Privacy Policy of www.mb-prep.com

Welcome to the privacy policy of www.mb-prep.com. This policy will help you understand what data we collect, why we collect it, and what your rights are in this regard. Last updated: May 3, 2026

Data Controller Mbecom S.R.L. Controller email address: info@mbecom.com

​

Types of Data We Collect Among the Personal Data collected by this Application, either directly or through third parties, the following are included: Tracking Tools, Usage Data, device information, number of Users, session statistics, email.

Full details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific informational texts displayed prior to data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide the Service. Where this Application indicates certain Data as optional, Users are free to refrain from providing such Data without any consequence on the availability or operation of the Service. Users who are uncertain about which Data is mandatory are encouraged to contact the Controller. The use of Cookies — or other tracking tools — by this Application or by third-party service providers used by this Application serves the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy.

The User assumes responsibility for any Personal Data of third parties obtained, published, or shared through this Application.

​

Methods and Place of Processing

Methods of Processing The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, and may be appointed, where necessary, as Data Processors by the Controller. An updated list of Data Processors may be requested from the Controller at any time.

​

Location Data is processed at the Controller's operating offices and at any other location where the parties involved in processing are located. For further information, please contact the Controller. The User's Personal Data may be transferred to a country other than the one in which the User is located. For more information on the location of processing, Users may refer to the section on details of Personal Data processing.

​

Retention Period Unless otherwise specified in this document, Personal Data is processed and stored for the time required by the purpose for which it was collected and may be retained for a longer period due to legal obligations or based on the User's consent.

​

Purposes of Processing The User's Data is collected to allow the Controller to provide the Service, comply with legal obligations, respond to enforcement requests, protect its rights and interests (or those of Users or third parties), detect malicious or fraudulent activities, as well as for the following purposes: Platform and hosting services, Infrastructure monitoring, Backend hosting and infrastructure, Traffic optimization and distribution, Display of content from external platforms, Analytics, Access to third-party service accounts, Interaction with social networks and external platforms, Tag management, Contacting the User.

​

Facebook Permissions Requested by this Application This Application may request certain Facebook permissions that allow it to perform actions with the User's Facebook account and to collect information, including Personal Data, from it. This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook Inc. For more information on the permissions listed below, please refer to the Facebook permissions documentation and Facebook's privacy policy.

​

The requested permissions are as follows:

Basic information The basic information of the User registered on Facebook, which normally includes: id, name, picture, gender and locale, and in some cases, Facebook "Friends". If the User has made additional Data publicly available, that Data will also be available.

Usage Data

Email Provides access to the User's primary email address.

Device information

​

Tracking Tools A Tracking Tool refers to any technology — e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting — that enables tracking of Users, for example by collecting or saving information on the User's device.

Details on the Processing of Personal Data

Access to third-party service accounts This type of service allows this Application to access data from your accounts on third-party services and perform actions with them. These services are not activated automatically but require the User's explicit authorization.

​

Mailing list or newsletter Personal Data processed: Usage Data +2

​

Contact form Personal Data processed: Usage Data +1

​

Tag Management This type of service allows the Controller to manage centrally the tags or scripts required on this Application. As a result, the User's Data flows through these services, potentially being retained.

​

Hosting and backend infrastructure This type of service hosts Data and files that enable this Application to run and be distributed, or provides a ready-to-use infrastructure to run specific features or parts of this Application. Some of the services listed below, if present, may operate on geographically distributed servers, making it difficult to determine the actual location where the Personal Data is stored.

​

Interaction with social networks and external platforms This type of service allows interaction with social networks, or other external platforms, directly from the pages of this Application. The interactions and information obtained by this Application are in any case subject to the User's privacy settings for each social network. It is recommended to log out from the respective services to ensure that the data processed on this Application is not linked back to the User's profile.

​

Infrastructure monitoring This type of service allows this Application to monitor the use and behavior of its components, to improve performance and functionality, perform maintenance, or troubleshoot issues. The Personal Data processed depends on the characteristics and implementation of these services, which by their nature filter the Application's activity.

​

Traffic optimization and distribution This type of service allows this Application to distribute its content via servers located across the territory and to optimize its performance. The Personal Data processed depends on the characteristics and implementation of these services, which by their nature filter communications between this Application and the User's browser. Due to the distributed nature of this system, it is difficult to determine the locations to which content — which may contain Personal Data — is transferred.

