Privacy Policy

  1. This Privacy Policy defines the rules for processing personal data obtained through the online store saynotodrugs.eu (hereinafter referred to as the “Online Store“).
  2. The owner of the Online Store and the data controller is Money Makers MB with its registered office in Statybininku g. 6-22, Vilkaviskis, LT-70189, Lithuania, hereinafter referred to as MB Money Makers.
  3. Personal data collected by Money Makers MB through the Online Store is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, also known as the GDPR.
  4. MB Money Makers takes special care to respect the privacy of customers visiting the Online Store.

§ 1 Type of Processed Data, Purposes, and Legal Basis

  1. MB Money Makers collects information about natural persons performing a legal act not directly related to their business or professional activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units not being legal persons to which legal capacity is granted by law, hereinafter collectively referred to as Customers.
  2. Personal data of Customers are collected in the case of:
    1. registration of an account in the Online Store, for the purpose of creating an individual account and managing this account. Legal basis: necessity for the performance of a contract for the provision of an Account service (Art. 6(1)(b) GDPR);
    2. placing an order in the Online Store, for the purpose of executing a sales contract. Legal basis: necessity for the performance of a sales contract (Art. 6(1)(b) GDPR);
    3. subscription to the newsletter (Newsletter), for the purpose of performing a contract for the provision of an electronic service. Legal basis: consent of the data subject to the performance of a service contract for the Newsletter (Art. 6(1)(a) GDPR);
    4. using the contact form service in the Online Store, for the purpose of performing a contract for the provision of the contact form service. Legal basis: necessity for the performance of a contract for the provision of the contact form service (Art. 6(1)(b) GDPR);
    5. using the review submission service, for the purpose of performing a contract for the provision of the review submission service. Legal basis: necessity for the performance of a contract for the provision of the review submission service (Art. 6(1)(b) GDPR).
  3. In the case of registering an account in the Online Store, the Customer provides:
    1. email address;
    2. first name and last name;
    3. phone number.
  4. During the registration of an account in the Online Store, the Customer independently sets an individual password to access their account. The Customer can change the password at a later time, according to the rules described in §5.
  5. In the case of placing an order in the Online Store, the Customer provides the following data:
    1. email address;
    2. address details:
      1. postal code and city;
      2. country;
      3. street with house/apartment number;
      4. province.
    3. first name and last name;
    4. phone number.
  6. In the case of Entrepreneurs, the above scope of data is additionally expanded to include:
    1. Entrepreneur’s company;
    2. Tax Identification Number (NIP).
  7. In the case of subscribing to the newsletter, the Customer provides only their email address.
  8. In the case of using the contact form service, the Customer provides the following data:
    1. email address;
    2. first name and last name;
    3. phone number.
  9. In the case of using the review submission service, the Customer provides the following data:
    1. email address;
    2. first name and last name or nickname (alias).
  10. While using the Website of the Online Store, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  11. Navigational data may also be collected to ensure better service for Customers, analyze statistical data, adjust the Online Store to Customer preferences, and administer the Online Store. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in facilitating the use of electronically provided services and improving the functionality of these services.
  12. In order to establish, assert, and defend claims, certain personal data provided by the Customer as part of using the functionalities in the Online Store, such as first name, last name, data concerning the use of services, if the claims arise from the way the Customer uses the services, and other data necessary to prove the existence of the claim, including the extent of damage suffered, may be processed. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in establishing, asserting, and defending claims, as well as in defense against claims in proceedings before courts and other state authorities.
  13. Providing personal data to MB Money Makers is voluntary, in connection with concluded sales contracts or the provision of services through the Online Store’s Website. However, if certain data in the forms is not provided during the Registration process, it will not be possible to Register and create a Customer Account. In the case of placing an order without Registering a Customer Account, it will not be possible to place and fulfill the Customer’s order.

§ 2 To whom are the data disclosed or entrusted and for how long are they stored?

