Menu

PRIVACY POLICY OF THE WEBSITE

www.mahton.eu

§ 1
GENERAL PROVISIONS


The administrator of personal data collected via the website www.mahton.eu is MAHTON SCHRONY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered into the Register of Entrepreneurs by the District Court in Bydgoszcz, XIII Commercial Division of the National Court Register under KRS number 0000999829, with its registered office and correspondence address at: ul. Michała Kleofasa Ogińskiego 2, 85-092 Bydgoszcz, NIP (Tax ID): 9671460271, REGON: 523520996, e-mail address: kontakt@mahton.eu, hereinafter referred to as the “Administrator” and at the same time the “Service Provider”.

The personal data collected by the Administrator via the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.

 

§ 2
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

PURPOSE OF PROCESSING AND LEGAL BASIS.
The Administrator processes the personal data of Users of the website www.mahton.eu in the following cases:

  • when using the Contact Form, for the purpose of sending a message to the Administrator, on the basis of Article 6(1)(f) GDPR (legitimate interest of the Administrator).

TYPE OF PERSONAL DATA PROCESSED.
The User provides the following data in the case of:

  • Contact Form: first name and last name, company name, profession, telephone number, e-mail address.

PERIOD OF PERSONAL DATA STORAGE.
The personal data of Users is stored by the Administrator:

  • if the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period of claims. Unless otherwise provided by specific provisions, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years,

  • if the basis for data processing is consent, for as long as the consent is not withdrawn, and after withdrawal of consent, for a period corresponding to the limitation period of claims that the Administrator may raise and that may be raised against him. Unless otherwise provided by specific provisions, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years.

When using the website, additional information may be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

Upon separate consent, based on Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing purposes – respectively pursuant to Article 398(1) and (2) of the Act of 12 July 2024 – Electronic Communications Law, including profiling-based communication, provided that the User has given the relevant consent.

As part of the User’s activity on the website, profiling may occur, which aims to select appropriate advertising content targeted to the User.

Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements. Profiling does not have legal effects on the User or otherwise significantly affect their situation. Its purpose is solely to better tailor marketing content and offers.

Navigation data may also be collected from Users, including information about links and references they choose to click on or other actions taken on the website. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), consisting of facilitating the use of services provided electronically and improving their functionality.

Providing personal data by the User is voluntary.

The Administrator exercises particular care to protect the interests of the data subjects, and in particular ensures that the data collected:

  • is processed lawfully,

  • is collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,

  • is factually correct and adequate in relation to the purposes for which it is processed and stored in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of processing.

 

§ 3
DISCLOSURE OF PERSONAL DATA


The personal data of Users is transferred to service providers used by the Administrator to operate the website, in particular to:

  • the hosting provider,

  • the software provider enabling the business operation,

  • entities providing mailing systems,

  • software providers necessary to run the website.

Service providers referred to in point 1 of this paragraph, to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the Administrator’s instructions regarding the purposes and means of processing such data (data processors) or independently determine the purposes and means of their processing (data controllers).

The personal data of Users is stored exclusively within the European Economic Area (EEA), subject to § 5 point 5 of this Privacy Policy.

Personal data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the Administrator’s use of analytical and marketing service providers (e.g. Google LLC, Meta Platforms Inc.).

The transfer of data is based on Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with Article 46(2)(c) GDPR.

 

§ 4
RIGHT OF CONTROL, ACCESS TO PERSONAL DATA, AND RECTIFICATION


The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal basis of the User’s request:

  • Access to data – Article 15 GDPR

  • Rectification of data – Article 16 GDPR

  • Erasure of data (“right to be forgotten”) – Article 17 GDPR

  • Restriction of processing – Article 18 GDPR

  • Data portability – Article 20 GDPR

  • Objection – Article 21 GDPR

  • Withdrawal of consent – Article 7(3) GDPR

To exercise the rights referred to in point 2, a relevant e-mail message may be sent to: kontakt@mahton.eu.

If the User exercises the rights referred to above, the Administrator fulfils the request or refuses to fulfil it immediately, but no later than within one month of its receipt. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to fulfil the request within one month, it will fulfil it within the next two months, informing the User within one month of receiving the request about the intended extension of the deadline and the reasons for it.

In the event of a finding that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

 

§ 5
COOKIES” FILES


The Administrator’s website uses “cookies”.

The installation of “cookies” is necessary for the proper provision of services on the website. “Cookies” contain information necessary for the proper functioning of the website, and they also make it possible to compile general statistics on website visits.

Two types of “cookies” are used on the website: “session” and “persistent” cookies.

  • “Session cookies” are temporary files stored on the User’s end device until they log out (leave the website).

  • “Persistent cookies” are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

The Administrator uses its own cookies to better understand how Users interact with the website content. These cookies collect information about how the User uses the website, the type of site from which the User was redirected, the number of visits, and the duration of the User’s visit on the website. This information does not record specific personal data of the User but is used to compile usage statistics.

The Administrator also uses external cookies to collect general and anonymous statistical data via analytical tools, such as Google Analytics (external cookies administrator: Google LLC, based in the USA).

Cookies may also be used by advertising networks, in particular the Google network, to display advertisements tailored to how the User uses the website. For this purpose, they may store information about the User’s navigation path or time spent on a particular page.

The User has the right to decide on the access of “cookies” to their computer by:

  • selecting the types of cookies they consent to collect upon entering the website and the appearance of the cookie consent message,

  • changing their browser settings. Detailed information on the possibilities and methods of handling cookies is also available in the settings of the browser software.

 

§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY ON THE WEBSITE


The Administrator uses remarketing tools on its website, such as Google Ads, which involves the use of Google LLC cookies related to the Google Ads service. Within the cookie management mechanism, the User can decide whether the Service Provider may use Google Ads (external cookies administrator: Google LLC, based in the USA) in relation to them.

 

§ 7
FINAL PROVISIONS


The Administrator applies technical and organisational measures to ensure the protection of processed personal data appropriate to the risks and the category of data protected, in particular securing the data against unauthorised access, retrieval by an unauthorised person, processing in violation of applicable regulations, and alteration, loss, damage, or destruction.

The Administrator provides appropriate technical measures to prevent unauthorised persons from acquiring and modifying personal data transmitted electronically.

In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply.

The Administrator updates this Privacy Policy in connection with legal changes or the development of its activities. Information about modifications to the Privacy Policy will be posted at least 7 days before it enters into force on the website or sent by e-mail to the User who uses continuous Electronic Services (Newsletter).