Notice to individuals under Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data

INFORMATION ON THE CONTROLLER OF YOUR PERSONAL DATA

SHINE BROWN, proizvodnja, trgovina in storitve, d.o.o.
Preserje pri Radomljah, Pelechova cesta 15
1235 Radomlje, Slovenia, EU
Registration number: 8224790000
VAT ID Number: SI 54529034

e-mail address: [email protected]

(hereinafter: the company)

The company is the owner and provider of the website https://www.byrokko.com/en (hereinafter: the website or online store).

A data protection officer has not yet been appointed by the company. You can send your enquiries regarding the processing and protection of personal data to [email protected]

1. The legal bases and purposes of personal data processing and what data we process:

1.1. Based on negotiations for the conclusion of a contract or a concluded contract:

We process personal data in order to carry out concluded contracts (e.g. to carry out distance contracts) between the company and our customers (i.e. website visitors who make a purchase on our website), whereby:

- when a contract is concluded (e.g. when a product is ordered on our website) the sale of the product through the online store, its delivery and notification regarding the order entail the processing of the following data: the basic information on the buyer (name and surname), his contact details (email address and phone number) and information on the purchase in question for invoicing and delivery of goods (date and place of purchase, purchased products, prices of purchased products, total purchase amount, method of payment / delivery, delivery address, city, country, postal code for delivery / address for issuing the invoice, number and date of order, used coupons, order status) and other information (archive of communication between the buyer and the company, evidence of submitted consents to the General Terms of Use, etc.).

A contractual legal basis for the processing of personal data also exists when we communicate with potential buyers before they conclude a contractual relationship (i.e. place their order):

- in the context of negotiations and mutual communication before a purchase (e.g. when you contact us via email or through our contact form before purchasing the product), in which case we can process your contact details (name, surname, email address) as well as any other information you entrust to us for this purpose.

In the cases described above, we are not required to obtain your explicit consent when processing your personal data, as the legal basis for processing stems from your intention to enter into a contractual relationship with us for the purchase of our products, or from the fact that you negotiate or communicated with us about such purchase.

If in the cases described above, you provided us with personal information as part of your contractual obligations or through contract negotiations (e.g. concluding a distance contract for the purchase of our products or requesting information about our products, etc.), we are not required to obtain your explicit consent for processing your personal data in such situations.

If in certain cases where the processing of personal data is based on a contractual relationship we have with you (or which you desire to enter into), you do not provide us with the required data, this will in principle have no consequences for you. However, such situations may make our cooperation more difficult or even impossible (e.g. we cannot sell our products without processing your delivery details or the necessary data for issuing the invoice), whereby we shall try to duly notify you prior or after the occurrence of such situations.

1.2. Based on our requirement to comply with a legal obligation:

The company also processes personal data in order to comply with its legal obligations particularly those governing taxes and accounting (e.g. records of issued and received invoices, etc.):

- when possible legal requirements exist under which we might be required to forward personal data to a duly appointed public authority or third party citing relevant parts of the applicable legislation and based on their explicit request (e.g. in the context of the implementation of inspections under the provisions of the Slovenian Consumer Protection Act (ZVPOT) and the Slovenian Inspection Control Act (ZIN),

- when the company processes the personal data of a customer to whom it had issued an invoice, the company processes these data (e.g. personal name, contact details, etc.) on the basis of the Slovenian Value Added Tax Act (ZDDV-1) (see section 3.2.) etc.

1.3. Based on your explicit consent:

The company may also process your personal data on the basis of your explicit consent. The explicit consent of the visitor of the website or the buyer is considered to be his voluntary declaration of will, with which he agrees to the processing of certain personal data for a certain purpose, e.g.:

- marketing communication with people who are not yet our customers * (if we have obtained your explicit consent for this purpose in our branch office, on our website, etc.), whereby we process information on the person who gave their consent, namely their contact details (first name, last name, email address or telephone number) and information about their purchases and interactions with the website or messages (data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links) for the purposes of sending customized advertising messages or "newsletters",

- Sending emails or SMS messages to people who have added products to their cart and entered the required data, but have not completed their purchase * (i.e. "cart abandonment") (insofar as we have obtained their explicit consent for this purpose in the final step of the check-out procedure on our website), whereby we process the contact details (first name, last name, email and phone number) as well as information about purchases and interactions they had with our website (data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links).

