PRIVACY POLICY

1. This Privacy Policy determines the rules for the processing of personal data obtained through the online shop, www.mlecollection.com (hereinafter: the "Online Shop").
2. The owner of the Online Shop and, at the same time, the controller of personal data is MLE Katarzyna Tusk, Joanna Wiktorowska spółka cywilna with its registered office in Gdańsk, (80-216), ul. Jana Sobieskiego 14, VAT number: 5851475935; e-mail: office@mlecollection.com, which is also the owner of the Online Shop.
3. The personal data collected by MLE S.C. via the Online Shop is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
4. MLE S.C. applies its best efforts to respect the privacy of Customers visiting the Online Shop.
§ 1 Type of data processed, purposes, and legal basis
1.MLE S.C. collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organisational entities which are not legal persons and to which the law grants legal capacity, hereinafter collectively referred to as Customers.
2.Customers’ personal data is collected in the event of:
a)account registration in the Online Shop, in order to create and manage an individual account. Legal basis: necessity to perform the contract on the provision of the account service (Article 6(1)(b) of the GDPR);
b) placing an order in the Online Shop, for the purpose of performing the sales contract. Legal basis: necessity to perform the sales contract (Article 6(1)(b) of the GDPR);
c) subscription to a newsletter (Newsletter), for the purpose of performing a contract, the subject of which is an electronically provided service. Legal basis: consent of the data subject for the performance of a contract on the provision of the Newsletter service (Article 6(1)(a) of the GDPR);
d)using the contact form service in the Online Shop to perform the contract on electronic service provision. Legal basis: necessity to perform the contract on the provision of the contact form service (Article 6(1)(b) of the GDPR).
3.When registering an account with the Online Shop, the Customer shall specify:
a) e-mail address;
b) address details:
a. postcode and town/city;
b. country (state);
c. street with a house/apartment number.
c)name and surname;
d)phone number.
4. When registering an account with the Online Shop, the Customer sets an individual password to access their account on their own. The Customer may change the password at a later date according to the rules specified in §5.
5.When placing an order in the Online Shop, the Customer provides the following data:
a)e-mail address;
b)address details:
a.postcode and town/city;
b. country (state);
c. street with a house/apartment number.
c)name and surname;
d) phone number.
6. In the case of Entrepreneurs, the above data scope is further extended to include:
a) the Entrepreneur’s company;
b)Tax Identification Number.
7. When using the Newsletter service, the Customer provides the following data:
a)e-mail address;
b)name and surname.
8. When using the contact form service, the Customer provides the following data:
a)e-mail address;
b)name and surname.
9.When using the Shop Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.
10. Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other actions taken in the Online Shop. Legal basis: legitimate interest (Article 6(1)(f) of the GDPR) to facilitate the use of electronically provided services and to improve the functionality of such services.
11. For the purpose of establishing, investigating, and enforcing claims, certain personal data provided by the Customer as part of the use of the functionality in the Online Shop may be processed, such as name, surname, data on the use of the services if the claims arise from the way the Customer uses the services, and other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis: legitimate interest (Article 6(1)(f) of the GDPR) to establish, assert, and enforce claims and to defend against claims in proceedings before courts and other state authorities.
12. The provision of personal data to MLE S.C. is voluntary, in relation to concluded sales agreements or the provision of services via the Shop Website, with the proviso, however, that the failure to provide the data specified in the forms in the Registration process makes it impossible to register and set up a Customer Account, and in the case of placing an order without registering a Customer Account, it will make it impossible to place and complete the Customer’s order.
§ 2 Who is the personal data shared with or entrusted to, and how long is it stored?
1.The Customer’s personal data is transferred to the service providers used by MLE S.C. in the operation of the Online Shop. The service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to MLE S.C.’s instructions as to the purposes and means of processing such data (processors) or they themselves determine the purposes and means of processing (controllers).
a) Processors. MLE S.C. uses suppliers who process personal data exclusively at the instruction of MLE S.C.. These include, but are not limited to, suppliers providing hosting services, accounting services, suppliers of marketing systems, systems for analysing traffic in the Online Shop, and systems for analysing the effectiveness of marketing campaigns;
b)Controllers. MLE S.C. uses suppliers who do not act solely on request and determine the purposes and uses of Customers’ personal data themselves. They provide electronic payment and banking services.
2.Location. Service providers are based in Poland and other countries in the European Economic Area (EEA).
3. Customers' personal data is stored:
a)If the basis for the processing of personal data is consent, then the Customer’s personal data shall be processed by MLE S.C. for as long as the consent is not revoked and after revocation of the consent for a period of time corresponding to the period of limitation of claims which MLE S.C. may raise and which may be raised against it. Unless a special provision provides otherwise, the limitation period shall be six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
b) If the basis for the processing of personal data is the performance of a contract, then the Customer’s personal data shall be processed by MLE S.C. for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless a specific provision provides otherwise, the period of limitation is six years, and three years for claims for periodic benefits and claims related to the conduct of business.
4. In the case of making a purchase from the Online Shop, personal data may be transferred to a courier company for the delivery of the ordered goods.
