Privacy Policy

Privacy Policy of MB Mega Wholesale Tools Michał Bogdaniuk

MB Mega Wholesale Tools Michał Bogdaniuk, located at 102 Sidorska Street, Biała Podlaska, Poland, VAT ID: 4960206286, hereinafter referred to as "Controller," values your privacy. In accordance with the regulations of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (EU Official Journal L 119, p. 1) - hereinafter referred to as "GDPR," we provide you with the most important information about the principles of processing your personal data, including cookies used by our website.

The Controller collects and processes personal data in accordance with applicable regulations, including GDPR, and the principles set out therein. We strive to ensure transparency in data processing. In particular, we always inform you about data processing at the time of collection, including its purpose and legal basis, e.g., when creating an account on the website https://mbmega.pl/, or entering into an agreement or subscribing to a newsletter. The Controller ensures that data is collected only to the extent necessary for the specified purpose and processed only for the period necessary.

During the processing of personal data, we provide their security and confidentiality and access to information about this processing for the individuals to whom the data relates. In the event that, despite the security measures taken, a breach of personal data protection occurs (e.g., data breach or loss), we apply the provisions of GDPR and inform the supervisory authority and the data subjects in accordance with the GDPR regulations.

PERSONAL DATA CONTROLLER ("Controller")

The Controller of your personal data concerning the use of the website https://mbmega.pl/, hereinafter referred to as the "Website," is MB Mega Wholesale Tools Michał Bogdaniuk, located at 102 Sidorska Street, Biała Podlaska, VAT ID: 4960206286.

If you have any questions about the processing of your personal data and your rights, please contact us:

• a) in writing to the address: MB Mega Wholesale Tools Michał Bogdaniuk, 102 Sidorska Street, Biała Podlaska,
• b) through the Privacy tab (functionality within the User Account panel or a tab available to everyone through the link in the footer of the website https://mbmega.pl/),
• c) with our employee responsible for User support regarding their questions and issues related to personal data protection via email at: sklep@mbmega.pl

V. FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS PERSONAL DATA

The Controller may process the following personal data of Users or Customers using the Website: first name and last name, email address, contact telephone number, delivery address (street, house number, apartment number, postal code, city, country), residential/business address (if different from the delivery address). In the case of Users or Customers who are not consumers, the Controller may also process the company name and tax identification number (NIP) of the Service Recipient or Customer. Providing the personal data specified above may be necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services on the Website. The scope of data required to conclude the agreement is indicated on the Website and in the Online Store Regulations each time.

Depending on the functionalities of the Website you use, we process your data provided voluntarily by you for the following purposes:

VI. HOW LONG DO WE RETAIN PERSONAL DATA

1. The period of data processing depends on the type of service provided and the purpose of processing. The specified data processing period may also result from regulations if they constitute the basis for processing.
2. We retain your personal data for the duration of having an Account on the Website for the purpose of providing the Account service and related functionalities, as well as other services in accordance with the Regulations for electronically provided services. After deleting your Account, your data will be anonymized, except for the following personal data, which will be retained for the purpose of handling complaints and claims related to the use of ADO services, investigations, or defense against claims.
3. If the basis for processing is the necessity of concluding and performing a contract, the data will be processed for the duration of providing the service or fulfilling the order until the contract is executed.
4. If processing is based on consent, data is processed until it is withdrawn or an effective objection or request for data deletion is made.
5. In the case of processing data based on ADO's legitimate interest, data is processed for the period allowing for its realization or until an effective objection to data processing is lodged.
6. The data processing period may be extended if processing is necessary to establish, investigate, or defend against potential claims, and after this period, only to the extent required by applicable law. Your data will be processed only for the period for which we have a legal basis, until:
7. any legal obligation requiring us to process your data expires
8. the possibility of pursuing claims related to the contract concluded by the Shop with any of the parties expires
9. you withdraw your consent to data processing if it was the basis for it - depending on what is applicable in a given case and what occurs later.
10. After the data processing period has expired, the data is irreversibly deleted or anonymized.

VII. CATEGORIES OF PERSONAL DATA RECIPIENTS

In connection with the provision of services by ADO, your personal data may be disclosed to external entities, including, in particular, service providers responsible for the operation of IT systems used to provide services, entities such as banks and payment operators, entities providing accounting services, companies providing courier and postal services, marketing agencies (for marketing services), legal or accounting service providers, couriers, marketing agencies, and others.

If you provide your consent, your data may also be made available to other entities for their own purposes, including marketing.

Your data may be disclosed to the relevant authorities or third parties requesting such information based on the appropriate legal basis, from which the legal obligation to provide information arises, and in accordance with applicable law - we provide your personal data if requested by authorized state authorities, in particular organizational units of the prosecutor's office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

ADO is aware that the level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. Entities cooperating with ADO are mainly located in Poland and other countries of the European Economic Area (EEA). ADO transfers personal data outside the EEA only when necessary and with an appropriate level of protection, primarily through: cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued; the use of standard contractual clauses issued by the European Commission; the use of binding corporate rules approved by the competent supervisory authority; in the case of data transfers to the USA – cooperation with entities participating in the Privacy Shield program, approved by the European Commission. ADO always informs about the intention to transfer personal data outside the EEA at the stage of their collection.

