JOIN MBE TEAM
MBE CENTER
CONTACT US

PRIVACY POLICY AND INFORMATION ON THE PROCESSING OF CUSTOMER PERSONAL DATA

(hereinafter referred to as the “Principles”)

This Policy summarizes the manner and procedure for processing personal data of MBE CZ s.r.o., ID No.: 216 48 697, with registered office at K Hrušovu 292/4, Štěrboholy, 102 00 Prague 10, a company registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 403559 (hereinafter referred to as the “Administrator“), as far as the personal data of the Administrator’s customers is concerned.

Below you will find out how the Controller will process your data. The Policy explains in particular:

  • what information we collect and for what reason;
  • how we use this information;
  • what options we offer, including accessing and updating information.

Personal data controller

The personal data controller is MBE CZ s.r.o., ID No.: 216 48 697, with registered office at K Hrušovu 292/4, Štěrboholy, 102 00 Prague 10 , a company registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 403559.

The recipient of the personal data are:

  1. Carriers and delivery services;
  2. Accountant;
  3. Operator of the company’s web portal and e-shop

Customer

Customer means the recipient of goods, services or products that he/she receives from the Administrator for monetary or other valuable consideration. Customer in this Policy means a person who intends to enter into a contract with the Administrator. A Customer is a person who purchases services or goods through the Administrator’s online shop (e-shop) and/or at the Administrator’s premises or outside the Administrator’s business premises.

  1. AN OVERVIEW OF THE DATA PROCESSED AND THEIR RECIPIENTS
  1. According to Act No. 110/2019 Coll, on the processing of personal data (hereinafter referred to as the “Act“) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation“), all information about an identified or identifiable natural person (hereinafter referred to as the “Data Subject“) is considered. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
  2. This primarily includes the following personal data: name, surname, email address, telephone number, payment details, home address (hereinafter referred to as “Personal Data“). 
  1. THE PURPOSES AND LEGAL GROUNDS FOR PROCESSING
  1. In certain cases set out in the Regulation, the Controller may process Personal Data for purposes other than those set out below, but these are exceptional and limited cases, which are subject to the fulfilment of other conditions.
  2. The purpose of the processing of Personal Data is to complete the order and its execution (order execution). The execution of an order (conclusion of a contract) creates a legitimate interest in the processing of personal data for the purpose of sending commercial communications. You can opt-out of receiving commercial communications in a simple way at any time by clicking on the relevant link in each commercial communication or by calling the number listed in the contact details below.
  3. The legal basis for this is that the processing is necessary for the performance of a contract to which the Data Subject is a party or for the implementation of measures taken prior to the conclusion of the contract at the request of the Data Subject and for the purposes of the legitimate interests of the Controller.
  4. Any processing of personal data must be lawful – it must be based on one of the legal grounds for processing listed in the Regulation. As with the purpose, any data may be processed on the basis of more than one legal ground for processing. If all the legal grounds fall away, then we will stop processing your data. 
  1. HOW PERSONAL DATA IS PROCESSED
    1. Personal data of the Data Subject will be processed by the Controller in an automated manner.
    2. If you visit and browse our website, we process the following log files and store them on our servers. We process this information for a maximum period of one year and only for the purposes of our legal protection. The information we store includes:
  • Your IP Address;
  • Open page of our website;
  • Response code http;
  • Identification of your browser;
  • HTTP referer record.
  1. Our website uses technology to collect and store information using cookies on your device. Cookies are small text files that we do not send anywhere, you can remove these cookies from your browser or disable their use altogether through your browser settings. Cookies do not collect any of your Personal Data, however, without these cookies we cannot provide the full functionality of the website.
  2. We use various payment terminals on the Sites to provide online payments, but the Administrator does not have any access to your account and credit card information that you enter into the payment terminal when making a payment. You provide this information directly to the payment service provider, which is your bank. 
  3. The controller guarantees that it has taken appropriate technical and organisational measures with regard to the nature, scope and purpose of the processing of Personal Data. Should a breach of security of Personal Data occur, the Controller shall report the breach to the supervisory authority (the Data Protection Authority).
  4. Personal data will not be transferred to third countries.
  5. Upon request or in the event of suspected violations, Personal Data may also be transferred to state and local government authorities.
  6. The Controller shall promptly address any security incident involving Personal Data. If the incident is likely to result in a high risk to the rights and freedoms of the Data Subject, the Controller shall always inform the Data Subject and communicate what remedial measures it has taken. A record shall be kept of each incident. The Controller shall inform the Data Protection Authority of any serious incident.
  7. THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE PROCESSED
  1. The Controller will process Personal Data only for the time necessary for the purpose of processing, after which the Personal Data will be archived to protect the Controller’s legitimate interests, and then it will be disposed of in accordance with applicable law .
  2. Sometimes it is more difficult to determine the necessary processing period or for security reasons it is not appropriate to disclose the exact length of this period, so below are at least some of the criteria used by the Controller to determine the length of processing of your data. 
  3. The Controller will process personal data for the period necessary to ensure all rights and obligations arising from the contract, i.e. at least for the period of ensuring the implementation of the order and the customer’s purchase contract, and for the period for which the Controller is obliged to store them under generally binding legal regulations.
  4. For the processing of Personal Data, the Controller bases the determination of the processing period on the following considerations:

(a) the length of the limitation period, 

(b) the likelihood of legal claims, 

(c) normal market practices, 

(d) the likelihood and significance of the risks involved; and 

(e) any recommendations of the supervisory authorities.

