g., in Poland: UODO).

9. Cookies and similar technologies

We use cookies and trackers for essential functions, analytics, and (with consent) marketing/personalization. See our separate Cookie Policy for details, including how to manage preferences.

10. Security

We implement appropriate technical/organizational measures (e.g., encryption, access controls) to protect data. However, no system is 100% secure.

11. Children’s privacy

Our Services are not directed at children under 16. We do not knowingly collect data from minors.

12. Changes to this policy

We may update this Policy. Significant changes will be notified via email or Platform notice. Continued use constitutes acceptance.

13. Contact us

For questions: [email protected] or [address].
Thank you for trusting Beyston with your data.