Pursuant to Organic Law 3/2018 of December 5 on Protection of Personal Data and guarantee of digital rights and Article 13 of the Regulation (EU) 2016/679 containing provisions for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (hereinafter the “GDPR”), we hereby provide you with information regarding the processing of your personal data provided by you and/or collected via the websites www.mbe.es and www.mbe-franchising.es (together the “Websites”).
Personal Data collected via the Websites will be processed by MBE Spain 2000, sl, with registered office in Barcelona, Gran Vía de les Corts Catalanes, 129-131, 08014, exclusive licensee for Spain of the brand “Mail Boxes Etc”, in its quality of data controller (hereinafter the “Controller” or “MBE”).
The following Personal Data provided by you (hereinafter the “Personal Data”) may be processed via the Websites:
Moreover, the following Personal Data provided by you may be processed if you decide to interact with the Websites:
www.mbe.es |
www.mbe-franchising.es |
Name, surname, email address, telephone number and company, if you send messages to a specific MBE center through our forms. Only the email address if you wish to receive the MBE newsletter. |
Name and email if you use the chat box. |
If you create an account and use our services, name, surname, email, address, company, telephone number, VAT number, your login account details and all the information related to the service you intend to purchase (e.g. size of the package, price, information on the relevant addressee). |
Name, surname, email, telephone number, city, CV, if you ask to be contacted in order to obtain information on how to commence your business with MBE. |
Your physical position, if you ask the website for the MBE centers closer to your position. |
Name, surname, email, telephone number, address and CV if you ask to register to our seminars, workshops, webinars and events. |
The Controller will process your Personal Data for the following purposes:
www.mbe.es |
www.mbe-franchising.es |
|
|
www.mbe.es |
www.mbe-franchising.es |
|
|
The Personal Data collected may also be processed in the context of any corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities.
The processing of your Personal Data for the purposes referred to in Section 3, a. is carried out in order to comply with your request and on the basis of a legitimate interest of the Controller, which business is inevitably linked to the quality of the services offered by its Websites, to the users’ interaction experience and to the satisfaction of their expectations. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to send your contact request to the Controller and/or the selected MBE center.
The processing of Personal Data for the purposes referred to in Section 3, b., is necessary in order to perform the pre-contractual and contractual measures adopted upon your request when you ask for the services offered by the Websites. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to use and enjoy the services above.
The processing of your Personal Data for the purposes referred to in Section 3, c. and d., is optional and is based on your freely given consent. Any refusal to provide the Personal Data for the purposes set out above will have the sole consequence of making it impossible for the Controller, the MBE Group and/or the selected MBE center to send you advertising and promotional messages, to conduct studies and surveys of the market, and elaborating related statistics.
In case of processing in the event of any potential corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities, such processing will be carried out on the basis of legitimate interests of the Controller in the continuation of its commercial activities and for the protection of its rights.
The processing will be carried out with the assistance of both automated instruments and on paper suitable for guaranteeing the security and confidentiality of Personal Data, this to collect, consult, store, manage, extract and transmit the Personal Data.
The Personal Data will be disclosed to the persons authorized for the processing within the Controller's staff.
The Personal Data may be disclosed by the Controller solely and exclusively for the purposes indicated and where necessary, to the following categories of subjects:
Personal Data will not be publicly disclosed.
Entities belonging to the categories listed above, may act, as the case may be, as data processors (and in this case they will receive appropriate instructions from the Controller) or as autonomous data controllers. In the latter case, the Personal Data will be communicated only with the express consent of the data subjects, except where the communication is mandatory or necessary pursuant to the applicable law or for the pursue of purposes for which the consent from the data subject is not required.
The Controller also have the right to transfer your Personal Data to third countries. Transfers of Data outside the European Economic Area are subject to a special regime pursuant to the GDPR, and are only made in respect of countries that ensure an adequate level of personal data protection, on the basis of an adequacy decision of the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have enforceable rights and effective judicial remedies.
The Controller may use "cookies" within the Websites (i.e. text files sent and stored on users hard disk to be then retransmitted during the next visit of the same Websites), or other similar tools in order to facilitate the use of services requested by the user himself, as well as the user’s collection of information, the navigation of the Websites and the choices and preferences expressed on products/services. The user may revoke at any time the authorization granted and oppose to the use of cookies by selecting the appropriate settings on its Internet browser. For more information on how to disable cookies read our Cookies Policy
Personal Data will be stored, in compliance with the applicable law, for a term not exceeding what is necessary to pursue the purposes for which they are processed, save for the right to withdraw the consent at any time where it constitutes the legal basis for the processing.
