PERSONAL DATA PROTECTION POLICY
Personal data controller and contact information
This policy applies to the processing (use) of any personal data carried out by Rotis d.o.o. (controller) or performed on behalf of the controller.
Information about the controller:
Rotis, družba za proizvodnjo in trgovino na debelo in drobno z mešanim blagom, d.o.o.
Brodišče 5, SI-1236 Trzin
Registration number: 3580881000
Tel: +386 (0)1 530 0960
Which data is processed
- Information on the use of our web pages (clicks on links, time spent on our web pages, which country and which web page the user accessed our site from, etc.) and response information to our e-mail messages (whether the message was opened, which links the user clicked on).
- The data we need to complete the contract and delivery of purchased goods (subject to purchase, price, delivery address, delivery time, way of payment, date of payment, information on complaints, invoice information, etc.).
Legal basis for data processing
We may process your personal data on the following legal basis:
- When processing of your personal data is necessary for the conclusion and fulfilment of a contract that you have concluded with us or when you asked for a quote from us
- When you have given a consent for processing your personal data for a specific purpose of processing, while you always have the right to revoke the consent (for example: for receiving personalised messages about our offer based on profile design)
- When we have a legitimate interest in processing your personal data (for example: when we send you an email because you left your contact on our website without finishing it and clicked the “Send” button)
Data processing purposes
We may use your personal data for one or more of the following purposes:
- Communicating with you regarding our services and answering your enquiries
- Conclusion of the contract and the fulfilment of our obligations arising from the concluded contract
- Market communication (sending e-mails, regular mail and SMS messages)
- Marketing communication on the basis of personalised or individualised offers and messages based on the creation of user profiles or groupings, each of which can receive market communication with different content. When creating profiles, we also monitor individuals’ activity (such as the time an individual spends on particular content, which content they are interested in and about opening e-mails) and the frequency and value of past purchases
- To enforce any legal claims and to settle disputes
- For statistical analysis on the use of our web pages
How long do we store your personal data and what happens to them afterwards?
We keep the basic personal data permanently or until you revoke your consent.
We keep your personal data that is processed on the basis of your consent permanently or until you revoke your consent.
We keep data on invoices for 10 years from the day of their issue.
We keep the data necessary for concluding and fulfilling the contract between you and us for 5 years from the fulfilment of the contract (delivery of goods).
After the expiry date, your personal data is effectively erased or anonymised, which means that we process them in such a way that they can no longer be associated with you.
Voluntary data disclosure and consequences of data non-disclosure
Personal data disclosure is voluntary. You are not obliged to provide us with your personal data, but if you don’t provide the data, you can not receive certain services or conclude contracts with us. Each time we receive personal data from you, we will indicate which is the data that results in the stated consequences.
Who has access to your personal data
We do not provide your personal data and ensure it is not revealed to third parties (outside the Rotis d.o.o.), except to those who have signed a contract with us, on the basis of which they perform certain tasks related to data processing and are obliged to comply with the legislation on processing and protecting of personal data (so-called contracted data processors). Contracted data processors we provide personal data for are:
– Marketing service providers
– Call studio providers
– Providers of sending email messages
– Providers of hosting and maintaining the website
Contractors may process personal data only in the framework of our instructions and may not process personal data for their own purposes. They are obliged, as are their employees, to protect the confidentiality of your personal data.
Contracted personal data processors don’t transfer data to third countries (outside the European Economic Area member states – the EU member states, Iceland, Norway and Liechtenstein).
The rights you have regarding personal data, how can you revoke your consent for processing it and what are the consequences of revocation
You have the following rights regarding your personal data:
- To ask us at any time:
- To confirm whether we process your personal data
- To access your personal data as well as the following information: Processing purposes; types of personal data; users or categories of users to whom personal data have been or will be disclosed, in particular to users in third countries or international organisations; the planned period of storage of personal data or, if that is not possible, the criteria used to determine that period; the existence of automated decision-making, including creating of profiles and the reasons for it, as well as the significance and expected consequences of such processing for you
- For one (free of charge) copy of personal data in the form that you specify (if the request is provided by electronic means of communication and you do not request otherwise, the copy shall be provided in electronic form); we can charge a reasonable fee for additional copies you request, taking into account the costs
- To correct any inaccurate personal data
- For processing restrictions when:
- You argue the accuracy of your personal data, for a period that allows us to verify the accuracy of your personal data
- The processing is illegal and you oppose to the deletion of your personal data and, instead, request a restriction on its use
- We don’t need your personal data for processing purposes anymore, but you need it to execute, enforce or defend legal claims
- Deletion of all your personal data (the right to forget), if the conditions set out in Article 17 of the General Data Protection Regulation are fulfilled, and in particular when you revoke the consent for your personal data processing
- Extract of personal data in a structured, widely used and machine-readable form, with the right to forward this information to another controller without us hindering you in doing so
- Termination of the use of personal data for direct marketing purposes, including the creation of profiles
- That you are not subject to a decision based solely on automated processing, including profiles creation, if the assumptions of Article 22 of the General Data Protection Regulation are met
- The right to file an appeal against us with the Information Commissioner if you believe that the processing of your personal data violates the General Data Protection Regulation
Procedure of exercising rights
You may address your requests regarding the exercise of your rights regarding your personal data in writing to any contact listed at the top of this document under the Personal data controller and contact details.
We may require additional information from you for the purposes of reliable identification in the case of exercising your rights regarding your personal data, and we can deny the action only if we are able to prove that we can’t reliably identify you.
Upon your request for exercising your rights related to personal data, we must respond without undue delay, and no later than one month after receiving your request.