Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Automated decision making is when a decision is made which is based solely on a automated processing (including profiling) which produces legal effects or significantly affects individual.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
NAME AND ADDRESS OF THE CONTROLLER
Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is: BENEDETTI LIFE, oblikovanje oblačil, d.o.o., Rožna dolina II/19, 1000 Ljubljana, VAT nr: 69363200, registration nr.: 8451249000. We do not have Data Protection Officer as we do not process personal data to such an extent that this obligation should be fulfilled, but you can always contact us by e-mail: firstname.lastname@example.org.
LAWFUL BASIS FOR PROCESSING AND WHY DO WE USE YOUR PERSONAL DATA
The lawful bases for processing personal data are set out in Article 6 of the GDPR. Whenever we process your personal data one of these below stated lawful bases applies for below stated purposes.
On the basis of explicit individual’s voluntary consent, we process personal data such as for below stated purposes:
- response to the completion of the contact form for the demand,
- subscribing to e-news (unsubscribing from e-news is possible at any time by clicking on unsubscribe button, stated in the received e-news),
- participation in promotional campaigns published on the Site,
- the possibility of completing an order in the online store, for example, for the products you have added to the shopping cart, are not deleted, or the data from the order in preparation (this is allowed by cookies),
- user registration in benedetti.life online store,
- to review job applications, you have signed up for.
We process personal data on the basis of contract when it’s necessary such as for below stated purposes:
- concluding and implementing of the contract,
- informing individuals about successful orders,
- resolving complaints and other refunds, relating to the order.
When necessary, for our legitimate interests, we process personal data on the basis of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, as for below stated purposes:
- optimization of the Site,
- to ensure the network and information security of the IT systems,
- to prevent fraud,
- sending e-news if you have become our customer with a purchase and have not indicated that you do not want to receive notifications (basis of paragraph 2 of Article 158 of ZEKom-1),
- On the basis of laws and in accordance with relevant legislation (among others: Code of Obligations (OZ), Consumer Protection Act (ZVPot), Value Added Tax Act (ZDDV-1), Tax Certification of Invoices Act (ZDavPR), Act on Accounting (ZR), Electronic Communications Act (ZEKom), Money Laundering Prevention and Financing of Terrorism Act (ZPPDFT-1),
- retention of personal data regarding the purchase in accordance with applicable law, such us a fulfilment of tax obligation.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
We ask for and collect the following personal data:
- contact information we obtain from you (name and surname, phone number, address, postal code, country, e-mail address, company name, which enables identification of individual).
- Identification data related to the creation of the user account (name and surname, username and password that is encrypted),
- data related to the fulfillment of the contract (delivery time, method of payment, data on complaints, invoice issued),
- information required to issue an invoice (name and surname, address, postal code, country, tax number, if the purchase is made from a legal entity),
- information on the use of our Site,
- IP address,
- CV, motivational letter, which may contain your personal data, in case you fill and add those attachments when you file job application.
We are not responsible for the accuracy of the personal data you enter.
Your share of your personal data is not a condition for the use of our services, but without of at least certain personal data, we cannot perform our services and, among other things send you your ordered goods. If you believe that someone has shared with us your personal data and do not want that we process it, please let us know at email@example.com. All your personal data will be stored only for as long as is necessary to achieve the purpose for which it was collected, or we will store it only for the period that is prescribed by law in certain cases.
We also process non-personal information (information that, alone, cannot be used to identify or contact you. You may be asked to submit non-personal information with personal information or separately):
Non-personal data is recorded automatically. We use this information to measure the attractiveness of the website and to improve the content and usability. Under no circumstances will we pass on personal data to a third party or allow a third party to inspect personal data without the express permission of the individual, unless required to do so by the state authorities and such an obligation is required by law. Until you entrust us with personal information (such as first and last name, e-mail address, etc.), all information we automatically obtain when you use the Site are anonymous information, and we cannot identify an individual with it.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA WITH?
We may share it with:
- based on your consent, we may share your personal data with those third parties for whom you have given your consent,
- service providers as we use some other third-party service providers to offer or facilitate services on our behalf. These services may include, among other things, helping us to provide services that you request, create or maintain our databases, to research and analyze the people who request our services or products, services or information from us, taking care of the shipment of products to you, of communication or helping us respond to inquiries and send out emails on our behalf. We will share your personal data as necessary for such third-party services providers to provide the applicable service to us or on our behalf,
- we may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or our’s safety or safety of another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed,
- we may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.
The personal data collected may also be transferred to other countries outside of the EU/EEA, e.g. for the provision of e-mailing services, undertaking with such contractual partners to comply with the standard contractual provisions issued by the European Commission and available on: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02010D0087-20161217&from=SL.
We are committed to protecting the online privacy of children and making the internet safe. We do not provide products and services to children, or knowingly collect or solicit personal data from children under 15 years of age. Any communication we get that is identified as being from a child under 15 will not be kept by us. We encourage parents or guardians of children under 15 to regularly check and monitor their children’s use of email and other activities online.
