COOKIES

Section 1: General Provisions
This document functions as an adjunct to the Terms and Conditions. By engaging with our services, you bestow upon us your information. The purpose of this Privacy Policy is solely to facilitate your comprehension of the collection and utilization of information and data, as well as its intended purposes and our methods for utilization. This data holds great significance for us, hence, it is imperative that you peruse this document diligently, as it delineates the principles and techniques governing the processing and safeguarding of your personal data. Additionally, this document prescribes the regulations concerning the utilization of "Cookies." We hereby affirm our adherence to the principles of safeguarding personal data, in accordance with all pertinent legal provisions laid out in the Personal Data Protection Act and the Regulation of the European Parliament and of the Council (EU) 2016/679 dated April 27, 2016, pertaining to the protection of natural persons with regard to the processing of personal data and the free movement of such data, while also revoking Directive 95/46/EC.

Individuals whose personal data is being processed possess the right to contact us in order to acquire comprehensive details regarding the treatment of their personal information. We are committed to transparently communicating the data we gather, its utilization, intended purposes, recipients, protective measures during data transfer to other entities, and avenues for seeking clarification in cases of doubt. The provider implements various technical measures including physical safeguards for personal data, hardware security measures for IT and telecommunications infrastructure, protection measures integrated into software tools and databases, and organizational measures to ensure adequate protection of processed personal data. These measures aim to prevent unauthorized access, unauthorized acquisition, and misuse of personal data, and safeguard it against accidental or deliberate alteration, loss, damage, or destruction.

Under the provisions of the Regulations and this document, we maintain exclusive access to data. Access to personal data may also be delegated to other entities responsible for payment processing, which adhere to their own Terms and Conditions, as well as entities handling order fulfillment. Such access is only granted to the extent necessary to ensure service delivery.

Personal data is processed solely for purposes for which you have provided consent, either by clicking on the relevant fields in the form displayed on the Website or by other explicit means. The legal foundation for the processing of your personal data is your consent or the necessity to execute a service (e.g., product order) that you have requested from us, as stipulated in Article 6(1)(a) and (b) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, regarding the protection of individuals concerning the processing of personal data and the free movement of such data, which supersedes Directive 95/46/EC (General Data Protection Regulation - GDPR).

If the website does not mandate the customer's acceptance (via a checkbox) of a consent clause for personal data processing when, for instance, creating an account or placing an order, the privacy policy should encompass a provision such as: "Utilizing the service necessitates the processing of the customer's personal data in relation to: [e.g., name, phone number, email, home address, etc.]. majbele.com will process the data to the extent required to finalize and execute the contract. Transaction data, including personal information, may be shared with 'Polskie ePłatności' Sp. z.o.o., headquartered in Tajęcina (formerly 'Paylane' Sp. z o.o.), with an address at Tajęcina 113, 36-002 Jasionka, KRS: 0000227278, NIP 5862141089, and REGON 220010531, to facilitate payment processing for the order. Customers possess the right to access and rectify their data. Providing data is voluntary but essential for utilizing the service."

