If you are using MBES to take an IQ test, either full or demo version, or you are giving us feedback on our services, or just visiting our website, this Privacy Policy applies to you. This Policy contains information about the types of personal data we may collect, why we collect them and how we use it. Please study this Policy carefully prior to browsing our Website and before each transaction. By making any use (such as access, viewing, browsing, transmission, temporary or non-temporary storage, etc.) of our Website, the services or functions offered on it and making any transaction in our online store in any way, through any platform or device, you acknowledge and agree that you have read and understood this Policy.

Our Role
If you are using our website to: a) take an IQ test on MBES as a customer, b) access information relevant to our products and services, c) find a link to our facebook page, d) find information on how to contact us or you are just visiting our website, we act as the ‘data controller’ of personal data. This means we determine how and why your data are processed. For such purposes the data controller is MBES, Ltd. Themistokli Dervi, 48 CENTENNIAL BUILDING, 4th floor Office 401 1066, Nicosia, Cyprus, tel. +357 22756585 email privacy@MBES.

If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.

Types of Data We Collect
1. Contact details
Your first name, last name, age and email address.

2. Financial information
When you are using a credit card in order to make a payment, we collect the four last digits of the card number, the cardholder’s name and the expiration date of the card. When you are making a payment via PayPal, we collect the first name, last name and email address connected with the PayPal account. When you are making a payment via Braintree, we collect the first name, last name and 4 last digits of your credit card and its expiration date. Please note that Braintree might allow or require that you use other payment methods, such as Google Pay or Apple Pay, depending on your location and preferences. Furthermore, customers from certain locations outside the European Union (EU) might be able to pay using payment methods provided by dLocal payment gateway.

3. Data we collect automatically.
We may automatically collect information about you when you use our website, some of which can potentially be understood as personal data. Most of this information is collected via the use of “cookies” and other similar technologies, such as web beacons. You can learn more about cookies and similar technologies and how they are used in our website at the “Cookie Policy” section of this Privacy Policy.

A. Data relevant to your identity online and your location
Your IP (Internet Protocol) address used to connect your computer to the Internet, browser type and version, browser plug-in types, time zone setting, operating system and version, timestamp signature, device type, geolocation information about where you might be and login information relevant to our website. You may choose not to share your location details with us by adjusting your location services settings.

B. Data relevant to your use of our website
Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.

4. Special categories of data and children’s data
We don’t collect any data about you revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning sex life or sexual orientation, except when we have your explicit consent, or when we have to comply with the law.

When we offer you customer support, you might, out of your own initiative, provide us with details that are considered special categories of data relevant to your request.

We do not target MBES at children, and we do not knowingly collect any personal data from any person under 16 years of age.

Information Collected by Third Parties through Third-Party Links and Content.
Our website may include links to other websites and other content from third parties which are outside our control. We are not responsible for the security, privacy of the information collected by these third parties or the privacy practices of these third parties or the content on any third-party website. We thus encourage you to review the privacy policies of those third parties.

Our Legal Bases for Processing Your Personal Data

In order to collect and/or use your personal data we have at least one of the following legal bases:

Consent
You have given us clear and explicit consent to process your personal data for one or more specific purposes. If you have previously given consent to processing your data, you can withdraw such consent at any time. You can do this by emailing us at privacy@MBES. If you do withdraw your consent, and if we do not have another legal basis for processing your information (for example to defend a legal claim, or because we are obliged to retain such information by law), then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so, subject to your legal rights.

Contract
Processing your data is necessary for a contract to be formulated and executed with us (for the provision of services / products or otherwise), or because such information is necessary before entering into that contract.

Legitimate interests
Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
– delivering, developing and improving our services and products
– determining whether marketing campaigns are effective
– improving data security
– gaining insights from your behaviour on our website in order to be able to offer you and third parties services and products which they find useful.
– getting in touch with an existing customer; if you have been our customer in the past, we may communicate with you via email, in order to inform you about services / products similar to the ones you showed interest in, which we think you may like (read more bellow, at the section Promotional emails)
– Defending or exercising a legal claim.
In each case, we found that these legitimate interests were not outweighed by your rights and interests.

Legal obligation
Processing of your data is necessary for compliance with a legal obligation to which we are subject (for example, providing you invoices).

Why do we collect your personal data and how do we use them?