*Receiving this kind of communication can be cancelled at any time by following the link contained in each email or SMS message, or by contacting us at [email protected]

- Showing online ads to visitors who have agreed with the installation of optional (advertising) cookies which are provided by our advertising partners (e.g. installation of the Google Analytics cookie, which makes it easier for us to advertise our products on other websites, etc.) (see section 3.4.1.). The exact list of optional cookies which are provided by our advertising partners, the data that is processed, as well as their retention periods is available on the subpage "Cookies" - https://www.byrokko.com/cookies .

Cooperating with us and using the services of our company are not, in principle, conditioned on your consent for the processing of personal data, insofar as this is not logically required for the performance of such services or required for cooperation (see section 1.1. of this chapter).


The company guarantees each individual the right to easily revoke his express consent at any time i.e. by contacting us at [email protected] (see section 5.1.).

The withdrawal of consent does not affect the lawfulness of the processing that had been carried out on the basis of such consent until the moment of its withdrawal.

In the event that you do not give consent for the processing of personal data, give it in part or revoke the consent (as a whole or in part), we will, where possible, cooperate with you only to the extent of your consent or in the ways permitted by applicable law.

Consent is voluntary and if you choose not to give it, or revoke it later, this in no way interferes with your other rights that might arise from the business relationship you have with our company, or constitutes additional costs or aggravating circumstances for you.

1.4. Based on the legitimate interests of the company

Certain personal data may be processed for the purpose of securing our legitimate interests, e.g.:

- for example, where the processing of your data would be necessary in order for us to secure our operations e.g. protect our business against potential fraud or required in inspection procedures that are carried out by duly appointed public authorities or litigious and other procedures, we will process only those data that are strictly necessary to pursue these legitimate interests of our company,

- the applicable legislation also allows us to process personal data for the purposes of sending marketing communications to existing customers* (e.g. we may send an email or SMS messages to persons who have previously purchased products on our website), whereby we process the contact details of such persons (first name, last name, email address or telephone number) and information about their purchases and interactions with our website or messages (data on past purchases or the contents of their shopping cart, data on the opening of emails and clicks on links) for the purposes of sending customized advertising messages or "newsletters".

*Receiving this kind of communication can be cancelled at any time by following the link contained in each email or SMS message, or by contacting us at [email protected]

The company may also process the personal data of an individual in cases where the processing is necessary in order to protect the vital interests of such individual or other natural persons (e.g. reviewing the address of an individual who is in imminent and serious danger in connection with the purchased product).

1.5. Data processing related to the company's advertising activities

In accordance with the abovementioned, the company carries out customized marketing communication regarding its own products, discounts, novelties, customized offers and other promotional content through various channels and with various persons:

Type of advertising activity

Description of the advertising activity

Legal basis for processing

Data that is processed

Retention period

Sending emails or SMS messages to people who have not yet been our customers.

Sending customized emails or SMS messages with customized marketing content.

Consent.

Name, surname, email address, telephone number, data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links.

Until consent has been withdrawn.

Sending electronic messages or SMS messages to existing customers of the company.

Sending customized emails or SMS messages with customized marketing content.

Legitimate interest.

Name, surname, email address, telephone number, data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links.

Until consent has been withdrawn.

Sending emails or SMS messages to people who have put products into their cart and entered the required data, but did not complete their purchase ("cart abandonment").

Sending customized emails or SMS messages with customized marketing communications, which refer to the contents of the abandoned cart or contain discounts for these and other products.

Consent.

Name, surname, email, telephone number, data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links.

Until consent has been withdrawn.

Showing ads to people who have agreed to the installation of optional cookies and tracking pixels.

(See section 3.4.1.)

Consent.

(See the subpage on https://www.byrokko.com/cookies ).

(See the subpage on https://www.byrokko.com/cookies ).