  1. Customer’s personal data is transferred to service providers used by MB Money Makers in running the Online Store. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow MB Money Makers instructions regarding the purposes and methods of processing this data (data processors) or independently determine the purposes and methods of its processing (controllers).
    1. Data processors. MB Money Makers uses providers who process personal data only on behalf of MB Money Makers. These include, among others, providers offering hosting services, accounting services, systems for marketing, systems for analyzing traffic in the Online Store, and systems for analyzing the effectiveness of marketing campaigns;
    2. Controllers. MB Money Makers uses providers who do not act exclusively on instructions and independently determine the purposes and methods of using the personal data of Customers. They provide electronic payment and banking services.
  2. Location. Service providers have their registered offices in Poland and other countries of the European Economic Area (EEA).
  3. Customer’s personal data is stored:
    1. In the case where the legal basis for processing personal data is consent, the Customer’s personal data is processed by MB Money Makers until the consent is withdrawn, and after the withdrawal of consent for a period of time corresponding to the statute of limitations for claims that MB Money Makers may raise and that may be raised against it. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activities, it is three years.
    2. In the case where the legal basis for processing data is the performance of a contract, the Customer’s personal data is processed by MB Money Makers for as long as it is necessary to perform the contract, and after that time for a period corresponding to the statute of limitations for claims. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activities, it is three years.
  4. In the case of making a purchase in the Online Store, personal data may be transferred, depending on the Customer’s choice, to the following entities for the purpose of delivering ordered goods:
    1. courier company;
    2. Lithuanian Post with its registered office in Vilnius, Lithuania.
  5. In the case where the Customer chooses payment via the STRIPE Payments system, their personal data is transferred to the extent necessary to process the payment to Stripe Payments UK, 7th Floor, The Bower Warehouse, 211 Old Street, London EC1V 9NR, United Kingdom.
  6. In the case where the Customer chooses payment via PayPal, their personal data is transferred to the extent necessary to process the payment to PayPal, 283, route d’Arlon, L-1150 Luxembourg.
  7. Navigational data may be used to provide Customers with better service, analyze statistical data, tailor the Online Store to Customer preferences, and administer the Online Store.
  8. In the case where the Customer subscribes to the newsletter (Newsletter) on their email address, MB Money Makers will send electronic messages containing commercial information about promotions and new products available in the Online Store.
  9. If a request is made, MB Money Makers may provide personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies Mechanism, IP Address

  1. The Online Store uses small files called cookies. They are saved by MB Money Makers on the end device of the person visiting the Online Store if the web browser allows it. A cookie usually contains the domain name from which it comes, its “expiry time,” and an individual, randomly selected number identifying this file. Information collected using these types of files helps customize the products offered by MB Money Makers to individual preferences and the actual needs of the persons visiting the Online Store. They also allow for the development of general statistics on the viewing of presented products in the Online Store.
  2. MB Money Makers uses two types of cookies:
    1. Session cookies: after the session of a given browser or turning off the computer, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer’s computers.
    2. Persistent cookies: they are stored in the end device’s memory of the Customer and remain there until they are deleted or expire. The persistent cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer’s computers.
  3. MB Money Makers uses its own cookies for:
    1. authenticating the Customer in the Online Store and providing the Customer’s session in the Online Store (after logging in), thanks to which the Customer does not have to enter their login and password on every subpage of the Online Store;
    2. analysis and research, as well as viewership audits, especially to create anonymous statistics that help understand how Customers use the Online Store’s Website, enabling its structure and content improvement.
  4. MB Money Makers uses external cookies for:
    1. popularizing the Online Store through the social networking site facebook.com (external cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland);
    2. collecting general and anonymous statistical data through analytical tools LiveChat (external cookie administrator: Smartsupp.com based in the Czech Republic);
    3. displaying advertisements tailored to the Customer’s preferences using the online advertising tool awin.com (external cookie administrator: AWIN Limited registered in England and Wales);
    4. displaying advertisements tailored to the Customer’s preferences using the online advertising tool rtbhouse.com (external cookie administrator: RTB House S.A. based in Warsaw);
    5. displaying advertisements tailored to the Customer’s preferences using the online advertising tool go.pl (external cookie administrator: GO.PL Sp. z o.o. based in Warsaw);
    6. popularizing the Store through the social networking site twitter.com (external cookie administrator: Twitter Inc. based in the USA);
    7. collecting general and anonymous statistical data through Google Analytics analytical tools (external cookie administrator: Google Inc. based in the USA);
    8. presenting the Reliable Regulations Certificate via the rzetelnyregulamin.pl website (external cookie administrator: Rzetelna Grupa sp. z o.o. based in Warsaw).
  5. The cookies mechanism is safe for the Customers’ computers. In particular, this way, viruses or other unwanted software or malicious software cannot get to the Customers’ computers. Nevertheless, Customers have the option to limit or disable access to cookies on their computers through their browsers. If they choose this option, using the Online Store will be possible, except for functions that, by their nature, require cookies.
  6. Below, we present how you can change the settings of popular web browsers in terms of using cookies:
    1. Internet Explorer browser
    2. Microsoft Edge browser
    3. Mozilla Firefox browser
    4. Chrome browser
    5. Safari browser
    6. Opera browser
  7. MB Money Makers may collect Customers’ IP addresses. An IP address is a number assigned to the computer of the person visiting the Online Store by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e., it changes with each Internet connection. The IP address is used by MB Money Makers to diagnose technical problems with the server, create statistics (e.g., determining from which regions we have the most visits), as information useful for administering and improving the Online Store, as well as for security purposes and potentially identifying servers that burden, unwanted automatic content browsing programs.
  8. The Online Store contains links and references to other websites. MB Money Makers is not responsible for the privacy policies in force on these websites.