We use your personal data for the following reasons:

To Provide you the services you request
(legal bases: contract, consent, legitimate interest and legal obligation)
Such as:
– To manage your orders and requests, to process orders and payments (legal basis: contract),
– To manage login and authentication (legal bases: contract and consent),
– To remember your settings (legal basis: legitimate interest),
– To issue and send you invoices as may be required by law (legal basis: legal obligation and contract)

For Customer support
(legal bases: contract and legitimate interest)
Such as:
– To notify you of any changes to our service / the fulfillment of your order legal basis: (contract)
– To address requests / complains and solve issues via email or phone support, including any bug fixing (legal basis: legitimate interest)

For Marketing Purposes / Promotional Emails
(legal bases: consent and legitimate interest)
Such as:
– To send you promotional emails and messages about news, new features, products, services, offers/discounts, information about our website and content. We will only send you such informational and promotional emails if one of two conditions applies:
1. You are an existing customer or have shown active interest in our products and services and we believe you might be interested in receiving information about our products and offers (legal basis: legitimate interest).
2. You have given us your explicit consent (legal basis: consent).
– To send you emails to ask you if you want to continue a transaction that you started but did not conclude (legal basis: legitimate interest).
– To Personalize our services by understanding the interests of our customers and our website visitors (legal basis: consent of use of cookies).
– To assess the effectiveness of our marketing efforts (legal basis: consent of use of cookies).

We shall only collect the email you have provided us in order to facilitate our communications and no other personal data and for no other reason.
You can always unsubscribe by following the dedicated link at the end of each newsletter or promotional email and the procedure described therein or by emailing your request at privacy@MBES.

For Analytics purposes /Improving our services
(legal bases: consent and legitimate interest)
Such as: to test features, interact with feedback platforms and questionnaires, manage landing pages, heat map our site, traffic optimization and data analysis and research.

How We Protect Your Data
The website and online shop MBES is operated according to applicable EU and Cypriot legislation and it stores your personal data with safety. We have physical and electronic procedures (technical and organizational measures) to secure and protect the information we collect and process. We only allow controlled and limited access to personal data that we may have collected and stored. When using a third party to process your personal data on our behalf or when a third party is a ‘joint data controller’ with regards to your personal data, we take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy. Furthermore, we do not have access to payment transactions, as they are fulfilled by trusted third parties, which are well equipped to safeguard your financial data.

However, please keep in mind that no data transmission is guaranteed to be 100% secure. You are responsible of your username and password so please keep them safe and secret. If you believe your privacy has been breached, please contact us without delay by sending us an email at privacy@MBES.

Your Rights
1. You have the right to access the information we hold about you. You can contact us and we shall inform you about:
• the categories of data we’re processing
• the purposes of data processing
• the categories of third parties to whom the data may be disclosed
• how long the data will be stored (or the criteria used to determine that period)
• other rights you have regarding our use of your data
We can also send you a copy of this information, if you wish.

2. You have the right to ask us to correct personal data about you if they are inaccurate or incomplete.

3. You can object to us using your data for profiling you or making automated decisions about you. We can deny your request if such processing is necessary for us and you to enter into a contract or perform our obligations arising out of such contract, or when such processing is authorized in law or when you have provided explicit consent to such processing. Please note that exercising this right does not equal to an obligation on our behalf to not show advertisements at all. Currently, we do not have such functions installed at our website.

4. You have the right to ask us to directly transfer your data to another service, as long as it is technically feasible or to provide you a copy in a common machine-readable format.
Please note that if such data also contain personal data about another person, we may elect not to include such data in our deliverables.

5. You have the right to be ‘forgotten’ (i.e. to ask us to erase your personal data).
All you have to do is ask and we will delete your data unless we have another legal reason to hold your personal data (such as a legal claim or a regulatory requirement).

6. You can ask us not to use your data for direct marketing purposes or when we process your personal data for our legitimate interests or for statistical purposes. With the exception of direct marketing, we can however reject your request if we have strong reasons to continue processing your data which override your objection (ex. exercise a legal claim).

7. You have the right to request that we restrict the processing of your personal data in the following circumstances:
• When you are contesting the accuracy of your personal data and while we are verifying the accuracy of the data;
• When you believe that your data has been unlawfully processed and you oppose their erasure;
• When we would no longer need the personal data but you need us to keep them so that you can exercise or defend a legal claim; or
• When you have objected to the processing of your data and while we are considering whether your legitimate grounds override those of the individual.

