Privacy Policy

1. Data Controller

The data controller of this online store is MB Emsora. The company is responsible for lawful, fair and transparent processing of personal data and ensures appropriate technical and organizational security measures. The controller seeks to ensure that all processed data are accurate, up to date, and not kept longer than required by applicable law or the stated purposes.

We ensure that all personal data are processed under the accountability principle—each decision to collect or use data is based on necessity and proportionality. Detailed contact information is provided at the end of this policy so that you can contact us on any privacy matters.

2. Categories of Data Processed

Only those personal data that are necessary for concluding and performing sales contracts, providing customer service, fulfilling legal obligations and safeguarding legitimate interests are processed. Typically, these may include:

• customer identification and contact details (name, surname, email, phone number);
• delivery information (address, recipient details);
• order and payment data (products, prices, purchase history);
• records of communications with customer support and the content of requests;
• technical server log entries necessary for the operation and security of the website.

The scope of these data is limited to the minimum necessary, ensuring they are collected and processed only to the extent required to achieve the specified purposes.

3. Purposes and Legal Bases

Personal data are processed to accept and fulfill orders, arrange delivery of goods, administer returns and warranty cases, ensure compliance with accounting and tax obligations, address consumer rights matters, provide customer support services, and ensure IT system security. Processing is based on Article 6(1)(b) GDPR (performance of a contract), Article 6(1)(c) (legal obligation), and Article 6(1)(f) (legitimate interest).

These purposes include not only administration of the sales process but also continuous assurance of service quality. When processing data, the company strives to create a reliable and secure environment in which customers can confidently use e-commerce services knowing that their personal data are protected against unlawful use.

No marketing cookies or analytics tools are currently used in the online store. If such tools are introduced in the future, clear information will be provided about their purpose and, where required, separate consent will be obtained in accordance with applicable law.

4. Disclosure to Third Parties

Data are disclosed to third parties only to the extent necessary to provide the relevant services or to comply with legal requirements. The Paysera payment system is used for payment processing. Delivery service providers are provided with the information necessary for delivery. Data are provided to accounting service providers to fulfill legal obligations. IT and hosting services are provided by DigitalOcean, which ensures the infrastructure required for service provision. Data are disclosed to public authorities only in accordance with the law.

5. Data Retention Periods

Personal data are retained only for as long as necessary to achieve the specified purposes or as required by applicable law. Order and accounting documents are generally kept for up to 10 years. Customer support inquiries are kept for up to 3 years, while technical server logs are kept for shorter periods in line with IT security practice.

6. Data Security

The controller implements appropriate technical and organizational measures to protect personal data against unlawful or accidental destruction, loss, alteration, disclosure or unauthorized access. Data are processed according to the data minimization principle, and access is granted only to those employees or service providers who need it to perform their functions.

7. Data Subject Rights

You have the right to access your personal data being processed, to request rectification, erasure or restriction of processing, to object to processing when it is based on legitimate interests, and the right to data portability. Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Requests to exercise rights are handled in accordance with legal requirements.

8. Transfers Outside the EEA

Personal data are generally processed within the European Economic Area. If, for technical or organizational reasons, data need to be transferred outside the EEA, such transfers will be carried out in compliance with GDPR requirements and with appropriate safeguards in place.

9. Changes to this Policy

MB Emsora reserves the right to review and update this privacy policy. The new version applies from the date it is published on the website, unless stated otherwise.