Privacy Policy

1. General Information

This Privacy Policy sets out the rules for the processing of personal data of users of the website operated by Besst Power ("the Administrator"). The document presents the data protection standards adopted by the Administrator in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"). By using the website, the user accepts the rules described in this Policy.

2. Administrator Details

Data Administrator: Besst Power

Contact: biuro@besstpower.pl

Address: Grzybowska 43, Warszawa

3. Scope of Processed Data

The Administrator processes personal data obtained:

• Directly from users, particularly when logging into the "Download" section via the Clerk service:
• First name, last name (if available in the login profile),
• Email address,
• User identifier,
• Data necessary for authentication and authorization.
• Automatically, via cookies and analytical tools:
• IP address,
• Device and browser data,
• Activity on the website,
• Analytical identifiers.
• Technical data required to maintain the security and functionality of the website.

4. Purposes and Legal Basis for Data Processing

The Administrator processes data for the following purposes:

4.1. Ensuring Login Functionality (Clerk)

• Legal Basis: Art. 6(1)(b) of the GDPR – performance of a contract or action upon the user's request.
• The data is necessary for creating and servicing the account and ensuring access to the "Download" section.

4.2. Pursuing the Legitimate Interests of the Administrator

• Legal Basis: Art. 6(1)(f) of the GDPR, in particular:
• Ensuring website security,
• Preventing abuse,
• Conducting statistics,
• Developing service functionalities.

4.3. Website Traffic Analysis – Google Analytics and PostHog

• Data is used to assess user activity and improve the quality of services.
• Legal Basis:
• Art. 6(1)(a) of the GDPR – user consent provided via the cookie banner.

4.4. Fulfillment of Legal Obligations

• Legal Basis: Art. 6(1)(c) of the GDPR.
• Applies to cases provided for by law, particularly accounting or protection against claims.

5. External Tools

5.1. Google Analytics

• The website uses Google Analytics, a tool offered by Google LLC.
• Information is collected anonymously unless the user consents to identification via cookies.
• Google may process data on servers located outside the EU, with appropriate safeguards compliant with the GDPR.

5.2. PostHog

• PostHog is used for website operation analytics and recording user interactions.
• Data is processed in a pseudonymized form and used exclusively for statistical purposes.

5.3. Clerk – Login and Authentication

• Clerk Inc. is responsible for handling the login process, storing authentication data, and user identification.
• Data may be transferred outside the EU, with the application of appropriate security standards.

6. Data Recipients

Data may be transferred to:

• IT service providers (hosting, security, analytics),
• Login system providers (Clerk),
• Partners supporting the maintenance and development of the website,
• Entities authorized by law.

The Administrator does not sell personal data.

7. Data Retention Period

• User Account Data – until the account is deleted or after 24 months from the last activity.
• Analytical Data – in accordance with Google and PostHog policies, maximum 26 months, unless the user withdraws consent.
• Data necessary for evidentiary purposes – until the expiry of the limitation period for potential claims.

8. User Rights

The user has the right to:

• Access their data,
• Rectification,
• Erasure ("right to be forgotten"),
• Restriction of processing,
• Data portability,
• Object to processing,
• Withdraw consent at any time,
• Lodge a complaint with the President of the Personal Data Protection Office (UODO).

9. Cookies

The website uses cookies for the purpose of:

• Operating login functionality,
• Traffic analysis,
• Content personalization,
• Improving user experience.

During the first visit, the user may express or refuse consent to data processing for marketing and analytical purposes.

10. Transfer of Data Outside the EEA

In the case of using Google, PostHog, and Clerk services, data may be transferred to third countries. In all cases, safeguards required by the GDPR are applied, including standard contractual clauses.

11. Data Security

The Administrator applies technical and organizational measures aimed at:

• Connection encryption (SSL),
• Regular system updates,
• Access control,
• Minimization of processed data.

12. Changes to the Privacy Policy

The Policy may be updated due to website development or changes in legal regulations. The current version will always be published on the website.