§ 4 Rights of Data Subjects

  1. Right to Withdraw Consent – legal basis: Article 7(3) of the GDPR.
    1. The Customer has the right to withdraw any consent given to MB Money Makers.
    2. Withdrawal of consent takes effect from the moment of its withdrawal.
    3. Withdrawal of consent does not affect the processing carried out by MB Money Makers in accordance with the law before its withdrawal.
    4. Withdrawal of consent does not have any negative consequences for the Customer, but it may prevent further use of services or functionalities that MB Money Makers can provide only with consent, in accordance with the law.
  2. Right to Object to Data Processing – legal basis: Article 21 of the GDPR.
    1. The Customer has the right, at any time, to object, for reasons related to their particular situation, to the processing of their personal data, including profiling, by MB Money Makers, if MB Money Makers processes their data based on a legitimate interest, e.g., marketing MB Money Makers products and services, conducting statistics on the use of individual functionalities of the Online Store, facilitating the use of the Online Store, and conducting satisfaction surveys.
    2. Opting out from receiving marketing communications via email will be considered an objection by the Customer to the processing of their personal data for such purposes.
    3. If the Customer’s objection is justified, and MB Money Makers does not have any other legal basis for processing the personal data, the Customer’s personal data will be deleted concerning which the Customer has raised an objection.
  3. Right to Erasure of Data (“Right to Be Forgotten”) – legal basis: Article 17 of the GDPR.
    1. The Customer has the right to request the erasure of all or some of their personal data.
    2. The Customer has the right to request the erasure of personal data if:
      1. The personal data are no longer necessary for the purposes for which they were collected or processed;
      2. The Customer has withdrawn a specific consent regarding data processing, to the extent that the personal data were processed based on their consent;
      3. The Customer has objected to the use of their data for marketing purposes;
      4. The personal data are being processed unlawfully;
      5. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which MB Money Makers is subject;
      6. The personal data have been collected in relation to the offer of information society services.
    3. Despite the request for the erasure of personal data, MB Money Makers may retain some personal data to the extent that processing is necessary for the establishment, exercise, or defense of legal claims or for compliance with a legal obligation requiring processing under Union or Member State law to which MB Money Makers is subject. This particularly applies to personal data including the Customer’s name, surname, and email address, which are retained for the purpose of resolving complaints and claims related to the use of MB Money Makers services, as well as, additionally, the residential/correspondence address, order number, which are retained for the purpose of resolving complaints and claims related to concluded sales agreements or service provision.
  4. Right to Restrict Data Processing – legal basis: Article 18 GDPR.
    1. The customer has the right to request the restriction of the processing of their personal data. Submitting a request prevents the use of specific functionalities or services associated with the processing of the data subject to the request until the request is processed. MB Money Makers will also not send any communications, including marketing, during this period.
    2. The customer has the right to request restrictions on the use of personal data in the following cases:
      1. When they contest the accuracy of their personal data – in such cases, MB Money Makers restricts their use for the time necessary to verify the accuracy of the data, but not longer than 7 days.
      2. When the processing of data is unlawful, and instead of deleting the data, the customer requests the restriction of their use.
      3. When personal data is no longer necessary for the purposes for which it was collected or used, but the customer needs it for establishing, pursuing, or defending legal claims.