• 2 Privacy principlesWe take privacy seriously. We are characterized by respect for privacy and the fullest possible and guaranteed convenience in the use of our service.We value the trust that Users place in us by entrusting us with their personal information to complete an order. We always use personal data fairly and in such a way as not to disappoint that trust, only to the extent necessary to fulfill the order including its processing.You have the right to be clearly and fully informed about how we use your personal data and for what purposes it is needed. We always clearly inform you about the data we collect, how and to whom we provide it, and provide information about the entities to contact in case of doubts, questions, comments.If you have any doubts about our use of your personal data, we will immediately take measures to clarify and resolve such doubts, fully and comprehensively answer all questions in this regard.We will take all reasonable measures to protect your data from improper and uncontrolled use and secure it comprehensively.The administrator of your personal data is majbele.com, Kozierowskiego 4 room 109, 60-185 Skorzewo, mail: office@majbele.com. The legal basis for the processing of your personal data is Article 6(1)(b) RODO. Provision of data is not mandatory, but necessary to take appropriate actions preceding the conclusion of the contract and its execution. We will transfer your personal data to other recipients entrusted with the processing of personal data in our name and on our behalf. Your data will be transferred on the basis of Article 6(1)(f) of the RODO, where the legitimate interest is the due performance of contracts/orders. In addition, we will share your personal data with other business partners. We store the collected personal data in the European Economic Area ("EEA"), but it may also be transferred to a country outside the EEA and processed there. Any transfer of personal data is carried out in accordance with applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards for countries for which the European Commission has not established an adequate level of data protection.Your personal data related to the conclusion and performance of the contract for the execution of contracts will be processed for the period of their execution, and for no longer than provided by law, including the provisions of the Civil Code and the Accounting Act, i.e. no longer than for 10 years, counting from the end of the calendar year in which the last contract was executed.Your personal data processed for the purpose of concluding and executing future contracts will be processed until you object.You have the right to: access your personal data and receive a copy of the personal data being processed, rectify your inaccurate data; request deletion of your data (right to be forgotten) in the event of circumstances provided for in Article 17 RODO; request restriction of data processing in the cases indicated in Art. 18 RODO; to object to the processing of data in cases indicated in Article 21 RODO; to transfer data provided, processed by automated means.If you believe that your personal data is being processed unlawfully, you can file a complaint with the supervisory authority (Office for Personal Data Protection, 2 Stawki Street, Warsaw). If you need additional information related to the protection of personal data or wish to exercise your rights, please contact us by mail at the mailing address.We make every effort to protect against unauthorized access, unauthorized modification, disclosure and destruction of information in our possession. In particular:We control the methods of collecting, storing and processing information, including physical security measures to protect against unauthorized access to the system.We grant access to personal information only to those employees, contractors and representatives who need to have access to it. In addition, they are contractually obligated to maintain strict confidentiality, to allow us to inspect and check how they fulfill their assigned duties, and may face consequences if they fail to fulfill these obligations.We will comply with all applicable data protection laws and regulations, and will cooperate with data protection authorities and authorized law enforcement agencies. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, rules of social coexistence as well as established customs.The exact manner in which we protect personal data is contained in the data protection policy (ODO: security policy, data protection regulations, IT system management manual) For security reasons, due to the procedures described therein, it is only available for inspection by state control authorities. If you have any questions about how to handle your personal data, you are welcome to contact us using the page from which you were redirected to this Privacy Policy. You always have the right to notify us if: you no longer wish to receive information or communications from us in any form; you wish to receive a copy of your personal data in our possession; you wish to correct, update or delete your personal data in our records; you wish to report violations, misuse or processing of your personal data. In order to make it easier for us to respond or respond to the information provided, please provide your name and surname and further details.

Section 3: Extent and Purpose of Personal Data Collection

Our collection, processing, and storage of essential personal data serve specific purposes, namely:

1. Placing an order.
2. Contract conclusion.
3. Handling complaints and contract withdrawal.
4. Issuing VAT invoices or receipts.
5. Website traffic monitoring.
6. Gathering anonymous statistics to comprehend user interactions with our website.
7. Determining the number of anonymous website users.
8. Controlling the frequency and content display to users.
9. Assessing newsletter sign-ups and contact options.
10. Facilitating communication via email and later by phone.
11. Integrating with social networks.
12. Possible online payments.

The user data collected, processed, and stored comprises the following details:

• First and last name.
• Home address.
• Delivery address (if distinct from home address).
• Tax identification number (NIP).
• Email address (e-mail).
• Telephone number (mobile and landline).
• Information regarding the web browser used.
• Other personal data voluntarily provided to us.

Your provision of this data is entirely voluntary, but it is also imperative for the full provision of our services. The data collection, processing, and utilization by us serve the following purposes:

• Direct marketing.
• Archival purposes of advertising campaigns.
• Compliance with legal obligations through the collection of information about unauthorized activities.
• Inherent in the provision of services and ensuring your participation in activities linked to the Service.
• Verifying service quality, conducting market statistics, and profiling user behavior.
• Commercial and promotional purposes with the user's prior consent.

It is vital to note that each instance of data processing for marketing and commercial purposes is contingent on your voluntary consent, and your ability to use our services is not contingent on this consent. The extent to which we use your data for marketing and commercial purposes depends on your specific consent.

Your personal data may be transferred to servers located outside your country of residence or to affiliates and third parties in other countries, including those within the EEA, for the purpose of processing personal data in accordance with this Privacy Policy and applicable laws, customs, and data protection regulations.

We retain your personal data no longer than necessary to ensure the quality of service, considering the mode and purpose of acquisition, and adhere to the following timeframes:

• Compliance with legal obligations, tax, and accounting regulations.
• Marketing activities - for the duration of the contract, consent processing, or until your objection or consent withdrawal.
• Operational activities - until the statute of limitations under the RODO Regulation and relevant national laws to demonstrate the fairness of personal data processing.

It's important to acknowledge that in many countries where personal data may be transferred, the same level of legal protection as in your home country may not apply. Your personal data stored abroad could potentially be accessed by courts, law enforcement, and national security authorities in accordance with that country's laws. To comply with lawful disclosure requests, we ensure that those processing personal data outside your country take adequate measures to protect the data in line with their national laws.

