Privacy Policy

1. Controller in the Sense of the GDPR

The controller for data processing is:
PalmGroup.eu
Markus Palm
ul. Towarowa 22
43-100 Tychy
Poland
Email: [noreply@mapaho.com (mailto:noreply@mapaho.com)]
Phone: +48 662 614 000

2. Collection and Storage of Personal Data, and Type and Purpose of its Use

a) When Visiting the Website
When you access our website www.[mapaho].com, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until automated deletion:

• IP address of the requesting computer (anonymized),
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection setup of the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability, and
• for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

b) When Using Our Contact Form / Email Contact
For any questions, we offer you the possibility to contact us via a form provided on the website or by email. Providing a valid email address and your name is required. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily given consent or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

c) Upon Conclusion of a Purchase Agreement
As part of the order, we process the data you provide (salutation, first and last name, billing and delivery address, email address, phone number, possibly a different delivery address, and payment data) for the processing of the purchase agreement and delivery. The legal basis is Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. c GDPR (legal retention obligations, especially tax and commercial law).

3. Disclosure of Data

Your personal data will not be transferred to third parties for purposes other than those listed below.
We only disclose your personal data to third parties if:

• you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• this is necessary for the performance of the contractual relationship in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR (e.g., to shipping service providers, payment service providers, tax advisors),
• there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR,
• the disclosure is necessary in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

4. Service Providers Used (Processors)

• Hosting: Hetzner Online GmbH
• Payment Providers: PayPal, Stripe, Klarna, giropay, Bank Transfer
• Shipping: DHL, DPD, Deutsche Post
• ERP/Shop System: WooCommerce
• Newsletter: Mailchimp

A data processing agreement exists with all processors in accordance with Art. 28 GDPR.

6. Data Subject Rights

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR;
• to receive your personal data in a structured, commonly used, and machine-readable format in accordance with Art. 20 GDPR (data portability);
• to object to the processing in accordance with Art. 21 GDPR;
• to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR (“right to be forgotten”);
• to request the restriction of processing in accordance with Art. 18 GDPR;
• to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.