Privacy & Cookie Policy

PRIVACY & COOKIE POLICY (TRANSLATION)

We are pleased that you are visiting our website, and we appreciate choosing our services. We value your trust and privacy, which is not a matter of PLAY to us! And to honour that, in our Privacy & Cookie Policy we aim to  give you straightforward, detailed and hopefully easy-to-understand information on how and why we collect and process your personal data, what is our legal basis to do so, to whom it is transferred to and for what reasons, and what rights you have regarding it. We would also like to ensure you that we are committed to do our best to protect your data in accordance with the relevant EU GDPR regulations, and with Slovenian data protection law (ZVOP-1).

We regularly review our policy, and in cases of changes of law and / or our operation or marketing tools, we update it, so please do come back regularly to keep yourself up to date. This Policy is effective from: 23rd April, 2019.

Disclaimer: We do our best to provide all information precisely in English as well. But please note that it is not an official translation. Without any responsibility for the correct translation – for all legal relationships, Slovenian rights and the original, valid Slovenian language Privacy & Policy (Politika zasebnosti in piškotkov) is always overriding.

I. ABOUT US

1.Data Controller

The controller in charge (later referred to as ’company’, ’we’, ’us’ or ’our’) of the website of www.malihnog.com within the meaning of the General Data Protection Regulation (GDPR) is:

Spletna trgovina, Mitja Kastelic s.p.
Registration number: 8329800000
VAT number: SI79089399
Postal address: Črniče 79E, 5262 Črniče, Slovenia
Phone: +386 69 951 390
Email: info@malihnog.com

Mitja Kastelic, personally oversees questions in relation to this privacy policy, and if you have any questions, including any requests to exercise your legal rights, please contact him using the details set out above. We do not pursue any activity that would make it necessary an appointment of a DPO.

II. IMPORTANT INFORMATION

2. The aim of the Privacy Policy

The aim of the Privacy Policy is to ensure that, in accordance with the EU GDPR regulations and Personal Data Protection Act (ZVOP-1), we  are committed to protect your personal data. Personal data is all the data with which you can be personally identified. We only ask for data that is absolutely necessary to provide the services you request us to do, and we undertake the obligation to safeguard it, and use it only for the time required in order to serve the purpose(s) it was collected for. We will not sell or forward it to any third parties without your knowledge and previous consent (so as stated and accepted in this policy), with the very rare exception it is required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).   By visiting and using our website https://www.malihnog.com, you are accepting and consenting to the practices described in this policy. By providing us with your data, you also warrant to us that you are over 13 years of age. This website is not intended for children and we do not knowingly collect data relating to children. If we become aware that personal information from a child under the age of 13 has been collected, we use reasonable efforts to delete such information from our database.

3. High security standards

This website uses Secure Socket Layer (SSL) encryption to ensure high security standards, and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line, that we automatically enforce during your visit for our shop’s and for your personal data’s security. To protect our website and database we also use other security measures, for example a security program monitoring and blocking suspicious and malicious activity. We also use strong passwords, double identification where possible, as well as physical protection. Please note that you are also responsible for your security on the internet, therefore we recommend to use an anti-virus program.

4. Third-party links

This website contains third-party links (e.g. the webpages of our partners). Clicking on those links allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read on arrival the privacy notice of every website you visit.

III. DATA COLLECTED

5. Data collection when visiting our site

When using our website for your information only, that is you do not register or provide us with information elsewhere, we only collect statistical data with the help of a cookie (see also under IV. Cookies). We see the following data in a daily breakdown, all in aggregated form:

  • number of visits of our webpage (and that of the different sub-pages);
  • the country of the visitor;
  • the referrer of the visit (if you have arrived directly, through search engines or a social media link);
  • and if any third-party links have been clicked-through.

Aggregated data is not personal data as this data does not reveal your identity in any direct or indirect way!

As for every website you visit, your IP address though – which in some states is considered as a personal data already – is kept by the hosting company in so-called server log files if you pay a visit. These files are essential for loading and displaying the webpage in your browser, to maintain and monitor the website security and troubleshoot the website if necessary – so practically for the operation of the website. Our hosting company keeps these files for 30 days, which get automatically deleted afterwards. The data is not passed or used in any other way. Personally we do not have a direct access to these files, only if we request it, which we reserve the right to do so in case there is an indication of malicious activity against our website, or concrete indications of illegal use.