​

Platform and hosting services These services host and operate key components of this Application, enabling its delivery from a single platform. These platforms provide the Controller with a wide range of tools including analytics, user registration management, comment and database management, e-commerce, payment processing, etc. The use of such tools involves the collection and processing of Personal Data. Some of these services operate through servers located in different geographic locations, making it difficult to determine the exact location where Personal Data is stored.

​

Analytics The services in this section allow the Controller to monitor and analyze web traffic and are used to keep track of User behavior.

​

Display of content from external platforms This type of service allows content hosted on external platforms to be displayed directly from the pages of this Application and to interact with it. Such services are often referred to as widgets — small elements embedded in a website or application. They provide specific information or perform a particular function and often allow interaction with the user. This type of service may still collect web traffic data for the pages where the service is installed, even when Users do not use it.

​

Information on how to opt out of interest-based advertising In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more about how to opt out of interest-based advertising in the dedicated section of the Cookie Policy.

Cookie Policy This Application uses Tracking Tools. To learn more, Users may consult the Cookie Policy.

​

Additional Information for Users in the European Union

Legal Basis for Processing The Controller processes Personal Data relating to the User where one of the following conditions applies:

• The User has given consent for one or more specific purposes.

• Processing is necessary for the performance of a contract with the User and/or for pre-contractual measures.

• Processing is necessary to comply with a legal obligation to which the Controller is subject.

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

• Processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party.

​

It is always possible to ask the Controller to clarify the specific legal basis for each processing activity, and in particular whether processing is based on law, required by a contract, or necessary to enter into a contract.

​

Further information on retention periods Unless otherwise specified in this document, Personal Data is processed and stored for the time required by the purpose for which it was collected and may be retained for a longer period due to legal obligations or based on the User's consent. Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the contract has been fully performed.

• Personal Data collected for purposes related to the Controller's legitimate interests will be retained until such interests are fulfilled. The User may obtain further information regarding the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.

• Where processing is based on the User's consent, the Controller may retain Personal Data for longer until consent is withdrawn. In addition, the Controller may be required to retain Personal Data for a longer period to comply with a legal obligation or by order of an authority.

​

Upon expiry of the retention period, Personal Data will be deleted. Therefore, upon expiry, the rights of access, erasure, rectification and data portability can no longer be exercised.

​

User Rights under the General Data Protection Regulation (GDPR) Users may exercise certain rights with respect to Data processed by the Controller. In particular, within the limits provided by law, the User has the right to:

• Withdraw consent at any time.

• Object to processing of their Data.

• Access their Data.

• Verify and request rectification.

• Obtain restriction of processing.

• Obtain erasure or removal of their Personal Data.

• Receive their Data or have it transferred to another controller.

• Lodge a complaint with the competent data protection supervisory authority or take legal action.

​

Users have the right to obtain information regarding the legal basis for the transfer of Data outside the EU, including to any international organization governed by international law or established by two or more countries, such as the UN, as well as the security measures adopted by the Controller to protect their Data.

​

Details on the right to object Where Personal Data is processed for public interest purposes, in the exercise of official authority vested in the Controller, or for the legitimate interests of the Controller, Users have the right to object to such processing on grounds relating to their particular situation.

​

Users are informed that, where their Data is processed for direct marketing purposes, they may object to such processing at any time, free of charge and without providing any justification. Where Users object to processing for direct marketing purposes, Personal Data will no longer be processed for such purposes. To find out whether the Controller processes Data for direct marketing purposes, Users may refer to the relevant sections of this document.

​

How to exercise your rights Any requests to exercise User rights may be directed to the Controller using the contact details provided in this document. Requests are free of charge and the Controller will respond as soon as possible, and in any case within one month, providing all information required by law. Any rectifications, erasures, or restrictions on processing will be communicated by the Controller to each recipient to whom the Data has been transmitted, unless this proves impossible or involves disproportionate effort. The Controller will inform the User of such recipients upon request.

​

Additional Information for Users in Switzerland This section applies to Users in Switzerland and, for such Users, supersedes any other divergent or conflicting information contained in the privacy policy.

​

Further details regarding the categories of Data processed, the purposes of processing, the categories of recipients, if any, the retention period, and other information on Personal Data can be found in the section titled "Detailed information on the processing of Personal Data" within this document.

