1. WE CARE ABOUT YOUR PRIVACY
2. WHICH CATEGORIES OF PERSONAL DATA DO WE COLLECT AND WHY?
2.1 Process Orders Made via our Website
We collect information regarding your name (first name and last name), date of birth, e-mail address, telephone number, address, diploma, company name, VAT number and other needed details needed to proceed with the order. We process the collected information for the purpose of administering your order, including to communicate with you regarding the order (e.g. for support purposes in the event of any issues with the delivery of the items), and to fulfill our contractual obligations in relation to you. There is no way of being a customer of Cosmovit if you do not accept the handling of the above stated personal information. Cosmovit will keep your information as long as you are a customer of the company and for another 36 months for above written purposes. Thereafter they will be saved in accordance to certain law requirements. After this time has passed your personal information will be deleted. Furthermore, when paying via the Website you need to provide further information, such as debit or credit card information. We use third party payment providers in order to process payments via the Website. The payment providers are data controllers for their own processing of your personal data in order to process payments. The provision of the categories of personal data outlined above is required in order for us to administrate your order. If you do not provide the required information, we will not be able to process your order. We keep information regarding your order and transaction, including any support email relating to the order should any issues arise with the delivered products and for accounting purposes.
2.2 Use of the Website and Newsletters
2.3 Direct Marketing and Surveys
Based on your consent we may process your email address to send direct marketing information to you in order to satisfy our legitimate interest of informing you of offers in relation to our products and services. We may also process information regarding your order history, order value, payment method used and from which country you accessed our Website in order to send you relevant and tailored offers via e-mail and other similar ways of electronic communication. You have the right to at any time oppose to our processing of your personal data for direct marketing purposes and de-register from future communications from us, please see contact details below. Furthermore, we may process your name, e-mail address and order history to carry out customer surveys in order to satisfy our legitimate interest of obtaining further knowledge of how our customers view us and our products and services. The individual results of the surveys are only retained during such period that it takes for us to compile the result on an aggregated level and is thereafter deleted. The aggregated information is retained until further notice.
2.4 Statistics and Business Development
We may process the personal data that you provide to us, including location, purchased product categories and information regarding payment method, when using our Website for statistical purposes, e.g. in order to see how many individuals in a certain age range have purchased our certain product. This statistical information may be used for business development purposes. The processing of your personal data is necessary in order to satisfy our legitimate interest of continuously improving our business and providing new products and services.
3. WHO HAS ACCESS TO YOUR PERSONAL DATA?
3.1 Third Party Payment Providers
Your personal information could come to be handled by a so-called data processor that helps in our communication with you. This data processor will only handle your personal information in accordance with the guidelines for which it was collected. We use third party payments providers to handle payments via our Website. In order to administer the order and for the performance of the agreement between you and us, we will disclose information regarding your name, address, order information, and debit or credit card information and device used for purchase to the third-party payment provider. As stated above, the payment providers are data controllers for their own processing of your personal data in order to process payments.
3.2 Delivery and Storage Partners and other Third-Party Service Providers
In order to handle orders, we use third party delivery service and storage partners. As such, for the purposes of administering the order and to fulfil our contractual obligations in relation to you we will share your personal data, including your name, address and telephone number in addition to order information with our delivery and storage partners. Moreover, we may for the purposes outlined above in Section 2 engage additional third-party service providers not mentioned in this section, e.g. to carry out customer surveys and to send tailored offers. The third-party service providers that we engage are contractually obligated to only process your personal data in accordance with our strict instructions and may not use your data for their own purposes. Additionally, they are obligated to implement technical and organizational security measures to protect and safeguard your personal data.
3.3 Other Third Parties
Finally, we may process and disclose the personal data that you have provided to other third parties than outlined above in order to fulfil our legitimate interest of complying with applicable law and regulations and lawful regulatory requests or relevant orders from competent courts and public authorities and to establish, exercise and defend legal claims. Additionally, we may disclose your personal data to third parties in case of a merger or a transfer of assets in order to fulfil our legitimate interest of carrying out such merger or transfer of assets.
All these processors are controlled by data processing agreements providing the same protections of your personal data.
4. WHAT ARE YOUR RIGHTS?
Just as we have our rights and obligations to process your personal information, you also have certain rights to process your personal data. These rights include:
- Right of access: In accordance with Art. 15 GDPR, you may have the right to obtain confirmation from us as to whether or not your personal data is processed by us, and, where that is the case, to request access to your personal data. The information about personal data processing includes the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom your personal data have been or may be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. Also, you may have the right to obtain a copy of your personal data undergoing processing. For additional copies requested, we may charge a reasonable fee based on administrative costs.
- Right to rectification: In accordance with Art. 16 GDPR, you may have the right to obtain from us the rectification of inaccurate personal data. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): In accordance with Art. 17 GDPR, you have the right to request that we delete your personal data. Please keep in mind that we may keep your personal data if it is still necessary for:
1. Fulfilling our legal obligation;
2. Archival, historical, or scientific research or statistical purposes; or
- Determination, exercise, or defense of our legal claims.
- Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. In this case, the respective personal data will be marked accordingly and may only be processed by us for certain purposes.
- Right to personal data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and/or to request the transfer of this personal data to another entity.
- Right to object: If you have given your consent to the processing of your data in accordance with Art. 7 III GDPR, you may revoke your consent at any time in the future. The declaration of revocation must be addressed to us and must be presented in writing or delivered by email or fax.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
We use party delivery and storage partners which are based outside the EU. As such, your personal data may in connection with a purchase be transferred outside the EU/EEA to countries which do not have the same level of protection for personal data as countries within the EU/EEA. In order to ensure that your personal data is adequately protected, we ensure that there are appropriate safeguards in place by way of data transfer agreements which include standard data protection clauses adopted by the EU Commission. As of 25 May 2018, you have the right to receive a copy of the clauses by contacting us on the contact details below.third
6. HOW WILL WE NOTIFY YOU OF CHANGES TO THIS NOTICE?
7. YOUR CONSENT.
8. CONTACTING US.
Regist. no: 6836852000
Address: Pot v Smrečje 3, 1231 Ljubljana, Slovenia