The criteria for determining the storage period of the Personal Data takes into account the allowed processing period and the applicable laws on the statute of limitation of rights and legitimate interests of the data subject where they are the applicable legal basis for processing.
Subsequently the Personal Data will be deleted, aggregated or anonymized.
At any time, you will be entitled to:
You also have the right to withdraw your consent to the processing of your Personal Data (where given) at any time, without prejudice to the lawfulness of the processing based on your consent before its withdrawal. You will have the possibility to opt-out from marketing via email by clicking on the relevant “unsubscribe” link.
According with the GDPR, the Controller may not charge for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded or excessive and repetitive. Should you request more than one copy of your Personal Data or in cases of excessive or unfounded requests, the Controller may: (i) charge a reasonable expense, considering the administrative costs incurred to fulfil the request; or (ii) refuse to fulfil the request. In these cases the Controller will inform you of the costs before fulfilling the request.
The Controller may ask for further information before fulfilling the requests if it needs to verify the identity of the person who has made them.
Without prejudice to any administrative or legal remedy, you also have the right to lodge a complaint to the relevant supervisory Authority (for Spain: the “Agencia para la protección de datos”), if you believe that processing of your data is in breach of the GDPR. More information is available on the website : https://www.agpd.es
In any case, the Controller is interested in knowing the reasons for the complaint and requests that you use the above contact methods before turning to the authorities, in order to prevent and resolve any disputes, amicably and promptly, with the greatest courtesy, professionalism and discretion.
For more information about the provisions contained in Articles from 15 to 22 of the GDPR, click on the following link: http://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32016R0679&from=es
With respect to the exercise of your rights in relation to the purposes as per Section 3 above and/or to obtain any type of information you may need in relation to the Controller pursuant to this privacy notice, you can send a written communication to MBE Spain 2000, sl (Fiscal Code and VAT number B62086467), with registered office in Barcelona, Gran Vía de les Corts Catalanes, 129-131, or a fax by dialling 34933624731or an email to privacy@mbe.es.
This privacy notice will be valid as of the date indicated below. It is advisable to regularly monitor this privacy notice by visiting the Websites in order to keep up to date with any future changes.
STUDIES, RESEARCH AND MARKET STATISTICS THROUGH CALL CENTerS ON MBE FRANCHISING NETWORK SERVICES
Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016, containing provisions for the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, "GDPR"), we hereby provide the informative notice regarding the processing of personal data of subjects acting within the organization of company (hereinafter, "Customer") which has used one (or more) of the services offered by the MBE franchising network and who are contacted by telephone for the purpose of conducting studies, research and market statistics on the services offered by the MBE franchising network through the service centers owned by individual third party entrepreneurs operating under the brand MAIL BOXES ETC. (hereinafter, "MBE Franchisees") under a franchise agreement and that offer mainly shipping, communication, graphics and printing services (hereinafter, "MBE Centers").
This informative notice supplements the brief informative notice provided by the call centers operator to the Customer at the beginning of the call.
1. Data Controller
The personal data will be processed by MBE Spain 2000, SL, with registered office in Barcelona, Gran Via de les Corts Catalanes 129-131, in its quality of data controller (hereinafter the “Controller” or “MBE”).
2. Categories of personal data processed
The following personal data provided by the Customer and/or otherwise collected by the Controller may be processed:
3. Purposes, legal basis of the processing and consequences of the failure to provide personal data
The personal data of the Customer may be processed for the activities indicated below.
3.1. Contacting the Customer by telephone and conducting the interview
Personal data of the Customer will be processed for the purpose of contacting the Customer at the above telephone number and conducting an interview to enable MBE to carry out the relevant study, research or market statistics on the services offered by the MBE's franchising network.
Depending on the case, the Customer's personal data may also be processed to schedule a subsequent appointment with the telephone operator to postpone the interview or to schedule further interviews.
The processing of data for this purpose is carried out on the basis of the consent already given by the Customer to the processing of personal data for general marketing purposes (i.e. to send the Customer, by any means of communication (fax, e-mail, sms, mms, paper mail, telephone calls with operator or other channels), advertising and information material of a promotional nature or, in any case, of commercial solicitation with regard to services, products or discounts of MBE, as well as to prepare studies, research and market statistic (hereinafter, "Commercial Communications").
