At UNIKA TTI d.o.o. (“Unikashop.si” or “the Provider”), we value your privacy and strive for the highest level of protection for your personal data. Our company complies with the obligations dictated by the regulations on the protection of privacy and personal data. These include the Personal Data Protection Act ZVOP-2, Official Gazette of the Republic of Slovenia, SG No. l. RS No. 94/07 and the General Data Protection Regulation (GDPR) as well as other applicable legislation. When providing our online shop services or when conducting business via telecommunications, we assure you that we process your data in accordance with the applicable European legislation (General Data Protection Regulation) and in accordance with the national legislation of the Republic of Slovenia (the Personal Data Protection Act, the Electronic Communications Act and the Electronic Commerce Market Act, each in force from time to time).
Personal data is any information that identifies you as an identified or identifiable individual. An individual is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
– the information we need to deliver the goods ordered or purchased (subject of purchase, price, delivery address, telephone number, e-mail, delivery time, payment method, date of payment, details of complaints, invoice details, etc.);
– information about the user’s use of the provider’s website (dates and times of visits to the website, pages or URLs visited, time spent on each page, number of pages visited, total time spent on the website, settings made on the website);
– data from forms voluntarily completed by the user, e.g. as part of a prize draw or when you sign up for our newsletter;
– other information that the user voluntarily provides to the provider when requesting certain services that require this information.
The Provider does not collect or process your personal data except when you allow or consent to the Provider to do so, i.e. when you order products or services, subscribe to receive newsletters, participate in a prize draw, etc., or where there is a legal basis for the collection of your personal data or the Provider has a legitimate interest in processing it.
The period of time during which the Provider retains the collected data is further specified in the Retention of Personal Data section of this Policy.
Visit the website
Each time you visit the Unikashop.si website, a web server log file is automatically stored on the web server. We collect (personal) data collected in this way using cookies, and we will ask for your consent before installing more invasive cookies, while certain other data may already be collected on the basis of our legitimate interests.
Sending enquiries and other communication with us
When you send an enquiry about our product range to our contact details (address, email address, telephone number) published on our website, we process your personal data solely for the purposes of preparing a response to your enquiry, for the possible preparation and conclusion of a contract, for the performance of the contract concluded and to respond to your enquiry.
For this purpose, we only collect personal data that you provide to us voluntarily. All data collected through our website or otherwise communicated to us (e.g. by telecommunication) is collected for the purpose of providing our services and for the purpose of our internal administration and management of our business.
We may also process the contact data provided on the basis of our legitimate interest for the purpose of basic personalised communication with you via email and to try to introduce you to relevant items that may be of interest to you based on your past interactions with us. We do not use any (automatic) profiling, but simply select the appropriate recipient sets for each message. You can unsubscribe from such communications at any time, free of charge, by sending us an email to firstname.lastname@example.org.
Further information on your rights in relation to direct marketing is available in the section “Your rights”.
Sign up for email newsletters
You can also subscribe to receive up-to-date notifications and information about our promotions and news on our website or by replying to the email you receive.
For the purpose of direct marketing, we may inform you by email about new products in our range. We will keep you updated from time to time and as and when required.
This data is processed on the basis of your explicit consent, and you may withdraw your consent to receive advertising messages at any time, free of charge, by sending us an email to email@example.com.
Further information on your rights in relation to direct marketing is available in the section “Your rights”.
Participation in prize draws and promotional campaigns
We process the personal data you provide to us when you enter a prize draw or promotional campaign for the purposes of running the prize draw or promotional campaign. Your personal data will be deleted after the sweepstakes or promotion for which you have registered, unless you have given your explicit consent for us to send you promotional messages about our offers to the contact details you provided when you registered for the sweepstakes or promotion.
You can opt out of such advertising at any time, free of charge, by sending us an email to firstname.lastname@example.org.
Further information on your rights in relation to direct marketing is available in the section “Your rights”.
