1. Names
The Privacy Policy (hereinafter: the Policy) is adopted with the aim of informing users of the legal basis, the types and purposes of use of personal data and the rights of individuals in the field of personal data protection, provided by an individual to ZUPI SPORT doo.
This Privacy Policy, together with all applicable terms of use of the website and cookie policy, determines how ZUPI SPORT doo uses personal data that the company collects from individual users online, and also applies to personal data provided to ZUPI SPORT doo by alternative means, such as telephone, e-mail or other correspondence.
Personal data provided to the company are used and processed only for the purpose for which they were collected. The company manages personal data with the greatest care, taking into account the applicable legislation and the highest standards of their treatment.
The company ensures that it implements appropriate technical and organizational measures in such a way that the processing of personal data meets all the requirements of the regulations on the protection of personal data and also ensures the protection of the rights of the individual to whom the personal data relates and that the processing of personal data complies with applicable legislation.
At the same time, this Privacy Policy additionally explains the consent given by the individual to the processing of personal data.
The Privacy Policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (hereinafter: “General Data Protection Regulation”), the following information is covered:
- company contact information,
- purposes, legal bases and definitions of the type of processing of various types of personal data of individuals,
- storage time of individual types of personal data,
- the rights of individuals in relation to the processing of personal data.
In order to ensure the security of personal data, the controller has taken appropriate organizational measures, work procedures and advanced technological solutions with external experts in order to protect your personal data as efficiently as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or from unauthorized access to personal data that has been transferred, stored or otherwise processed.
2. Types of personal data
The company collects data about website visitors only through the use of cookies.
ADDITIONAL AUTOMATIC DATA COLLECTION
In some cases, we can automatically (without a registration process) collect technical data about your visit to our websites, but we cannot use it for personal identification. Examples of such data collection are the identification of the web browser you are using, the identification of the computer operating system you are using, and the address of the website from which you linked to our website.
DATA THAT YOUR COMPUTER STORES AUTOMATICALLY – COOKIES
When you visit one of our websites, we can store certain data on your computer, which are archived in the form of “cookie” or other similar files and can help us in several different ways. “Cookie” files allow us to adapt our website to your wishes and preferences. Most internet browsers allow you to delete “cookie” files from your computer’s hard drive, can prevent the storage of such files, or warn you before saving them. For more detailed instructions on how to use these features, please read your web browser’s user manual or the help page provided by your browser.
Other personal data necessary for the provision of services is also collected about service users or service subscribers. These personal data are:
- name and surname
- address
- contact phone number: If you contact the company for any reason, ZUPI SPORT doo may save a record of this correspondence.
3. Controller of personal data
The controller of personal data processed in accordance with these Regulations is ZUPI SPORT doo
4. Categories of individuals whose personal data is processed
The policy is intended for everyone who has ordered and/or uses our services, is a recipient of e-news or a member of Klub Dotik, as well as those who visit our website.
5. Processing purposes and legal basis for data processing
We collect your data when you place an order, subscribe to our newsletter, answer a survey or fill out a form. When ordering or registering on our website, you may need to enter your name, e-mail address or telephone number, where necessary. number. You can be anonymous when visiting our website.
Any information we receive from you may be used for the following purposes:
- Tailoring the offer to your preferences (your information helps us to better respond to your individual preferences)
- Improving our website (based on the information and feedback we receive from you, we constantly strive to improve our websites and offer);
- Improving the Services (your information helps us respond more effectively to your requests and needs);
- Sending occasional emails. Your E-mail address ensures order processing and may be used to send information and changes to your reservation, in addition to periodically sending news and offers related to new products, special offers, etc.
5.1. Processing based on individual consent
The company ZUPI SPORT doo warns all individuals when collecting their personal data that the company will use this data for a specific purpose. The company ZUPI SPORT doo collects data for:
a) purpose of direct marketing – sending e-newsletters
If an individual agrees and wishes to receive free news about news, promotional campaigns, other offers of goods and services from the company ZUPI SPORT doo via e-mail or via mobile phone (SMS), he must give explicit consent that he agrees that the company uses his address for the needs of direct marketing.
