Privacy policy

The following Privacy Policy defines rules for saving and accessing data on users ' devices to provide services in electronic form by the administrator and rules for collecting and processing users ' personal datawhich were provided to them personally and voluntarily through the tools available on the site.

The following Privacy Policy is an integral part of Service Rules, which defines the rules, rights, and obligations of users using the site.

§1 definitions

• Service – serwis internetowy “actibase.eu” działający pod adresem https://actibase.eu

• External service - websites of partners, service providers, or service recipients who cooperate with the Administrator

• Site / Data Administrator - The site administrator and data administrator (hereinafter referred to as the administrator) is the company "Mexel LLC", operating at the address: Grzybowska str. 80/82 Lok. 700, 00-844 Warsaw, with the assigned tax identification number (TIN): 5272959067, providing services in electronic form through the service

• User - an individual for whom the administrator provides services in electronic form through the service.

• Device - an electronic device together with the software that the user uses to access the service

• Cookies (cookies) - text data collected in the form of files placed on the user's device

• GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural Persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation)

• Personal data -means information about an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be directly or indirectly identified, in particular by an identifier such as name, identification number, location data, internet identifier, or one or more specific factors that determine the physical, legal, or legal identity of the individual. the physiological, genetic, mental, economic, cultural or social identity of an individual

• Recycling - means an operation or set of operations performed with personal data or sets of personal data in an automated or non-automated manner, such as collecting, storing, organizing, organizing, storing, adapting or modifying, retrieving, viewing, using, disclosing through transmission, distribution or other type of exchange, collating or combining, restricting, deleting, or destruction;

• Restriction of processing - designates stored personal data to limit their future processing

• Profiling - means any form of automated processing of personal data that involves the use of personal data to assess certain personal factors of an individual, in particular to analyze or predict aspects related to the individual's performance, economic status, health, personal preferences, interests, reliability, behavior, location or movement

• I agree - consent of the data subject means a voluntary, specific, informed and unambiguous expression of the will by which the data subject allows the processing of his / her personal data in the form of a statement or explicit confirmation action

• Violation of personal data protection - means a security breach resulting in accidental or illegal destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed

• Pseudonymization - means processing personal data in such a way that it can no longer be attributed to a specific data subject without using additional information, provided that such additional information is stored separately and covered by technical and organizational measures that prevent its assignment to an identified or identifiable individual

• Anonymity - Data anonymization is an irreversible process of working with data that destroys / overwrites “personal data”, preventing identification or linking of this record to a specific user or individual.

§2 Data Protection Inspector

In accordance with Article 37 of the GDPR, the administrator has not appointed a data protection inspector.

If you have any questions about data processing, including personal data, please contact the administrator directly.

§3 Types Of Cookies

• Internal cookies - files downloaded and read from the user's device by the service's ICT system

• External cookies - files downloaded and read from the user's device by information systems of external services. Scripts of third-party services that can place cookies on the user's devices were deliberately placed on the site through scripts and services provided and installed on the site

• Session cookies - files downloaded and read from the user's device by the service in one session of this device. After the session ends, the files are deleted from the user's device.

• Persistent Cookies - files that are downloaded and read from the user's device by the service until they are manually deleted. Cookies are not automatically deleted after the device session ends, unless the user's device configuration is set to delete cookies after the device session ends.

§4 data storage security

• Mechanisms for storing and reading cookies - Mechanisms for storing, reading and exchanging data between cookies stored on the user's device and the service are implemented using the built-in mechanisms of web browsers and do not allow you to extract other data from the user's device or data from other websites that the user has visited, including personal data or confidential information. It is also almost impossible to transmit viruses, Trojan horses, and other worms to the user's device.

• Internal cookies - Cookies used by the administrator are safe for users ' devices and do not contain scripts, content or information that may endanger the security of personal data or the security of the device you are using.

• External cookies - The administrator performs all possible actions to check and select site partners in the context of user security. The administrator selects well-known large partners with global social trust for cooperation. However, it does not have full control over the content of cookies from third-party partners. The administrator is not responsible for the security of cookies, their contents and licensed use of scripts installed on the site, originating from third-party services, to the extent permitted by law. The list of partners is given below in the Privacy Policy.