Purposes of processing and grounds for processing
The Provider collects and processes your personal data on the following legal bases:
– Law and contractual relations,
– the consent of the individual; and
– legitimate interest.
Any personal data you provide to us will be treated confidentially and will only be used for the purposes for which it was provided and collected. If there is a need to further process your data for another purpose, we will contact you in advance and ask for your prior written consent.
The Provider does not collect or process your personal data unless you allow or consent to the Provider to do so, i.e. when you order products or services, subscribe to receive newsletters, etc., or where there is a lawful basis for the collection of personal data or the Provider has a legitimate interest in the processing. The period of time for which the Provider retains the collected data is further specified in the section “Retention of personal data”.
Processing based on law and contractual relations
Where the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and performance of a contract with a provider or a legal obligation, you must provide personal data. If you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider provide you with the services or products under the contract, as it does not have the necessary data to perform the contract.
|Namen obdelave||Podrobnejša obrazložitev|
|Sklenitev in izvajanje pogodbe||Sklenitev in izvajanje pogodbe sklenjene s ponudnikom, vključno s ponudnikovo izpolnitvijo vaših naročil (dobavo produktov in zagotovitvijo storitev), komunikacijo z vami, preveritvijo vaših plačil in izpolnitvijo drugih obveznosti ponudnika in/ali vaših obveznosti (zakoniti interes ponudnika za obdelavo vaših osebnih podatkov, točka (f) člena 6 (1) GDPR).|
|Neposredno obveščanje kupcev o posebnih ponudbah, popustih in drugih vsebinah preko e-maila ali SMS-a||Unikashop.si na podlagi zakona ZEKom-1 (Zakon o elektronskih komunikacijah Republike Slovenije, ki se izvaja na podlagi direktive 2002/58 / ES Evropskega parlamenta in Sveta z dne 12. julija 2002) svoje kupce obvešča o svojih izdelkih, storitvah in vsebinah. Kupec lahko kadarkoli zahteva prekinitev tovrstnega komuniciranja in obdelave osebnih podatkov.
Kupec lahko tovrstno komuniciranje kadarkoli prekine preko povezave za odjavo v prejetih sporočilih, ali s pisno zahtevo na email naslov email@example.com.
Processing based on legitimate interest
The Provider may also process data on the basis of legitimate interests pursued by the Provider, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. In the case of legitimate interest, the provider shall always carry out an assessment in accordance with the General Data Protection Regulation.
We do not process any of your personal data on the basis of legitimate interest.
|Namen obdelave||Podrobnejša obrazložitev|
|Splošna statistična obdelava podatkov o kupcih in njihovih naročilih ter potencialnih kupcih (kontaktih) za namene internih analiz prodaje, ponovnih nakupov, agregatnega obnašanja kupcev, optimizacije oglaševanja in poslovne optimizacije||Na Unikashop.si izvajamo splošno statistično obdelavo podatkov o kupcih in njihovih naročilih ter potencialnih kupcih (kontaktih), na podlagi katere izvajamo interne analize prodaje, ponovnih nakupov in agregatnega obnašanja kupcev ter spremljamo in optimiziramo svojo poslovno učinkovitost in optimiziramo svoje oglaševanje, npr.:
• Spremljamo prodajo po naših prodajnih kanalih (internet)
• Spremljamo koliko kupcev izvaja ponovne nakupe, kako hitro in v kolikšni vrednosti
• Spremljamo splošne statistične prodajne podatke, kot so povprečna vrednost košarice, število izdelkov na naročilu in podobno
• Spremljamo odzive na elektronsko pošto, SMS sporočila, telefonske klice in različna oglasna sporočila (TV oglasi, radijski oglasi, spletni oglasi) in na podlagi tega optimiziramo svoje oglaševanje (se odločamo kaj, kje, komu in kako oglaševati)
Tovrstno statistično spremljanje nam omogoča splošno optimizirati poslovanje in oglaševanje ter na podlagi tega uporabnikom tudi nuditi cenovno dostopne izdelke in storitve.
