plen

Privacy Policy

1. This Privacy Policy determines the rules for the processing of personal data obtained through the online shop, www.mlecollection.com (hereinafter: the "Online Shop").

2. The owner of the Online Shop and, at the same time, the controller of personal data is MLE Spółka z ograniczoną odpowiedzialnością (a Polish limited liability company), formerly: MLE Katarzyna Tusk-Cudna, Joanna Wiktorowska Spółka cywilna (a Polish civil law partnership), with its registered office in Sopot (81-855), ul. Rzemieślnicza 17-19, VAT number: 5851475935; e-mail: office@mlecollection.com.

3. The personal data collected by MLE Sp. z o. o. via the Online Shop is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.

4. MLE Sp. z o. o. applies its best efforts to respect the privacy of Customers visiting the Online Shop.

§ 1 Type of data processed, purposes, and legal basis

1. MLE Sp. z o. o. collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organisational entities which are not legal persons and to which the law grants legal capacity, hereinafter collectively referred to as Customers.

2. Customers’ personal data is collected in the event of:

  • a) account registration in the Online Shop, in order to create and manage an individual account. Legal basis: necessity to perform the contract on the provision of the account service (Article 6(1)(b) of the GDPR);
  • b) placing an order in the Online Shop, for the purpose of performing the sales contract. Legal basis: necessity to perform the sales contract (Article 6(1)(b) of the GDPR);
  • c) subscription to a newsletter (Newsletter), for the purpose of performing a contract, the subject of which is an electronically provided service. Legal basis: consent of the data subject for the performance of a contract on the provision of the Newsletter service (Article 6(1)(a) of the GDPR);
  • d) using the contact form service in the Online Shop to perform the contract on electronic service provision. Legal basis: necessity to perform the contract on the provision of the contact form service (Article 6(1)(b) of the GDPR).

3. When registering an account with the Online Shop, the Customer shall specify:

  • a) e-mail address;
  • b) address details:
    • a. postcode and town/city;
    • b. country (state);
    • c. street with a house/apartment number.
  • c) name and surname;
  • d) phone number.

4. When registering an account with the Online Shop, the Customer sets an individual password to access their account on their own. The Customer may change the password at a later date according to the rules specified in §5.

5. When placing an order in the Online Shop, the Customer provides the following data:

  • a) e-mail address;
  • b) address details:
    • a. postcode and town/city;
    • b. country (state);
    • c. street with a house/apartment number.
  • c) name and surname;
  • d) phone number.

6. In the case of Entrepreneurs, the above data scope is further extended to include:

  • a) the Entrepreneur’s company;
  • b) Tax Identification Number.

7. When using the Newsletter service, the Customer provides the following data:

  • a) e-mail address;
  • b) name and surname.

8. When using the contact form service, the Customer provides the following data:

  • a) e-mail address;
  • b) name and surname.

9. When using the Shop Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

10. Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other actions taken in the Online Shop. Legal basis: legitimate interest (Article 6(1)(f) of the GDPR) to facilitate the use of electronically provided services and to improve the functionality of such services.

11. For the purpose of establishing, investigating, and enforcing claims, certain personal data provided by the Customer as part of the use of the functionality in the Online Shop may be processed, such as name, surname, data on the use of the services if the claims arise from the way the Customer uses the services, and other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis: legitimate interest (Article 6(1)(f) of the GDPR) to establish, assert, and enforce claims and to defend against claims in proceedings before courts and other state authorities.

12. The provision of personal data to MLE Sp. z o. o. is voluntary, in relation to concluded sales agreements or the provision of services via the Shop Website, with the proviso, however, that the failure to provide the data specified in the forms in the Registration process makes it impossible to register and set up a Customer Account, and in the case of placing an order without registering a Customer Account, it will make it impossible to place and complete the Customer’s order.

§ 2 Who is the personal data shared with or entrusted to, and how long is it stored?

1. The Customer’s personal data is transferred to the service providers used by MLE Sp. z o. o. in the operation of the Online Shop. The service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to MLE Sp. z o. o.’s instructions as to the purposes and means of processing such data (processors) or they themselves determine the purposes and means of processing (controllers).