5. If the Customer chooses to pay via the przelewy24.pl payment system, their personal data is transferred to the extent necessary for the payment to be made to PayPro S.A. with its registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the register of entrepreneurs kept by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number (National Court Register No.) 0000347935, NIP (Tax ID No.) 7792369887, Regon (Statistical ID No.) 301345068.
6. Navigation data may be used to provide Customers with improved service, analyse statistical data, adapt the Online Shop to Customers’ preferences, and to administer the Online Shop.
7. If the Customer subscribes to a newsletter (Newsletter), MLE S.C. will send e-mails containing commercial information about promotions and new products available in the Online Shop to the Customer’s e-mail address.
8.If a request is made, MLE S.C. shall make personal data available to authorised state authorities, in particular to organisational units of the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection, or the President of the Office of Electronic Communications.
§ 3 Cookie mechanism, IP address
1.The Online Shop uses small files known as cookies. These are stored by MLE S.C. on the end device of the person visiting the Online Shop, if the web browser allows it. A cookie file usually contains the name of the domain from which it originates, its “expiry time” and an individual random number identifying the file. Information collected by means of files of this type helps to adapt the products offered by MLE S.C. to the individual preferences and real needs of visitors to the Online Shop. They also make it possible to develop general statistics on visits to the products presented in the Online Shop.
2.MLE S.C. uses two types of cookies:
a)Session cookies: when the session of a particular browser ends or the computer is switched off, the stored information is deleted from the memory of the device. The mechanism of session cookies does not allow any personal data or confidential information to be retrieved from Customer’s computers.
b)Persistent cookies: they are stored in the memory of the Customer’s terminal equipment and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or confidential information to be retrieved from the Customer’s computers.
3.MLE S.C. uses its own cookies:
a)to authenticate the Customer in the Online Shop and ensure a Customer session in the Online Shop (after logging in), thanks to which the Customer does not have to re-enter their login and password on each sub-page of the Online Shop;
b)for analyses, research, and audience auditing, and in particular to create anonymous statistics that help to understand how Customers use the Store Website to improve its structure and content.
4.MLE S.C. uses external cookies:
a)to popularise the Online Shop by means of Facebook.com (administrator of external cookies: Facebook Inc. based in the USA, or Facebook Ireland based in Ireland);
b)to collect general and anonymous statistical data by means of Gemius Traffic analytical tools (administrator of external cookies: Gemius S.A. with its registered office in Warsaw);
c)to present the Certificate of Reliable Regulations [Certyfikat Rzetelny Regulamin] via the rzetelnyregulamin.pl website (administrator of external cookies: Rzetelna Grupa sp. z o.o. with its registered office in Warsaw).
5.The cookie mechanism is safe for the computers of the Customers of the Online Shop. In particular, it is not possible for viruses or other unwanted software or malware to enter Customers’ computers via this method. Nevertheless, Customers have the option to limit or disable access to cookies on their computers in their browsers. If they pursue this option, the use of the Online Shop will be possible, except for functions that by nature require cookies.
6.Here is how you can change the settings of popular web browsers regarding the use of cookies:
a)Internet Explorer;
b)Microsoft EDGE;
c)Mozilla Firefox;
d)Chrome and Chrome Mobile;
e)Safari and Safari Mobile;
f)Opera.
7.MLE S.C. may collect Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Online Shop by an Internet Service Provider. The IP number enables access to the Internet. In most cases, it is assigned to the computer dynamically, i.e., it changes each time you connect to the Internet. The IP address is used by MLE S.C. to diagnose technical problems with the server, create statistical analyses (e.g., to determine the regions from which we record the highest number of visits), as information useful in administering and improving the Online Shop, as well as for security purposes and the possible identification of unwanted automatic programmes for browsing the contents of the Online Shop that overload the server.
8.The Online Shop contains links and references to other websites. MLE S.C. is not responsible for the privacy policies of these sites.
§ 4 Rights of data subjects
1.Right to withdraw consent – legal basis: Article 7(3) of the GDPR.
a)The customer has the right to revoke any consent given to MLE S.C..
b)Withdrawal of consent has effect from the moment of withdrawal.
c)Withdrawal of consent does not affect the processing carried out by MLE S.C. prior to its withdrawal as prescribed by the law.
d)Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities, which, according to the law, MLE S.C. can only provide with consent.
2.Right to object to data processing – legal basis: Article 21 of the GDPR.
a)The Customer has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data, including profiling, if MLE S.C. processes their data on the basis of a legally justified interest, e.g., marketing of MLE S.C.’s products and services, keeping statistics on the use of particular functionalities of the Online Shop, and facilitating the use of the Online Shop, as well as conducting customer satisfaction surveys.
b)Resigning, in the form of an email, from receiving marketing communications about products or services will imply the Customer’s objection to the processing of their personal data, including profiling for these purposes.
c)If the Customer’s objection proves to be valid and MLE S.C. has no other legal basis for processing the personal data, the Customer’s personal data, against the processing of which the Customer has raised an objection, will be deleted.
