Privacy Policy

Pursuant to Article 13 of the Regulation (EU) 2016/679 containing provisions for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (hereinafter the “GDPR”), we hereby provide you with information regarding the processing of your personal data provided by you and/or collected via the website www.mbe.co.rs (Website)

1. Data controller

Personal Data collected via the Website will be processed by “Mail Boxes Etc SEE d.o.o. (MBE SEE)”, in its quality of data controller (hereinafter the “Controller” or “MBE”).

         2. Categories of Personal Data processed

The following Personal Data provided by you (hereinafter the “Personal Data”) may be processed via the Website:

• the IP address;
• navigation data on the Website;
• information on the browser and on the device;
• information collected through cookies, pixel tags, provided by you and without disclosing your specific identity;
• demographic information and other information provided by you and without disclosing your specific identity;
• Information that has been aggregated in such a way as to no longer reveal your specific identity.

Moreover, the following Personal Data provided by you may be processed if you decide to interact with the Website:

• Name, surname, email address, telephone number and company, if you send messages to a specific MBE center through our forms. Only the email address if you wish to receive the MBE newsletter.

1. Purposes of processing Personal Data

The Controller will process your Personal Data for the following purposes:

1. to allow you to benefit from the features offered by the Website, and more in detail:

• To allow you to communicate with the specific MBE center selected by you and obtain the information you request through the contact forms on the Website (in this case your Personal Data will be transmitted to the specific MBE center selected).

1. to provide you with the services you request, and more in detail:

• to create your personal account;
• to find the MBE centers closer to your current position;
• to reserve your products delivery services in a specific MBE center selected by you, and to process payments direct to the specific MBE center above, manage potential complaints and communicate with you about the above (in this case your Personal Data will be transmitted to the specific MBE center selected).

1. to send you, by any means of communication (fax, e-mail, text message, multimedia messaging service, paper-based mail, operator-assisted phone calls), advertising material and literature of a promotional nature or in any case involving commercial solicitation pertaining to services, products or discounts offered by the Controller, as well as for conducting studies and surveys of the market, and elaborating related statistics;

1. communicate the Personal Data to MBE SEE and to the MBE centers to send you, by any means of communication (fax, e-mail, text message, multimedia messaging service, paper-based mail, operator-assisted phone calls), advertising material of promotional nature or in any case involving commercial solicitation pertaining to services, products or discounts offered by the MBE SEE and the relevant MBE center, as well as for conducting studies and surveys of the market, and elaborating related statistics.

The Personal Data collected may also be processed in the context of any corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities.

       4. Legal basis for processing Personal Data

The processing of your Personal Data for the purposes referred to in Section 3, a. is carried out in order to comply with your request and on the basis of a legitimate interest of the Controller, which business is inevitably linked to the quality of the services offered by its Website, to the users’ interaction experience and to the satisfaction of their expectations. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to send your contact request to the Controller and/or the selected MBE center.

The processing of Personal Data for the purposes referred to in Section 3, b., is necessary in order to perform the pre-contractual and contractual measures adopted upon your request when you ask for the services offered by the Website. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to use and enjoy the services above.

The processing of your Personal Data for the purposes referred to in Section 3, c. and d., is optional and is based on your freely given consent. Any refusal to provide the Personal Data for the purposes set out above will have the sole consequence of making it impossible for the Controller, the MBE SEE and/or the selected MBE center to send you advertising and promotional messages, to conduct studies and surveys of the market, and elaborating related statistics.

In case of processing in the event of any potential corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities, such processing will be carried out on the basis of legitimate interests of the Controller in the continuation of its commercial activities and for the protection of its rights.

        5. Modalities of processing of Personal Data

The processing will be carried out with the assistance of both automated instruments and on paper suitable for guaranteeing the security and confidentiality of Personal Data, this to collect, consult, store, manage, extract and transmit the Personal Data.

      6. Recipients of Personal Data

The Personal Data will be disclosed to the persons authorized for the processing within the Controller’s staff.

