Free shipping to PL from 200 PLN Shipping within 24 hours Cheap overseas shipping On the market since 2005 Blog Help
Categories Manufacturers MENU Blog Cart

Your shopping cart is empty!

Privacy Policy

At mz-store.co.uk, we respect your right to privacy and attach great importance to the protection of your personal information. This Privacy Policy (hereinafter: "Privacy Policy") explains how we collect, use, share and protect the data you entrust to us when you use our online store available at www.mz-store.pl (hereinafter: "Store").

We act in accordance with applicable laws, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: "RODO") and Polish data protection regulations.

Provision of personal data is, in principle, voluntary, but necessary to conclude and execute the Sales Agreement, provide electronic Services, handle inquiries, returns and complaints, fulfill obligations under the law. Failure to provide data may prevent the use of certain services or functionalities of the Store.

We reserve the right to verify the veracity of the data provided during registration in the Online Store. If we find that the data is not true, we have the right to delete the Customer's Account, after sending an e-mail to the Customer with information that due to the falsity of the data the Account will be deleted.

1 Who is the Administrator of your personal data?

The personal data of Sellers and Buyers, as defined in the Store Regulations, are processed by the Administrator as the administrator of personal data within the meaning of Article 4(7) of the RODO and other applicable laws.

The personal data administrator is:

MZ-Store S.A. based in Reda (84-240), ul. Cypriana Kamila Norwida 47, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, VIII Economic Division of the National Court Register under KRS no: 0000877266, REGON: 38787611700000, NIP: 5862363341, BDO: 000517970, share capital: PLN 5,000,000.00, paid in full.

If you have questions about the processing of your personal data, you can contact us at e-mail: office@mz-store.pl, by phone: +48 510 054 085 (Mon-Fri: 8:00 a.m. - 4:00 p.m., charge as for a standard call - according to the price list of the relevant operator) or in writing to the address of our registered office.

The Administrator has not appointed a Data Protection Officer. In matters related to the processing of personal data, you can contact MZ-STORE directly using the data indicated in point 1 of the Privacy Policy.

2 What personal data do we collect, for what purposes and on what basis?

We collect different types of personal data depending on how you use our Store. Below are the categories of data and the purposes of their processing:

  • Data provided during account registration and order placement:

- Identification and contact data: name, surname, e-mail address, telephone number, shipping address (street, house/apartment number, postal code, city, country).

- Purpose: To process orders, handle payments, issue invoices, communicate about the order, handle complaints and returns, maintain the user's account.user account, implementation of statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations.

- Legal basis: Article 6(1)(b) of the RODO (performance of a sales contract or provision of a user account service), Article 6(1)(c) of the RODO (performance of a sales contract or provision of a user account service). c RODO (the Administrator's legal obligation), for the purpose of possible establishment and investigation of claims or defense against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO) in protecting your rights.

  • Payment data: name, surname, address, information necessary for payment processing (e.g. payment card type, bank details).

- Purpose: To accept payment for ordered products, to fulfill the Administrator's statutory obligations, resulting in particular from tax and accounting regulations.

- Legal basis: Article 6(1)(b) RODO (performance of a sales contract), Article 6(1)(c) RODO (the Administrator's legal obligation), for the purpose of possibly establishing and asserting claims or defending against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO) in protecting its rights.

  • Data collected automatically when using the site:

- Technical data: IP address, browser type, operating system, device type, time of access to the site, pages and products viewed.

- Purpose: To ensure proper operation of the site, security, usage statistics, personalization of content and offers, prevention of fraud.

- Legal basis: Article 6(1)(f) RODO (legitimate interest of the Administrator - to ensure the functionality and security of the site, to conduct statistical analysis), for the purpose of possibly establishing and asserting claims or defending against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO) in protecting its rights.

  • Data collected via cookies (cookies):

- Data regarding your activity on the site: Preferences, products added to cart, browsing history.

- Purpose: To improve site performance, personalize user experience, analyze site traffic, marketing purposes (display personalized ads).

- Legal basis: Article 6(1)(a) RODO (your consent) for marketing and analytical cookies, or Article 6(1)(f) RODO (legitimate interest of the Administrator) for cookies necessary for the operation of the site. For details on cookies, please see our Cookies Policy.

  • Data from correspondence: If you contact us (e.g. through a contact form, e-mail, telephone), we collect the data contained in your correspondence.

- Purpose: To handle inquiries, complaints.

- Legal basis: Article 6(1)(b) RODO (acting at the request of the data subject before entering into a contract) or Article 6(1)(f) RODO (acting at the request of the data subject before entering into a contract). f RODO (legitimate interest of the Administrator - correspondence and customer service), for the purpose of possible establishment and investigation of claims or defense against them the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO) to protect his/her rights.

  • Marketing data (if you have agreed to the newsletter): Email address.

- Purpose: To send a newsletter with information about news, promotions and offers.

- Legal basis: Article 6(1)(a) of the RODO (your consent), for the purpose of possibly establishing, asserting or defending against claims - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO) consisting in the protection of its rights.