  • a) Processors. MLE Sp. z o. o. uses suppliers who process personal data exclusively at the instruction of MLE Sp. z o. o. These include, but are not limited to, suppliers providing hosting services, accounting services, suppliers of marketing systems, systems for analysing traffic in the Online Shop, and systems for analysing the effectiveness of marketing campaigns;
  • b) Controllers. MLE Sp. z o. o. uses suppliers who do not act solely on request and determine the purposes and uses of Customers’ personal data themselves. They provide electronic payment and banking services.

2. Location. Service providers are based in Poland and other countries in the European Economic Area (EEA).

3. Customers' personal data is stored:

  • a) If the basis for the processing of personal data is consent, then the Customer’s personal data shall be processed by MLE Sp. z o. o. for as long as the consent is not revoked and after revocation of the consent for a period of time corresponding to the period of limitation of claims which MLE Sp. z o. o. may raise and which may be raised against it. Unless a special provision provides otherwise, the limitation period shall be six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
  • b) If the basis for the processing of personal data is the performance of a contract, then the Customer’s personal data shall be processed by MLE Sp. z o. o. for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless a specific provision provides otherwise, the period of limitation is six years, and three years for claims for periodic benefits and claims related to the conduct of business.

4. In the case of making a purchase from the Online Shop, personal data may be transferred to a courier company for the delivery of the ordered goods.

5. If the Customer chooses to pay via the przelewy24.pl payment system, their personal data is transferred to the extent necessary for the payment to be made to PayPro S.A. with its registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the register of entrepreneurs kept by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000347935, NIP 7792369887, Regon 301345068.

6. Navigation data may be used to provide Customers with improved service, analyse statistical data, adapt the Online Shop to Customers’ preferences, and to administer the Online Shop.

7. If the Customer subscribes to a newsletter (Newsletter), MLE Sp. z o. o. will send e-mails containing commercial information about promotions and new products available in the Online Shop to the Customer’s e-mail address.

8. If a request is made, MLE Sp. z o. o. shall make personal data available to authorised state authorities, in particular to organisational units of the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookie mechanism, IP address

1. The Online Shop uses small files known as cookies. These are stored by MLE Sp. z o. o. on the end device of the person visiting the Online Shop, if the web browser allows it. A cookie file usually contains the name of the domain from which it originates, its “expiry time” and an individual random number identifying the file. Information collected by means of files of this type helps to adapt the products offered by MLE Sp. z o. o. to the individual preferences and real needs of visitors to the Online Shop. They also make it possible to develop general statistics on visits to the products presented in the Online Shop.

2. MLE Sp. z o. o. uses two types of cookies:

  • a) Session cookies: when the session of a particular browser ends or the computer is switched off, the stored information is deleted from the memory of the device. The mechanism of session cookies does not allow any personal data or confidential information to be retrieved from Customer’s computers.
  • b) Persistent cookies: they are stored in the memory of the Customer’s terminal equipment and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or confidential information to be retrieved from the Customer’s computers.

3. MLE Sp. z o. o. uses its own cookies:

  • a) to authenticate the Customer in the Online Shop and ensure a Customer session in the Online Shop (after logging in), thanks to which the Customer does not have to re-enter their login and password on each sub-page of the Online Shop;
  • b) for analyses, research, and audience auditing, and in particular to create anonymous statistics that help to understand how Customers use the Store Website to improve its structure and content.

4. MLE Sp. z o. o. uses external cookies:

  • a) to popularise the Online Shop by means of Facebook.com (administrator of external cookies: Facebook Inc. based in the USA, or Facebook Ireland based in Ireland);
  • b) to collect general and anonymous statistical data by means of Gemius Traffic analytical tools (administrator of external cookies: Gemius S.A. with its registered office in Warsaw);
  • c) to present the Certificate of Reliable Regulations via the rzetelnyregulamin.pl website (administrator of external cookies: Rzetelna Grupa sp. z o.o. with its registered office in Warsaw).

5. The cookie mechanism is safe for the computers of the Customers of the Online Shop. In particular, it is not possible for viruses or other unwanted software or malware to enter Customers’ computers via this method. Nevertheless, Customers have the option to limit or disable access to cookies on their computers in their browsers. If they pursue this option, the use of the Online Shop will be possible, except for functions that by nature require cookies.