6. Contacting us

When you contact us personal data is collected. When you contact us through:

  • contact form: we ask for your name, email address and optionally for your phone number (see more 17. Website contact form);
  • email: you again provide us with your name and email address;
  • phone: you usually provide us with your telephone number (if the number is not set invisible), and any other personal data you share during the conversation (like your name).

These data is collected and used exclusively for the purpose of responding to your enquiry, request or for establishing contact in order for the associated technical administration. The legal basis for processing data is  your consent in responding to your request in accordance with Art. 6 (1) point a) GDPR. Your data will be deleted after final processing of your enquiry: so if we can infer from the circumstances that the question has been finally clarified, provided that there are no legal storage obligations to the contrary. As a secondary measure, we also overview our mailbox if all data has been deleted every 6 months.

If your contact is aimed at concluding a contract, so to ask for an offer or make an order), the additional legal basis for our data processing is Art. 6 (1) point b) GDPR.

7. Making an order

Pursuant to Art. 6 (1) point b) GDPR, we collect your personal data when you make an order with us. You can make an order on our site with registering a customer account, or as a visitor without registration. We store and use the data provided by you in both cases for contract processing and execution (namely billing, payment, shipping). In case you do not provide the data requested, unfortunately we are unable to provide the services you request. In order to provide with our services, we rely on the services of data processors when it comes to accounting, payment or shipping. (See: V. THIRD-PARTY PROVIDERS AND DATA PROCESSORS)

After complete processing of the contract and / or deletion of your customer account, we will not store any personal data in our webshop system, but please note that all personal data required by law will be kept – in form of issued bills – in consideration of tax and commercial retention periods of 10 years and deleted after expiry of these periods in accordance with Art. 6 (1) point 3) GDPR and according to the Law on Value Added Tax ZDDV-1, the Rules on the Implementation of the Value Added Tax Act, the Tax Procedure Act, the Companies Act, the Accounting Act and Slovenian Accounting Standards.

7.1. Making an order as a visitor

If you choose to make an order as a visitor, in order to execute the contract, the following data is asked for and collected, corresponding the respective input form on our site:

  • your full name: to be able to identify you;
  • your full delivery address: to be able to deliver your order;
  • your billing address: to be able to issue a bill, which is our legal obligation;
  • your phone number: to be able to contact you more easily in case of problems with your order ;
  • and your email address, to confirm your order, delivery, and send you the electronic bill.

When you make a payment opting for a bank-transfer, we will see on the bank statement the name and bank account number where the money was sent from, and we might need to use this information to identify the order which was paid for in order to process it.

Our webshop platform also registers your IP address you make an order from, which in some states constitutes as digital personal data. The reason why our webshop’s (and other webshops’) platform collect this data is for security measures and to prevent fraud or malicious activity.

7.2. Making order with account registration

When you register a customer account – with your consent, pursuant to Art. 6 (1) point a) GDPR  – we collect your email address upon registration, and when you pursue an order, the same data is requested and collected as under 7.1. This data is also stored in the system, since that’s the reason why registrations are usually made, to make a purchase faster and easier the next time.

As a registered customer you also have exclusive access to a personal Wishlist on our webpage. (See more 9. Wishlist)

It is possible to withdraw your consent to storing these data and delete your customer account at any time. This can be done by sending a message to info@malihnog.com. If an account is inactive for more then a year, then the account – along with any personal data provided – gets deleted by us. Please note that we are not liable for damage that would occur to the user because he provided incorrect, incomplete or inaccurate data relating to the user when registering.

7.3. Making order via email

As stated in our Terms & Conditions, under special circumstances (eg. pre-orders) you might have the possibility to place your order by sending an email to you. In this case the same data is requested as in the previous points, and we also send you and ask you to confirm that you have read and understood this policy, which is valid in that case, too.