In this case, the company stores and processes the data exclusively for direct marketing purposes.
We may store and process your data in order to better understand your needs and determine how we can further improve our products and services. The administrator or other legal entities acting on our behalf for promotional and advertising purposes may use this data to contact you, and aggregate data (not individual) about visitors and/or users of our websites may also be forwarded to third parties. We do not intend to sell, lend or market your personal data to third parties.
5.2. Processing on the basis of a contract or in the pre-contractual phase
If the processing is necessary for the implementation of a contract, the contractual party of which is the individual to whom the personal data relates, or for the implementation of measures at the request of such an individual before the conclusion of the contract (b point I, paragraph 6, Article 6 of the General Regulation on the Protection of Personal Data) , the company processes the personal data of the individual for the following purposes: identification of the individual, preparation of the offer, conclusion of the contract, to ensure the ordered services, notification of possible changes, additional details and instructions for using the services, billing for the services and for other purposes necessary for the implementation or conclusion of the contractual relations between the company and the individual.
When invoicing services, based on tax regulations, we obtain and process your address for the correct issuance of the invoice.
5.2. Processing based on legitimate interest
If the processing of personal data is necessary to fulfill a legal obligation (point I, paragraph 6, Article c of the General Regulation on the protection of personal data), the company may process and use the personal data of an individual to detect and prevent fraudulent use and abuse of services, in case of suspected abuse to an appropriate and proportionate extent, it processes data about individuals for the purpose of identification and prevention of possible fraud or abuse, and may, if appropriate, forward this data to other providers of such services, business partners, the police, the state prosecutor’s office or other competent authorities.
For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.
Furthermore, in the context of ensuring the stable and safe operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services, and detecting technical malfunctions of systems and services.
6. Transmission of personal data to third parties/contractual processors
In the event that the company forwards the personal data of individuals to selected external processors, they will conclude a contract with the company on the processing of personal data, or an agreement with the same content or another binding document, with which they will commit in advance to comply with the same personal data protection standards as the controller and all personal data processing standards provided for by applicable legislation. External processors will only have access to data that is necessary to achieve a specific purpose. External processors are contractually obligated to the company to respect the confidentiality of your personal data.
On the basis of a reasoned request, the company also forwards personal data to the competent state authorities, which have a legal basis for this. The company ZUPI SPORT doo will, for example, responding to requests from courts, law enforcement authorities and other state authorities, which may also include state authorities of another EU member state.
7. Storage of personal data
The data retention period is determined according to the category of individual data. The company keeps the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for fulfilling obligations or the statutory retention period.
Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment for the service or, at the latest, until the expiry of the statute of limitations in relation to an individual claim, which can range from one to five years by law. Invoices are kept for 10 years after the end of the year to which the invoice refers in accordance with the law governing value added tax.
Other data that the company obtains on the basis of the individual’s consent is kept until cancellation.
After the expiration of the retention period, the data is deleted, destroyed, blocked or anonymized, unless otherwise stipulated by law for the individual type of data.
8. Individual rights in relation to the processing of personal data
The rights of the data subject are:
- the right to access personal data
- right to rectification
- right to erasure (“right to be forgotten”)
- the right to restriction of processing
- the right to data portability
- the right to object
- right to appeal
- A request related to the exercise of any of the above-mentioned rights can be sent by an individual to:
– to the email address info@zupi.si or
– by mail to the address ZUPI SPORT doo Senožeti 18, Spodnja Besnica, 4201 Zgornja Besnica
The company will consider the request without undue delay and decide on it within 30 days of receiving the request. In case of complexity, the deadline for the answer can be extended by a maximum of three months, of which the individual must be specially informed.
When there is a justified doubt regarding the identity of an individual who submits a request regarding one of his rights, we may request the provision of additional information that is necessary to confirm the identity of the individual to whom the personal data relates.
If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repeated, the company may:
charge a reasonable fee, taking into account the administrative costs of providing the information or message or taking the requested action, or
refuse to act on the request.