The abovementioned processing is performed in an automated way and may include automatic profiling, whereby such profiling does not result in automated decisions being made which may have important consequences for the individuals involved, an is only used so that the content of our commercial messages may be customized and so that the showing of our ads may be optimized (see chapter 7. Automated processing and profiling based on consent).

You may unsubscribe from the abovementioned automated processing of your personal data at any time by following the link contained in each email or SMS message, by deleting the relevant cookies (see the subpage on https://www.byrokko.com/cookies ) or by contacting us at [email protected]

How long do we store or process your personal data?

The period of retention of personal data depends on the legal basis and purpose of processing. Personal data is kept for as long as it is necessary to fulfil the purpose for which the data was collected, or as long as a regulation requires that we must keep it, e.g.:

we keep personal data of customers on invoices for 10 years from the day they were issued, as this requirement is imposed on the company by the Slovenian Value Added Tax Act (ZDDV-1),

- based on a concluded contract for example, data is processed for the duration of the contract or for another six years after the termination of the contract (if, for example, processing is necessary because there is a dispute between the individual and the company, etc.),

- based on your explicit consent to receive market communications or our legitimate interest to advertise to people who are already our customers, we keep and process the data until such person withdraws his consent.

Personal data shall be deleted, destroyed, blocked or anonymized after the purpose of processing has been fulfilled or consent has been withdrawn..

3. Who processes your personal data (users of personal data) inside and outside of our company?

3.1. Certain employees in the company

Your personal data is processed by individual employees of our company. Employees of the company process only those personal data that they need for their work, but they can also share them with each other if their work tasks and internal rules of the company allow them to do so. All employees are committed to confidentiality and the protection of personal data.

3.2. State authorities

In certain cases prescribed by applicable law, the company must provide or report your personal data to the competent state authorities as well as to the authorities responsible for financial, tax or other control (e.g. the Slovenian Labour Inspectorate, the Financial Administration of the Republic of Slovenia, courts, the Office of the Information Commissioner of the Republic of Slovenia, the Market Inspectorate of the Republic of Slovenia, etc.). In certain cases, the company is compelled to provide data to third parties if such an obligation to provide or disclose the data is imposed on the company by law or on the basis of a valid legal right of a third party.

3.3. Contractual processing of personal data

In addition to employees of the company, employees of contractual processors of the company can also act as users of your personal data are, whereby they may only process personal data as confidential information on behalf of the company and within the scope and purposes that are laid down by the data processing agreement, which the company has entered into with any such processor. Contractual processors may only process personal data in the context of the company's instructions since the company is acting as the controller of company personal data, and may not use the data to pursue any other self-interest.

The types contractual processors with which the company cooperates are:

  • persons who cooperate with the company on the basis of providing relevant business or copyright agreements (legal advice, advertising, etc.),
  • the data hosting provider (see section 3.4.2.),,
  • external accounting services,
  • delivery and forwarding services,
  • IT system maintenance providers,

The company shall not distribute your personal data to unauthorized third parties.

To obtain an accurate list of all contractual processors of the company, please send your request to [email protected]

3.4. Cooperation with advertising partners, hosting providers and providers that enable us to send "newsletters" and other commercial messages.

3.4.1. Collaborate with advertising partners and the use tracking pixels

If you agree to the installation of optional cookies (see Chapter 4. Cookies), we may share certain technical information and other information we record about visitors regarding their interaction with our website with our advertising partners:

In these cases, in addition to cookies, we may also use their tools (Google Analytics, Facebook Business Manager) and services (Google Display Network, Google Customer Match, Facebook Pixel, Facebook Lookalike Audiences, Facebook Custom Audiences) so that we may tailor our ads to your interests and the way you use social networks and other websites that also use the services of our advertising partners (e.g. Facebook, Google Search, Youtube, websites included in the »Google Display Network «, etc.). In these cases, we only share the personal information we collect through cookies and tracking pixel technologies with our advertising partners.