|Obdelava podatkov o neprevzetih naročilih na daljavo z namenom preprečevanja goljufij||Na Unikashop.si na podlagi svojega zakonitega interesa obdelujemo podatke o poslanih in neprevzetih naročilih na daljavo, s čimer ugotavljamo, ali in kateri kupci nadproporcionalno na daljavo naročajo izdelke s plačilom ob prevzemu in nato teh izdelkov ne prevzemajo, s čimer nam nastaja poslovna škoda, ki jo želimo preprečiti.
Ko takšne kupce identificiramo, jim v spletni trgovini onemogočimo naročanje izdelkov s plačilom ob prevzemu, še vedno pa jim je omogočeno naročanje izdelkov s takojšnjim predplačilom s plačilnimi karticami ali PayPal-om.
|Avtomatsko e-mail komuniciranje z uporabnikom na podlagi njegovega oz. njenega začetka spletnega nakupnega procesa||Na Unikashop.si na podlagi svojega zakonitega interesa potencialnim kupcem, ki so v nakupovalno košarico dodali izbrane izdelke, a nakupa niso zaključili, občasno pošljemo e-mail sporočila vezana na njihov nezaključen nakup, s ciljem poskusa zaključitve nakupa oziroma nudenjem pomoči in informacij v zvezi s tem.
Če tega ne želite, lahko tovrstno obdelavo podatkov kadarkoli prekinete ali s pisno zahtevo na e-mail naslov firstname.lastname@example.org.
|Osnovno prilagojeno komuniciranje (preko e-maila, SMSa, telefonskih klicev, pošte, obvestil preko brskalnika, informacij na spletnem mestu, socialnih omrežij) s prilagojenimi popusti, ponudbami in vsebinami||V okviru osnovnega prilagojenega komuniciranja (preko e-maila, SMSa, telefonskih klicev, pošte, obvestil preko brskalnika, informacij na spletnem mestu, socialnih omrežij) vam skušamo predstaviti ustrezne ponudbe, popuste in druge vsebine, ki bi vam bile lahko zanimive na podlagi vaših preteklih interakcij z nami.
Za to uporabljamo naslednje vaše podatke:
• Demografski podatki (spol, datum rojstva oz. starost, naslov)
• Zgodovina vaših nakupov (kupljeni izdelki, čas nakupa, število nakupov)
• Enostavno obravnavanje obnašanja na Unikashop.si (ogled posameznih izdelkov ali vsebin, ki lahko sproži pošiljanje prilagojenih sporočil), brez uporabe teh podatkov za tvorjenje uporabniških profilov
• Vaši odzivi (odprtje sporočila, klik na povezavo, nakup) na različna sporočila, ki vam jih pošiljamo.
Pri tem ne uporabljamo kakršnegakoli pol-avtomatskega ali avtomatskega profiliranja, temveč zgolj izbiramo ustrezne nabore prejemnikov za posamezna sporočila. Pri tem se nikoli ne posvečamo podatkom posameznika, temveč izvajamo agregatno obdelavo večjih skupin.
Kupec lahko tovrstno komuniciranje kadarkoli prekine preko povezave za odjavo v prejetih sporočilih, ali s pisno zahtevo na e-mail naslov email@example.com.
|Neposredno obveščanje o posebnih ponudbah, popustih in drugih vsebinah preko telefonskih klicev in navadne pošte||Unikashop.si na podlagi svojega zakonitega interesa kupce občasno obvešča o svojih izdelkih, storitvah, popustih in vsebinah tudi preko telefonskih klicev in navadne pošte. Kupec lahko kadarkoli zahteva prekinitev tovrstnega komuniciranja in obdelave osebnih podatkov.