  1. Invoices and other accounting documents issued by the Administrator are archived in accordance with the relevant regulations, in particular Section 35 of Act No. 235/2004 Coll., on Value Added Tax, for a period of 10 years from their issue. Due to the need to prove the legal reason for issuing invoices, the relevant information relating to the purchase in question is also archived for 10 years from the date of termination of the contract. The Controller shall delete (or anonymise) the personal data no later than in the calendar month following the expiry of the period in the previous sentence.
  1. INFORMATION ON THE RIGHTS OF DATA SUBJECTS
  2. The natural person has the right with the Controller to:
  1. to request access to Personal Data processed by the Controller, which means the right to obtain confirmation from the Controller whether or not Personal Data concerning him/her is being processed and, if so, the right to obtain access to such Personal Data and to other information referred to in Article 15 of the Regulation;
  2. request the rectification of Personal Data processed about him/her if it is inaccurate. Taking into account the purposes of the processing, in some cases, he/she also has the right to request the completion of incomplete Personal Data;
  3. request the deletion of Personal Data in the cases provided for in Article 17 of the Regulation;
  4. request restriction of the processing of Personal Data in the cases provided for in Article 18 of the Regulation; 
  5. to obtain Personal Data relating to her and
  • processed by the Data Controller with the consent of the Data Controller; or 
  • processed by the Controller for the performance of a contract to which such a natural person is a party or for the performance of measures taken before the conclusion of the contract at the request of the natural person in a structured, commonly used and machine-readable format, with the right to transfer such Personal Data to another controller, subject to the conditions and limitations set out in Article 20 of the Regulation;
  1. has the right to object to processing within the meaning of Article 21 of the Regulation on grounds relating to his or her particular situation. 
  2. Right to object:

Each Data Subject has the right to object. The right to object allows you to have processing carried out on the basis of a so-called legitimate interest reviewed where the particular situation of the Data Subject justifies it – i.e. where the processing itself is permissible but there are specific reasons on the part of the Data Subject why he or she does not want the processing to take place. However, the possibility to object does not apply to all cases.

  1. PROCESSING OF THE DATA SUBJECT’S REQUEST
  2. If the Controller receives a request from the Data Subject for access to Personal Data, their correction, limited processing, erasure, etc., it will inform the applicant of the measures taken without undue delay, no later than one month after receiving the request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests. The administrator shall not be obliged to grant the request in whole or in part in certain cases provided for in the Regulation, e.g. if the request is manifestly unfounded or unreasonable, e.g. a repeated request. In such cases, the Administrator may: 
  1. impose a reasonable fee, taking into account the administrative costs involved in providing the requested information or communication or taking the requested action; or 
  2. refuse to grant the request.
  1. If the Data Controller receives a request from a Data Subject but has reasonable doubt about the identity of the applicant, the Data Controller may ask the applicant to provide additional information necessary to confirm his or her identity.
  2. The information that you have exercised your rights with the Controller and how the Controller has dealt with your request will be retained by the Controller for a reasonable period of time (4 years) for the purpose of documenting this fact and protecting your rights.
  1. FINAL PROVISIONS
  1. All legal relations arising on the basis of or in connection with the processing of Personal Data are governed by the law of the Czech Republic, regardless of where the access to the data was made. 
  2. This Personal Data Protection Policy may be modified or supplemented by the Controller at its discretion. If changes are made to this Policy, the date of the last revision listed at the bottom of this page will also change, and the revised or supplemented Policy will be effective with respect to you and your information as of that date. We encourage you to review this Policy periodically to keep up to date with how the Controller is protecting your Personal Information.
  3. If you believe that the Controller is processing Personal Data unlawfully or otherwise violating your rights, you have the right to file a complaint with a supervisory authority (i.e., the Office for Personal Data Protection) or seek judicial protection.

Contact:

You can exercise your questions and rights in relation to the processing of personal data by:

– by e-mail: info@mbeczech.cz or by phone at +420 727 887 866

– in documentary form at the address of the Administrator’s registered office at K Hrušovu 292/4, Štěrboholy, 102 00 Prague 10.

Entry into force and effect

This Policy shall come into force and effect on the date of its promulgation as set out in the footer.

Announcement: on 1.12.2024