B2B Privacy Policy

General provisions

This Privacy Policy applies to the Faneco B2B platform available at www.faneco.com, intended exclusively for business customers (entrepreneurs, including self-employed persons). The Policy is informative – it is not a source of obligations for Users of the website, but serves to explain what personal data is collected, for what purposes and on what legal basis it is processed, as well as what rights data subjects have.

The processing of personal data is carried out in accordance with current laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data, known as RODO, and in accordance with the new Law of July 7, 2023. Electronic Communications Law (effective 2024), which regulates, among other things, marketing communications and the use of cookies.

The use of the Faneco B2B platform and the provision of related personal data is voluntary. It should be noted, however, that in some cases the provision of certain data is necessary for the performance of services – for example, failure to provide data required to create an account or place an order will prevent the performance of these activities. The administrator each time indicates which data are necessary to conclude a contract or use a particular functionality of the service.

Personal data controller

The administrator of personal data collected as part of the Faneco B2B website (hereinafter: Administrator) is FANECO Limited Liability Company Ltd. based in Poznań (address: ul. Aleksandra Fredry 1/16, 61-701 Poznań). Contact with the Administrator is possible at the correspondence address of the registered office or via e-mail address: info@faneco.com. The Administrator runs the Faneco B2B platform and is responsible for the security of processed personal data.

Purposes, legal basis and scope of data processing

Personal data of Users (e.g., representatives of business customers) may be processed by the Administrator for the following purposes, on specific legal grounds and to the appropriate extent:

  • Registration and maintenance of a B2B account: in order to create a user account and enable the use of the B2B platform (e.g. reviewing order history, placing orders). Legal basis: Article 6(1)( b ) RODO (necessary for the performance of the account service agreement). The scope of the data usually includes: first and last name, company (business name), email address, phone number, company address data (for verification and invoicing). This data is processed as long as the account is active, and then until the statute of limitations for any claims related to the use of the account.
  • Placing and execution of orders (conclusion of sales agreement): for the purpose of accepting orders, concluding and executing the sales contract for Faneco products and after-sales service (e.g. delivery of goods, handling complaints or returns). Legal basis: Article 6(1)( b ) of the RODO (execution of the sales contract). The scope of the processed data includes, but is not limited to: name of the person placing the order, company, delivery address and/or registered office address, TIN (if required for invoice), contact information (email, phone) needed to confirm the order and delivery of products. The data will be processed for the period necessary for the execution of the contract, and then may be stored for the time required by law (e.g. storage of accounting documents) and until the expiration of the statute of limitations for civil law claims.
  • Performance of legal obligations: in order to fulfill obligations imposed on the Administrator by law, e.g. issuing and storing invoices and accounting documents, responding to public authorities. Legal basis: Article 6(1)( c ) of the RODO in conjunction with relevant provisions of Polish law (e.g., Accounting Act, Tax Ordinance). The scope of data includes those pieces of information that are required by regulations (e.g. name or company name, address, TIN on an invoice). We keep the data necessary for accounting and tax purposes for the period required by these regulations (e.g. 5 years from the end of the fiscal year in which the invoice was issued).
  • Handling inquiries and customer contact: for communication with the User who has contacted us via contact form, e-mail or telephone, as well as for after-sales service (answering questions, exercising warranty rights, service requests, etc.). Legal basis: Article 6(1)( b ) of the RODO, if the contact concerns the performance of a contract or taking action at the request of a person prior to the conclusion of a contract, and in other cases Article 6(1)( f ) of the RODO (the Administrator’s legitimate interest in answering questions and providing customer service). The scope of the data: e-mail address, telephone number, first and last name, and possibly other data voluntarily provided by the User in the content of the inquiry. We keep the data from the correspondence for the period of time necessary to handle the case, and after its completion – for the time corresponding to the statute of limitations for possible claims for evidentiary purposes.
  • Marketing of own products and services (newsletter, commercial offers): in order to send commercial and marketing information regarding Faneco’s offerings (e.g. newsletter with news, promotions, offers for industries). Legal basis: generally Article 6(1)( a ) of the RODO, i.e. the User’s voluntary consent to receive marketing communications. Due to the provisions of the Electronic Communications Law, we undertake marketing contact (e-mail, telephone, SMS) only in an opt-in model, i.e. after obtaining the recipient’s express consent to marketing communications. This consent can be withdrawn at any time – without affecting the legality of the processing performed before its withdrawal. Exceptionally, if you are our customer and we have received your contact information in connection with the sale of a product or service, we may send you information about similar Faneco products or services by email on the basis of legitimate interest (Article 6(1)(f) RODO) – however, this applies only to B2B communications and provided you have not objected to such mailing. Each marketing communication you receive includes an easy opt-out option (e.g., an “unsubscribe” link in the email footer). We store data processed for marketing purposes until you withdraw your consent or object to the processing of your data for such purposes.
  • Profiling and personalization of offerings: in order to tailor our services and content to your needs, we may perform what is known as profiling of your personal data. This means automatic analysis or prediction of your preferences and interests based on your past activity (e.g. purchase history, products viewed, responses to our messages). Profiling is used, for example, to prepare personalized offers or advertisements tailored to your potential interests. Legal basis: Article 6(1)( f ) RODO (our legitimate interest in better matching offers and direct marketing) or Article 6(1)( a ) RODO (consent) – depending on the nature of profiling. For example, profiling carried out through marketing cookies will be done only with the User’s consent (expressed through cookie settings). The scope of data used for profiling includes information about activity on the Faneco B2B website (e.g. products clicked, time of visit), purchase history, company data (e.g. industry, scale of purchases) and demographic data, if provided to us (e.g. city, position). We do not make decisions based solely on automated processing that would produce legal effects against you or similarly significantly affect you – profiling is only used to analyze and forecast your preferences, while possible offers or terms of cooperation are not determined solely by an algorithm, without human intervention.
  • Analytical and statistical purposes, maintenance of service security: in order to improve the performance of our platform and ensure its security, we may process certain usage data. Legal basis: Article 6(1)( f ) RODO (the Administrator’s legitimate interest in analyzing user activity in order to improve the functionality of the service, as well as to ensure security and prevent abuse). The scope of data includes, but is not limited to, device and browser information (e.g., type and version, screen resolution), some technical data (e.g., IP address, cookie IDs, system user ID), website activity data (e.g., sub-pages visited, time spent on the website), etc. These data are used in anonymized or aggregated form for statistical purposes, where possible – wherever it is not necessary to process data in a form that allows identification of a person.