Kupec lahko tovrstno komuniciranje kadarkoli prekine ali s pisno zahtevo na e-mail naslov firstname.lastname@example.org .
|Uporaba Facebook oglaševalskega orodja Faceboom Custom Audiences (“Facebook prilagojena občinstva”)||Unikashop.si na podlagi svojega zakonitega interesa pri spletnem oglaševanju uporablja tudi storitev Facebook Custom Audiences (“Facebook prilagojena občinstva”), in sicer ali v sklopu izvajanja osnovnega prilagojenega komuniciranja na podlagi svojega zakonitega interesa ali pa v sklopu pridobljenega soglasja za komuniciranje s prilagojenimi ponudbami in vsebinami na podlagi uporabnikovega profila.
Ta storitev deluje na sledeči način:
1. Vaš e-mail naslov, ki smo ga od vas pridobili tekom vašega nakupa ali vašega prostovoljnega vnosa, naložimo na Facebook.
2. Facebook izvede primerjavo med vašim email naslovom in svojo bazo uporabnikov in ugotovi, ali ste Facebook uporabnik.
3. Če niste Facebook uporabnik, potem se z vašim email naslovom ne zgodi nič in Facebook z njim ne izvaja nobenih aktivnosti.
4. Če pa ste Facebook uporabnik, pa vas bo Facebook dodal na novo ustvarjeni seznam prilagojenih občinstev, ki bo samo in izrecno nam omogočal, da tej skupini uporabnikov na Facebooku prikazujemo prilagojene oglase.
5. Na podlagi tega vam lahko na Facebooku prikazujemo bolj usmerjene in vam prilagojene oglase ter predvsem dodatne popuste.
Izvajanje tega iz naše strani lahko kadarkoli prekinete ali s pisno zahtevo na e-mail naslov email@example.com.
Processing based on your consent
The Provider also collects and processes (uses) your personal data for the following purposes where you have given your consent:
– sending you newsletters if you have subscribed to them,
– any other purposes for which you specifically agree to cooperate with the provider.
Users of the data
We undertake not to disclose your personal data to unauthorised third parties without your consent.
Within the scope of our legal powers, your personal data may be disclosed to the following data users:
– IT service providers in the context of software servicing and maintenance;
– to the website administrator and webmaster.
We undertake that neither we, nor other users, will transfer or transmit your personal data to a third country outside the European Union and/or the European Economic Area or to an international organisation.
Retention of personal data
The Provider will only retain your personal data for as long as necessary to fulfil the purpose for which the personal data was collected and further processed (e.g. to ensure that you access and use your online account with the Provider and the Provider’s online shop, to ensure that the Provider fulfils your orders, verifies your payments and fulfils the Provider’s and/or your other obligations, to ensure that you are able to access specific information made available to you, to ensure that you are able to use the Provider’s newsletter, etc.).
Personal data that we process on the basis of your consent or legitimate interest, e.g. in the case of sending electronic newsletters, we store it permanently until you withdraw this consent or request that we stop processing it, in which case we undertake to check the existence of the purpose of processing personal data at regular intervals. We will only delete data before cancellation if the purpose of the processing of personal data has already been achieved (e.g. if we were to stop sending advertising emails) or if required by law.
Those personal data that the provider processes on the basis of the law shall be kept by the provider for the period prescribed by law.
Those personal data processed by the provider for the performance of a contractual relationship with an individual shall be kept by the provider for the period necessary for the performance of the contract and for a period of 5 years after its termination, except in cases where there is a dispute between you and the provider in relation to the contract. In such a case, the data shall be kept by the provider for 5 years after the final judgment or arbitral award or settlement or, in the absence of litigation, for 5 years from the date of amicable settlement of the dispute.
