I. Terms and conditions of liability of sites as the entity managing and operating the sites.
- The administrator of the shop website is Menlo Electric S.A. ("Administrator"), at the address in Warsaw
at Wołoska 5, 02-675 Warsaw , NIP 5272829241, Regon 368839890.
- The Administrator is the author of the content and graphic works contained on the website.
- The website and all its components are protected by the applicable laws, particularly the Act on Copyright and Related Rights of 04.02.1994.
- The authors of uploaded graphic works and content do not agree to their publication or modification in any way (publications, papers, presentations, websites and in any other way covered by the copyright law) without their written consent.
- The user has the right to use all the content published on the shop's website, provided that the copyright is not infringed. No part of the site may be used for commercial purposes without the prior consent of the site owner.
- Neither the site owner nor the authors shall be liable for any moral or financial loss suffered due to the use of the content on this site.
- The shop website uses "cookies" to identify your browser when you use the site. Cookies do not collect any personal information. The data collected, such as the user's browser type, time spent on the site, etc., is used to analyse statistics for individual sites.
II. Protection of Personal Data
The processing of personal data in connection with the implementation of the Agreement is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred as “GDPR”). as well as under other legislation governing the protection of personal data.
- Personal data collected employing all kinds of forms on store websites, including information such as name and surname, contact telephone, e-mail address, are used only to identify the client, establish business contact with them, provide the client with materials prepared by the Administrator, provide a valuation of services provided by the Administrator, conduct business negotiations with the client and possibly sign and perform a contract.
- Personal data collected through all kinds of forms on the Administrator's websites are processed based on the person's consent (Article 6(1)(a) of the GDPR), as well as based on Article 6(1)(b) of the GDPR, i.e. their processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
The Administrator's Clients may withdraw consent for the processing of personal data at any time. The withdrawal of consent to data processing shall not affect the lawfulness of data processing carried out by the Administrator based on consent before its withdrawal.
- The consent may be withdrawn by sending an appropriate statement via an e-mail: IOD@menloelectric.com.
- The categories of recipients to whom the personal data of the Administrator's customers may be disclosed are employees, associates of the Administrator, accounting office, law firms, national debt registers.
- The Administrator processes the Clients' personal data using computer systems and software, ensuring the safety of processing such personal data at the highest level (such as, among others, encryption and anonymisation of transmitted information, periodic changes of system access passwords). The Administrator processes personal data of its Clients outside the IT system using technical and organisational measures to ensure the highest level of security of personal data processing.
- The data subject has the right to access and rectify the content of his/her data, to erase it (right to be forgotten), to restrict its processing, the right to data portability, the right to withdraw consent to its processing at any time without affecting the lawfulness of the processing carried out based on consent before its withdrawal.
- The data subject shall have the right to object to the processing of their data by the Controller. Objections should be sent to the following address: IOD@menloelectric.com.
- If the data subject considers that the processing of his/her personal data by the Controller violates the provisions of the GDPR, he/she has the right to lodge a complaint with the Inspector General for Personal Data Protection.
III. Obligation for the Controller to communicate transparently with the data subject (Article 12 GDPR)
- The Controller shall, in a concise, transparent, intelligible and easily accessible form, in clear and plain language - in particular when the information is addressed to a child - provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR and shall conduct all communications with him/her pursuant to Articles 15 to 22 and 34 of the GDPR. Information shall be given in writing or by other means, including, where appropriate, by electronic means. If the data subject so requests, the information may be given orally, provided that the identity of the data subject is confirmed by other means.
- If the Controller has reasonable doubt as to the identity of the natural person making the request referred to in Articles 15 to 21 of the GDPR, the Controller may request additional information necessary to confirm the identity of the data subject.
IV. Obligations of the Personal Data Controller when processing personal data
- Consideration of data protection in the design phase and default data protection. To comply with this obligation, the Controller has implemented appropriate technical and organisational measures, such as pseudonymisation, designed to implement data protection principles, such as data minimisation effectively, and to give the processing the necessary safeguards to protect the rights of data subjects as far as possible.
- Entrusting data for processing based on a written contract. The Controller shall only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures to protect the rights of data subjects.
- Recording of processing activities. The controller shall be obliged to keep the Register of personal data processing activities. The Controller shall make the register available on request to the supervisory authority.
- Security of processing. The Controller implemented and applies the following technical and organisational measures to minimise the risk of a personal data breach:
1. pseudonymisation and encryption of personal data;
2. the ability to continuously ensure the confidentiality, integrity, availability and resilience of the processing systems and services;
3. the ability to quickly restore availability and access to personal data in the event of a physical or technical incident;
4. regularly testing, measuring and evaluating the effectiveness of the technical and organisational measures to ensure the security of processing.
In assessing the adequacy of the level of security, the Controller shall, in particular, take into account the risks represented by the processing and, in particular by the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
- Reporting a personal data breach to the supervisory authority. In the event of a personal data breach, the Controller shall - without undue delay after having established the breach - notify it to the supervisory authority, unless the breach is unlikely to result in a risk of prejudice to the rights or freedoms of natural persons. Where a personal data breach is likely to result in a high risk of harm to the rights or freedoms of individuals, the Controller shall, without undue delay, notify the data subject of such breach.
- Conducting a data protection impact assessment. Where a given type of processing - in particular using new technologies - by its nature, scope, context and purposes is likely to result in a high risk of harming the rights or freedoms of natural persons, the Controller shall, before the start of the processing, carry out an assessment of the effects of the intended processing operations on the protection of personal data.
- Carrying out prior consultation. Where a data protection impact assessment indicates that the processing would result in high risk if the Controller did not take measures to minimise that risk, the Controller shall consult the supervisory authority on the possibilities and means of the processing prior to the processing.
V. Processing of data on minors
In principle, all Administrator activities are addressed to adults who can make decisions or influence their decision-making. If legal guardians of a minor become aware of the fact that the minor has filled in a form available on the websites belonging to the Administrator, they should contact the Administrator to have the data deleted from the database or to withdraw their consent by sending an appropriate e-mail to the address: IOD@menloelectric.com.
VI. Rights of users of the Administrator's web store
The data subject:
- is entitled to obtain confirmation from the Controller as to whether or not personal data relating to him or her are being processed and, if this is the case, is entitled to access and a range of information (Article 15 of the GDPR),
- has the right to request the Controller to rectify immediately personal data concerning him/her that is inaccurate (Article 16 GDPR),
- has the right to request from the Controller the immediate erasure of personal data concerning him/her in the specified circumstances (Article 17 GDPR),
- has the right to request the Controller to restrict data processing in the cases specified (Article 18 GDPR),
- has the right to receive, in a structured, commonly used, and machine-readable format, personal data concerning him or her which the Controller has provided,
- has the right, in the cases mentioned, to transfer this personal data to another controller without hindrance from the controller to whom the data was supplied (Article 20 GDPR),
- has the right to object to the processing of personal data concerning him/her (Article 21 GDPR),
- has the right not to be subject to a decision which is based solely on automated processing of his/her personal data, including profiling (Article 22 GDPR).