Personal data protection policy
Personal data controller and contact details
This policy applies to the processing (use) of any personal data carried out by SOJER frizersko in kozmetično podjetje d.o.o. (the controller) or on behalf of the controller.
Details of the authorized person for data protection:
Name / Position: Mitja Sojer, Director
Contact number: 01 241 40 46
Which personal data do we process?
- Basic contact details;
- Details about your use of our websites (clicks on links, time spent) and details about your response on our email messages (was the message opened, which links were clicked on);
- Details we need for the completion of the contract and the delivery of the purchased goods (item of the purchase, price, delivery address, time of delivery, method of payment, date of payment, complaint details, invoice details, etc.).
Legal bases for the personal data processing
We can process your personal data based on the following legal bases:
- when it is necessary for the fulfilment of our legal obligations (e.g. issuing invoices for the purchased goods);
- when processing your data is necessary to conclude and complete the contract you have concluded with us, or because you requested a tender from us
- when you gave your consent to an individual purpose of processing in personal data processing, while you always have the right to withdraw your consent (e.g. for tailored information about our offer, which is based on profiling)
- when we have a legitimate interest for processing your personal data (e.g. when we send you an email in the case you leave your cart on our website without completing your order).
Purposes of processing your data
Your personal data can be used for one or more of the given purposes:
- communicating with you regarding the provision of our services and responding to your demands
- concluding a contract and fulfilling the obligations arising from the contract
- commercial communication (sending messages by email, ordinary mail and SMS messages)
- commercial communication based on tailored or individualized offers and messages, on developing user profiles or sorting in groups, each of which can receive a commercial communication with a different content. When profiling, we also monitor the activity of an individual (such as the time an individual spends on a certain content, which contents interest them and opening email), and the frequency and value of last purchases;
- to enforce any legal claims and to settle disputes;
- for statistical analyses of the sales of our goods and the use of our websites
How long do we store your personal data and what happens to them afterwards?
We store the basic data the whole time as long as you have the status of our registered user on our websites.
The personal data we process on the basis of your consent is stored permanently or until you revoke this consent.
The data on invoices is stored for 10 years from the issue.
We keep the data necessary for concluding and fulfilling the contract between you and us for 5 years from the completion of the contract (supply of goods).
After the expiry of the storage time limit, your personal data is efficiently deleted or anonymised. This means they are processed in a way that they can no longer be connected to you or attributed to you.
Voluntary data transmission and the consequences of non-transmission
The transmission of personal data is voluntary. You are not obliged to transmit your data to us, however, in the case you do not provide it, you cannot receive certain services or conclude contracts with us. Each time we receive personal data from you we will specify which data can cause these consequences if it is not provided.
Who has the access to your personal data
We do not transmit your data to third parties (outside of the company Sojer d.o.o.) and do not enable the familiarisation of such parties with your data, except for those with whom we have a written contract, based on which they perform certain tasks related to data processing and are obliged to comply with the legislation on data processing and protection (so-called contract processors). The contract processors to whom we transmit your personal data are:
- marketing service providers;
- call studio providers;
- providers of email sending;
- web content and applications administrators.
The contract processors may only process personal data in the framework of our instructions and may not process personal data for their own purposes. They and their employees are obliged to protect the privacy of your personal data.
The contract processors do not transfer personal data to third countries (outside the of the European Economic Area Member States – EU Member States and Iceland, Norway and Liechtenstein).
What are your rights regarding personal data, how can you revoke your consent for processing data and what are the consequences of revocation
You have the following rights regarding your personal data:
- you can ask at any time that we:
- confirm if we are processing your data
- give you access to personal data and the following information: the purposes of processing; the types of personal data; users or categories of users to whom personal data has been or will be disclosed, especially users from third countries or international organisations; the estimated time of personal data storage or, if this is not possible, the criteria used to determine this period of time; the existence of automated decision-making, including profiling and reasons for it, as well as the meaning and the anticipated consequences of such processing for you;
- provide one (free) copy of your personal data in the format of your choice (if the request is filed using electronic means of communication and if you do not specify otherwise, the copy will be provided in electronic form); for any extra copies you request we may charge a reasonable fee with regard to the cost;
- correct inaccurate personal data
- limit processing when:
- you dispute the accuracy of personal data, for a period of time that allows us to verify the accuracy of personal data;
- the processing is illegal and you oppose the deletion of personal data and request a restriction on their use instead;
- we do not need your personal data for processing purposes anymore, but you need them for enforcing, implementing or defending legal claims;
- delete all personal data (the right to be forgotten) if all assumptions set out in Article 17 of General Data Protection Regulation are met, and especially if you revoke your consent to personal data processing;
- extract your personal data in a structured, widely used and machine-readable form, with the right that you transmit this data to another controller, with no obstruction from us;
- stop using your personal data for the purposes of direct marketing, including profiling;
- exclude you from the decision based solely on automated processing, including profiling, if the assumptions set out in Article 22 of General Data Protection Regulation are met
- grant you the right to file a complaint against us with the Information Commissioner if you believe that the processing of your personal data violates the General Data Protection Regulation.
Procedure for exercising rights
You can address your requests regarding the exercise of your rights in connection with personal data in written form to any contact listed under Personal data controller and contact details.
In the case of exercising rights in connection with personal data, we may require some additional information from you for the purposes of reliable identification, while we can only reject your action if we prove that we cannot identify you with certainty.
We are obliged to respond to your request with which you are exercising your rights regarding personal data without undue delay and no later than one month from receiving your request.