8. You can file a complaint regarding our use of your data to the Data Protection Authority.
Please tell us first and we would be happy to address your concerns. If you insist on contacting the Office of the Commissioner for Personal Data Protection, you can find out how to reach it and exercise your rights at their website (dataprotection.gov.cy).

You can exercise all the aforementioned rights (with the exception of number 8) by emailing us at privacy@MBES. We shall address your request within 30 days of its receipt unless it is too complicated or we are dealing simultaneously with too many such requests. In the latter case, it may take us up to two additional months to address your request, but we will let you know if that is the case within 30 days of the receipt of your initial request.

Location of Processing and Storage of Data
The personal data we collect is processed at our offices and servers situated in the EU and in any data processing facilities operated by the third parties identified below.

You agree to the transfer, storing or processing of your data by us, by submitting your personal data to us. If your information is transferred or stored outside of the EU or the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

As a general rule, we will only keep your personal data for as long as it is necessary in order to provide you with our services unless we are required by law to keep them for an extended time. Any personal data stored by us will be deleted within 5 years of its collection. Some of the data stored in cookies and similar technologies can be retained for even shorter periods of time. We may, however, keep your personal data for a longer period, in order to exercise or defend a legal claim or in case we are obliged by a legal provision to do so. Additionally, we will only store the email addresses of our customers for up to 5 years in order to send them our newsletter and marketing emails, a function from which they may unsubscribe at any time. With regard to the email addresses kept for promotional purposes we may keep them for longer periods but you can unsubscribe anytime, in which case we will continue to hold such information only for the purpose of not sending you undesired communications.

Please note that while the above retention policy applies to personal data collected or stored by us, it may not apply to third parties who may have access to your personal data. You can learn more about third parties bellow, in the section “Third Parties and Sharing Your Information”.

Third Parties and Sharing Your Information
As with most websites offering services and/or products, we often have to resort to third-party vendors in order to be able to keep MBES up and running, to provide our website’s services and in order to be able to perform all its functions already explained above.
These third parties help us host our website, facilitate your payments, communicate with you, power our emails, help us provide you with better services, analyze the performance of our website etc.

To that extent, sometimes it is necessary for us to share your data with them in order to get these services to work well. Please note that we will never sell your personal data to anyone.

Bellow, you can find our main third-party service providers with which we may be sharing your personal information. Please note that the countries mentioned bellow are relevant to services provided by them in the EU or the EEA, with the exception of dLocal.

Payment Processors

In order to offer you a convenient way to pay for your purchases, we make use of the services of third-party payment processors, more specifically PayPal (Luxemburg) and Braintree (Luxemburg) which is a PayPal company. By using them as a payment method you explicitly agree to their terms for using their services. Please note that Braintree might allow you to use other payment methods, such as Google Pay or Apple Pay, depending on your location and preferences. You can learn more about the manner in which they shall process personal data, and what data they collect or we share with them, here (to read agreements for a different country or region, change your location via the provided link on these pages):

(www.paypal.com/webapps/mpp/ua/privacy-full) (PayPal)
(www.braintreepayments.com/en-cy/legal) (Braintree)
(www.braintreepayments.com/en-cy/legal/braintree-privacy-policy) (Braintree)

If you are located in certain countries outside the EU, we make use of the services of a third-party payment processor, more specifically dLocal (United Kingdom, Malta). You can learn more about the manner in which dLocal shall process personal data, and what data they collect or we share with them, here:

(dlocal.com/legal/terms-and-conditions)
(dlocal.com/legal/privacy-policy)

Except for the information specified under the section Financial information, all information collected by the above third-party providers for purposes of processing your payments is not available to us, unless you have otherwise provided this information to us in connection with your use of our website and/or our services.