The Personal Data may be disclosed by the Controller solely and exclusively for the purposes indicated and where necessary, to the following categories of subjects:

1. agents or collaborators of the Controller who are located within the territory of the Serbia or EU;
2. MBE centers that are located in Serbia and which may process your Personal Data to carry out the services you requested and any ancillary activities (e.g. invoicing) and for marketing purposes where the relevant consent has been obtained;
3. service providers for marketing activities;
4. consultants for accountancy, administrative, legal, tax and financial matters;
5. where required, the competent judicial authorities;
6. where required, public administrations and supervisory and control authorities.

         3. Personal Data will not be publicly disclosed.

Entities belonging to the categories listed above, may act, as the case may be, as data processors (and in this case they will receive appropriate instructions from the Controller) or as autonomous data controllers. In the latter case, the Personal Data will be communicated only with the express consent of the data subjects, except where the communication is mandatory or necessary pursuant to the applicable law or for the pursue of purposes for which the consent from the data subject is not required.

The Controller also have the right to transfer your Personal Data to third countries. Transfers of Data inside the European Economic Area are subject to a special regime pursuant to the GDPR, and are only made in respect of countries that ensure an adequate level of personal data protection, on the basis of an adequacy decision of the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have enforceable rights and effective judicial remedies.

        7. Cookies

The Controller may use “cookies” within the Website (i.e. text files sent and stored on users hard disk to be then retransmitted during the next visit of the same Website), or other similar tools in order to facilitate the use of services requested by the user himself, as well as the user’s collection of information, the navigation of the Website and the choices and preferences expressed on products/services. The user may revoke at any time the authorization granted and oppose to the use of cookies by selecting the appropriate settings on its Internet browser. For more information on how to disable cookies read our Cookies Policy

       8. Retention of Personal Data

Personal Data will be stored, in compliance with the applicable law, for a term not exceeding what is necessary to pursue the purposes for which they are processed, save for the right to withdraw the consent at any time where it constitutes the legal basis for the processing.

The criteria for determining the storage period of the Personal Data takes into account the allowed processing period and the applicable laws on the statute of limitation of rights and legitimate interests of the data subject where they are the applicable legal basis for processing.

Subsequently, the Personal Data will be deleted, aggregated or anonymized.

       9. Rights of the data subject

At any time, you will be entitled to:

1. obtain confirmation from the Controller as to whether your Personal Data is being processed, and where that is the case, to access to the personal information pursuant to art. 15 of the GDPR;
2. obtain the rectification of inaccurate Personal Data concerning you, or, taking into account the purpose of the processing, the integration of incomplete Personal Data;
3. obtain the erasure of your Personal Data, where one of the grounds under art. 17 of the GDPR applies;
4. obtain the restriction of processing of your Personal Data, where one of the cases under art. 18 of the GDPR applies;
5. object to the processing of your Personal Data on grounds relating to your particular position, where applicable;
6. receipt in a structured, commonly used and machine-readable format Personal Data concerning you and provided by you, as well as to transmit those Personal Data to another controller, in the cases and within the limits referred to in art. 20 of the GDPR, where applicable.

You also have the right to withdraw your consent to the processing of your Personal Data (where given) at any time, without prejudice to the lawfulness of the processing based on your consent before its withdrawal. You will have the possibility to opt-out from marketing via email by clicking on the relevant “unsubscribe” link.

According with the GDPR, the Controller may not charge for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded or excessive and repetitive. Should you request more than one copy of your Personal Data or in cases of excessive or unfounded requests, the Controller may: (i) charge a reasonable expense, considering the administrative costs incurred to fulfil the request; or (ii) refuse to fulfil the request. In these cases the Controller will inform you of the costs before fulfilling the request.

The Controller may ask for further information before fulfilling the requests if it needs to verify the identity of the person who has made them.

Without prejudice to any administrative or legal remedy, you also have the right to lodge a complaint to the relevant supervisory Authority (for Serbia: the “COMMISSIONER FOR INFORMATION OF PUBLIC IMPORTANCE AND PERSONAL DATA PROTECTION”), if you believe that processing of your data is in breach of the GDPR. More information is available on the website https://www.poverenik.rs/en/

In any case, the Controller is interested in knowing the reasons for the complaint and requests that you use the above contact methods before turning to the authorities, in order to prevent and resolve any disputes, amicably and promptly, with the greatest courtesy, professionalism and discretion.