Whenever the basis for processing is the legitimate interest of the Controller (Article 6(1)(f) RODO), you have the right to object on grounds related to your particular situation. With regard to the processing of data for direct marketing purposes (including possible profiling for such purposes), you may object at any time, and we are obliged to stop such processing. We inform you of this right in the following sections of the policy.

Recipients of personal data

In connection with business operations and service delivery, Users’ personal data may be disclosed to the following categories of recipients:

  • Courier and shipping companies: we provide them with the data necessary to deliver the ordered products (e.g. recipient’s name, delivery address, contact phone number). Example recipients: courier companies cooperating with Faneco (e.g. DHL, DPD, UPS – depending on the selected form of delivery).
  • Electronic payment operators / banks: if you pay for products online or by bank transfer, your data may go to payment transaction processors (e.g. payment gateway operator, bank). Only the information necessary to process the payment or refund (e.g. transaction amount, order number, bank account number for refund) is transferred. Example: if you use electronic payment, the controller of your data for payment processing will also be the selected payment gateway operator.
  • Hosting and IT providers: the Faneco B2B platform and the data collected on it are stored on the servers of a third-party hosting provider. In addition, we cooperate with IT companies for the maintenance and development of our service, which may potentially have access to data as part of technical support (only at our direction and to the extent necessary to perform the service). We have appropriate data processing entrustment agreements with these entities to guarantee the security of the information.
  • Third-party marketing and analytics systems: we use tools provided by third-party companies to help us conduct marketing and analyze website traffic (e.g. Google Analytics, Google Ads, Facebook Pixel, etc.). As part of the use of these tools, certain data (e.g., information about your activity on our site, cookie IDs, IP address) may be received by the providers of these tools – but this is done under appropriate agreements and based on your consents to marketing cookies (see Cookies section below for details). These providers act as separate controllers or processors on our behalf when it comes to personal data – please refer to the privacy policies of these providers (e.g. Google or Facebook privacy policies) for details.
  • Affiliates and business partners: in some cases, we may share your data with our trusted business partners if it is necessary to perform services or if you have given separate consent. For example, this may include forwarding your inquiry to a local distributor working with Faneco, if the inquiry relates to their region of operation. In any such case, the recipient receives only the data needed to handle your inquiry or order.
  • Public authorities and authorized entities: at the request of authorized state authorities (e.g., police, prosecutor’s office, courts, Office for Personal Data Protection), the Administrator may disclose personal data if such an obligation arises under the law. In addition, data may be disclosed to claimants, such as debt collection companies or law firms, but only within the framework of legally authorized activities (e.g., in the event of default by a counterparty).