VIII. RIGHTS OF THE INDIVIDUAL WHOSE PERSONAL DATA WE PROCESS

We ensure the exercise of your rights as indicated below. You can exercise your rights by submitting a request to the contact details provided in point IV above. The individual whose data we process has the following rights:

Right to Rectify Data

You have the right to rectify and complete the personal data provided by you. You can do this yourself in the Privacy section of your settings. Regarding other personal data, you have the right to request us to rectify such data (if it is incorrect) and to complete it (if it is incomplete).

Right to Object to Data Usage

You have the right to object at any time to the use of your personal data, including profiling, if we process your data based on our legitimate interest, e.g., in connection with conducting statistics on the use of individual service features, facilitating the use of the Service, and conducting satisfaction surveys. If your objection is found to be valid, and we have no other legal basis for processing your personal data, we will delete your data to which you have objected.

Right to Erasure of Data ("Right to be Forgotten")

You have the right to request the erasure of all or some of your personal data. We will treat a request for the erasure of all personal data as a request to delete your Account. You have the right to request the erasure of personal data if:

1. You have withdrawn a specific consent to the extent that personal data were processed based on your consent;
2. Your personal data are no longer necessary for the purposes for which they were collected or processed;
3. You have objected to the use of your data for marketing purposes;
4. You have objected to the use of your data for conducting statistics on the use of the Service and conducting satisfaction surveys, and your objection has been deemed valid;
5. Your personal data are processed unlawfully.

Despite the request for erasure of personal data, due to objections or withdrawal of consent, we may retain some personal data to the extent necessary to establish, assert, or defend claims. This especially applies to personal data including: first name, last name, email address, and the history of applications, which we retain for the purpose of handling complaints and claims related to the use of our services.

Right to Restrict Data Processing

You have the right to request the restriction of the processing of your personal data. If you make such a request, we will prevent you from using certain functionalities or services associated with the processing of data covered by the request until the request is resolved. We will not send you any messages, including marketing, during this time.

You have the right to request the restriction of the use of your personal data in the following cases:

1. When you dispute the accuracy of your personal data - in this case, we will restrict their use for the time needed to verify the accuracy of your data, but no longer than 7 days;
2. When the processing of your data is unlawful, and instead of deleting the data, you request the restriction of their use;
3. When your personal data are no longer necessary for the purposes for which they were collected or processed, but you need them to establish, assert, or defend claims;
4. When you have objected to the use of your data - in this case, the restriction will last for the time needed to consider whether, due to your specific situation, the protection of your interests, rights, and freedoms prevails over the interests we pursue by processing your personal data.

Right to Access Data

You have the right to receive confirmation from us as to whether we are processing your personal data, and if so, you have the right to:

1. Access your personal data;
2. Receive information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of this data, the planned data retention period, your rights under the GDPR, and the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards used in connection with the transfer of this data outside the European Union;
3. Receive a copy of your personal data.

Right to Withdraw Consent

If your data is processed based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal of consent.

Right to Data Portability

You have the right to receive the personal data you provided to us and then transmit it to another data controller chosen by you, e.g., to another operator of similar services. You also have the right to request that your personal data be sent directly by us to such other data controller, if technically feasible. We will send your personal data in a commonly used, machine-readable format that allows you to transmit the received data to another data controller.

Right to Lodge a Complaint

If you believe that the processing of personal data violates the GDPR or other regulations related to personal data protection, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.

If ADO is unable to identify the person making the request based on the submitted request, we will ask the applicant for additional information. The request can be submitted in person or through a proxy (e.g., a family member). For data security reasons, ADO encourages the use of a notarized power of attorney or a power of attorney issued by an authorized legal counsel or attorney, which significantly speeds up the verification of its authenticity. The response is provided in writing, unless the request was submitted by email or requested an electronic response.

How quickly do we fulfill your request? If you exercise the rights mentioned above, we will either fulfill your request or refuse to fulfill it immediately, but no later than within one month of receiving it. However, if, due to the complexity of the request or the number of requests, we are unable to fulfill your request within one month, we will fulfill it within the next two months, informing you in advance of the intended extension of the deadline. For technical reasons, we always need 24 hours to update the settings you have chosen in our systems. Therefore, it may happen that during the system update, you will receive an email message from us from which you have unsubscribed.

Filing Complaints, Inquiries, and Requests You can report complaints, inquiries, and requests regarding the processing of your personal data and the exercise of your rights to us.

IX. REQUIREMENT TO PROVIDE PERSONAL DATA

Your provision of personal data, dear User, is voluntary, but in some cases, it may be necessary to enter into an agreement. Depending on the purpose for which the data is provided:

• Lack of the ability to register on the Service,
• Lack of the ability to use the Service's services,
• Lack of the ability to make purchases on the Service.

X. DATA SECURITY

ADO makes every effort to ensure the security of your personal data. The Service uses encrypted data transmission (SSL) during registration and login, which provides protection for your identifying information and significantly hinders unauthorized access to your Account by unauthorized systems or individuals. To ensure the integrity and confidentiality of data, ADO:

• Implemented procedures allowing access to personal data only by authorized individuals and only to the extent necessary for their tasks.
• Applies organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
• Takes necessary actions to ensure that subcontractors and other entities cooperating with ADO provide guarantees of using appropriate security measures whenever they process personal data on behalf of ADO.
• Conducts a risk analysis and monitors the adequacy of data security measures to identified threats.
• If necessary, ADO implements additional measures to increase data security.

XI. FINAL PROVISIONS

6.1. The Service may contain links to other websites. ADO recommends that after going to other websites, you familiarize yourself with the privacy policy established there. This privacy policy applies only to this Service.