3.Right to erasure (“right to be forgotten”) – legal basis: Article 17 of the GDPR.
a)The Customer has the right to request the deletion of all or some of their personal data.
b)The Customer has the right to request the deletion of personal data if:
a.personal data is no longer necessary for the purposes for which it was collected or for which it was processed;
b.they have withdrawn specific consent, within the scope to which personal data was processed on the basis of their consent;
c.they have objected to the use of their data for marketing purposes;
d. personal data is processed unlawfully;
e.personal data must be erased in order to comply with a legal obligation under EU or Member State law to which MLE S.C. is subject;
f.personal data was collected in connection with the offering of information society services.
c)Despite the request for the erasure of personal data, in connection with the lodging of an objection or withdrawal of consent, MLE S.C. may retain certain personal data insofar as the processing is necessary to establish, assert, or defend claims, as well as to comply with a legal obligation requiring processing under EU or Member State law to which MLE S.C. is subject. This applies in particular to the following personal data: name, surname, e-mail address, which are retained for the purposes of handling complaints and claims relating to the use of MLE S.C.’s services, or additionally to the address of residence or correspondence address, order number, which are retained for the purposes of handling complaints and claims relating to concluded sales contracts or the provision of services.
4.Right to restrict data processing – legal basis: Article 18 of the GDPR.
a)The Customer has the right to request the restriction of the processing of their personal data. The submission of a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. MLE S.C. will also not send any communications, including marketing communications.
b)The Customer has the right to request the restriction of the use of personal data in the following cases:
a.when the Customer questions the correctness of their personal data, in which case MLE S.C. restricts their use for the time necessary to verify the correctness of the data, but for no longer than 7 days;
b.when the processing of the data is unlawful, and instead of deleting the data, the Customer requests the restriction of its use;
c.when the personal data is no longer necessary for the purposes for which they were collected or used but are needed by the Customer to establish, assert, or defend claims;
d.when the Customer has objected to the use of their data, in which case the restriction shall be for the time necessary to consider whether – due to the particular situation – the protection of the Customer’s interests, rights, and freedoms outweighs the interests pursued by the Administrator in processing the Customer’s personal data.
5.Right of access to data – legal basis: Article 15 of the GDPR.
a)The Customer has the right to obtain confirmation from the Controller as to whether they are processing personal data and, if so, the Customer has the right to:
a.access their personal data;
b.obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of the Customer’s data or the criteria for determining that period (if it is not possible to determine the intended period of processing), the Customer’s rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
c.obtain a copy of their personal data.
6.Right to rectification of data – legal basis: Article 16 of the GDPR.
a)The Customer has the right to request the immediate rectification of their personal data that is inaccurate from the Controller. Taking into account the purposes of the processing, the Customer to whom the data relates has the right to request the completion of incomplete personal data, including by providing an additional statement by sending the request to the e-mail address in accordance with §6 of the Privacy Policy.
7.Right to data portability – legal basis: Article 20 of the GDPR.
a)The Customer has the right to receive the personal data they have provided to the Controller and then send it to another personal data controller of their choice. The Customer also has the right to request that the personal data be sent by the Controller directly to such controller, insofar as this is technically possible. In this case, the Controller will send the Customer’s personal data in the form of a CSV file format, which is a commonly used, machine-readable format that allows for the transmission of the received data to another personal data controller.
8. In the event that the Customer makes a claim under the above-mentioned rights, MLE S.C. shall either comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if – due to the complex nature of the request or the number of requests – MLE S.C. is not able to fulfil the request within one month, it shall fulfil it within a further two months informing the Customer of the intended extension of the deadline and the reasons for it in advance – within one month of receiving the request.
9.The Customer may lodge complaints, queries, and requests with the Controller regarding the processing of their personal data and the exercise of their rights.
10.The Customer has the right to request a copy of the standard contractual clauses from MLE S.C. by directing an enquiry as indicated in §6 of the Privacy Policy.
11.The Customer has the right to lodge a complaint with the President of the Data Protection Authority regarding a breach of their data protection rights or other rights granted under the GDPR.
§ 5 Security management – password
1.MLE S.C. provides Customers with a secure and encrypted connection when transferring personal data and when logging into the Customer Account on the Website. MLE S.C. uses an SSL certificate issued by one of the world’s leading companies for the security and encryption of data transmitted over the Internet.

2.In the event that a Customer with an account in the Shop has lost their password in any way, the Online Shop allows the Customer to generate a new password. MLE S.C. does not send a password reminder. The password is stored in the database in an encrypted form in such a way that it cannot be read. In order to generate a new password, an e-mail address must be provided in the form available under the “Password reminder” link, provided when logging in to an account in the Online Shop. The new password will be automatically sent to the e-mail address provided during registration or saved in the last account profile change.
3.MLE S.C. never sends any correspondence, including electronic correspondence, requesting login details and, in particular, the password to access the Customer’s account.
§ 6 Changes to the Privacy Policy
1.The Privacy Policy is subject to change, of which MLE S.C. will inform Customers 7 days in advance.
2.For questions related to the Privacy Policy, please contact office@mlecollection.com.
3.Date of last modification: 15 October 2019.