The Customer may revoke the consent to the processing of its personal data for such purposes at any time, either during the telephone call or by sending a written notice to that effect to the contact details specified in paragraph 9 "Contacts for the exercise of rights of the data subject and for further information" below. In the event of a request not to receive further telephone calls on behalf of MBE, the telephone number of the Customer will be included in the black-list of the Controller, i.e. the list of subjects that cannot be contacted by MBE for commercial purposes. Inclusion in the black-list corresponds to the best protection of the Customer's interests and the related processing is carried out on the basis of the legitimate interest of the Controller to guarantee respect for the Customer's intention not to receive future telephone calls for commercial purposes. In such cases, the only consequence for the Customer will be the impossibility to receive Commercial Communications by telephone.
Furthermore, the Customer may register at any time and at no cost in the Lista Robinson . For further information on how to register, see the link: : https://www.listarobinson.es/
3.2. Other processing activities
In case of processing in the event of any potential corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities, such processing will be carried out on the basis of legitimate interests of the Controller in the continuation of its commercial activities and for the protection of its rights.
4. Modalities of processing of personal data
The processing will be carried out with the assistance of both automated instruments and on paper suitable for guaranteeing the security and confidentiality of personal data, this to collect, consult, store, manage, extract and transmit the personal data.
5. Recipients of personal data
Personal data - which will not be publicly disclosed - may be communicated:
Subjects belonging to the categories listed above, may act, as the case may be, as data processors (and in this case they will receive appropriate instructions from the Controller) or as autonomous data controllers. In the latter case, the personal data will be communicated only with the express consent of the data subjects, except where the communication is mandatory or necessary pursuant to the applicable law or for the pursue of purposes for which the consent from the data subject is not required.
6. Transfer of personal data extra EU
Customer's personal data will not be transferred outside the European Economic Area. In any case, the Controller reserves the right to transfer the personal data to third countries. Transfers of data outside the European Economic Area are subject to a special regime pursuant to the GDPR and are only made in respect of countries that ensure an adequate level of personal data protection, on the basis of an adequacy decision of the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have enforceable rights and effective judicial remedies.
7. Retention of Personal Data
Personal Data will be stored, in compliance with the applicable law, for a term not exceeding what is necessary to pursue the purposes for which they are processed, save for the right of the Customer to withdraw its consent at any time where it constitutes the legal basis for the processing.
The criteria for determining the storage period of the personal data takes into account the allowed processing period and the applicable laws on the statute of limitation of rights and legitimate interests of the data subject where they are the applicable legal basis for processing.
Thereafter, personal data will be deleted, aggregated or anonymized.
8. Exercise of rights by the data subject
At any time, the Customer (only in the case of a natural person and not a legal entity) will be entitled to:
According with the GDPR, the Controller may not charge for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded or excessive and repetitive. Should the Customer request more than one copy of its personal data or in cases of excessive or unfounded requests, the Controller may: (i) charge a reasonable expense, considering the administrative costs incurred to fulfil the request; or (ii) refuse to fulfil the request. In these cases the Controller will inform the Customer of the costs before fulfilling the request.
The Controller may ask for further information before fulfilling the requests if it needs to verify the identity of the person who has made them.
Without prejudice to any administrative or legal remedy, the Customer also have the right to lodge a complaint to the relevant supervisory Authority (for the contacts of the supervisory Authority of your jurisdiction, please visit this website https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm), if Customer believes that processing of the data is in breach of the GDPR.
In any case, the Controller is interested in knowing the reasons for the complaint and invites the Client to use the above contact methods before turning to the authorities, in order to prevent and resolve any disputes, amicably and promptly, with the greatest courtesy, professionalism and discretion.
For more information about the provisions contained in Articles from 15 to 22 of the GDPR, click on the following link:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=en
9. Contacts for the exercise of the rights of the data subject and for further information
In order to exercise your rights and/or to obtain any type of information you may need in relation to this privacy policy, you may send a written communication to MBE Spain 2000,SL (NIF B62086467), with headquarters in Barcelona, Gran Via de les Corts Catalanes, 129-131 or a fax to 933624731 or an email to privacy@mbe.es.