• Control of Cookies

  • The user can at any time independently change the settings for saving, deleting and accessing the data of stored cookies by any website

  • Information on how to disable cookies in the most popular computer browsers is available at: from one of the specified providers:

    • Managing cookies in the browser Chrome
    • Managing cookies in the browser Opera House
    • Managing cookies in the browser FireFox
    • Managing cookies in the browser Edge
    • Managing cookies in the browser Safari
    • Managing cookies in the browser Internet Explorer 11

  • You can delete all cookies stored to date at any time by using the tools of the user's device that you use to use the site's services.

• Threats on the user's side - The Administrator takes all possible technical measures to ensure the security of data stored in cookies. However, it should be noted that ensuring the security of this data depends on both parties, including the user's activity. The administrator is not responsible for intercepting this data, impersonating the user's session, or deleting it as a result of the user's conscious or unconscious activity, viruses, Trojan horses, or other spyware programs that may or may not have been infected on the user's device. Users must follow the rules of safe use of the Internet to protect themselves from these threats.

• Storage of personal data - The administrator guarantees that he / she does everything possible to ensure that the processed personal data, voluntarily entered by users, is secure, access to it is restricted and carried out in accordance with their purpose and purposes of processing. The administrator also ensures that it does everything possible to protect existing data from loss by applying appropriate physical and organizational security measures.

• Storing passwords - The administrator declares that passwords are stored in encrypted form, using the latest standards and recommendations in this regard. Decryption of account access passwords is almost impossible.

§5 purposes for which cookies are used

• Improving and simplifying access to the service
• Website personalization for users
• Allow access to the site

§6 purposes of personal data processing

Personal data voluntarily provided by users is processed for one of the following purposes::

• Implementation of electronic services:
  • Services for registering and maintaining a User account on the site and related functionality
• Communication between the administrator and users on issues related to the service and data protection
• Ensuring the legitimate interests of the administrator

User data collected anonymously and automatically is processed for one of the following purposes::

• Ensuring the legitimate interests of the administrator

§7 third-party cookies

The site administrator uses JavaScript scripts and partner web components that can place their own cookies on the user's device. Please note that in your browser settings, you can decide for yourself which cookies can be used by individual websites. Below is a list of partners or their services implemented on the site that can place cookies. Services provided by third parties are beyond the administrator's control. These organizations may change their terms of service, privacy policy, purpose of data processing, and ways of using cookies at any time.

§8 types of data collected

The service collects data about users. Some of the data is collected automatically and anonymously, and some of the data is personal data voluntarily provided by users when subscribing to certain services offered by the service.

Anonymous data collected automatically:

• IP address
• Browser Type
• Screen Resolution
• Approximate location
• Site subpages to open
• Time spent on the corresponding site page
• Operating System Type
• Address of the previous subpage
• Referrer's address
• Browser Language
• Internet connection speed
• Internet Service Provider

Data collected during registration:

• First / Last name / Alias
• Username
• Email address
• Residential address
• Phone number
• IP address (collected automatically)

Data collected when subscribing to the newsletter

• First / Last name / Alias
• Email address
• IP address (collected automatically)

Some of the data (without identifying data) may be stored in cookies. Some of the data (without identifying data) can be transmitted to the statistical service provider.

§9 access to personal data of third parties

As a rule, the only recipient of personal data provided by users is the administrator. Data collected as part of the services provided is not transferred or resold to third parties.

Access to data (most often under a contract of assignment for data processing) may be granted to entities responsible for maintaining the infrastructure and services required for conducting the service, i.e.:

• Hosting companies that provide hosting services or related services to the administrator
• Companies that make online payments for goods or services offered within the service (in case of making purchase transactions on the site)
• Companies responsible for delivering physical products to the user (postal / courier services in case of making a purchase transaction on the site)

Entrust the processing of personal data-hosting services, VPS or dedicated servers

The administrator uses the services of a third-party hosting provider, VPS or dedicated servers to manage the site – home.pl. All data collected and processed on the site is stored and processed in the service provider's infrastructure located in Poland. Access to data is possible as a result of service work performed by the service provider's personnel. Access to this data is regulated by a contract concluded between the administrator and the service provider.

Processing data for online payments

If a payment is made online, all payment data is transmitted directly by the user to the payment provider – AutoPay. The selected data required for placing an order is then transmitted by this subject to the administrator. Data transfer is regulated by a contract concluded between the administrator and the service provider.

Transfer of personal data-courier services

If a transaction is concluded that requires the transfer of the item for which the transaction was made via mail or courier, part of the personal data of individuals or data of individuals engaged in business activities is transferred to the entity that provides the administrator with mail / courier services selected by the user. The transfer of this data is regulated by a contract concluded between the administrator and the service provider.