The controller ensures that each recipient of data respects the relevant standards of personal data protection. In the case of transferring data to another Administrator (e.g. a courier company or a bank) – this entity processes data on its own behalf (in accordance with its privacy policy). In the case of entities processing data on behalf of Faneco (e.g. IT entities) – such processing is carried out on the basis of an agreement with the Administrator and only in accordance with his instructions.

Transfers of data outside the EEA

As a general rule, the Administrator seeks to store personal data in the territory of the European Economic Area(EEA). Servers and the main IT infrastructure are located in a country or other EEA country, and data processing is carried out by entities operating in the EEA or those that ensure compliance with data protection standards equivalent to those in force in the European Union.

In some situations, however, data may be transferred outside the EEA. This may occur in particular in connection with the use of services and tools offered by global providers such as Google or Meta (Facebook). These tools (e.g. Google Analytics, Google Ads) may involve the transfer of certain information (e.g. anonymized identifiers, IP address) to servers located in the United States or other countries outside the EEA.

When transferring data outside the EEA, the Administrator shall ensure that appropriate safeguards required by the RODO are applied, such as the standard contractual data protection clauses adopted by the European Commission. Providers such as Google or Meta may furthermore use additional data protection mechanisms (e.g., certification under country-specific compliance programs). For details on these providers’ data transfer policies, please refer to their privacy policies.

If you do not consent to the transfer of your data to third countries in the use of our analytics/marketing services – you can refuse to accept certain cookies (e.g. marketing cookies) or exercise other rights described in this Policy (e.g. right to object or withdraw consent). In practice, restricting the use of third-party tools (e.g., opting out of analytics cookies) will block the transfer of your data to such global providers.

Cookies and similar technologies

Our platform, like most websites, uses cookies (so-called “cookies”) and other similar technologies (e.g. local browser memory, tracking pixels) to ensure its correct operation and optimize services. Cookies are small textual information sent by a server and stored on the User’s device (e.g. on the disk of a computer or in the memory of a smartphone).

As part of our site, we use both our own cookies (set by the faneco.com domain) and third-party cookies (set by external sites whose services we use). Cookies can perform various functions, such as: providing basic functionality of the site, remembering user preferences, collecting anonymous statistics or handling marketing. For clarity, we divide the cookies used into the following categories:

  • Necessary cookies: these are technical cookies, necessary for the proper functioning of the site and the performance of basic functions. They are responsible, for example, for maintaining the session of a logged-in user, saving the contents of the shopping cart during shopping, or ensuring security (authentication). We always use them, because without them the site cannot function properly. You can set your browser to block these files, but then some of the functionality of the site may not be available. Necessary cookies do not store your personal data as such, but only technical identifiers.
  • Analytical cookies: allow us to collect information about how Users use our site, which helps us to improve the site’s performance. Thanks to these files, we can, for example, count visits and analyze traffic sources, find out which subpages are most frequently visited or how Users navigate the site. The data collected in this way are anonymous and are used for statistical purposes only (we do not identify specific individuals on their basis). Examples of analytical cookies are Google Analytics files. We use analytical cookies only with your permission.
  • Advertising (marketing) cookies: they are used for marketing purposes, in particular to display ads tailored to your interests. Marketing cookies may be used by our third-party advertising partners to build a profile of your interests based on information about the sites you view. This allows you to see tailored advertisements for Faneco products when you visit other websites (known as remarketing). If you do not allow these cookies – you will still see ads, but less tailored to your preferences. Examples of advertising cookies are Google Ads or Facebook Pixel. We use marketing cookies only with your express permission.

Remember that consent to the use of cookies (other than essential) is voluntary. When you visit our site for the first time, we ask you to agree to specific categories of cookies via a cookie banner. You can change your preferences at any time – such as withdrawing your consent for analytics or marketing cookies. To do so, use our cookie settings panel (available on the site) or change your browser settings.

Most web browsers accept all cookies by default. However, if you do not want any cookies (other than technical cookies) to be stored on your device, you can manage your browser’s cookie settings yourself. This means you can partially or completely block cookies. Please note that restricting the use of cookies may affect some of the website’s functionality (e.g. the ordering process may not work properly without session cookies).

Our website may use analytics and advertising services such as Google Analytics and Google Ads (provided by Google Ireland Ltd. or Google LLC) or Facebook tools (provided by Meta Platforms Ireland Ltd.). These services use the above cookies to collect data about user activity. This information is processed in an anonymized manner – it is used to create aggregate statistics about website traffic and the effectiveness of our advertising campaigns. For example, with Google Analytics we can obtain data such as: sources of visits, approximate location, technical data about the device and browser, age range or interests of visitors. This data does not contain information that directly identifies a specific person and is only used for statistical analysis and to improve our service.