For more information about the provisions contained in Articles from 15 to 22 of the GDPR, click on the following link:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679&qid=1671832038722

       10. Contacts for the exercise of the rights of the data subject and for further information

With respect to the exercise of your rights in relation to the purposes as per Section 3 above and/or to obtain any type of information you may need in relation to the Controller pursuant to this privacy notice, you can send a written communication to 21 Kraljice Natalije St., 11000 Belgrade, or an email to beograd@mbe.co.rs

        11. Changes to this privacy notice

This privacy notice will be valid as of the date indicated below. It is advisable to regularly monitor this privacy notice by visiting the Website in order to keep up to date with any future changes.

Privacy Informative Notice

(STUDIES, RESEARCH AND MARKET STATISTICS THROUGH CALL CENTERS ON MBE FRANCHISING NETWORK SERVICES)

Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016, containing provisions for the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, “GDPR”), we hereby provide the informative notice regarding the processing of personal data of subjects acting within the organization of company (hereinafter, “Customer”) which has used one (or more) of the services offered by the MBE franchising network and who are contacted by telephone for the purpose of conducting studies, research and market statistics on the services offered by the MBE franchising network through the service centers owned by individual third party entrepreneurs operating under the brand MAIL BOXES ETC. (hereinafter, “MBE Franchisees”) under a franchise agreement and that offer mainly shipping, communication, graphics and printing services (hereinafter, “MBE Centers”).

This informative notice supplements the brief informative notice provided by the call centers operator to the Customer at the beginning of the call.

1. Data Controller

Personal Data collected via the Website will be processed by “Mail Boxes Etc SEE d.o.o. (MBE SEE)”, in its quality of data controller (hereinafter the “Controller” or “MBE”).

2. Categories of personal data processed

The following personal data provided by the Customer and/or otherwise collected by the Controller may be processed:

• identification data of the Customer (company name, VAT number, address, city, as well as name, surname and e-mail of the Customer’s contact person);
• telephone number of the Customer, subject to further verification of non-registration with the Public Register of Objections ; 
• any other personal data communicated to the operator during the telephone call;
• data relating to the services of MBE franchise network used by the Customer and communicated to the operator during the call.

3. Purposes, legal basis of the processing and consequences of the failure to provide personal data

The personal data of the Customer may be processed for the activities indicated below.

3.1. Contacting the Customer by telephone and conducting the interview

Personal data of the Customer will be processed for the purpose of contacting the Customer at the above telephone number and conducting an interview to enable MBE SEE to carry out the relevant study, research or market statistics on the services offered by the MBE’s franchising network.

Depending on the case, the Customer’s personal data may also be processed to schedule a subsequent appointment with the telephone operator to postpone the interview or to schedule further interviews.

The processing of data for this purpose is carried out on the basis of the consent already given by the Customer to the processing of personal data for general marketing purposes (i.e. to send the Customer, by any means of communication (fax, e-mail, sms, mms, paper mail, telephone calls with operator or other channels), advertising and information material of a promotional nature or, in any case, of commercial solicitation with regard to services, products or discounts of MBE, as well as to prepare studies, research and market statistic (hereinafter, “Commercial Communications”).

The Customer may revoke the consent to the processing of its personal data for such purposes at any time, either during the telephone call or by sending a written notice to that effect to the contact details specified in paragraph 9 “Contacts for the exercise of rights of the data subject and for further information” below. In the event of a request not to receive further telephone calls on behalf of MBE, the telephone number of the Customer will be included in the black-list of the Controller, i.e. the list of subjects that cannot be contacted by MBE for commercial purposes. Inclusion in the black-list corresponds to the best protection of the Customer’s interests and the related processing is carried out on the basis of the legitimate interest of the Controller to guarantee respect for the Customer’s intention not to receive future telephone calls for commercial purposes. In such cases, the only consequence for the Customer will be the impossibility to receive Commercial Communications by telephone.

3.2. Other processing activities

In case of processing in the event of any potential corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities, such processing will be carried out on the basis of legitimate interests of the Controller in the continuation of its commercial activities and for the protection of its rights.

