According to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation) we, the data controller, are providing you, the data subject, with information on the identity of the data controller, the purposes of the processing of personal data as well as the legal basis for such processing, categories of recipients of the personal data, data retention periods and your rights under the General Data Protection Regulation.
ISTRIANICA d.o.o., Benčičeva ulica 2A, 6000 Koper – Capodistria, Slovenia, registration no.: 8205779000, tax no.: SI 15216152, email: email@example.com, telephone no.: + 386 40 329 539 (hereinafter: Istrianica) is the data controller in the sense of the General Data Protection Regulation and as such determines the purposes and means of the processing of your data.
Istrianica processes personal data it receives during your visit to the Website, purchase of goods, or through contact forms on the Website. Istrianica processes personal data that it acquires directly from customers (e.g. through purchases in the online store, through communication with customers, etc.) as well as data acquired from other individuals or contracting partners (e.g. banks, delivery services, etc.).
The provision of personal data is voluntary, however, Istrianica is not able to process orders or comply with legal obligations without certain information. In case you refuse to provide certain data, we will not be able to conclude and perform a contract with you or comply with our legal obligations.
When you visit a website, small files also known as cookies are stored on your devices. Istrianica uses strictly necessary cookies, which are essential for the Website to work and for which, according to the Electronic Communications Act, we do not require your consent. Istrianica would also like to set analytical cookies to give you the best user experience and to help us improve our Website by collecting information on how you use it. Istrianica will only set analytical cookies if you actively enable them by clicking “Accept” on the cookie banner. If you do not click »Accept«, or click »Close«, only strictly necessary cookies will be installed on your device. If you click “Close” or disable cookies on your browser, the Website may not provide all the functionalities it has to offer.
You may change your cookie preferences at any time by changing the cookie settings. More information on cookies is available here.
Istrianica collects and processes mostly personal data (personal name, permanent residential address, delivery address, e-mail address, phone number, preferences regarding the purchase, delivery method, payment method), which you provide by submitting an order for the purchase of goods in the online store. In this case, your data is used for processing your order, exercising legal claims, and fulfilling our legal obligations.
Istrianica also collects and processes personal data (personal name, e-mail address, phone number) provided by you through our contact form on our Website when you send us an inquiry, or when you contact us via email.
Your data (personal name, permanent (or temporary) residential address, e-mail address) may also be used for direct marketing via different communication channels (e-mail and ordinary mail). Istrianica may use your e-mail address (which it receives through your purchase of goods) to send marketing communications. You may decline such use of your e-mail address. Istrianica may process your data (personal name and permanent/temporary residential address) for direct marketing if the data has been acquired through conducting business, whereas you have the right to demand that you no longer receive marketing notices.
We only process your data if it is necessary and for the purposes with which they were collected or as provided by law. Personal data in connection with the usage of the Website is processed on the following legal bases:
Performance of a contract
If you are our (potential) customer, the legal basis for the processing of your data is the performance of a contract or taking of steps at your request (e.g., carrying out an order, answering your questions and comments, communication, etc.)
Your data is also processed when it is necessary for compliance with a legal obligation (e.g., reporting to tax and other authorities and other disclosures of personal data, provided by law).
In certain cases, your data may be processed based on legitimate interests, pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g., direct e-mail and ordinary mail marketing, prevention of fraud, and the misuse of services, maintaining physical security and IT security, and establishment of legal claims including the recovery of claims).
Only in exceptional cases and when it is appropriate will we ask for your consent to process your data (e.g., consent for the installation of more advanced cookies on your devices or when no other appropriate legal basis exists).
In such cases, you have the right to withhold or withdraw consent without detriment. Such withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. The provision of your data is voluntary, whereas the supply of our services is not contingent on consent to the processing.
Your data is disclosed only to employees of Istrianica that are bound to confidentiality. We also disclose your data to carefully selected outsourced service providers, i.e., processors and other recipients of personal data. These are, e.g., companies providing Istrianica with technical support with the maintenance and management of its Website, help in the area of accounting services, and other contractual partners to which Istrianica entrusts individual parts of personal data processing that process your data exclusively following our instructions. In such cases, we always enter into appropriate data processing agreements in which the recipients are bound to an appropriate level of protection for personal data.
As a rule, your data is being processed only within the EU/EEA. In certain cases, however, Istrianica may also transfer your data to recipients in third countries, whereby we guarantee that an adequate level of data protection shall be ensured and that all legal conditions on data transfers to third countries (or international organizations) shall be met.
Istrianica may only transfer your data to third countries or international organizations if:
the transfer is carried out to one of the countries or international organisations for which the European Commission adopted an adequacy decision, or to one of the countries on the Information Commissioner’s list of third countries with an adequate level of data protection,
the transfer is subject to appropriate safeguards under Article 46 of the General Data Protection Regulation (e.g., standard data protection clauses, binding corporate rules), or
conditions for derogations for specific situations under Article 49 of the General Data Protection Regulation are met.
Istrianica will process your data to the extent and for the time necessary to achieve the purposes of the processing. Personal data is thus processed until the purpose is fulfilled or within the limits of the limitation periods for obligations that could arise from the processing of these personal data. In cases when the retention period of the personal data is prescribed by law, we will keep the personal data in line with the retention periods prescribed by law. In specific cases, where the legal basis for processing is your consent, we will keep your data until such consent is withdrawn. Once that consent is withdrawn, we will also stop processing your data, if there is no other lawful basis for further processing of your data (e.g., compliance with a legal obligation or Istrianica's legitimate interest).
The existence and extent of your rights depend on the circumstances of the case or particular processing of your data. Under the conditions set out in General Data Protection Regulation, you have the right to request from Istrianica access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to the processing as well as the right to data portability. You may send us your request by e-mail or by registered mail to our address.
Istrianica implemented appropriate technical and organisational measures for the protection of all personal data and to safeguard them against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
If you believe that a data breach has taken place, please let us know as it happens, and we will provide you on time with an appropriate answer. If needed, we will also immediately undertake measures to remedy the potential irregularities or deficiencies which may occur during the processing of your data.
You also have the right to lodge a formal complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, Slovenia (e-mail: firstname.lastname@example.org, telephone: +386 (0)1 230 97 30).
In Koper, on [1. 1. 2021].
“Personal data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller