Welcome to BehindEveryStock (the "Site"), operated by Pawel Duda. We are committed to protecting your personal data and respecting your privacy in compliance with the General Data Protection Regulation (GDPR).
1. Introduction
2. Data Controller
The data controller responsible for your personal data is:
BehindEveryStock
Email: behindeverystock+legal@gmail.com
3. What Data We Collect
Personal Data
- Email Address: For registration, login, and communication purposes.
- First and Last Name: For personalized communication and identification.
- Password: Stored securely in hashed form; we cannot view or retrieve your actual password.
Usage Data
We collect data on how you interact with our website and services.
Cookies and Similar Technologies
We use cookies to enhance your experience. Please refer to section 9 for more details.
4. Legal Basis for Processing
We process your personal data based on:
- Consent: You have given clear consent for us to process your personal data for specific purposes.
- Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with legal obligations.
- Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services.
5. How We Use Your Data
Your personal data is used for:
- Providing and maintaining our services.
- Personalizing your experience.
- Communicating with you regarding updates, offers, or support.
- Improving our website and services.
- Complying with legal obligations.
6. Data Retention
We retain your personal data only as long as necessary for the purposes set out in this Privacy Policy and to comply with legal obligations.
7. Data Sharing and Disclosure
We do not sell or rent your personal data to third parties. We may share your data with:
- Service Providers: Third-party companies who assist us in operating our website and services, under confidentiality agreements and Data Processing Agreements (DPA) in accordance with GDPR Art. 28.
- Legal Obligations: When required by law or to protect our rights.
Sub-processors
We use the following third-party service providers (sub-processors) to process personal data on our behalf:
| Provider | Purpose | Data Processed | Country |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Email, billing data, IP address | USA |
| Mailjet SAS | Transactional email delivery | Email address | France |
| Fakturownia (iFirma S.A.) | Invoice generation | Name, address, tax ID (NIP) | Poland |
| Google LLC (Analytics, reCAPTCHA, Tag Manager) | Website analytics, bot protection | IP address, behavioral data | USA |
| Acceptrics | Cookie consent management | Consent preferences | EU |
All sub-processors are bound by Data Processing Agreements ensuring GDPR-compliant handling of your data. For transfers outside the EEA, appropriate safeguards (such as Standard Contractual Clauses) are in place.
8. International Data Transfers
Your data may be transferred to countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place to protect your data in compliance with GDPR.
9. Cookies and Similar Technologies
We use cookies to understand how you use our site and to improve your experience.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help us recognize your device and remember your preferences.
Your Choices
You can choose to accept or decline cookies through your browser settings. Note that disabling cookies may affect the functionality of our website.
10. Security Measures
We are committed to securing your personal data. We implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of your data.
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
11. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to Access: Request access to your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data under certain conditions.
- Right to Restrict Processing: Request restriction of processing under certain conditions.
- Right to Data Portability: Receive your data in a structured, commonly used format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
- Right to Lodge a Complaint: File a complaint with a supervisory authority.
12. Exercising Your Rights
To exercise your rights, please contact us at:
Email: behindeverystock+legal@gmail.com
We may need to verify your identity before processing your request.
13. Third-Party Service
We use third-party services like Google Analytics to collect and process usage data. These services have their own privacy policies addressing how they use such information.
We encourage you to review the privacy policies of any third-party sites or services you interact with.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated revision date. Your continued use of the site after any changes indicates your acceptance of the new terms.
15. Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us:
Email: behindeverystock+legal@gmail.com
Data Protection Officer:
Email: behindeverystock+dataprotectionofficer@gmail.com
Data Protection Supervisor:
16. Supervisory Authority
If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the relevant supervisory authority in your country.