Those personal data that the provider processes on the basis of the individual’s personal consent or legitimate interest shall be stored by the provider permanently, until the revocation of this consent by the individual or. requests to suspend processing. The Provider shall delete such data before cancellation only where the purpose of the processing of the personal data has already been achieved (e.g. in the event that the Provider ceases to operate its benefits club, the Provider would delete all personal data collected for that purpose even if the individual who consented to the processing of the personal data for the purpose of membership of the benefits club has not provided such cancellation) or if so provided by law.
After the retention period has expired, the controller shall erase or anonymise the personal data in an effective and permanent manner so that they can no longer be associated with a specific individual.
Contractual processing of personal data
The contractual processors with which the provider cooperates are:
– data processing and analytics providers (e.g. Google Analytics);
– email providers (e.g. Mailchimp );
– payment system providers such as PayPal, Braintree);
– online advertising solution providers (e.g. Google, Facebook).
The Provider will not pass on your personal data to unauthorised third parties.
Contract processors may only process personal data under the controller’s instructions and may not use personal data to pursue any of their own interests.
The Provider and Users do not export personal data to third countries (outside the member states of the European Economic Area – EU members plus Iceland, Norway and Liechtenstein) and international organisations, except to the USA – all contract processors in the USA are included in the Privacy Shield programme.
Freedom of choice
You control the information you provide to us. If you choose not to provide us with certain information, then you will not be able to access certain areas or features of our website, and in such cases we will not be able to respond to your enquiry. If your personal data (post code, email address, address, telephone number, etc.) changes, please also inform us of the changes by email to: firstname.lastname@example.org.
Consent of children
Children under the age of 15 may only provide us with personal data through our websites or otherwise with the permission (consent or approval) of the person with parental responsibility for the child (parent or guardian).
We undertake never to knowingly collect personal data from anyone we know to be under the age of 15. We will not use or disclose this information to any unauthorised third party without the permission of the person who has parental responsibility for the child. This does not affect the rules of Slovenian contract law on the validity, formation or effect of a contract with a child.
In such cases, the Provider will make reasonable efforts, taking into account the technology available, to verify whether the person with parental responsibility for the child has given or authorised consent.
Automatic recording of information (non-personal data)
Whenever you access the website, general, non-personal data (number of visits, average time on site, pages visited) is automatically recorded (not as part of the login). We use this information to measure the attractiveness of our website and to improve content and usability. Your data is not subject to further processing and is not passed on to any third party.
The Provider is committed to ensuring the security of personal data. Your data is protected at all times against loss, destruction, falsification, tampering, manipulation and unauthorised access or unauthorised disclosure.
Rights of the data subject with regard to data processing
In order to ensure fair and transparent processing, you have the following rights as an individual under the rules:
Right to withdraw consent: if you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing of the data carried out on the basis of your consent up to the time of withdrawal.
Consent may be withdrawn by written declaration sent to the controller at one of the contacts indicated on the website https://www.unikashop.si/kontakt.
Withdrawal of consent to the processing of personal data does not have any negative consequences or sanctions for the data subject. However, it is possible that the controller may no longer be able to provide one or more of its services to the data subject after the withdrawal of the consent to the processing of personal data, if these are services that cannot be provided without the personal data.
Right of access to personal data: As an individual, you have the right to obtain confirmation from the provider (personal data controller) as to whether personal data relating to you are being processed and, where this is the case, access to the personal data and certain information (on the purposes of the processing, on the types of personal data, on the users, on the retention periods or. The existence of the right to rectification or erasure, the right to restrict and object to processing and the right to lodge a complaint with a supervisory authority, the source of the data if the data were not collected from you, the existence of automated decision-making, including profiling, the grounds for it and the meaning and effects of such processing for you, and other information in accordance with Article 15 of the GDPR);
Right to rectification of personal data: as an individual, you have the right to have inaccurate personal data concerning you rectified by the provider without undue delay. As an individual, you have the right, taking into account the purposes of the processing, to have incomplete data completed, including by submitting a supplementary declaration;
Right to erasure of personal data (“right to be forgotten”): As an individual, you have the right to have personal data relating to you erased by the provider without undue delay and the provider must erase the data without undue delay where one of the following reasons applies:
– the data are no longer necessary for the purposes for which they were collected or treated differently,
– if you withdraw your consent and there is no other legal basis for the processing,
– if you object to processing and there are no overriding legitimate grounds for the processing,
– the data has been processed unlawfully,
– the data must be erased in order to comply with legal obligations under EU law or the law of the Member State to which the provider is subject,
– data collected in connection with the provision of information society services.