  • Data obtained in connection with the use of social media: If you communicate with us via our social media profiles (e.g. Facebook, Instagram), we may process the data you share with us there (e.g. username, message content).

- Purpose: To handle inquiries, promote the brand.

- Legal basis: Article 6(1)(f) RODO (legitimate interest of the Administrator - communication with customers and promotion), for the purpose of possible establishment and investigation of claims or defense against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO) in protecting your rights.

The Administrator may also process personal data in order to fulfill obligations under national law, in particularthe Law on Provision of Electronic Services, the Law on Consumer Protection, the Law on Prevention of Money Laundering and other legal acts.

3 To whom do we share personal data?

The Administrator may entrust the processing of personal data to third parties with whom he has entered into appropriate data processing entrustment agreements in accordance with Article 28(3) of the RODO.

Personal data may be disclosed to external entities, including in particular: couriers, customs agencies, marketing agencies, IT service providers, hosting providers, payment processorsonline, providers of analytical and marketing tools, accounting and legal services to whom we outsource Personal Data processing services.

In the case of a complaint, your Personal Data may be transferred to the Seller, product distributor, manufacturer or guarantor, depending on the goods covered by the complaint.

If we obtain your consent, your Personal Data may also be shared with other entities for their own purposes, including marketing purposes. With your consent, we may provide your personal data, to the extent necessary for the execution of the Sales Agreement to external companies handlingto third-party companies that process online payments, if you choose this type of payment through any of the payment systems. The transfer relates to Personal Data necessary to complete the payment. The selection of a particular payment type constitutes your consent to the transfer of data to the payment operator.

We assure you that any third-party entities to which we share your data are required to protect it in accordance with the applicable provisions of the RODO and the data processing entrustment agreements entered into with us.

4 Transfers of data outside the European Economic Area (EEA)

We may also transfer personal data to recipients located outside the European Economic Area (EEA) in so-called third countries.

In this case, before transferring the data, we ensure that an adequate level of data protection is in place at the recipient (e.g. on the basis of an EU Commission decision finding an adequate level of protection for the country in question or an agreement with the recipient on so-called European Union standard contractual clauses) or your consent to the data transfer is available.

You can obtain from us an understanding of recipients in third countries and obtain a copy of the specifically agreed regulations for ensuring an adequate level of data protection. Please use the data in Section 1 for this.

5 How long do we keep Personal Data?

The period of processing of Personal Data by the Administrator depends on the type of Electronic Service or results from the Sales Agreement and the purpose of processing. As a general rule, Personal Data is processed for the duration of the provision of the Electronic Service or the performance of the Sales Agreement, until the withdrawal of the consent given or the filing of an effective objection to the processing of Personal Data in cases where the legal basis for the processing of Personal Data is the legitimate interest of the Administrator. The period of processing of Personal Data may be extended if the processing is necessary to establish and assert or defend against possible claims, and thereafter only if and to the extent required by law. After the expiration of the processing period, personal data shall be irreversibly deleted or anonymized. Personal data will be processed for the duration:

- the duration of the contract and for the time necessary to assert claims (up to 6 years);

- as required by law (e.g., for tax purposes, at least 5 years from the end of the fiscal year);

- until the withdrawal of consent (for data processed on its basis);

- until the Administrator's legitimate interest exists (no longer than 3 years from the last contact).

In certain cases, data may be kept for longer periods if further processing is necessary to establish, assert or defend claims, including as part of internal complaint proceedings or in connection with legal obligations.

After the expiration of the indicated periods, personal data shall be irreversibly deleted or anonymized in such a way that the data subject cannot be identified.

6 Your rights with respect to personal data protection

As a data subject, you have the following rights under the RODO:

  • Right of access to data: You have the right to obtain confirmation from us as to whether we are processing your personal data, and if so, to access the data and information regarding the processing, including the categories of data processed, the purposes of the processing, the categories of recipients, the period of storage.
  • Right to rectification of data: You have the right to request the rectification of your personal data that is incorrect, as well as the completion of incomplete data.
  • Right to erasure of data ("right to be forgotten"): You may request deletion of your personal data if:

- The data are no longer necessary for the purposes for which they were collected or otherwise processed.

- You revoke your consent to their processing, and there is no other legal basis for processing.

- You object to the processing (Article 21(1) of the RODO), and there is no overriding legitimate basis for processing.

- The data is processed unlawfully.

- The data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which we are subject.

  • Right to restrict processing: You have the right to request that the processing of your data be restricted.
  • Right to data portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used machine-readable format and send it to another controller without hindrance from us, if the processing is based on consent or contract and by automated means. You may also request that the data be sent directly to another controller, if technically possible.
  • Right to object:

- Object on grounds related to your particular situation: You may object at any time to the processing of your personal data based on the Administrator's legitimate interests (Article 6(1)(f) RODO), including profiling, for reasons related to your particular situation. In such a case, we will stop processing your data unless we demonstrate the existence of valid, legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, asserting or defending claims.

- Objection to direct marketing: You have the right at any time to object to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. Once you file an objection, your data will no longer be processed for these purposes.