§10 Method of processing personal data

Personal data provided by users voluntarily:

• Personal data will not be transferred outside the European Union, unless they were published as a result of individual user actions (for example, making a comment or message), which will make the data available to each site visitor.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be resold to third parties.

Anonymous data (without personal data) is collected automatically:

• Anonymous data (without personal data) will be transferred outside the European Union.
• Anonymous data (without personal data) will not be used for automated decision - making (profiling).
• Anonymous data (without personal data) will not be resold to third parties.

§11 legal basis for personal data processing

The service collects and processes user data based on:

• Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of Natural Persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation)
  • article 6 (1). a
    the data subject has consented to the processing of their personal data for one or more of the specified purposes
  • article 6 (1). b
    processing is necessary for the performance of a contract to which the data subject is a party, or for taking measures at the request of the data subject prior to the conclusion of the contract
  • article 6 (1). f
    processing is necessary for purposes that arise from legitimate interests pursued by the administrator or a third party
• Law of May 10, 2018 About Personal Data Protection (DZ. U. 2018 poz. 1000)
• Law of July 16, 2004 Law on Telecommunications (No. 171 item 1800 of 2004)
• Law of February 4, 1994 on Copyright and Related Rights (No. 24 item 83 of 1994)

§12 period of personal data processing

Personal data provided by users voluntarily:

An exception is a situation that requires the administrator to ensure the legitimate purposes of further data processing. In such a situation, the administrator will store the specified data from the moment of the user's request to delete it for no more than 3 years in case of violation by the User or suspicion of violation of the service rules.

Anonymous data (without personal data) is collected automatically:

Anonymous statistics that do not contain personal data are stored by the administrator for maintaining site statistics for an indefinite period of time

§13 user rights related to the processing of personal data

The service collects and processes user data based on:

• Right of access to personal data
  Users have the right to access their personal data, executed upon request submitted to the administrator

• Right to rectification of personal data
  Users have the right to request the administrator to immediately correct personal data that is incorrect or / and supplement incomplete personal data that was completed upon request submitted to the administrator

• Right to delete personal data
  Users have the right to request from the administrator the immediate deletion of personal data performed upon request submitted to the administrator in the case of user accounts, data deletion consists in anonymizing data that allows identifying the user. The administrator reserves the right to suspend the execution of a request for data deletion in order to protect the administrator's legitimate interests (for example, when the User violated the rules or the data was obtained as a result of ongoing correspondence).
  In the case of the Newsletter Service, the user can delete their personal data independently by using the link provided in each email sent.

• Right to restrict the processing of personal data
  Users have the right to restrict the processing of personal data in cases specified in Article 18 of the GDPR, m.in. contesting the correctness of personal data implemented at the request submitted to the administrator

• Right to transfer personal data
  Users have the right to receive personal data about the user from the administrator in a structured, widely used machine-readable format, implemented upon request submitted to the administrator

• Right to object to the processing of personal data
  Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, upon request submitted to the administrator

• Right to file a complaint
  Users have the right to file a complaint with the supervisory authority responsible for personal data protection.

§14 contact with the Administrator

You can contact the administrator using one of the following methods:

• Mailing address - Gribovskaya Street 80/82 Loc. 700, 00-844 Warsaw

• Email address –  web.shop@mexel.eu

• Phone call – +48 888 888 917

• Contact Form - available at: / contact

§15 Service Requirements

• Restricting the recording and access to cookies on your device may cause some of the site's functions to malfunction.

• The administrator does not bear any responsibility for incorrectly functioning functions of the site, if the user in any way restricts the ability to save and read cookies.

§16 external links

The service-articles, posts, messages, or comments from users-may contain links to external sites that the site owner does not cooperate with. These links and pages or files under them may be dangerous for your device or pose a security risk to your data. The administrator is not responsible for content located outside the site.

§17 changes to the Privacy Policy

• The administrator reserves the right to make any changes to this Privacy Policy without having to inform users about the use and use of anonymous data or the use of cookies.

• The administrator reserves the right to make any changes to this Privacy Policy regarding the processing of personal data, which he will notify users who have User accounts or are registered in the newsletter service by email within 7 days from the moment of changing the records. Continued use of the Services means that you have read and accepted the changes made to the Privacy Policy. If the user does not agree with the changes made, they must delete their account from the site or unsubscribe from the mailing list.

• Any changes to the privacy policy will be published on this page of the site.

• Changes made will take effect from the moment they are published.