As an individual, in certain cases, as described in 3. Article 17(17) of the GDPR, you do not have the right to erasure;
Right to restriction of processing: as an individual, you have the right to have the provider restrict processing where one of the following applies:
– if you contest the accuracy of the data for a period that allows the provider to verify the accuracy of the data,
– the processing is unlawful and you object to the erasure of the data and instead request a restriction on its use,
– the provider no longer needs the data for the purposes of the processing, but you need the data for the establishment, exercise and defence of legal claims,
– you have lodged an objection to processing, pending verification that the legitimate grounds of the provider override your own;
Right to data portability: As an individual, you have the right to receive personal data relating to you that you have provided to a provider in a structured, commonly used and machine-readable format, and you have the right to have that data transferred to another controller without hindrance from the provider to whom the personal data have been provided, where:
– the processing is based on consent or on a contract; and
– processing is carried out by automated means.
In exercising that right, you, as an individual, have the right to have your personal data directly transferred from one controller (provider) to another, where technically feasible;
Right to object to processing: As an individual, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (point (e) of Article 6(1) of the GDPR) or is necessary for the legitimate interests pursued by the provider or a third party (point (f) of Article 6(1) GDPR), including profiling based on those processing operations; the provider shall cease processing personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for marketing purposes, the data subject shall have the right to object at any time to processing of data concerning him or her for the purposes of such marketing, including profiling insofar as it is related to such direct marketing; where the data subject objects to processing for direct marketing purposes, the data shall no longer be processed for those purposes.
Where data are processed for scientific or historical research purposes, or for statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest;
Right to lodge a complaint with the supervisory authority: without prejudice to any other (administrative or other) legal remedy, you have the right as an individual to lodge a complaint with a supervisory authority, in particular in the country in which you are habitually resident, where you work or where the alleged infringement took place (in Slovenia, the Information Commissioner), if you consider that the processing of personal data relating to you infringes data protection rules.
Without prejudice to any other (administrative or extra-judicial) remedy, you have the right as an individual to an effective remedy against a legally binding decision of the supervisory authority concerning your complaint, including if the supervisory authority does not consider your complaint or does not inform you within three months of the state of the case or of the decision on your complaint. Proceedings against a supervisory authority are brought before the courts of the Member State where the supervisory authority is established.
The data subject may address any request concerning the exercise of the rights relating to personal data to the controller in writing, using one of the contacts indicated on the website https://www.unikashop.si/kontakt.
For the purposes of reliable identification in the event of the exercise of rights relating to personal data, the provider may request additional information from the data subject, but may refuse to act only if it demonstrates that it cannot reliably identify the data subject.
The provider must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receipt of the request.
Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or legal remedy, you have the right, as a data subject, to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, where you work or where the breach is alleged to have taken place, if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation. The supervisory authority with which the complaint is lodged will inform you, as the complainant, of the status of the case and the decision on the complaint, including the possibility of a legal remedy under Article 78. Article 5 of the General Data Protection Regulation. As a data subject, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, e-mail: email@example.com.
We reserve the right to adapt the Privacy Statement from time to time, as necessary, to the actual situation and to the legislation on the protection of personal data. For this reason, we ask you to check the current version before you provide any personal data so that you are aware of any changes and updates.
We will also notify you in advance of any changes that materially affect the processing of your personal data in an appropriate manner (e.g. by a notice on our website, by email).