PERSONAL DATA PROTECTION STATEMENT
The IRAE online store respects your privacy and undertakes to carefully protect the personal data obtained through the registration form and not to pass it on to a third person or use it for any other purposes. We reserve the right to use your personal data exclusively for the successful implementation of the sales and delivery service.
YOUR PERSONAL DATA COLLECTION & PROCESSING CONSENT
By registering in the IRAE online store and agreeing to the general terms and conditions, you agree that your personal data will be included in the list of registered IRAE users and you agree to use your data exclusively for the successful implementation of the IRAE store sales and delivery service.
PERSONAL DATA PROTECTION
IRAE is committed to protect all the personal data you provide to us. In order to prevent unauthorized access or disclosure of this data, to maintain the accuracy of personal data and to ensure their use, we use appropriate technical and organizational procedures to secure the data we collect.
PERSONAL DATA PROTECTION AND PRIVACY
IRAE E Commerce Marko Carl s.p., Dolnja Košana 12, 6256 Košana, Slovenia, e-mail firstname.lastname@example.org
(hereinafter: IRAE, Marko Carl s.p. or the provider or controller of personal data) communicates:
Your data is carefully protected.
In IRAE, Marko Carl s.p. we value your privacy, so we always protect your data carefully.
By using the provider’s website after the change or amendment, the individual confirms that he agrees with the changes and additions.
The personal data protection means:
- We will never misuse your personal data in any way.
- We will never pass on your contact and personal data to an unauthorized third person.
- You can unsubscribe quickly and easily from any of our emails or other forms of communication at any time.
All our online activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data, (General Data Protection Regulation or GDPR) and Council of Europe conventions (ETS No. 108). ETS No. 181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Ur. L. RS, No. 94/07), the Electronic Commerce Act on market (ZEPT, Ur. l. RS, nos. 96/09 and 19/15), etc.).
Personal data collection and processing:
Personal data is the information that identifies you as an identified or identifiable individual.
An individual is identifiable when he or she can be identified directly or indirectly, in particular by providing an identifier such as name, identification number, location information, web identifier, or by indicating one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
The provider does not collect your personal data, except when you allow it or agree to it, ie. when ordering products or services.
The provider collects and processes (uses) your personal data for the following purposes:
- ensuring that you access and use your online account with the provider and the provider’s online store, and for technical reasons of administration on the provider’s website,
- conclusion and implementation of the contract concluded with the bidder, including the bidder’s fulfillment of your orders (supply of products and provision of services), communication with you,
- verifying your payments and fulfilling other obligations of the provider and / or your obligations (the legitimate interest of the provider in the processing of your personal data, point (f) of Article 6 (1) of the GDPR),
- ensure that you can access specific information available to you on the provider’s website and at your online account / profile provided by the provider,
- any other purposes for which you specifically agree to cooperate with the provider.
The provider collects and processes your personal data on the following legal bases:
- the law,
- contractual relations, and
- consent of the individual.
The time period in which the Provider keeps the collected data is defined in more detail in the chapter Retention of personal data of this Policy.
In the event that the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and performance of a contract with a provider, or a legal obligation, you must provide personal data; in the event that you do not provide personal data, you cannot conclude a contract with the provider, nor can the provider perform services or supply products under the contract, as it does not have the necessary data to perform the contract.
The provider collects the following personal data in accordance with the purposes defined in this policy:
- basic user data (name & surname, address of residence, date of birth, contact data and communication data (e-mail address), telephone number, date, time and content of postal or e-mail communication,);
- informations about the user’s purchases and invoices issued (date & place of purchase, purchased items, prices of purchased items, total amount of purchase),
- payment method, delivery address, number and date of issue of the invoice, code of the person who issued the invoice, etc.) and data on resolving product complaints;
- data on the user’s use of the operator’s website (dates and times of visits to the website, pages or URLs visited, time spent on each page, number of pages visited, settings made on the website)
Personal data retention:
The provider will only store your personal data for as long as is necessary to achieve the purpose for which the personal data was collected and further processed (eg to ensure that you access and use your online account with the provider and the provider’s online store, for the provider’s fulfillment of your orders, verification of your payments and fulfillment of other obligations of the provider and / or your obligations, to ensure that you can access the specific information available to you.
