Privacy Policy

PRIVACY POLICY

The Privacy Policy is an integral part of the Terms and Conditions of our store. The data controller of your personal information is the Online Store available at www.mbarelimited.com, operated by Mbare Limited, a limited liability company based in Warsaw (registered office address: ul. Ludna 2A/208 00-406 Warsaw, with the delivery address as mentioned above, entered into the National Court Register under number KRS 0001146122, Court of Registration: District Court for Warsaw, 12th Economic Division of the National Court Register; share capital: 25,000.00 PLN, NIP: 7011239369, email: sklep@mbarelimited.com, phone number: +48 790 544 234).

1. Data Collection

Information provided directly and voluntarily by the Service User while using the features of the service, such as the contact form, newsletter sign-up, transaction form, and Mbare Limited Discount Account form. Failure to provide the required data may prevent the use of the relevant service.

Automatically collected information during the use of the service (server log files) – the service server automatically records certain information:

• Time of response sent by the server
• IP address of the user's device
• User request (website address they visited)
• Referrer link (if the user navigated to the site via a link)
• Browser version information
• Date and time of visit
• Operating system version information of the user's device
• Type of connection (GET/POST)
• Request address
• Type of HTTP communication (1.1 or 2)
• Operating system (name and version)
• Architecture (32bit/64bit)
• Error code when downloading an object
• Amount of data downloaded before and after compression

These data are stored indefinitely as auxiliary material for administering the service.

Statistical information – the Service Provider collects data such as the number of site visits, country, browser, and visit duration. This data is gathered using technological solutions from external providers. Please refer to the current standards in the Google Analytics system.

2. Personal Data

The Administrator of personal data related to communication services, the newsletter service, and the sale of goods (whether purchased in physical stores, the online store as a "guest," or by having a Mbare Limited Discount Account) is the Service Provider.

Data Protection Officer (DPO) contact: IOD@greenpoint.pl

For communication services:

• Purpose of processing: To carry out communication initiated by the Service User.
• Legal basis: Article 6(1)(f) GDPR (processing is based on the legitimate interest pursued by the Administrator, including conducting commercial activities and promoting goods).
• Processing period: Data will be processed until the purpose for which it was collected is fulfilled or until the data subject objects, whichever comes first.

For the newsletter service:

• Purpose of processing: To carry out informational communication at the Service User's request, as described in the Terms and Conditions.
• Legal basis: Article 6(1)(a) GDPR (processing is based on the consent given by the Service User to receive commercial information).
• Processing period: Data will be processed until the purpose for which it was collected is fulfilled or until the data subject objects, whichever comes first.

For transaction-related services (sales):

• Purpose of processing: To perform the sales agreement (applicable to transactions made in physical stores or online as a "guest" or holder of the Mbare Limited Discount Account).
• Legal basis: Article 6(1)(b) and (c) GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract, and is necessary for the fulfillment of a legal obligation).
• Processing period: Data will be processed for 6 years after the performance of the contract (statute of limitations for claims).

For maintaining the Mbare Limited Discount Account:

• Purpose of processing: To execute the provisions of the Terms and Conditions regarding the maintenance of the Discount Account.
• Legal basis: Article 6(1)(b) and (c) GDPR (processing is necessary for the performance of the contract).
• Processing period: Data will be processed for 6 years after the performance of the contract (statute of limitations for claims).

Consent may also serve as the legal basis for processing personal data (Article 6(1)(a) GDPR), if the Service User provides consent. The consent can be withdrawn at any time without affecting the legality of processing that took place before the withdrawal.

Recipients of data may include entities supporting the Administrator's business processes, such as hosting, IT, accounting, legal, debt collection, logistics, courier, transactional, and IT infrastructure providers, as well as entities cooperating with Greenpoint S.A. solely for the purposes described above. Data may also be disclosed upon request from authorized authorities or institutions, including public authorities.

Each person has the right to access their personal data, rectify it, delete it, restrict its processing, transfer it, and object to its processing.

The Service Provider will respond to the data subject's request within one month of receiving it, and may extend this period by an additional two months due to the complexity of the request or the number of requests. The data subject will be informed of such an extension within the initial month.

If the request is made electronically, the information will be provided electronically, unless the data subject requests an alternative form.

Right to lodge a complaint: The data subject has the right to lodge a complaint with the Supervisory Authority [President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw].

If the Service User becomes aware of a data protection breach, they should immediately notify the Service Provider to enable necessary actions. If the breach may result in high risks to the rights or freedoms of individuals, the Service Provider must notify the affected person without undue delay.

3. Cookies

Types of Cookies:

• Session cookies: stored on the user's device until the session ends (e.g., leaving the service, closing the browser).
• Persistent cookies: stored on the user's device for a specified period or until the user deletes them.

Each Service User can configure their browser settings, including blocking cookies. However, changing these settings may cause improper operation of the service.

Purpose of using cookies:

• To maintain the Service User's session (data is stored only on the server).
• To handle statistical scripts.
• To facilitate the user's use of the service.
• To tailor content to the Service User.

4. Security

The Service Provider ensures the security of personal data through appropriate technical and organizational measures to prevent unlawful data processing and loss of confidentiality, integrity, and availability of data.

The detailed security measures applied to personal data are described in the internal "Personal Data Security Policy" of the Service Provider, which is a confidential document, and its disclosure would constitute a breach of security protocols.

The Service Provider reserves the right to modify this Privacy Policy by publishing a new version on the service.