Rights of users under the Federal Act on Data Protection Users may exercise certain rights relating to their data within the limits of the law, including:

• Right of access to Personal Data.

• Right to object to the processing of Personal Data (which also allows Users to request restriction of processing, erasure or destruction of Personal Data, and prohibition of disclosure of Personal Data to third parties).

• Right to receive their Personal Data and transfer it to another controller (data portability).

• Right to request rectification of inaccurate Personal Data.

​

How to exercise these rights Any requests to exercise User rights may be directed to the Controller using the contact details provided in this document. Such requests are free of charge and the Controller will respond as soon as possible, providing Users with the information required by law.

Additional Information for Users in Brazil This section of the document integrates and supplements the information contained in the rest of the privacy policy and is provided by the entity operating this Application and, where applicable, its parent company and its subsidiaries and affiliates (collectively referred to in this section as "we", "us", or "our"). This section applies to all Users in Brazil (referred to below simply as "you" or "your"), pursuant to the Lei Geral de Proteção de Dados, and for such Users supersedes any other divergent or conflicting information contained in this privacy policy. In this part of the document, the term "personal information" is used as defined by the LGPD.

​

Legal bases under which we process your personal information We process your personal information only where one of the following legal bases applies:

• Your consent to the processing activities in question.

• Compliance with legal obligations we are required to fulfill.

• Execution of rules set by laws or regulations or by contracts, agreements, or other similar legal instruments.

• Research conducted by research bodies, preferably carried out on anonymized personal information.

• Performance of a contract and its pre-contractual obligations, where you are a party to such contract.

• Exercise of our rights in judicial, administrative, or arbitration proceedings.

• Protection of your physical safety or that of a third party.

• Protection of health — in procedures carried out by healthcare entities or professionals.

• Our legitimate interests, provided that your fundamental rights and freedoms do not override such interests.

• Protection of credit.

​

To learn more about the legal bases, you may contact us at any time using the contact details provided in this document.

​

Categories of personal information processed To find out which categories of personal information are processed, please refer to the section "Details on the Processing of Personal Data" in this document.

​

Why we process your personal information To find out why we process your personal information, please refer to the sections "Details on the Processing of Personal Data" and "Purposes of Processing" in this document.

​

Your privacy rights in Brazil, how to submit a request, and how we will handle it

Your privacy rights in Brazil You have the right to:

• Obtain confirmation of the existence of processing activities regarding your personal information.

• Access your personal information.

• Obtain rectification of incomplete, inaccurate, or outdated personal information.

• Obtain anonymization, blocking, or deletion of unnecessary or excessive personal information, or information processed in violation of the LGPD.

• Obtain information about the possibility of giving or refusing consent and the consequences thereof.

• Obtain information about third parties with whom we share your personal information.

• Obtain, upon explicit request, portability of your personal information (excluding anonymized information) to another product or service provider, provided that our trade and industrial secrets are safeguarded.

• Obtain deletion of personal information processed on the basis of your consent, unless one or more exceptions under Article 16 of the LGPD apply.

• Revoke your consent at any time.

• File a complaint regarding your personal information with the ANPD (National Data Protection Authority) or a consumer protection body.

• Object to processing activities where processing is not carried out in accordance with legal provisions.

• Request clear and adequate information about the criteria and procedures used in automated decision-making processes.

• Request review of decisions that affect your interests and are made solely on the basis of automated processing of your personal information, including decisions used to define your personal, professional, consumer, or credit profile.

​

You will never be discriminated against or subjected to any unfavorable treatment as a result of exercising your rights.

How to submit a request You may submit an explicit request to exercise your rights free of charge, at any time, using the contact details provided in this document or through your legal representative.

​

How and when we will handle your request We will make every effort to respond to your request as soon as possible. In any case, where it is not possible for us to do so immediately, we will communicate the factual or legal reasons preventing us from responding immediately or fulfilling your request. If your personal information is not processed by us, we will, where possible, indicate the person or entity to whom your request should be directed.

​

If you submit an access request or a request to confirm the existence of processing, please specify whether you would prefer to receive your personal information in electronic or paper format. You should also let us know whether you require an immediate response — in which case you will receive a simplified reply — or whether you need a full disclosure. In the latter case, we will respond within 15 days of your request, providing all information regarding the origin of your personal information, confirmation of whether personal information relating to you exists, all criteria used for processing and its purposes, while safeguarding our trade and industrial secrets.

