Barision

Barision Privacy Policy (UK)

  1. Introduction and Scope

    Barision (hereinafter referred to as the "Company", "we") respects your privacy. This document sets out in detail the principles and methods of collecting, using, processing, storing and protecting your personal data when providing you with our products and services. This policy has been developed in full compliance with the requirements of the EU General Data Protection Regulation (GDPR) 2016/679 and other applicable data protection laws in force in the UK and the European Union.

  2. Definition of personal data

    For the purposes of this policy, personal data means any information relating to an identified or identifiable natural person (data subject). This definition includes, but is not limited to, the following categories of information: basic identification data (such as first name, last name, date of birth), contact data (including postal address, email address, telephone number), financial information (payment card details, bank details), technical data (IP address, cookie data, device information), demographic information (age, gender, preferences), and professional data (place of work, position).

  3. Principles of data processing

    The processing of your personal data is carried out in strict accordance with the fundamental principles of data protection. The first principle - lawfulness, fairness and transparency - means that the processing is always carried out lawfully, fairly and with maximum transparency for the data subject. The second principle - purpose limitation - implies that data is collected only for specific, explicit and legitimate purposes. The third principle - data minimization - means collecting only the data that is truly necessary for the stated purposes. The fourth principle - accuracy - requires that the data is accurate and, where necessary, updated in a timely manner. The fifth principle - storage limitation - states that data should not be stored longer than is necessary to achieve the purposes of processing. The sixth principle - integrity and confidentiality - ensures that data is processed with appropriate security measures.

  4. Methods of data collection

    Personal data is collected in various ways depending on the nature of interaction with the Company. When making purchases, we request the necessary information to identify the order, including your full name, postal address for delivery, contact details (email and phone number) for communication, and payment details to process the transaction. When using the website, technical data is automatically collected, including IP address, browser type, operating system version, site usage data (pages viewed, time of visit), and cookie data - small files that improve the operation of the site. When directly contacting the Company via e-mail, phone calls, feedback forms on the site or social networks, certain information may also be collected. In addition, we may receive data through third parties, such as payment systems (Stripe, Shopify), marketing partners and providers of analytical services.

  5. Purposes of data processing

    Personal data is processed to achieve clearly defined purposes. The primary purposes include processing and fulfilling your orders, ensuring the delivery of products, processing payments and preventing fraud, and providing information on the status of your order. Secondary purposes of processing are aimed at improving the quality of products and services, personalizing the user experience, conducting marketing campaigns (which are carried out exclusively with your consent), analyzing user behavior on the website and ensuring compliance with the legal requirements imposed on our activities.

  6. Legal bases for processing

    The processing of personal data is always carried out on a legal basis. The primary legal basis is the need to perform a contract (e.g. processing your orders and ensuring the delivery of goods). In some cases, we rely on legitimate interests, such as analyzing website performance and preventing fraud. Your explicit consent is required for marketing communications. In addition, certain data processing may be necessary to comply with our legal obligations, in particular tax law.

  7. Data protection

    The company uses comprehensive security measures to protect your personal data. Technical measures include the use of modern encryption technologies for transmitted data (SSL/TLS), protection against DDoS attacks, regular vulnerability testing and the implementation of intrusion detection systems. Organizational measures include strict restriction of access to data, regular training of employees on data protection issues, development and compliance with information security policies, and periodic audits. Physical security measures include ensuring server security, access control to the premises where the data is stored, and regular backups of information.

  8. Transfer of data to third parties

    In certain situations, we may transfer your personal data to third parties. Mandatory transfer is carried out to tax authorities, law enforcement agencies (upon official request) and courts (by court decision). Voluntary transfer may be made to payment systems for payment processing, courier services for delivery, marketing agencies (exclusively with your consent) and IT providers providing technical support. In all cases where we transfer data to third parties, we ensure that we comply with data protection requirements and conclude appropriate confidentiality agreements.

  9. International data transfers

    Where we need to transfer personal data outside the European Economic Area, we take all necessary steps to ensure that we comply with the GDPR. These measures include the use of standard contractual clauses approved by the European Commission and the implementation of additional data protection safeguards where required. We carefully assess the level of data protection in the recipient country and implement additional security measures where necessary.

  10. Rights of data subjects

    Under the GDPR, you have a set of rights in relation to your personal data. The right of access allows you to request confirmation that your data is being processed, to receive a copy of it and information about the purposes of the processing. The right to rectification allows you to request that inaccurate or incomplete data be corrected. The right to erasure (known as the "right to be forgotten") allows you to request that your data be deleted, unless we are obliged to retain it by law. The right to restriction of processing can be exercised by you in certain cases specified by law. The right to data portability allows you to receive your data in a structured, commonly used format. The right to object allows you to object to the processing of data for direct marketing purposes. Finally, you have the right to revoke your consent to the processing of data at any time.

  11. Data retention periods

    The Company's policy regarding data retention periods is based on the principle of storage limitation. Data related to the execution of orders is stored for 6 years from the date of the transaction in accordance with the requirements of tax legislation. Data used for marketing purposes is stored until you revoke your consent. Technical data, such as site visitor logs, are usually stored for up to 2 years. Cookie data is stored in accordance with your browser settings and can be deleted by you at any time.

  12. Protection of data of minors

    Our Company's products and services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children and have strict measures in place to prevent such processing. In the event of accidental receipt of data from minors, we immediately take steps to delete it. Registration on our website and placing orders by persons under 18 years of age is blocked.

  13. Changes to the privacy policy

    The Company reserves the right to amend this privacy policy to reflect changes in the law or our data processing practices. We will notify users of any material changes via our website and/or by email (for registered users) and/or via push notifications (for users who have subscribed to them). We recommend that you regularly check the current version of the privacy policy on our website.

  14. Contact information

    For all questions related to the protection of personal data, you can contact us in the following ways: by email info@barision.com

  15. Final provisions

    This privacy policy is an integral part of our relationship with users and supplements other agreements with Barision, such as the terms of sale and user agreements. The policy does not replace or cancel the provisions of these documents, but operates in conjunction with them. This document is governed by the laws of the United Kingdom and the European Union. Using our products and services means that you agree to the terms of this privacy policy.