Privacy Policy
Last updated: 2026
Last updated: June 2, 2026
1. Data controller
In accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we inform you that the data controller for the processing of your personal data is:
- Identity: MGY OÜ
- Registration number:
- VAT:
- Address: Narva mnt 7a-206, 15172 Tallinn, Estonia
- Email for privacy matters: info@mgy-europe.com
2. Data we collect
We process the following categories of personal data:
- Identification and contact data: first and last name, postal address, email, telephone, tax ID (NIF/NIE) when required by tax regulations.
- Transaction data: purchase history, amounts, products purchased. We do not store full payment card data; payment processing is carried out by PCI-DSS certified providers.
- Browsing data: IP address, device identifiers, pages visited, data collected through cookies (see Cookie Policy).
- Communications: content of messages sent via forms, email, WhatsApp, or any other support channel.
- Warranty registration data: if you register a product to activate the extended manufacturer warranty, we will collect the product serial number, date and place of purchase.
3. Purposes and legal bases for processing
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Managing orders, sales contracts and deliveries | Performance of contract (Art. 6(1)(b)) |
| Invoicing and accounting/tax obligations | Legal obligation (Art. 6(1)(c)) |
| Customer service, warranty and returns | Performance of contract and legal obligation |
| Warranty registration and communication with manufacturer | Performance of contract (Art. 6(1)(b)) |
| Commercial communications about similar products to existing customers | Legitimate interest (Art. 6(1)(f)), with right to object |
| Newsletter and marketing to non-customers | Consent (Art. 6(1)(a)) |
| Site usage analysis via analytical cookies | Consent (Art. 6(1)(a)) |
| Fraud prevention and site security | Legitimate interest (Art. 6(1)(f)) |
4. Retention periods
- Customer and transaction data: for the duration of the contractual relationship and, thereafter, for the legally required periods (up to 6 years under the Spanish Commercial Code and applicable tax regulations).
- Warranty data: for the duration of the warranty coverage period (minimum 3 years) plus applicable legal periods.
- Marketing data: until the data subject withdraws consent or objects to the processing.
- Browsing and cookie data: as detailed in the Cookie Policy.
5. Recipients and processors
Your data may be disclosed to:
- Transport and logistics companies, for delivery of orders in Spain.
- Payment providers (Stripe, PayPal, or others indicated during the purchase process), exclusively to process the transaction.
- Product manufacturers (Cary Audio, Chord Electronics, PMC, Fyne Audio, Meze Audio, Gold Note, Chord Company, MJ Acoustics, Acoustic Signature, Lehmannaudio, Rekkord Audio, etc.), only when necessary for warranty registration or for handling technical issues and repairs.
- Technology service providers (hosting, email, site maintenance), acting as data processors under contract pursuant to Article 28 GDPR.
- Public administrations, tax authorities and judicial bodies, when there is a legal obligation.
Some of our providers may process data outside the European Economic Area (for example, manufacturers based in the United Kingdom, United States, China, or Taiwan). In such cases, we ensure that transfers are made under Standard Contractual Clauses approved by the European Commission or under adequacy decisions.
6. Your rights
As a data subject, you have the right to:
- Access your personal data.
- Request the rectification of inaccurate data.
- Request the erasure of data when no longer necessary.
- Request the restriction of processing.
- Object to processing based on legitimate interest.
- Request the portability of your data.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
- Not to be subject to automated decisions producing significant legal effects.
You can exercise these rights by sending a request to info@mgy-europe.com, accompanied by a copy of your identity document.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es, if you believe that the processing does not comply with applicable law.
7. Security
MGY OÜ adopts appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption of communications (HTTPS/TLS), access controls, and regular backups.
8. Changes to this policy
We reserve the right to amend this Privacy Policy to adapt it to legislative or jurisprudential developments. Changes will be published on this page with an indication of the update date.