If you submit a request for rectification, deletion, anonymization, or blocking of personal information, we will promptly inform all other parties with whom we have shared your personal information so that they may also fulfill your request — except where such communication is impossible or excessively burdensome for us.

​

Transfer of personal information outside Brazil where permitted by law We may transfer your personal information outside Brazilian territory in the following cases:

• When the transfer is necessary for international legal cooperation between intelligence services, investigative bodies, and criminal prosecution authorities, as provided for by international law instruments.

• When the transfer is necessary to protect your life or physical safety, or that of third parties.

• When the transfer is authorized by the ANPD.

• When the transfer results from an obligation under an international cooperation agreement.

• When the transfer is necessary for the exercise of public policy or the performance of a public service.

• When the transfer is necessary to comply with a legal obligation, perform a contract and its pre-contractual obligations, or for the regular exercise of rights in judicial, administrative, or arbitration proceedings.

• ​

Further Information on Processing

Legal defense The User's Personal Data may be used by the Controller in legal proceedings or in preparatory stages thereof to defend against misuse of this Application or the related Services by the User. The User acknowledges that the Controller may be required to disclose Data upon order of public authorities.

​

Specific disclosures Upon the User's request, in addition to the information contained in this privacy policy, this Application may provide the User with additional contextual information regarding specific Services, or the collection and processing of Personal Data.

​

System logs and maintenance For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs — files that record interactions and may also contain Personal Data such as the User's IP address.

Information not contained in this policy Further information regarding the processing of Personal Data may be requested at any time from the Controller using the contact details provided.

​

Changes to this Privacy Policy The Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on this Application and, where technically and legally feasible, by sending a notification to Users through any contact details on file. Please consult this page frequently, referring to the date of last modification indicated at the bottom.

​

Where changes affect processing whose legal basis is consent, the Controller will collect the User's consent again where necessary.

Definitions and Legal References

​

Personal Data (or Data) / Personal Information Any information that, directly or indirectly, even in combination with any other information including a personal identification number, makes an individual identified or identifiable.

​

Sensitive Personal Information Any Personal Information that is not publicly available and that reveals information considered sensitive under applicable privacy law.

Usage Data Information collected automatically through this Application (including from third-party applications integrated into this Application), including: IP addresses or domain names of computers used by Users connecting to this Application, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the server's response (successful, error, etc.), the country of origin, the browser and operating system characteristics used by the visitor, various temporal details of the visit (such as time spent on each page), and details of the path followed within the Application, with particular reference to the sequence of pages visited, the parameters relating to the operating system and the User's IT environment.

​

User The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

​

Data Subject The natural person to whom the Personal Data refers.

​

Data Processor The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller, as described in this privacy policy.

​

Data Controller The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing Personal Data, including the security measures relating to the operation and use of this Application. Unless otherwise specified, the Data Controller is the owner of this Application.

​

This Application The hardware or software tool through which the Personal Data of Users is collected and processed.

​

Service The service provided by this Application as defined in the relevant terms (if any) on this site/application.

​

Sale Sale means any exchange of Personal Information by the Owner to a third party for monetary or other valuable consideration, as defined by applicable US state privacy law. Please note that the exchange of Personal Information with a service provider pursuant to a written contract that meets the requirements established by applicable law does not constitute a Sale of your Personal Information.

​

Sharing Sharing means any sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's Personal Information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, as defined by California privacy laws. Please note that the exchange of Personal Information with a service provider pursuant to a written contract that meets the requirements established by California privacy laws does not constitute sharing of your Personal Information.

​

Targeted Advertising Targeted Advertising means displaying advertisements to a consumer where the advertisement is selected based on Personal Information obtained from that consumer's activities over time and across non-affiliated websites or online applications to predict such consumer's preferences or interests, as defined by applicable US state privacy law.

​

European Union (or EU) Unless otherwise specified, all references to the European Union contained in this document shall be understood as extending to all current member states of the European Union and the European Economic Area.

​

Cookie Cookies are Tracking Tools consisting of small pieces of data stored within the User's browser.

Tracking Tool A Tracking Tool refers to any technology — e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting — that enables tracking of Users, for example by collecting or saving information on the User's device.

Legal References This policy is drawn up on the basis of multiple legislative frameworks. Unless otherwise specified, this policy applies exclusively to this Application.