8. Newsletter subscription

On our webpage you can subscribe to receive our newsletters (including direct marketing, and promotional offers) in accordance with Art. 6 (1) point a) GDPR. When you subscribe we collect exclusively your email address without further personal information, which we use in order to deliver the service you have expressed interest in. We can and we will send you promotional emails with your previous consent. We do not only ask for a clear express of interest (aka. ticking the consent box when you subscribe) at the respective subscription forms, but also provide the possibility of a double opt-in, meaning you will receive an initial email asking for confirmation that it was the owner of the email address personally expressing an interest. From our newsletters you can unsubscribe anytime using the link in the bottom of any of our previous newsletters or by writing to us and requesting to be deleted. We will keep your personal data as long as we provide the newsletter service, or until your unsubscribe or withdraw your consent in any other way.

9. Wishlist

If you have a registered account (see 7.2. Making an order with account registration) you also have the possibility to create a wishlist, adding products which are of future interest to you. By using the wishlist you acknowledge that we can see your added items in our system, and we might use this information to prioritise our own orders from our suppliers. In case, in accordance with Art. 6 (1) point a) GDPR, you have subscribed and given consent to receive newsletters and promotions from us (see under 8. Newsletter subscription) we might also use this information  to inform you via your registered email address when items on your wishlist are back in stock or on sale. We have information about your wishlist until you stop using the wishlist or delete your registered account.

10. Our social media platforms

Related to our website we operate two social media platforms for the time being: a facebook page (Malih nog naokrog) and an Instagram account (malihnognaokrog) in order to promote our activity and causes, share related news, blog posts, and to get in more personal contact with our customers. By following our social media platforms, you are voluntarily (with consent) sharing with us (and other people following our pages) your name, picture, any other public information you have shared of yourself, as well as  any other personal data or opinion you chose to reveal in your comments or interacting on our pages. We do not use these data provided here in any way, just for public interaction within the framework of our page. You have the right to be forgotten and full control over the data you have shared, and can decide to unlike or unfollow our platforms any time. You can also delete your previous data or opinion you have shared about yourself in your comments. By unliking or unfollowing us we don’t have access to your data anymore. As administrators we also reserve the right to moderate, block followers or delete comments in case they are disrespectful or do not comply with our values or the law.

By using these social media platforms you also acknowledge that Facebook is a third-party provider and is processing your data. (See more V. 19. Social media platforms) On our facebook and Instagram account the Insight tool and cookies (pixels) are also used in order to make advertising more effective and meaningful. (See more IV. Cookies)

11. Giveaways

In case we ever host a giveaway on our webpage or social media platform, we will only collect any personal data with your previous consent (GDPR, Art. 6 (1) point a). In case we host such a giveaway in every case we will clearly specify in the terms and conditions of the giveaway what data we collect, for what purpose we need it, and how long we we store it and what your rights are.

IV. COOKIES

In order to make your visit on our website a better experience and to provide full functionality, we use so-called cookies on various pages. Cookies are small text files that are stored on your end device. Cookies themselves do not contain any data that enables the identification of individuals, but if you provide identification yourself, e.g. by registering, they can be linked to data stored in the cookie.  Some of the cookies are deleted after the end of the browser session (session cookies), other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie itself.

If personal data is also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b) GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can have full control of cookies through the settings of your browser. You can be informed about the setting of cookies, you can decide to accept or refuse them individually or generally, and you can delete them anytime, even automatically when closing a browser. Each browser differs in the way it manages the cookie settings – you will find it described in the help menu of each browser (Internet Explorer, Firefox, Google, Safari, Opera).

The cookies you might encounter while visiting our webpage:

Cookie name Functionality Expiry
tk_r3d, tk_lr, tk_or, tk_tc, tk_ai The cookies store a randomly-generated anonymous ID and is used for general analytics tracking by WordPress (Automattic Inc). 3 days / 1 year / 5 years respectively
eucookielaw This cookie provided by WordPress (Automattic Inc) registers and stores your cookie consent. 30 days
_icl_current_language This cookie name is placed by theWPML plugin in WordPress
that makes it possible to us to translate our webpage and have it displayed multilingually. The cookie itself stores the language value for the website (which language you use it), so it can consistently show the pages on your chosen language.
24 hours
woocommerce_items_in_cart, woocommerce_cart_hash, wp_woocommerce_session_ The first two cookies contain information about the cart as a whole and helps the webshop platform (WordPress) know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies. session
wordpress_logged_in_ WordPress cookie for a logged in user. session
PHPSESSID This cookie is strictly essential to use the webshop because it is used to maintain user session variables, for example to maintain the logged-in status between the pages, stores the basket content during the session, shows if an enquiry is missing a required field, or if the enquiry has been submitted. session
wordpress_test_cookie This cookie is used on sites built with WordPress, and tests,whether or not the browser has cookies enabled and working properly. session
wc_fragments_# Used by Woocommerce to remember what is in your cart. session
woocommerce_recently_viewed This cookie remembers the items you have checked during your visit, so we can display it for you on the sidebar. session
yith_wcwl_products This cookie remembers the products on your wishlist. 30 days
pum_{number} These cookies control the repetition of pop-up windows, if they are activated, so if not necessary you won’t see them again even if you return to our website. We use pop-up windows e.g. in order to notify you of privacy policy changes, deals, or give you the opportunity to subscribe to our newsletter. 60 days
woocommerce_recently_viewed

 

This webshop cookie contains an array of up to 15 recently viewed products, and helps to display it on the sidebar while you are visiting our shop. session
__atuvc

 

This cookie is used by a widget that is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. It stores an updated page share count. 2 years

For marketing and advertising reasons, we might also take advantage of two facebook tools (on our facebook and Instagram account) which facebook operates: Facebook Insight and so-called pixels. If you have a facebook account and visit facebook (including our facebook page), it places cookies in your browser to register and analyzing your data and activity (e.g. which pages you like). Through the Insight tool, facebook provides business pages (including us), with aggregated (so again no personal!) statistical data relevant to the activity to that specific page. We encourage you to read more about the facebook cookie policy here, including how to opt out if you’d wish so.

Facebook also uses cookie-like JavaScript snippets of data, so called conversion measuring pixels. It helps facebook – without the sharing any personal data – to connect your facebook activity and your activity on our site, and with that help to measure the effectiveness of our facebook advertising activity, that we occasionally take advantage of, just like many others companies today. When you chose to visit our website and accept the our policy, you agree to the usage of these pixels, too. Please remember, you can always control the ad options on facebook regarding your account here.

V. THIRD-PARTY PROVIDERS AND DATA PROCESSORS

We rely on the services of the following third-party providers and business partners. By requesting our services, you acknowledge that they are processing your data in order to provide the essential requirements of our operation and to perform the contracts pursuant to Art. 6 (1) point a) GDPR. When we are choosing our business partners we are always opting for reputable and reliable companies in order to ensure of the protection of your personal data.

When sharing personal data with these external third parties, their processing of your personal data may involve transfers of your data outside the EU, to the United States of America (especially in case of point 14.2., 15., 18., 19.). Whenever your personal data is transferred out of the EU, a similar degree of protection is ensured by these providers for example by undertaking the obligation of being part of the Privacy Shield.

12. Delivery services

To process your order we work together with (a) shipping provider(s), which support us in the execution of concluded contracts. Our main shipping partner is Pošta Slovenije d.o.o. (Slomškov trg 10, 2500 Maribor), but we reserve the right to use a different shipping company. In that case we will inform you about the change prior to delivery and you might review their privacy policy before confirming the delivery. In order to deliver your order we need to pass on the following data to the transport company:

  • your full name and your delivery address to be able to deliver;
  • and your email and / or phone number , for the purpose of coordinating a date of delivery or of a notice about the shipment status.

You can read their privacy policy (in Slovene) here.

13. Accounting

For billing and accounting services we are in partnership with Saop d.o.o. (Cesta Goriške fronte 46 5290 Šempeter pri Gorici), who have matter-of-factly access to billing data and the issued bills to be able to provide the essential service. Their privacy policy is available to read here.

14. Website hosting services

14.1. Hosting

Our hosting provider is Hitrost.com d.o.o. (Cesta železarjev 8b, 4270 Jesenice, Slovenia). You can familiarise yourself with their privacy policy (in Slovene) here.