  • Right to withdraw consent: If the processing of your data is based on your consent (e.g. to receive newsletters), you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
  • Right to lodge a complaint with a supervisory authority: If you believe that we are processing your personal data unlawfully, you have the right to file a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection (PUODO).

Address: Stanisława Moniuszki Street 1A, 00-014 Warsaw

Phone: 22 531 03 00

Website: www.uodo.gov.pl

To exercise the above rights, please contact us using the details provided in Section 1 or fill out the RODO Rights Exercise form available here: LINK and send it to the email address indicated in Section 1. To ensure the security of your data, we may ask you to provide additional information to verify your identity.

We will respond to your request no later than 1 month after receiving it.

7 Security measures

We use appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, destruction, modification or disclosure. Our measures include, but are not limited to:

Data encryption: All connections to our store are encrypted using SSL/TLS to ensure the security of information transmitted.

Access Control: Only authorized employees and associates who are committed to confidentiality have access to your personal information.

Pseudonymization and anonymization: Where possible, we use pseudonymization and anonymization techniques to minimize the risk of identification.

Backups: We regularly back up data to ensure recovery in the event of a disaster.

Systems monitoring: We continuously monitor our systems for potential threats and vulnerabilities.

We are committed to continuously improving our security to ensure the highest level of protection for your data.

8 Direct marketing

If you give your separate consent, we will be able to use the personal data you provide to send you marketing offers available to youavailable in the Store, Newsletter, surveys and invitations - by e-mail, SMS or telephone, depending on the scope of your consent.

The Personal Data you provide to us in this way may be transferred to third-party companies solely for the purpose of providing these services to our company, and they enable marketing agencies and technical suppliers to distribute digital and printed direct marketing materials.

We will never transfer your Personal Information for marketing purposes, sell it or exchange it with other parties other than for the purposes described above, unless you give your informed consent to such sharing.

You have the right to withdraw your consent to process Personal Data material for direct marketing purposes at any time.

Once you withdraw your consent for us to process Personal Data for direct marketing purposes, we will no longer be able to send you any direct marketing offers or information previously sent to you based on your consent to process Personal Data.

You may opt out of receiving direct marketing materials as follows:
by editing the settings of your Customer Account - by unchecking the relevant consents in the tab;
by making a request via email to: office@mz-store.pl.

9 Profiling and automated decision-making

In the process of providing direct marketing services, we make decisions in an automated manner, including through profiling, based on the data we have about you determining your preferences (such as your purchase history, products viewed, preferences). Based on this information, we assign you a personal profile relevant to our ability to offer you our services or those of our partners, and the amount of discounts we may grant you.

These decisions are made automatically based on statistical analysis. Decisions made in this automated manner affect the selection of services offered to You and products that in Our opinion may be of interest to You.

Automated decision-making for direct marketing purposes is based on your voluntary consent. (Article 6(1)(a) RODO in conjunction with Article 22(2)(c) RODO). You may withdraw your consent at any time without affecting the compatibility of the processing prior to its withdrawal.

If you do not agree with our assessment of your situation made on the basis of automated processing in this manner, you may file a complaint through the communication channels specified in Section 1 of the Privacy Policy.

10 Information directed to Sellers

In case Sellers gain access to Buyers' personal data (e.g., for the purpose of order processing), the conclusion of a separate agreement for entrustment of personal data processing, as referred to in Article 28 RODO, is required. Failure to conclude such an agreement prevents the use of the Store's functionalities allowing access to Buyers' personal data.

Sellers act as independent administrators of personal data to the extent that they process Buyers' data on their own, in particular for the purpose of performing sales contracts concluded through the Store.

Sellers are obliged to ensure that data processing is in compliance with applicable laws, including the RODO, and to comply with their obligation to provide information to data subjects.

Personal data may be transferred to third parties only to the extent necessary to achieve the purposes indicated above, including but not limited to. providers of IT, courier, accounting, payment services, payment operators, consulting companies and law firms on the basis of data processing entrustment agreements or other appropriate legal grounds under the RODO. These entities are obliged to maintain confidentiality and process data in accordance with applicable laws.

The Administrator is not responsible for the manner in which Sellers process personal data if they act as separate data controllers. Nonetheless, the Administrator shall exercise due diligence to verify that Sellers process data in accordance with applicable laws, including by verifying documentation, requiring a data entrustment agreement and conducting internal control procedures.

Any use of Buyers' personal data obtained by Sellers for any marketing or other commercial purposes that are not directly related to the implementation of the sales contract concluded through the Store is prohibited.

All activities of Sellers in the processing of personal data must be in accordance with the RODO and limited to the necessary extent resulting from the purpose of processing. In particular, Sellers are required to ensure data security and respect for the rights of data subjects by implementing appropriate technical and organizational measures to ensure data security.

11 Changes to the Privacy Policy

We reserve the right to amend the Privacy Policy at any time to adapt it to changes in the law or in the way we process data.

Any changes will be published on this page and will take effect on the date of publication, unless otherwise indicated.

We recommend that you check the Privacy Policy regularly to keep up to date with how we protect your data.

We will notify you of significant changes by email if you have a Customer Account with us or have subscribed to our Newsletter.