AUTOMATED DECISION MAKING AND PROFILING
We do not process personal data for automated decision making and profiling.
HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal data to our employees, service providers and agents who need to know such information in order to operate, develop or improve our products and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We use secure socket layer (“SSL”) technology to encrypt and protect the security of your personal data, including but not limited to your credit card number, when it is sent over the Internet. Therefore, while we strive to protect your personal data, we cannot guarantee its absolute security. We are not responsible for the functionality, privacy or security measures of any other organization.
Note that our Site offers links to other websites not owned or operated by us. Your use of these third-party services is entirely optional and at you risk. We are not responsible for the privacy policies and/or practices of these third-party services.
HOW CAN YOU UPDATE OR REMOVE YOUR PERSONAL DATA OR OPT-OUT?
You can update or remove your personal data or opt-out at any time.
- updates: If you still wish to use our products and services and your relevant personal data (name, e-mail, postal address, telephone number, etc.) changes, please let us know at firstname.lastname@example.org),
- personal data removal: If you wish to completely remove your data from our databases, please send us a deletion request at email@example.com,
- Opt-out: If you do not like to receive our newsletter or other marketing material e-mails, you can unsubscribe any time with the “unsubscribe” link within any marketing e-mail you receive from us. We will be sad to see you go, but we respect your privacy.
Any request that you send to firstname.lastname@example.org may take up to 10 days to process and become effective.
After receiving your withdrawal of consent, we will stop processing your personal data and will delete it. We will let you know that your withdrawal was took into account. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal.
YOUR RIGHTS AS THE DATA SUBJECT
In relation to your personal data that we process, you have the right:
- to withdraw consent to processing of your personal data at any time. If you only wish to update your personal data, you can do that in your Site account,
- to obtain confirmation whether we process your personal data,
- to access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.,
- to rectification: to request that we rectify or update any personal data that is inaccurate, incomplete or outdated,
- to erasure (Right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc.,
- of restriction of processing: to request that we restrict the use of your personal data in certain circumstances, such as when accuracy of the personal data is contested by you,
- to data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances,
- to object at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing,
- to state that the decision based solely on the automated processing of your personal data, including the creating of profiles, that has legal effects relating to you or significantly affects you in a similar way, does not apply to you. If the decision (1) is necessary for entering into, or the performance of, a contract between the you and BENEDETTI, or (2) it is based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of controller, to express his or her point of view and contest the decision,
- to appeal, independent of the above stated rights, to a supervisory authority if you believe that processing of your personal data violates the data protection regulations. You may file a complaint to the competent state authority: Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: email@example.com, phone: 00386 1 230 97 30, website: www.ip-rs.si.
For all stated rights, you may, at any time, contact us:
- at firstname.lastname@example.org,
- by regular post or in person at the address: BENEDETTI LIFE, oblikovanje oblačil, d.o.o., Rožna dolina II/19, 1000 Ljubljana.
We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.
We store your personal data for as long as is needed for its purpose. We may store anonymized information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law.
Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration.
When personal data is no longer needed, we shall delete it using reasonable measures to protect the personal data from unauthorized access or use.
COOKIES AND TRACKING TECHNOLOGY
Below is a list of cookies that we use. We have listed them so that you can choose if you want to opt-out of cookies or not.
Purpose of use
|The cookie records your setting to allow cookies to be recorded||
The cookie records your setting that you do not want to record cookies
Until the browser closes
Session cookie required for site operation
Until the browser closes
Session cookie required for site operation
Below you will find Third-Party explained technologies that allow us to improve the overall user experience and tailor it to suit your browsing history. These technologies all take advantage of cookies; the details of which are provided below and you can opt out from them.
We use Google reCAPTCHA to protect our website from abuse. Google reCAPTCHA uses advanced risk analysis techniques, which allows us to distinguish between so-called "bots" and people. More information about Google's reCAPTCHA can be found here: https://developers.google.com/recaptcha/.
MANAGING AND DELETING COOKIES
If you want to change the way cookies are used in your browser, including blocking or deleting them, you can do so by changing your browser settings accordingly. To manage cookies, most browsers allow you to accept or reject all cookies, accept only a certain type of cookie, or alert an individual that a website wants to store a cookie. Cookies stored by the browser can be easily deleted. If you change or delete your browser's cookie file, change or reward your browser or device, you may need to disable cookies again. The process for managing and deleting cookies varies from browser to browser.
By using this Site, you agree that the Site sets necessary cookies on your computer or mobile device.
We strive to ensure the security of personal data. Your personal information is protected at all times from loss, destruction, falsification, manipulation and unauthorized access or unauthorized disclosure. We use an appropriate level of protection and have reasonable physical, electronic and administrative measures in place to protect the data collected.
Despite efforts to ensure security, there may be an intrusion into our system. In the event that the personal data of an individual is altered, disclosed or destroyed, we will notify the individual via e-mail.