If you do not want Google Analytics to collect information about your activity on our site, you have the option to block this by installing a browser add-on provided by Google (called Google Analytics Opt-out). This add-on is available here: 【65†https://tools.google.com/dlpage/gaoptout?hl=pl】 and allows you to disable Google Analytics on all pages you visit. Note, however, that using this tool will only block the collection of data for Google statistics – it will not affect the operation of other functionalities of our website.

Profiling and automated decision-making

As mentioned above, profiling means the processing of your personal data in an automated manner, involving the evaluation of certain personal factors in order to analyze or predict your preferences and interests. At Faneco B2B, we use profiling mainly for marketing purposes and to improve service – for example, to offer you products tailored to your industry or interests. Profiling can be based on information about purchases you have made, products you have viewed, the size of your company (if you have disclosed it to us), etc. This allows automated marketing (e.g., offer emails that our system sends) to be better tailored to your needs – e.g., we can present hotel equipment offers to customers in the hospitality industry, rather than random products.

The legal basis for profiling for marketing purposes is our legitimate interest (Article 6(1)(f) RODO) in conducting direct marketing in a personalized manner. However, in cases where the law requires your consent (e.g., use of data from advertising cookies to profile you for online advertising), we rely on consent (Article 6(1)(a) RODO). You always have the right to object to profiling for direct marketing purposes – at any time. You can do so, for example, by sending us a message requesting that we stop such profiling or by opting out of receiving personalized offers.

We emphasize that we do not apply automated decision-making to you that produces legal effects or significantly affects you within the meaning of Article 22 of the RODO. In other words, we do not entrust machines with decisions that could significantly affect your rights or obligations (e.g. decisions to refuse to enter into a contract, grant a discount, grant trade credit, etc.). All key business decisions regarding cooperation with customers are made by authorized personnel of the Administrator. Profiling is only used to facilitate these decisions or to better tailor communications, but final decisions are always subject to human review.

Rights of data subjects

In connection with our processing of your personal data, you have the following rights. Their exercise is free of charge (except for situations of abuse of rights, as provided for in Article 12(5) of the RODO). You can exercise them by contacting the Administrator (in writing or by email to info@faneco.com). In accordance with the RODO, you are entitled to:

  • Right of access – you have the right to obtain from us confirmation as to whether we are processing your personal data, and if this is the case, the right to obtain access to it and information about, among other things, the purposes, scopes, means of processing and recipients to whom we disclose the data. Upon your request, we will issue you with a copy of your personal data subject to processing.
  • Right of rectification – you have the right to request immediate rectification of personal data concerning you that is incorrect, or completion of incomplete data. We make sure that your data is up-to-date and correct, but if you notice that it needs to be corrected – let us know.
  • The right to erasure (“right to be forgotten”) – you have the right to request the deletion of your personal data if the circumstances provided for in Article 17 of the RODO apply, e.g. the data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent for processing and we have no other legal basis to process it. Note that we will not always be able to delete your data immediately – the right to erasure does not apply, among other things, when the processing is necessary to comply with a legal obligation (e.g., we cannot delete invoice data before the required retention period expires) or to establish, assert or defend claims.
  • Right to restrict processing – you have the right to request that we temporarily restrict the processing of your personal data (in addition to storing it) in situations indicated in Article 18 of the RODO, such as when you question the accuracy of the data (for the duration of verification) or when we no longer need the data for the purposes of processing, but you need the data to establish, defend or assert claims. During the restriction period, we will only store the data, and all other operations require your consent (except for statutory exceptions).
  • Right to data portability – to the extent that the data are processed on the basis of your consent (Article 6(1)(a) or on the basis of a contract (Article 6(1)(b)) and at the same time the processing is carried out by automated means – you have the right to receive your personal data from us in a structured, commonly used machine-readable format (e.g. CSV). You can transfer this data yourself to another controller. You also have the right to request that, if technically possible, we send this data directly to another controller designated by you.
  • Right to object – you have the right to object at any time to the processing of your personal data if it is done on the basis of our legitimate interest (Article 6(1)(f)). You should indicate to us your particular situation, which in your opinion justifies the cessation of our processing of the objected data. If we receive such an objection, we will stop processing your data in the disputed scope, unless we demonstrate the existence of valid, legitimate grounds for further processing that override your interests, rights and freedoms, or grounds for establishing, asserting or defending claims. However, if the objection relates to the processing of data for direct marketing purposes – we are obliged to immediately cease such processing. An objection to direct marketing does not have to be based on any particular situation.
  • Right to withdraw consent – if we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal. However, after withdrawing your consent, we may continue to process the same data on a different legal basis (if applicable) or the data will be deleted – depending on the purpose and context of the processing. For example, if you withdraw your consent to receive newsletters, we will no longer send you marketing messages, but we may continue to store your email address in our database in order to comply with our legal obligation to demonstrate that we had your consent (for the period of any statute of limitations for claims).
  • The right to lodge a complaint to a supervisory authority – if you believe that we are processing your personal data illegally, you have the right to lodge a complaint to the authority that supervises compliance with data protection regulations. In Poland, this authority is the President of the Office for Personal Data Protection (UODO) with its headquarters at 2 Stawki Street in Warsaw (postal code 00-193). You can find detailed information on how to file a complaint on the DPA’s website. However, we encourage you to contact us first before filing a formal complaint – we will try to clarify any doubts and solve the reported problem.

