Preamble
With the aim to protect personal data in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation). The controller, as a company which, without exception, promptly and fully implements the regulations in all business sectors, particularly in those which are directly related to clients’ satisfaction and interests, hereby adopts and publishes this Privacy Policy.The controller is the company whose primary activity consists of sale, consulting, and distribution.The controller sells on his office premises and through a web shop present on this website. The controller’s activity is not focused on personal data nor does it imply extensive processing of natural persons’ personal data. While performing his regular business activity, the personal data which the controller encounters and processes is the data collected with consent for the purpose of realising a purchase.
The purpose of the document
The protection of the rights and freedoms of individuals regarding personal data processing requires the introduction of a Privacy Policy with the aim of familiarising the data subjects with the manner in which their personal data will be processed in the controller’s company, as well as what their rights are and how can they be exercised. This Privacy Policy therefore also ensures the transparency in relation to the functions and personal data processing and enables the data subject to familiarise himself with the rights related to data processing.
The value of personal data and the responsibility to protect them
Personal data is any data which is related to an individual whose identity has been established or can be established (“data subject”); an individual whose identity can be established is a person who can be directly or indirectly identified, particularly with the help of identifiers such as the name, identification number, location information, online identifier or with the help of one or more factors inherent to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
The personal data which the controller collects and processes when performing his activity represents a professional secret. The controller implements measures of technical and organisational security which ensure the lasting confidentiality of all personal data and also encompass the prevention of unauthorised access to personal data and equipment which he uses while processing data or their unauthorised use.
All data on users is safeguarded strictly and is available only to employees who need the data to carry out their work. All controller’s employees are liable for adhering to safe harbour principles.
Particular attention must be taken when handling personal data and it can only be used in accordance with the reason for which it has been collected.
We only collect the personal data which has been voluntarily provided to us or for which there is another legal basis for processing.
Personal data collection and processing
Personal data can only be collected in accordance with the legislation and ethical standards. It is permitted to process personal data only when there is a clearly defined and documented legal basis or a basis arising out of a contract, while all other personal data processing is permitted only with a clearly documented consent of the owner or his proxy.
We collect personal data solely when the data subject consents to it: when registering to the website or through various forms on the website.
The same data is used for the purpose of concluding a contract and to familiarise the seller with the shopping habits of the buyer, as well as for the purpose of information and the promotion of the seller’s products and services.
We primarily collect personal data:
- to respond to your inquiry as efficiently as possible;
- to perform the purchase contract;
- to promote our services and express the intent to conclude the contract;
- for our internal statistical processing of data;
- for the possibility of sending publications, brochures and other promotional materials;
- to perform our legal and contractual obligations;
- for our legitimate interest.
The controller processes personal data solely to the extent necessary to provide the service and achieve the above-mentioned goals. When storing data, personal data is stored in the least possible number of places where it is adequately protected.
If you execute a payment on our website by credit or debit cards, our business partner WSPay, who enables the stated service, provides the following Statement on the protection of personal data transfer.
As the party executing the authorisation and credit card charges, WSPay treats the personal data as the processor and treats the personal data in accordance with the General Data Protection Regulation and in accordance with the strict rules of the PCI DSS L1 regulations on the protection of data entry and transfer.
WSPay uses a 256-bit encryption SSL certificate and TLS 1.2 cryptographic protocol as the highest levels of protection for data entry and transfer.
Personal data which is used for the purpose of authorisation and payment, i.e., to perform the obligations from the contract or based on the contract is considered as confidential data.
To perform the contract (authorisation and payment), the following personal data of the buyer is necessary: Name and surname, e-mail, telephone, address, place, postal code, state, type of card, card number, card expiry date, card CVV.
WSPay does not process or use this personal data, except for the purpose of performing the contract for authorisation and payment.
WSPay guarantees that all conditions established by the personal data protection legislation in force for processors of personal data are met, particularly by undertaking all necessary technical, organisational and security measures and this is also specifically confirmed by the PCI DSS L1 certificate.
As the controller, we always provide you with the possibility of choice regarding the use of your data, including the possibility to decide whether you want your name to be removed from the lists used for marketing campaigns or not. We do not request you to send data in order to enable access to our websites.
Without your particular consent, the controller shall not transfer your personal data to unauthorised third parties, send you e-mails which are contrary to the Terms of use and you can unsubscribe from the recipient list of any e-mail at any moment. The controller stores the collected personal data until the data subject withdraws the personal data storage. The data subject can withdraw his consent to further collection, processing and use of personal data at any moment and the withdrawal for the storage of personal data can be requested by writing to the company’s address or by e-mail to info@kofer.hr. When you visit our websites, our web server always stores the name of your internet service provider, the website from which you visited us, the websites you browsed during the visit and the date and time of the visit. Our cookies do not contain specific personal information, so your privacy remains protected because it is not personal data, i.e., personal data collected in such a manner is not used to identify you.
The IP address is transferred with every request sent to the server so that the server knows where the answer has to be sent. The internet service provider (ISP) assigns an IP address to everyone when they connect to the internet. The ISP can track which IP address is assigned to individual users at any given moment. As long as the stored IP address is not deleted, theoretically, one could obtain the identity of the end-user through the ISP. That is why the controller does not store the IP addresses of the visitors but rather only uses them to recognise the session and defend from attacks. Therefore, the IP address is deleted directly after that so that the collected data is anonymous and that the identity of the end-user cannot be found out even through the intervention of the ISP.
This website uses cookies to enable or improve the user experience and functions offered. In order to provide you with a better user experience and full functionality of the website, this website stores your cookies. However, if you do not want it, you can reject them, but then there is a chance that the website’s functionality will be limited.
Moreover, personal data is stored only if you voluntarily place it at our disposal, e.g., through the registration, surveys, prize contests or to perform a contract.
The rights of data subjects
The controller enables the exercise of the data subjects’ rights. You have the right to request, at any given moment:
- the deletion of personal data (“the right to be forgotten”) if the processing of your personal data is no longer necessary in relation to the purpose for which it was collected or if you withdraw your consent for personal data processing or if you file a complaint regarding the processing of your personal data and prove that your legitimate interests for deleting the personal data take precedence over the controller’s legitimate interest for processing your personal data;
- the correction of personal data if some of your personal data has changed or if you noticed an error in your collected personal data;
- the transfer of personal data, i.e., to request the personal data which are related to you in electronic form and transfer them to a third party;
- a complaint if you oppose the purpose for which your personal data is processed;
- the restriction of personal data processing if you dispute the accuracy of the personal data, if you object to the deletion of personal data, instead requesting a restriction of their use; if the controller no longer needs your personal data for the purposes of the processing, but you request them for the submission, exercise or defence of your legal requests; if you have filed a complaint regarding the personal data processing.
You can exercise your rights electronically, without expenses, by contacting us at the e-mail address: info@https://www.artbottega.hr/wp-content/uploads/2022/07/Zasto-pravis-slona-od-mene-PW-1.png.hr.
Exceptionally, in case you request that confirmation be issued to you in another form, other than the electronic one, for the purpose of transferring personal data, the controller reserves the right to charge a reasonable fee for administrative costs necessary to issue an additional copy of the personal data..
Incident management
In case there is a security breach regarding personal data which could cause you significant damage, the company’s controller shall notify you about it without delay and take all necessary measures to eliminate the damage and limit or mitigate the harmful consequences that occurred due to the personal data security breach.
Transparency
If we decide to amend this Privacy Policy, the amendments shall be published on this website so that they can be viewed at any time.