Also, our advertising partners may try to compare the information they receive from us with the information they already keep about you (e.g. in connection with your Facebook user profile or your Gmail email address) and consequently determine the optimal time and place (e.g. page, which you access) to display our ads. Our advertising partners also provide us with feedback on the reach and performance of our ad campaigns (i.e. aggregated data on ad clicks and purchases). If you do not want us to collect, share and process your data in the manner described above, you may not consent to the installation of cookies to your device when visiting our website, or you may delete cookies which have already been installed at any time. (see Chapter 4. Cookies). However, certain ads may still randomly appear to you while using social networks and other websites that use the services of our advertising partners.

If you agree to the installation of advertising cookies, we may also use the Google Customer Match service in order to share certain data (e.g. email addresses) with Google Inc. as (SHA256) encrypted data. Google Inc. in this case shall not receive actual email address data since the data shall be encrypted before the transfer and then compared with data Google Inc. may already have about a particular Google service user. The purpose of such transmission and comparison of data is to place certain individuals in groups based on their interests in order to better display our ads.

An accurate list of the data our partners collect for these purposes, the cookies and tracking pixels that make this possible, the advertising services which are also used in relation to this, as well as the storage time of the collected data and the procedure for removing an individual cookie can be found on https://www.byrokko.com/cookies .

You can read more about each individual advertising service of our advertising partners and tracking pixel technology here:

3.4.2 Hosting provider

Hosting our website and storing the data you provide to us via the website (e.g. in connection with communication via the contact form on the page, when placing an order, etc.), is stored by the following contractor as our contractual processor:

- MetaKocka, advanced web applications, d.o.o., Klemenčičeva ulica 1, 1000 Ljubljana, Slovenia, EU (https://metakocka.si/pravice.html ).

3.4.3. Service providers for sending "newsletters" and other commercial messages.

Service providers for sending electronic and other commercial messages, within which the email addresses or telephone numbers of those individuals who have explicitly agreed to such processing may be processed (see section 1.5.):

  • The Rocket Science Group LLC., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 United States, (service: Mailchimp) whose servers are located in the United States (https://www.byrokko.com/privacy ) - sending "newsletters" and other commercial emails.
  • Sinhro, družba za komunikacije, doo, Tehnološki park 21, 1000 Ljubljana, (https://www.sinhro.si ) - sending commercial SMS messages.

3.5. Exporting personal data to third countries and international organizations

As a rule, the company does not export personal data to third countries (i.e. outside of the European Union, Iceland, Norway and Liechtenstein) and to international organizations. Exceptions to this are the occasional transfer of certain technical and personal data to the servers of the abovementioned processors, which are located in the USA (e.g. the automatic transfer of certain data collected by cookies and tracking pixels that are provided by Google Inc. or Facebook Inc. to their servers, the entry of an email addresses into our tools for sending commercial messages, etc.), whereby the contractual processors concerned are former members of the Privacy Shield program (https://www.privacyshield.gov ) who after the 12th of July 2020 respect and have taken all security measures regarding the receipt or transfer of data that are considered appropriate at the time that this document has been prepared (i.e. the post privacy shield invalidation requirements).

You can obtain more detailed information on user categories, contract processors and data transfers by sending us your request to:

4. Cookies

For a list of cookies and to manage your cookie settings, please visit the subpage https://www.byrokko.com/cookies .

Cookies are small text files that most modern websites store on the devices of visitors, i.e. people who use their devices to access a particular website on the Internet.

We also use cookies on our website, which is indicated by a cookie pop-up when you first visit the website.

The popup window also reminds you that the installation of cookies which are not mandatory (e.g. which do not relate to the saving of your settings, adjusting the display dimensions of website to your device, etc.) for the normal functioning of the website:

  • s only done after obtaining the visitors express consent (i.e. clicking on the "load optional cookies" button when visiting the website for the first time) and,
  • and is under the visitors complete control, since the visitor can restrict or disable the storage of cookies in the browser he is using and remove the installed cookies at any time, by following the instructions available at https://www.byrokko.com/cookies .

The exact list of optional cookies which are provided by our advertising partners, the data that is processed by them as well as the data retention periods is available on the subpage "Cookies" - https://www.byrokko.com/cookies .