      4. When the customer has objected to the use of their data – in this case, the restriction is in place while the consideration takes place to determine whether, due to the customer’s particular situation, their interests, rights, and freedoms outweigh the interests pursued by the data controller in processing the customer’s personal data.
  5. Right to Access Data – legal basis: Article 15 GDPR.
    1. The customer has the right to obtain confirmation from the data controller whether personal data concerning them is being processed. If so, the customer has the right to:
      1. Access their personal data;
      2. Receive information about the purposes of processing, the categories of personal data processed, recipients or categories of recipients of this data, the planned storage period of the customer’s data, or the criteria for determining this period (when determining the planned data processing period is not possible), the customer’s rights under the GDPR, and the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with transferring this data outside the European Union;
      3. Obtain a copy of their personal data.
  6. Right to Rectify Data – legal basis: Article 16 GDPR.
    1. The customer has the right to request the immediate rectification of inaccurate personal data concerning them by the data controller. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data by providing additional statements, by sending a request to the email address as indicated in §6 of the Privacy Policy.
  7. Right to Data Portability – legal basis: Article 20 GDPR.
    1. The customer has the right to receive their personal data, which they provided to the data controller, and then transmit it to another chosen data controller. The customer also has the right to request that the data controller transmit their personal data directly to such a data controller, provided that it is technically feasible. In this case, the data controller will transmit the customer’s personal data in a CSV file format, which is commonly used, machine-readable, and suitable for transmitting the received data to another data controller.
  8. If the customer exercises any of the above rights, MB Money Makers will fulfill the request or deny it promptly, but no later than one month after receiving it. However, if, due to the complexity of the request or the number of requests, MB Money Makers cannot fulfill the request within one month, it will do so within the following two months, informing the customer in advance within one month of receiving the request of the intended extension of the deadline and the reasons for it.
  9. The customer can submit complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the data controller.
  10. The customer has the right to request from MB Money Makers a copy of the standard contractual clauses by sending a request in the manner specified in §6 of the Privacy Policy.
  11. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of their rights to personal data protection or other rights granted under the GDPR.

§ 5 Security Management – Password

  1. MB Money Makers provides customers with a secure and encrypted connection when transmitting personal data and when logging into their customer accounts on the website. MB Money Makers uses an SSL certificate issued by one of the leading global security and data encryption companies for data transmitted over the Internet.
  2. In the event that a customer with an account in the online store loses their access password in any way, the online store allows for the generation of a new password. MB Money Makers does not send password reminders. Passwords are stored in an encrypted form, making it impossible to read. To generate a new password, the customer should provide their email address in the form available at the “Forgot your password?” link provided on the login form to the customer account on the online store. The customer will receive an email to the email address provided during registration or in the last profile change, containing a link to a dedicated form on the store’s website, where the customer can set a new password.
  3. MB Money Makers never sends any correspondence, including electronic correspondence, requesting login information, especially login passwords, from customers.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy may change, and MB Money Makers will inform customers in advance with a notice period of 7 days.
  2. Questions related to the Privacy Policy should be directed to: info@saynotodrugs.eu
  3. Last modification date: December 13, 2024.

Shopping Cart
Scroll to Top