This policy applies to the processing (use) of any personal data carried out by the company DEA DIA, Ana Šali s.p. (controller) or carried out on behalf of the controller.
DEA DIA, Ana Šali s.p.
Breg ob Savi 35
Registration number: 8729468000
What personal data we process:
– Basic contact information (name and surname, telephone number, e-mail address);
– Information about the use of our websites (clicks on links, time spent) and information regarding the response to our e-mail messages (whether the message was opened, which links were clicked);
Legal basis for processing personal data
We may process your personal data on the following legal bases:
– when it is necessary to fulfill our legal obligations (e.g. issuing invoices for purchased goods);
– when the processing of your personal data is necessary for the conclusion and fulfillment of the contract you concluded with us or because you wanted an offer from us;
– when you have given your consent for the processing of your personal data for an individual purpose of processing, whereby you always have the right to revoke the given consent;
– when we have a legitimate interest in processing your personal data (when we send you an e-mail in the event that you have abandoned the shopping cart on our website without completing the purchase).
Purposes of personal data processing
We may use your personal data for one or more of the following purposes:
– communicating with you regarding the provision of our services and responding to your inquiries;
– conclusion of the contract and fulfillment of the obligations arising from the concluded contract;
– marketing communications (sending e-mails and SMS messages);
– to assert any legal claims and resolve disputes;
– for statistical analyzes on the sale of our goods and on the use of our websites;
How long we keep your personal data and what happens to it afterwards
We keep basic personal data as long as you have the status of our registered user on our websites.
We store personal data that we process based on your consent permanently or until you revoke this consent.
We keep data on issued invoices for 10 years from the date of issue. We keep the data necessary for the conclusion and fulfillment of the contract between you and us for another 5 years from the fulfillment of the contract (delivery of goods). After the retention period has expired, we effectively delete or anonymize personal data, which means that we process them in such a way that they can no longer be linked to you or attributed to you.
Voluntary provision of data and consequences of non-transmission
Providing personal data is voluntary. You are not obliged to provide us with personal data, but if you do not provide it, you cannot enter into a contract with us (as we need it to deliver the order). We will indicate which data are such that their non-transmission causes the stated consequences each time we obtain personal data from you.
Who has access to your personal data
We do not pass on your personal data and we do not allow third parties to become familiar with them, except for those who have a written contract with us, on the basis of which they perform certain tasks related to data processing and are obliged to respect legislation regarding the processing and protection of personal data (so-called contractual processors).
The contractual processors to whom we provide personal data are:
– marketing service providers;
– providers of programming solutions;
Contract processors may only process personal data within the framework of our instructions and may not process personal data for their own purposes. Together with their employees, they are committed to protecting the confidentiality of your personal data. Contractual processors do not export personal data to third countries (outside the member states of the European Economic Area – that is, the EU members and Iceland, Norway and Liechtenstein).
What rights do you have in relation to personal data, how can you revoke consent to processing and what are the consequences of revocation
You have the following rights regarding your personal data:
– to request from us at any time:
•confirming whether we are processing your personal data;
•access to personal data and the following information: processing purposes;
•types of personal data;
•users or categories of users to whom personal data has been or will be disclosed, in particular users in third countries or international organizations;
•the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period;
•the existence of automated decision making, including profiling and the reasons for it, as well as the meaning and intended consequences of such processing for you;
•one (free of charge) copy of personal data in a format determined by you (if the request is made by electronic means of communication and you do not request otherwise, the copy will be provided in electronic form); we may charge a reasonable fee for any additional copies you request, taking account of costs;
•correction of inaccurate personal data; restriction of processing when:
– you dispute the accuracy of personal data, namely for a period that allows us to verify the accuracy of personal data;
– the processing is illegal and you object to the deletion of personal data and instead request the restriction of their use;
– we no longer need personal data for processing purposes, but you need them to assert, implement or defend legal claims;
•deletion of all personal data (right to be forgotten), if the assumptions from Article 17 of the General Data Protection Regulation are met, and especially in the case when you revoke your consent to the processing of personal data;
•printout of personal data in a structured, commonly used and machine-readable format, with the right to forward this data to another controller without us hindering you in doing so; stop using personal data for direct marketing purposes, including profiling; that you are not subject to a decision based solely on automated processing, including the creation of profiles if the assumptions from Article 22 of the General Data Protection Regulation are met.
• the right to file a complaint against us with the Information Commissioner if you believe that the processing of your personal data violates the General Data Protection Regulation. Procedure for exercising rights
You can address your requests regarding the exercise of rights in relation to personal data in writing to any contact listed at the top of this document under Controller of personal data and contact information.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, we may request additional information from you, and we may refuse to take action only if we prove that we cannot reliably identify you.
We must respond to your request to exercise your rights in relation to personal data without undue delay and no later than one month after receiving your request.