5. What rights do you have in connection with your personal data and how can you exercise them?

In connection with this general information on the processing of personal data or regarding the processing of your personal data by our company and our contractual processors, you can contact us at any time and without hesitation via [email protected]

You can also contact us on the email mentioned above in order to send us your specific requests and requirements and for exercising your other rights, which relate to your personal data and applicable local legislation or the GDPR.

As a data subject, the GDPR grants you the following rights:

5.1. Right of access to personal data (Article 15 of the GDPR)

You have the right to obtain from the company as the controller of personal data confirmation, whether personal data are processed in relation to you and, where applicable, request access to the personal data concerned together with the information referred to in Article 15 (1) of the GDPR:

5.2. Right to rectification of personal data (Article 16 of the GDPR)

The data subject has the right to obtain that the company, as the controller of personal data, corrects inaccurate personal data concerning him without undue delay.

The data subject has the right to supplement incomplete personal data, including the submission of a supplementary statement, taking into account the purposes of the processing. Regarding the above, an individual can contact the company via email at [email protected]

5.3. The right of erasure ("the right to be forgotten") (Article 17 of the GDPR)

The data subject has the right to request that the company, as the controller of personal data, corrects inaccurate personal data concerning him without undue delay.

Pursuant to Article 17 (3) of the GDPR, in certain cases you do not have the right to have your personal data deleted by the company (e.g. when the company processes data for the purposes of asserting, enforcing or defending legal claims).

5.4. The right to revoke consent or partially revoke consent

If, as an individual, you have consented to the processing of your personal data for one or more specific purposes (see point 1.3 of this general information on the processing of personal data), you have the right to revoke your consent (i.e. opt-out) at any time, without prejudice to the lawfulness of the processing of data carried out on the basis of consent until its revocation.

Your consent to the processing of personal data for the purposes described in this information is voluntary. Consent to data processing can be restricted or revoked at any time by contacting us at [email protected]

In the event of revocation of consent or partial consent, the company reserves the right, as far as possible, to cooperate with you only to the extent of the given consent or in the ways permitted by applicable law.

5.5. Right to limit processing (Article 18 of the GDPR)

As a data subject, you have the right to have the company, as controller, restrict the processing of your personal data when when certain cases, that are mentioned in the cited Article apply.

Where the processing of personal data has been restricted, such personal data, with the exception of their storage, shall be processed only with the consent of the data subject or to assert, enforce or defend legal claims or to protect the rights of another natural or legal person due to important interests of the European Union or the Republic of Slovenia.

Where the company, as the controller, achieves a processing restriction, it shall inform the data subject before lifting the processing restriction.

5.6. The right to data portability

As an individual, you have the right to receive personal information about you that you have provided to the company in a structured, commonly used and machine-readable form, and you have the right to pass this information on to other controllers, without being hindered by the company, when:

(a) processing is based on consent or a contract; and

(b) processing is carried out with automated means.

As a data subject, in exercising the right of portability, you have the right to have personal data transferred directly from one controller (e.g. the company) to another where technically feasible.

5.7. Right to object to processing (Article 21 of the GDPR)

As a data subject, you have the right, on grounds relating to your specific situation, to object to the processing of personal data concerning you where the processing is necessary for the performance of a task in the public interest or in the exercise of an official authority which has been granted to the company or where the processing is necessary for legitimate interests pursued by the company or a third party, except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular when the data subject is a child. The above also applies to the creation of profiles in such cases of processing.

In the event that you object, the company will stop processing personal data unless it can prove that the legitimate interests for processing outweigh the interests, rights and freedoms of you as a data subject, or that the processing is necessary for the enforcement, implementation or defense of legal claims.

When personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data relating to them for the purposes of such marketing, including the creation of profiles insofar as such direct marketing is concerned.

Where the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for those purposes.

As part of using information society services, you, as a data subject, can exercise your right to object to processing by automated means technical specifications.

Where data are processed for scientific or historical-research purposes or for statistical purposes, you as the data subject have the right to object to the processing of data relating to you for reasons related to your particular situation, unless the processing is necessary for the performance of a task carried out by reasons of public interest.