8.1. Right to access data
An individual can request that the company informs him whether personal data is being processed in relation to him and, if so, access to personal data and the following information:
the purposes of the processing,
the types of personal data being processed,
the users or categories of users to whom the personal data have been or will be disclosed,
the intended period of retention of the personal data or, if this is not possible, the criteria used to determine this period,
the existence the right that the controller may be required to correct or delete personal data or limit the processing of your personal data, or the existence of the right to object to such processing, the right to file a complaint with a supervisory authority when personal data is not collected from you, all available information regarding their sources.
8.2. Right to correction (Article 16 of the General Regulation on the Protection of Personal Data)
The individual has the right to have the controller correct inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement.
8.3. Right to erasure (“right to be forgotten” – Article 17 of the General Regulation on the Protection of Personal Data)
The individual has the right to have the controller delete the individual’s personal data without undue delay when one of the following reasons applies:
when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
when the individual revokes the consent on the basis of which the processing takes place, and there is no other legal basis for the processing,
when the individual objects to the processing of the data, and there are no overriding legal reasons
when personal data have been processed illegally,
when personal data must be deleted to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.
8.4. The right to limit processing (Article 18 of the General Regulation on the Protection of Personal Data)
An individual has the right to have the controller limit the processing of his personal data when one of the following cases applies:
the individual disputes the accuracy of the data, namely for the period that allows the controller to verify the accuracy of the personal data, the
processing is illegal, and the individual objects to the deletion of the personal data and instead requests a restriction of their use,
the controller no longer needs the personal data for processing purposes, but the individual needs them for the establishment, exercise or defense of legal claims,
if the individual to whom the personal data relates has lodged an objection in relation to the processing based on the legitimate interests of the company, until it is verified whether the legitimate reasons of the controller prevail over the reasons of the individual.
When the processing of an individual’s personal data has been limited in accordance with the previous paragraph, such personal data, with the exception of their storage, is only processed with the consent of the individual, or for the enforcement, implementation or defense of legal claims or for the protection of the rights of another natural or legal person.
Before canceling the limitation of personal data processing, the controller is obliged to inform the individual about it.
8.5. The right to data portability (Article 20 of the General Regulation on the Protection of Personal Data)
The individual has the right to receive personal data related to him, which he has provided to the controller, in a structured, commonly used and machine-readable format, and the right to forward this data to another controller, without ZUPI SPORT doo hindering him in doing so , when the processing is based on the consent of the individual and the processing is carried out by automated means. At the request of the individual, when this is technically feasible, personal data can be directly transferred to another controller.
8.6. The right to object (Article 21 of the General Regulation on the Protection of Personal Data)
When the company ZUPI SPORT doo processes data on the basis of a legitimate interest for marketing purposes, an individual can object to such processing at any time.
The company ZUPI SPORT doo shall stop processing the personal data of the individual, unless it proves necessary reasons for the processing that prevail over the interests, rights and freedoms of the individual, or for the enforcement, implementation or defense of legal claims.
8.7. The right to file a complaint regarding the processing of personal data
An individual has the right to file a complaint with the Information Commissioner if he believes that the processing of his personal data violates Slovenian or EU regulations in the field of personal data protection.
If an individual asserts the right to access data and, after receiving the decision, believes that the personal data he received is not the personal data he requested, or that he did not receive all the requested personal data, he can file a reasoned complaint with the Information Commissioner before filing a complaint. to ZUPI SPORT doo within 15 days. ZUPI SPORT doo will decide on your complaint as a new request within five working days.
9. Final Provisions
For questions that are not regulated by these Regulations, the current legislation is applied.
ZUPI SPORT doo reserves the right to change these Regulations. Any change to the Rules will be published on the company’s website www.center-dotik.si/center-dotik/news/pravilnik-o-zazonbesti.
10. Validity of the Privacy Policy
The rules are published on the website of ZUPI SPORT doo and enter into force on February 1, 2023.
ZUPI SPORT doo
Senožeti 18, Spodnja Besnica,
4201 Zgornja Besnica
Slovenia