6. Here is how you can change the settings of popular web browsers regarding the use of cookies:

  • a) Internet Explorer;
  • b) Microsoft EDGE;
  • c) Mozilla Firefox;
  • d) Chrome and Chrome Mobile;
  • e) Safari and Safari Mobile;
  • f) Opera.

7. MLE Sp. z o. o. may collect Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Online Shop by an Internet Service Provider. The IP number enables access to the Internet. In most cases, it is assigned to the computer dynamically, i.e., it changes each time you connect to the Internet. The IP address is used by MLE Sp. z o. o. to diagnose technical problems with the server, create statistical analyses, as information useful in administering and improving the Online Shop, as well as for security purposes and the possible identification of unwanted automatic programmes for browsing the contents of the Online Shop that overload the server.

8. The Online Shop contains links and references to other websites. MLE Sp. z o. o. is not responsible for the privacy policies of these sites.

§ 4 Rights of data subjects

1. Right to withdraw consent – legal basis: Article 7(3) of the GDPR.

  • a) The customer has the right to revoke any consent given to MLE Sp. z o. o..
  • b) Withdrawal of consent has effect from the moment of withdrawal.
  • c) Withdrawal of consent does not affect the processing carried out by MLE Sp. z o. o. prior to its withdrawal as prescribed by the law.
  • d) Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities, which, according to the law, MLE Sp. z o. o. can only provide with consent.

2. Right to object to data processing – legal basis: Article 21 of the GDPR.

  • a) The Customer has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data, including profiling, if MLE Sp. z o. o. processes their data on the basis of a legally justified interest.
  • b) Resigning, in the form of an email, from receiving marketing communications about products or services will imply the Customer’s objection to the processing of their personal data, including profiling for these purposes.
  • c) If the Customer’s objection proves to be valid and MLE Sp. z o. o. has no other legal basis for processing the personal data, the Customer’s personal data, against the processing of which the Customer has raised an objection, will be deleted.

3. Right to erasure (“right to be forgotten”) – legal basis: Article 17 of the GDPR.

  • a) The Customer has the right to request the deletion of all or some of their personal data.
  • b) Despite the request for the erasure of personal data, MLE Sp. z o. o. may retain certain personal data insofar as the processing is necessary to establish, assert, or defend claims, as well as to comply with a legal obligation.

4. Right to restrict data processing – legal basis: Article 18 of the GDPR.

  • a) The Customer has the right to request the restriction of the processing of their personal data.
  • b) The submission of a request prevents the use of certain functionalities or services until it is considered.

5. Right of access to data – legal basis: Article 15 of the GDPR.

  • a) The Customer has the right to obtain confirmation from the Controller as to whether they are processing personal data.
  • b) The Customer has the right to access their data and obtain a copy of it.

6. Right to rectification of data – legal basis: Article 16 of the GDPR.

  • a) The Customer has the right to request the immediate rectification of inaccurate personal data from the Controller.

7. Right to data portability – legal basis: Article 20 of the GDPR.

  • a) The Customer has the right to receive the personal data they have provided in a commonly used, machine-readable format (CSV) and request its transmission to another controller.

8. MLE Sp. z o. o. shall comply with requests under the above-mentioned rights or refuse immediately, no later than within one month of receiving them (or up to three months in complex cases).

9. The Customer may lodge complaints, queries, and requests with the Controller regarding the processing of their personal data.

10. The Customer has the right to request a copy of the standard contractual clauses from MLE Sp. z o. o.

11. The Customer has the right to lodge a complaint with the President of the Data Protection Authority.

§ 5 Security management – password

1. MLE Sp. z o. o. provides Customers with a secure and encrypted connection when transferring personal data and when logging into the Customer Account on the Website using an SSL certificate.

2. In the event that a Customer has lost their password, the Online Shop allows the Customer to generate a new password. MLE Sp. z o. o. does not send a password reminder. The password is stored in the database in an encrypted form.

3. MLE Sp. z o. o. never sends any correspondence requesting login details and, in particular, the password to access the Customer’s account.

§ 6 Changes to the Privacy Policy

1. The Privacy Policy is subject to change, of which MLE Sp. z o. o. will inform Customers 7 days in advance.

2. For questions related to the Privacy Policy, please contact office@mlecollection.com.

3. Date of last modification: 15 October 2019.

pixel