5.8. The right to lodge a complaint with a supervisory authority

If you believe that the processing of personal data carried out by the company in relation to you violates the rules on personal data protection, you, without prejudice to any other (administrative or other) remedy, have the right to lodge a complaint with the supervisory authority in the country in which you have your habitual residence, in which your place of work is located, or in which the violation allegedly occurred (in Slovenia the supervisory authority is the Office of the Information Commissioner of the Republic of Slovenia):

- Informacijski pooblaščenec, Dunajska 22, 1000 Ljubljana, Slovenia, EU, email: [email protected], phone: +38612309730, website: www.ip-rs.com .

A list of other national supervisory authorities and their contact information can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm .

6. Protection of personal data

The company carefully stores and protects personal data through organizational, technical and logical

technical procedures and measures to protect data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing to which you have not expressly consented.

To this end, the company has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, physically protection of material containing personal data in specially designated places, training of employees, etc.). The company also demands these security commitments from its contractual processors.

7. Automated processing and profiling based on consent

If you visit the website and consent to the installation of analytical cookies on your device (see Chapter 4. Cookies), such cookies will automatically process certain technical and personal data (e.g. the number of website visits, average time of each visit, the pages that were visited - for a detailed list, please see the subpage on cookies).

Performing advertising activities with the help of the tools and services of our advertising partners (see sections 1.5. and 3.4.1.) is also done in an automated way (i.e. without direct processing by our employees) and may result in the creation of user profiles on the part of our advertising partners, whereby they may collect, analyse and link certain economic, interest and behavioral indicator of our customers on our website and on other websites, so that the performance of our ads may be optimized and our marketing communications be more relevant (e.g. linking your visit of our website to the demographical information from your Facebook profile and your interest that you share on the social network for the purpose of optimizing the performance of our ads, linking your visit of our website to your visits of other websites and the products you have purchased for the purpose of optimizing the performance of our ads, linking the fact that you opened a marketing message and clicked on a link and made a purchase for the purposes of adjusting the offer in our next marketing message).

You may unsubscribe from the abovementioned automated processing of your personal data at any time by following the link contained in each email or SMS message, by deleting the relevant cookies (see the subpage on https://www.byrokko.com/cookies ) or by contacting us at [email protected]

8. Processing of personal data of persons under 16 years of age and persons with limited or deprived legal capacity

The company does not accept orders from persons under the age of 16 or persons with limited or deprived legal capacity. All such persons must leave the website immediately before confirming the installation of cookies, making a purchase or other performing other interactions with the website.

The purchase process was created following the principle of personal data minimization , whereby the company does not collect the age of its visitors or customers and any data relating to their legal capacity. As a result, the company does not have the means to economically and efficiently verify whether the use of the website, the execution of the purchase contract and the subsequent processing of the submitted personal data entail the processing of personal data of a person that is younger than 16 years of age or a person who does not have full legal capacity.

As a result, the company does not knowingly offer its products to persons under the age of 16 or persons with limited or deprived legal capacity and does not knowingly process any personal data related to them.

If the company subsequently finds out that it has processed the personal data of a person who is under the age of 16 or a person with limited or deprived legal capacity without the consent of his parent or guardian, the company shall do everything necessary to delete all provided personal data.

If the parents or guardian of the person under the age of 16 or a person with limited or deprived legal capacity find out that their child or the person in their care has used the online store of our website or has voluntarily provided his personal data to the company, they can inform the company about this and request the deletion of the relevant personal data at [email protected]

9. Who can you contact for further clarification regarding the processing of personal data in the company and regarding your rights?

You can contact us:

SHINE BROWN, proizvodnja, trgovina in storitve, d.o.o.
Preserje near Radomlje, Pelechova cesta 15
1235 Radomlje, Slovenija, EU

10. Final provisions

This general information on the processing of personal data may be updated from time to time in order to better reflect changes in data protection or for other operational and legal reasons.

If we change the contents of this general information on the processing of personal data significantly, we will publish a news item on our website.

This general information on the processing of personal data has been published on the 1st of July, 2021.


() ordered:
x
Accept

We use cookies to ensure you get the best experience on our website.