Those personal data that the Provider processes on the basis of the law, the Provider keeps for the period which is prescribed by law.
Those personal data processed by the provider for the purpose of performing a contractual relationship with an individual, the provider keeps for the period necessary for the execution of the contract and for 5 years after its termination, except in cases where there is a dispute between you and the provider. ; in such case, the provider shall keep the data for 5 years after the court or arbitration decision or settlement has become final or, if there has been no litigation, for 5 years from the day of peaceful settlement of the dispute.
Those personal data that the provider processes on the basis of the personal consent of the individual, he keeps permanently, until the revocation of this consent by the individual. The provider deletes such data before the cancellation only when the purpose of personal data processing has already been achieved.
Personal data contractual processing:
Contractual processors with which the provider cooperates are: Shipment carriers, DPD, accounting service, law firms and other providers of legal advice, data processing and analytics providers, IT system maintainers, e-mail providers.
The provider will not pass on your personal data to unauthorized third person.
The provider or the provider’s contractual processors will not export the personal data they process to third person, with which you as an individual are aware and agree.
Freedom of choice:
The data you provide about yourself is controlled by you. If you choose not to provide your data to the provider, then you will not be able to access certain sites or functions on the website.
If your personal data changes (postal code, e-mail address, address, telephone number), please inform us about the changes at the e-mail address email@example.com.
Automatic information recording (non-personal data):
Whenever you access the website, general, non-personal information (number of visits, average time of visit to the website, pages visited) is automatically recorded (not as part of the application). We use this information to measure the attractiveness of our website and to improve the content and usability. Your data is not subject to further processing and is not passed on to a third person.
The provider makes great efforts to ensure the security of personal data. Your data is protected at all times from loss, destruction, falsification, manipulation and unauthorized access or unauthorized discovery.
Consent of a minor in relation to information society services:
Minors under the age of 16 should not provide any personal data on the website or otherwise without the permission (consent or approval) of the holder of parental responsibility for the child (one of the parents or guardians).
The provider will never knowingly collect personal data from persons who are aware that they are minors (under 16 years of age), or use them in any way or disclose them to an unauthorized third person without the permission of the holder of parental responsibility for the child.
This is without prejudice to the general contract law of the Member States, such as the rules on the validity, formulation or effect of a contract relating to a child.
In such cases, the tenderer shall make reasonable efforts to verify that the
whether the holder of parental responsibility for the child has given or granted consent.
Individual rights regarding data processing:
Upon your request, we will inform you – in writing and in accordance with the regulations.
To ensure fair and transparent processing, you as an individual have the following rights under the regulations:
Right to revoke consent: If, as an individual, you have consented to the processing of your personal data (for one or more specific purposes), you have the right to revoke that consent at any time, without prejudice to the lawfulness of the consent processing. carried out until its revocation;
Consent may be revoked by a written statement sent to the operator, listed on the website www.irae.si.
Withdrawal of consent to the processing of personal data does not have any negative consequences or sanctions for the individual.
However, after revoking the consent to the processing of personal data, the controller may no longer be able to provide an individual with one or more of its services in the case of services that cannot be provided without personal data.
Right of access to personal data: as an individual you have the right to obtain confirmation from the provider (personal data controller) whether personal data are processed in relation to you and, where applicable, access to personal data and certain information (on the purposes of processing, types of personal data, on users, on retention periods or criteria for determining periods, on the existence of the right to rectify or delete data, the right to limit and object to processing and the right to appeal to the supervisory authority, the source of data if you, on the existence of automated decision-making, including profiling, the reasons for it and the importance and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR);
Right to correct personal data: As an individual, you have the right to have the provider correct inaccurate personal data about you without undue delay. As an individual, you have the right to supplement incomplete data, including the submission of a supplementary statement, taking into account the purposes of the processing;
Right to delete personal data (“right to forget”): as an individual, you have the right to have the provider delete personal data concerning you without undue delay, and the provider must delete the data without undue delay when there is one of the following reasons:
(a) the data are no longer needed for the purposes for which they were collected or otherwise treated,
(b) if you withdraw your consent and there is no other legal basis for the processing,
(c) if you object to the processing and there are no overriding legitimate reasons for the processing,
(d) the data have been processed unlawfully,
(e) the data must be deleted in order to fulfill legal obligations under EU law or the law of the Member State applicable to the provider,
(f) data have been collected in relation to offers of information society services.
