PERSONAL DATA PROTECTION
PERSONAL DATA CONTROLLER
This policy applies to the personal data processing carried out by the company EVMA d.o.o. (personal data controller) or by a third party on behalf of the personal data controller.
ABOUT PERSONAL DATA CONTROLLER
IOC Zapolje II/9
ID Number: 6842844000
Phone: +386 1 810 7550
WHICH PERSONAL DATA WE COLLECT
• Contact details (name, address, phone numbers, emails).
• Data, necessary for the performance of a contract and goods delivery (purchased items, prices, delivery addresses, time of the delivery, payment methods, payment date, complaint details, invoices…).
• Data on website use (clicks on links, time spent on website) and data on responsiveness to our newsletter (open rate).
LEGAL GROUND FOR PROCESSING THE PERSONAL DATA
Your personal data is only processed on the following legal basis:
• when it is necessary for compliance with a legal obligation (e.g. issuing the invoice);
• when it is necessary for quotes or contracts to be concluded and carried out.
THE PURPOSE OF PROCESSING PERSONAL DATA
Your personal data is processed only for one or more of following cases:
• for communication with you regarding our services and as response to your inquiries
• for the conclusion of a contract or the execution of contractual obligations;
• for the establishment of legal claims and dispute settlement procedures.
DATA RETENTION AND DISPOSAL POLICY
We keep your personal data as long as you are a registered user on our website. All information about issued invoices are stored for 10 years from the date of their issuance. Data necessary for the performance of a contract (delivery of goods) are stored for 5 years from the date of delivery. After data retention expiries, your personal data is deleted or anonymised; data is processed to such extent that it can neither be recognized nor linked to us.
NECESSARY PROCESSING OF PERSONAL DATA AND PROCESSING ON THE BASIS OF CONSENT
You are not obliged to give us any personal information. However, if you do not consent to process your personal data, we cannot provide you with all of over service. We will let you in advance which personal data we need to process in order to conclude a contract or execute our contractual obligations.
ACCESS TO YOUR PERSONAL DATA
Your personal data is not transferred to a third party, except to those parties, who we have a written data processing agreement with in order to enable certain services to be performed or products to be delivered. They too are required to comply with the relevant personal data protection legislation. Contractual data processors to whom we disclose the personal data are:
• accounting firms,
Contractual data processors are allowed to only process personal data under our clear instructions. They are not allowed to use personal date for their own purposes and are legally bound to protect the confidentiality of data provided by personal data controller. Contractual data processors do not transfer your personal data to a third country (i.e. a country outside the EU/EEA, Iceland, Norway and Lichtenstein).
1) You have the right:
• to obtain confirmation as to whether or not we are processing your personal data;
• to obtain access to the personal data held about you: the nature and purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored;
• Upon your request, we will provide one free copy of your personal data undergoing processing. For any further copies requested you might request, we will charge a reasonable fee based on administrative costs.
2) You have the right to obtain from EVMA restriction of processing where one of the following applies:
• if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data,
• if the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead,
• if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
• if you have objected to processing pending the verification whether the legitimate grounds of the controller override your own.
You have the right to obtain from us the erasure of personal data concerning you without undue delay (Art 17 of the GDPR), especially if you withdraw consent on which the processing is based and where there is no other legal ground for the processing.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing If direct marketing is based on consent, the right to object can be exercised by withdrawing the given consent.
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.
If you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection, you also have the right to lodge a complaint directly with the information commissioner.
RIGHT TO LODGE A COMPLAINT
For the purposes of reliable identification should you choose to exercise your rights connected to personal data, we may request additional data required to confirm your identity, and action in accordance with this section may be refused only if we prove that you cannot be reliably identified.
We will answer to all your complaints within a month of the date received.
The Personal data protection policy can be changed or amended at any time.
Logatec, 25. 5. 2018