Servers / Cloud Storage

In order to effectively provide you with the services of our website and shop on MBES, we make use of hosting services providers, more specifically Hetzner Online (Germany) and DigitalOcean (USA). By visiting our website, using our shop and the above discount programs you explicitly agree to our use of these services. You can learn more about the manner by which they shall process personal data, and what data they collect or we share with them, here:

(www.hetzner.com/rechtliches/datenschutz) (Hetzner Online)
(www.digitalocean.com/legal/privacy) (DigitalOcean)
(www.digitalocean.com/security/gdpr) (DigitalOcean)

Newsletter / Promotional Emails

In order to be able to send our newsletter and promotional emails to you, we make use of the services of third-party email services, more specifically Mailgun (USA) and Google G Suite (Ireland). By visiting our website and using our services you explicitly agree to our use of these services. You can learn more about the manner by which they shall process personal data, and what data they collect, or we share with them, here:

(www.mailgun.com/privacy-policy) (Mailgun)
(policies.google.com/terms) (Google G Suite)
(policies.google.com/privacy) (Google G Suite)

Google (DoubleClick, Analytics) (Ireland)

In order to be able to offer you better services, we make use of the services of a third-party digital marketing service, more specifically Google DoubleClick (www.doubleclickbygoogle.com). Additionally, in order to be able to offer better services and to collect aggregated anonymized information about the use and performance of our website, we make use of the services of a third party service, more specifically Google Analytics (www.google.com/analytics) By visiting our website and using our shop and services you explicitly agree to our use of these services. You can learn more about the manner by which Google shall process personal data, and what data they collect, or we share with them, here:

(policies.google.com/terms)
(www.google.com/analytics/terms/us.html)
(policies.google.com/privacy)

You can opt-out of Google Analytics by installing Google’s opt-out browser add-on, https://tools.google.com/dlpage/gaoptout
Please note that you can always opt out of interest-based Google ads using Google’s Ads Settings (https://adssettings.google.com/ )

Facebook (Business) (Ireland)

In order to be able to offer better services, we make use of the services of a third party service, more specifically Facebook (Business) (www.facebook.com/business). By visiting our website and using our shop you explicitly agree to our use of this service. You can learn more about the manner by which Facebook (Business) shall process personal data, and what data they collect, or we share with them, here:

(www.facebook.com/privacy/explanation)

Microsoft Bing (Ireland)

In order to be able to offer better services, we make use of the services of a third party service, more specifically Microsoft Bing (www.bing.com). By visiting our website and using our shop you explicitly agree to our use of this service. Microsoft Bing allows us to build lists of users who have searched for certain terms and clicked on results using their search engines so that we can target our advertising more effectively. You can learn more about the manner by which Microsoft Bing shall process personal data, and what data they collect, or we share with them, here:

(privacy.microsoft.com/en-us/privacystatement)

AddThis (USA)

We use certain AddThis tools provided by Oracle, in order to facilitate social sharing and improve engagement on our website. You can find more about those tools here:

(www.addthis.com/get)

You can learn more about the manner in which they shall process personal data, and what data they collect or we share with them, here:

(www.addthis.com/privacy/terms-of-service)
(www.oracle.com/legal/privacy/addthis-privacy-policy.html)
(www.oracle.com/legal/privacy/privacy-choices.html)

Zendesk (USA)

In order to offer you effective customer support services, we make use of the services of a third party service, more specifically Zendesk (www.zendesk.com). By using our customer support services you explicitly agree to our use of this service. You can learn more about the manner by which Zendesk shall process personal data, and what data they collect, or we share with them, here:

(www.zendesk.com/company/customers-partners/privacy-policy)

Bugsnag (USA)

We use the services of Bugsnag (www.bugsnag.com) in order to anonymously track and report real-time bugs (errors) on our website. You can learn more about the manner by which Bugsnag shall process personal data, and what data they collect, or we share with them, here:

(docs.bugsnag.com/legal/terms-of-service)
(docs.bugsnag.com/legal/privacy-policy)

If you disagree with the processing of personal data performed by any of the aforementioned third parties, we urge you to refrain from using our website and/or shop

Your information and countries outside the EU or the EEA

Some of your information, as specified above in the section “Third Parties and Sharing Your Information”, is processed, transferred or stored outside of the EU or the EEA. To that extent, we take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy. We always elect to cooperate with best-in-field third parties, which might also have appropriate accreditation in relation to personal data protection. We also ask any third parties outside the EU or the EEA that have access to your personal data to provide us with appropriate safeguards for your information.

Cookie Policy

Will we update this Privacy Policy?
We may update this Policy from time to time in order to reflect changes in law, third party vendors, technologies we use etc.
Therefore, please re-visit this Policy regularly to stay informed

Where can you get further information?
you have any questions about our privacy policy, please email us at privacy@MBES or by post to: MBES, Ltd. Themistokli Dervi, 48 CENTENNIAL BUILDING, 4th floor Office 401 1066, Nicosia, Cyprus