MBE Poland Sp. z o.o. is the personal Data Controller (hereinafter the "Data Controller") of the Customer.
The Customer data processed by the Data Controller includes: name, surname, date of birth, place of residence, parents' names, PESEL number, Tax Identification Number , series and number and date of expiry of the identity card, place of work, occupation, education, phone number, e – mail address.
The Data Controller hereby informs the Customer that such data provided by the same, may be used for:
a. ensure the registration to the websites www.mbe.com.pl and http://www.mbepoland.pl/poland/lp/franchises/ (hereinafter the "Website");
b. provide information, fulfill orders, deliver products and provide the services in accordance with the wishes of the Customer through the Website, as well as process payments, manage potential complaints and communicate with the Customer about the above;
c. legally justified purposes pursued by the Data Controller, including in particular a direct marketing of its own products and the services of the Data Controller, excluding the means of electronic communication;
d. carry out statistical surveys and interactive business communications, by sending SMS, e-mails (also through DEM and newsletters), fax, placing telephone calls even without the involvement of an operator, in relation to products and/or services offered by the Data Controller, other than those referred to in point c. above;
e. carry out statistical surveys and interactive business communications, by sending SMS, e-mails (also through DEM and newsletters), fax, placing telephone calls even without the involvement of an operator, in relation to products and/or services offered by subsidiary or associated companies such as the Italian companies of the MBE Group, DireFareStampare S.r.l., Buy-Me S.r.l. and MBE Worldwide S.p.A., or even by third-party companies which, from time to time, may develop business partnership agreements and/or initiatives, campaigns and joint business projects of the Data Controller or related to the Data Controller.
The processing of data will be carried out with the assistance of both the information systems, as well as in the traditional way (on paper). The Data Controller uses technical and organizational measures for the proper protection of the Customer’s processed data, and in particular secures data from unauthorized disclosure, takeover by an unauthorized person, processing with the violation of the Act of August 29, 1997 on the Protection of Personal Data, any change, loss, damage or destruction. In relation to personal data processing the Data Controller will employ designated data processors selected taking into technical, commercial and administrative reference areas. Some technical, organizational or management processing operations, closely related and in function of the supply of services required by the Customer, may be entrusted to third-party companies, subsidiaries of the Data Controller or his associates. Following the condition of prior and expressed consent of the Customer, the Data Controller may also share personal data of the Customer, even with the aid of electronic and automated tools of all kinds, to third parties, in order to provide information related to promotions and special offers, carry out marketing communications and send advertising and commercial material utilizing the telephone channel, SMS, MMS, video, e-mails, paper mail, fax or any other communication vehicle permitted by the state of the art, in relation to products and services belonging to third party service providers or the Data Controller’s business partners, who will take on the entitlement of data controller, with all the related obligations and liabilities of the law, independently and exclusively in relation to the processing of these data operated on their behalf and in their interest.
The Customer has the right to have access to his data and to rectify this data.
In addition, the Customer has the right to control the processing of personal data in accordance with the Article 32 of the Act of August 29, 1997 on the Protection of Personal Data. In particular, the Customer has the right to:
a. obtain relevant information (i.e., regarding the filing system containing his or her personal data, the data controller and its registered office and address, the purpose, the scope and the means of the processing of the data contained in the filing system; since when the data is being processed in the system, the details of the data, the source of the data concerning him, the way of sharing the data, in particular, the recipients or categories thereof to whom the data are disclosed);
b. request that the data be completed, updated, rectified, temporally or permanently suspended or erased, in case they are not complete, outdated, untrue or collected with the violation of the Act of August 29, 1997 on the Protection of Personal Data, or in case they are no longer required for the purpose for which they have been collected;
c. in the cases referred to in the Article 23.1 point 4 and 5 of the Act of August 29, 1997 on the Protection of Personal Data, object to the processing of his personal data in the cases provided for by the law, in particular, if the Data Controller intends to process the data for marketing purposes or to transfer the data to another data controller, if the Customer did not consent thereto as well make a justified demand in writing for the blocking of the processing of his data, due to his particular situation.
The Data Controller is able to take action towards data concerning the Customer when it is believed, in good faith, that such activities may be necessary for:
a. exercise of rights or fulfilment of obligation of the Data Controller resulting from provisions of law;
b. actions taken on behalf of any competent authority, in particular support the law enforcement authorities in the suppression of illegal activities taking place on the Internet by one or multiple users, but not necessarily in the use of services and/or in which the use of services has been in any way instrumental in order to commit any type of crime;
c. claims enforcement by the Data Controller arising from economic activity;
d. defend against third entities disputes claiming that an action and/or omission on behalf of the Customer and brought upon in any way or form violates their rights.
In any case, the Data Controller can communicate the data provided by the Customer to third entities that can access the data in compliance with the applicable regulations.