4. Modalities of processing of personal data

The processing will be carried out with the assistance of both automated instruments and on paper suitable for guaranteeing the security and confidentiality of personal data, this to collect, consult, store, manage, extract and transmit the personal data.

5. Recipients of personal data

Personal data – which will not be publicly disclosed – may be communicated:

(i) employees, agents or collaborators of the Controller who are located in the territory of the Serbia and European Union;
(ii) Controller’s group entities (including MBE SEE);
(iii) companies that provide call center or market research services;
(iv) MBE Centers;
(v) service providers for marketing activities located in the territory of Serbia;
(vi) persons, companies or professional offices located within the territory of the Serbia that engage in activities of assistance and consultation in accountancy, administrative, legal, tax and financial matters;
(vii) subjects, bodies or authorities to whom or which the communication of personal data is mandatory by virtue of provisions of law or orders issued by authorities.

Subjects belonging to the categories listed above, may act, as the case may be, as data processors (and in this case they will receive appropriate instructions from the Controller) or as autonomous data controllers. In the latter case, the personal data will be communicated only with the express consent of the data subjects, except where the communication is mandatory or necessary pursuant to the applicable law or for the pursue of purposes for which the consent from the data subject is not required.

6. Transfer of personal data extra Serbia

Customer’s personal data will not be transferred outside the Serbia. In any case, the Controller reserves the right to transfer the personal data to third countries. Transfers of data outside the Serbia are subject to a special regime pursuant to the GDPR and are only made in respect of countries that ensure an adequate level of personal data protection, on the basis of an adequacy decision of the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have enforceable rights and effective judicial remedies.

7. Retention of Personal Data

Personal Data will be stored, in compliance with the applicable law, for a term not exceeding what is necessary to pursue the purposes for which they are processed, save for the right of the Customer to withdraw its consent at any time where it constitutes the legal basis for the processing.

The criteria for determining the storage period of the personal data takes into account the allowed processing period and the applicable laws on the statute of limitation of rights and legitimate interests of the data subject where they are the applicable legal basis for processing.

Thereafter, personal data will be deleted, aggregated or anonymized.

8. Exercise of rights by the data subject

At any time, the Customer (only in the case of a natural person and not a legal entity) will be entitled to:

(i) obtain confirmation from the Controller as to whether personal data is being processed, and where that is the case, to access to the personal information pursuant to art. 15 of the GDPR;
(ii) obtain the rectification of inaccurate personal data or, taking into account the purpose of the processing, the integration of incomplete personal data;
(iii) obtain the erasure of personal data, where one of the grounds under art. 17 of the GDPR applies;
(iv) obtain the restriction of processing of personal data, where one of the cases under art. 18 of the GDPR applies;
(v) object to the processing of personal data on grounds relating to particular position of the Customer, where applicable;
(vi) receipt in a structured, commonly used and machine-readable format personal data and provided by you, as well as to transmit those personal data to another controller, in the cases and within the limits referred to in art. 20 of the GDPR, where applicable.

According with the GDPR, the Controller may not charge for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded or excessive and repetitive. Should the Customer request more than one copy of its personal data or in cases of excessive or unfounded requests, the Controller may: (i) charge a reasonable expense, considering the administrative costs incurred to fulfil the request; or (ii) refuse to fulfil the request. In these cases the Controller will inform the Customer of the costs before fulfilling the request. 

The Controller may ask for further information before fulfilling the requests if it needs to verify the identity of the person who has made them. 

Without prejudice to any administrative or legal remedy, the Customer also have the right to lodge a complaint to the relevant supervisory Authority (for the contacts of the supervisory Authority of your jurisdiction, please visit this website https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm), if Customer believes that processing of the data is in breach of the GDPR.

In any case, the Controller is interested in knowing the reasons for the complaint and invites the Client to use the above contact methods before turning to the authorities, in order to prevent and resolve any disputes, amicably and promptly, with the greatest courtesy, professionalism and discretion.

For more information about the provisions contained in Articles from 15 to 22 of the GDPR, click on the following link:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679&qid=1671832038722

9. Contacts for the exercise of the rights of the data subject and for further information:

Address Kraljice Natalije St.21, 11000 Belgrade, email to beograd@mbe.co.rs or via the website www.mbe.co.rs.