14.2. Webshop platform

The company providing the webshop and website editor platform (WooCommerce) is Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). To secure the operation of our website and services, we use security measures, including making automatic daily back-ups of our database by the help of the same company. You can familiarize yourself with their Privacy Policy here.

15. Email services

Our emailing services are  provided by Gmail / Gsuite (Google Inc., Mountain View, California, USA). You can reach their Privacy Policy here.

16. Bank and Barion

Our banking service provider, Delavska Hranilnica d.d. Ljubljana (Miklošičeva 5, 1000 Ljubljana) has access to bank statements listing transactions, thus including your name and bank account number in case your payment was made via bank transfer. Their privacy policy is available on their website.

The option of bank card payment is provided by Barion Payment Inc., an Electronic Money issuer, licenced by the Central Bank of Hungary (licence ID: H-EN-I-1064/2013) based on the Electronic Money EU Directive (2009/110/EC). The payment happens in their own secure system, we do not have any access to the your peronal data (credit card number, expiry date, CVC code) provided during the transaction, and you provide your personal data connected to the transaction directly to them. We advice you to familiarise yourself with their Privacy Policy before opting for the bank card payment, which you also need to accept on their website to finalise the trans action.

17. Website contact form

Our contact form is powered by Gravity Forms (developed by Rocketgenius, Inc., 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, United States). It only collects the personal data that our respective contact form asks for (and does not collect your IP address, for example!). With using the contact form you consent that your personal data and enquiry is saved into our data base, and stored there for 30 days, serving only as a technical back-up, where it gets automatically deleted after this period. Your enquiry then is also forwarded to our official e-mail address, where we handle it as outlined under point 6. Contacting us.

18. Newsletter provider

We provide our newsletter services with the help of Mailchimp (The Rocket Science Group Llc., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). You can familiarise with their privacy policy here.

19. Social media platforms

As we have mentioned above, we use facebook and Instagram for marketing and advertising reasons. You can familiarise yourself with the privacy policy of Facebook Inc. (Menlo Park, California, USA), also owner of Instagram, here.

VI. YOUR RIGHTS

The data protection law grants you comprehensive rights with regard to the processing of your personal data. These rights include:

  • Request access to your personal data;
  • Request correction or deletion of your personal data;
  • Object to our use and processing of your personal data;
  • Request that we limit our use and processing of your personal data; and
  • Request portability of your personal data.

We do not have automated decision making processes, so we cannot provide rights connected to that. And of course in case you think we do not have a legitimate interest or not processing your data lawfully, you have the right to complain.

20. Data access

Pursuant to Art. 15. GDPR, you can request access in order to see what data we have of you and for what purpose. Please note in case of data access, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

21. Data correction

Pursuant to Art. 16 GDPR, you can request the correction of your personal information (if your phone number, email, address, or name is not correct).

22. The right to be forgotten and withdraw given consent

Pursuant to Art. 17 GDPR, you can request to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (eg. there is a commercial or tax retention period). In such case we will notify you of this at the time of your request.

Pursuant to Art. 7 (3) GDPR, you also have the right to withdraw consent at any time where we are relying on consent to process your personal data (like in case os sending you newletters). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You can usually access, correct, or delete your personal data, or withdraw your consent using your account settings and tools that we offer (e.g. unsubscribe link in our newsletters), but if you aren’t able to do that, please contacts us and we are happy to assist you.

23. Data portability

The right of data portability allows you to obtain data that we hold on you and to reuse it for your own purposes. You are free to either store the data for personal use or to transmit it to another data controller.  The data you receive should be in a structured, commonly used and machine-readable format.

24. The right to complain

We are doing our best to protect your data and provide you with transparent and understandable information about it. Still, if you have any worries, questions, or complaints, please contacts us through any of the contact details provied above.  In case you have any questions or compalints, you can also turn directly to the Information Commissioner, which is the Slovenian authority overseeing the area in question:

Informacijski pooblaščenec
Address: Dunajska cesta 22, 1000 Ljubljana
Telephone: 01 230 97 30
E-mail: gp.ip(at)ip-rs.si
Webpage: www.ip-rs.si

 

VII. FINAL PROVISIONS

In legal questions not covered by this privacy policy, the relevant laws of the Republic of Slovenia and the European Communities shall apply.