Section 4: "Cookies" Policy

We automatically collect information via cookies to gather user data. Cookies are small text fragments sent to the user's browser and returned when the user revisits the website. They primarily aid in session maintenance, such as generating and sending a temporary ID upon logging in. We employ both "session" cookies, retained on the user's device until logout, website shutdown, or browser closure, and "permanent" cookies, stored as defined in cookie parameters or until the user deletes them.

Cookies serve several functions, including:

1. Optimizing website usage.
2. Identifying logged-in Service Recipients.
3. Customizing website graphics, selection options, and content based on individual user preferences.
4. Remembering data entered automatically and manually in Order Forms or login details.
5. Collecting and analyzing anonymous statistics on website usage through administration panels and Google Analytics.
6. Creating remarketing lists using user preferences, behavior, and interests, and gathering demographic data, making these lists accessible in AdWords and Facebook Ads.
7. Constructing data segments based on demographic information, interests, and product/service preferences.
8. Utilizing demographic and interest data in Analytics reports.

Users can block and delete cookies at their discretion through their web browser settings. However, blocking cookie collection may limit or hinder certain website functionalities, and users should be aware of these limitations in such cases. Users who do not wish to use cookies for the described purposes can manually delete them at any time. Detailed instructions are available on the website of the current web browser manufacturer.

For reference, here are examples of web browsers that support cookie settings:

• Internet Explorer cookie settings
• Chrome cookie settings
• Firefox cookie settings
• Opera cookie settings
• Safari cookie settings
• Android cookie settings
• Blackberry cookie settings
• iOS (Safari)
• Windows Phone cookie settings

Section 5: Rights and Obligations

We hold the right, and in cases stipulated by law, an obligation to disclose specific or all personal data to public authorities or third parties upon request, in accordance with relevant Polish laws. Users possess the right to access, correct, complete, delete, or halt the processing of their personal data without the need for a specific reason. To exercise these rights, users may send a request at any time through the provided email address or any other suitable means.

The processing of personal data for our customers is based on various legal grounds, including legitimate interest, consent, contract performance, and legal obligations. Processing personal data of potential customers relies on consent.

A user's request to delete personal data or cease its processing may result in an inability to provide services or significant limitations in service provision.

We commit to complying with applicable laws and societal norms.

For information about out-of-court consumer dispute resolution, the Financial Ombudsman is the authorized entity, accessible at www.rf.gov.pl.

Section 6: Fundamental Security Principles

Every user is responsible for their own data security and the security of their devices used to access the internet. Secure practices include having an up-to-date antivirus program with regularly updated virus definitions, a secure web browser, and an active firewall.

User access data for online services, such as logins, passwords, and PINs, should be stored securely and not disclosed to others. Avoid saving them on devices in a form that allows unauthorized access.

Exercise caution when opening unexpected email attachments or clicking on links, especially from unknown senders or within spam folders. Utilize anti-phishing filters in your browser to verify website authenticity.

Download files only from trusted sources, services, and websites. Avoid installing software from unverified sources or publishers with unproven reputations, especially on mobile devices.

When using a home Wi-Fi network, create a strong and complex password to prevent unauthorized access. Use the highest possible Wi-Fi encryption standards available on your equipment, such as WPA2.

Our websites may feature plug-ins, commonly referred to as social media plug-ins, affiliated with social networks such as Facebook and Twitter, among others. These services are provided by Facebook Inc. and Twitter Inc., respectively.

Facebook, managed by Facebook Inc. at 1601 S. California Ave, Palo Alto, CA 94304, USA, provides Facebook plug-ins. You can explore Facebook plug-ins at: https://developers.facebook.com/docs/plugins.

Twitter, overseen by Twitter Inc. at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, offers Twitter plug-ins. You can discover Twitter plug-ins at: https://dev.twitter.com/web/tweet-button.

These plug-ins solely furnish their respective providers with information about your access to our websites and the time of your visit. If you are logged into your account on platforms like Facebook or Twitter while visiting or staying on our website, the provider has the capability to link your interests, information preferences, and other data. This linkage can occur, for instance, through interactions such as clicking the "Like" button, leaving comments, or conducting searches with your profile name. Such information is transmitted directly to the provider via your browser.

For more in-depth information about data collection and usage by Facebook or Twitter, and to learn about their privacy policies, please refer to the following links:

• Facebook's data protection/privacy guidelines: http://www.facebook.com/policy.php
• Twitter's data protection/privacy guidelines: https://twitter.com/privacy

To prevent your visit from being recorded in your designated user account on Facebook or Twitter when browsing our websites, it is essential to log out of your account beforehand.