The exercise of the above rights is carried out in accordance with the provisions of the RODO. In accordance with Article 12(3) of the RODO, we will provide you with information about the action taken on your request without undue delay – at the latest within one month of receipt of the request (in exceptional situations, we may extend this period to 2 or 3 months, of which you will be informed). If we refuse to act on your request – we will also inform you of this, giving reasons for the refusal and instructing you about the possibility of filing a complaint with the supervisory authority.

Data retention periods

We will process your personal data only for the period of time necessary to fulfill the purposes indicated herein, and thereafter for the period of time required by law or reasonably necessary to protect against claims (statute of limitations). In practice, this means, among other things:

  • We store data related to account registration and B2B customer service for the duration of the user’s account. After deletion/deactivation of the account, the basic identification data may be further stored for the maximum period of the statute of limitations for claims (for the purpose of defense against possible claims) – currently in Poland, as a rule, 6 years for business-related claims.
  • We store data on concluded sales contracts (orders) for the time necessary for the execution of the contract, and thereafter:
    • Transaction documentation (e.g., invoices, delivery documents, order correspondence) is retained in accordance with the requirements of tax and accounting law – for at least 5 years from the end of the fiscal year to which it relates.
    • Data needed to assert or defend claims (e.g., information about the content of the contract, history of communication with the customer) – for the period of the statute of limitations for civil claims under the contract (usually 3 or 6 years, depending on the type of claim), calculated from the due date of the claim. If a claim is filed or a proceeding is initiated within this period, we may also process the data for the duration of such proceedings.
  • We store data processed for marketing purposes (e.g. email address for newsletter, profile data) until you withdraw your consent or object. After withdrawal of consent/objection, the data may be stored in our database for a short period of time in order to document the fact that we respect the withdrawal of consent (which is relevant, for example, in case of an audit by a data protection authority).
  • Data related to communications (e.g., inquiries via form, e-mails) – for the period necessary to handle the given contact, and then for the period of limitation of claims related to these communications (as long as these communications may have legal significance, e.g., providing pre-contractual advice, agreeing on terms of cooperation, etc.). Normally, we keep communications for no longer than 2 years, unless there is a need to keep them longer (e.g., for evidentiary purposes in a dispute).
  • Technical and statistical data collected automatically (e.g. server logs, data from Google Analytics) – we store for a period of several months to a maximum of several years, depending on internal needs and tool settings. E.g. server logs can be stored for 1 year, and aggregated statistical data from Google Analytics – permanently (indefinitely), but in a form that does not allow identification of users (anonymous statistics). Information stored in cookies is kept for the period indicated in the cookie policy or until the User deletes them (many marketing cookies expire automatically after a few months if the User does not visit our site again).

After the expiration of the indicated periods, personal data will be deleted or permanently anonymized (irreversibly deprived of characteristics allowing identification of the person to whom they pertained), unless another legal basis for further data processing applies (e.g., obtaining consent again, if required for a new purpose).

Privacy Policy Updates

This Privacy Policy may be subject to updates in the event of changes in the circumstances of data processing or changes in the law. Any possible modifications will be published on this page in the form of an updated text of the Policy. The date of the last update can be found below. We recommend that you regularly check the content of the Policy to keep up to date with any changes. In the event of significant changes (e.g., changes in the purposes of data processing), we may additionally inform you through communication channels available on the site (e.g., e-mail sent to registered Users).

Date of last update: April 28, 2025.