However, as an individual, in certain cases described in Article 17 (3) of the GDPR, you do not have the right to have the data deleted;
Right to limit processing: as an individual, you have the right to have the provider restrict processing when there is one of the following cases:
(a) if you dispute the accuracy of the data for a period which allows the provider to verify the accuracy of the data,
(b) the processing is unlawful and you oppose the erasure of the data and instead request a restriction on their use,
(c) the data provider no longer needs it for processing purposes, but you need it for enforcement purposes,
implementation and defense of legal claims,
(d) you have lodged an objection to the processing until it has been verified that the legitimate reasons of the provider outweigh your reasons;
Right to data portability: as an individual you have the right to receive personal data about you,
which you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to provide this information to another controller without being hindered by the provider to whom the personal data have been provided, where:
processing is based on consent or a contract; and
(b) the processing is carried out by automated means.
As an individual, in exercising this right of transferability, you have the right to transfer personal data directly from one controller (provider) to another, where technically feasible;
Right to object to processing: As an individual, you have the right, on grounds relating to your specific situation, to object at any time to the processing of personal data necessary for the performance of tasks in the public interest or in the exercise of public authority conferred on the provider. 6 (1) GDPR) or is necessary for legitimate interests pursued by the tenderer or a third party (point (f) of Article 6 (1) GDPR), including profiling based on those treatments; the provider ceases to process personal data unless it proves compelling legitimate reasons for the processing overriding your interests, rights and freedoms, or for asserting, enforcing or defending legal claims.
Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles in so far as it relates to such direct marketing; where an individual objects to the processing for direct marketing purposes, the data shall no longer be processed for those purposes.
Where data are processed for scientific or historical research purposes or for statistical purposes, the individual has the right to object to the processing of data relating to him for reasons related to his particular situation, unless the processing is necessary for the performance of the task carried out for reasons of public interest;
Right to lodge a complaint with the supervisory authority: without prejudice to any other (administrative or other) remedy, you as an individual have the right to lodge a complaint with the supervisory authority, especially in your country of residence, place of work or which allegedly occurred in the breach (in Slovenia it is the Information Commissioner), if you believe that the processing of personal data in relation to you violates the regulations on personal data protection.
Without prejudice to any other (administrative or extrajudicial) remedy, you as an individual have the right to an effective remedy, against a legally binding decision of the supervisory authority in relation to it, as well as in the event that the supervisory authority does not consider your complaint or does not inform the situation or the decision on the appeal within three months.
Proceedings against the supervisory authority shall be subject to the jurisdiction of the courts of the Member State in which the supervisory authority is established.
An individual may address all requests concerning the exercise of rights in relation to personal data, addresses, in writing,
to the operator, namely to one of the contacts listed on the website www.irae.si.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, the controller may request additional data from the individual, and may refuse to act only if he proves that he cannot reliably identify the individual.
The controller must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receiving the request. Notification to the supervisory authority of a personal data breach
In the event of a breach of personal data protection, the Provider is obliged to inform the competent supervisory authority, except when it is probable that the breach did not endanger the rights and freedoms of individuals. When there is a suspicion that a criminal offense has been committed in the event of a violation, the Bidder is obliged to inform the police and / or the competent prosecutor’s office about the violation.
In the event of a violation that may cause a great risk to the rights and freedoms of individuals, the Bidder is obliged to immediately or where this is not possible, without undue delay, inform the data subject. The notice to the individual must be made in understandable and clear language.
The irae.si online store and all data on it are protected by the Copyright Act and may not be reproduced or used without prior written permission. Trademarks and logos of recognized companies are their property and are used for informational purposes only and to facilitate understanding.