General on data processing
The personal data controller is skaya tropicals, Jana Cindro s.p., Postojnska ulica 20, 1000 Ljubljana, Slovenia.
By opening and using the website, a variety of information and data are exchanged between your device and the server, including personal data under the EU General Regulation. Below we present the exchange of information and define the use, interest and reasons. The data processing software and marketing tools we use are fully compliant with the EU General Regulation so that your data is secure.
The website is available on https secure protocol, which provides encrypted connection and data exchange, and our servers are updated to the latest versions, which increases the level of security.
Personal data and processing
Personal data is information that identifies you as an identified or identifiable individual. The provider collects the following personal data, in accordance with the purposes set out below:
Basic user information collected only in case of order in the online store (name, surname, address of residence, delivery address, telephone number, e-mail)
Information about user purchases and sales invoices
Data from voluntarily completed forms by users
IP adress of used device
Date and time of access
Web page URL and referral URL (channel and campaign – method of obtaining the visitor or the source through which the visitor came to the website)
Web page retention time, number and URLs of pages visited, and total visit time
Type of browser that you use and the operating system used
The provider does not collect or process your personal data, except when you allow it, or consent, whether there is a legal basis for this and the provider has a legitimate interest in processing it.
Processing of data under a law or contractual relationship
Buy from the online store
In the case of the conclusion and performance of a contract with the provider (in the case of purchase in an online store), you must provide personal data for the purposes of entering into a contract. It is not possible to process an order in an online shop without the transfer of personal data. There is thus a legitimate interest of the tenderer in the performance of the contract under Article 6 of the GDPR.
Sending of promotional messages
In accordance with Article 2(2) of ZEKom-1, the provider may send you e-mails about sales campaigns or updates to your e-mail address that you provided at the time of your order, or you may have signed up with it in a pop-up box on the website to consent to receive promotional messages. Your e-mail address is not provided by the provider to a third party under any circumstances, and you always have the option to unsubscribe from receiving promotional messages by clicking on the link in the message itself. Your decision is always respected by the provider and the check-out takes place in an automated manner and takes effect immediately.
Processing of personal data on grounds of legitimate interest
According to the GDPR, the provider may also process the data on the basis of legitimate interest. The provider always strives to ensure that these interests are always overridden by the rights and freedoms of the individual or visitor of the website. If you do not wish to process the data or wish to delete or terminate the processing, you can let us know by e-mail firstname.lastname@example.org.
General statistical processing
For the purposes of optimizing the website, monitoring the correct performance of the website, analyzing sales, repur purchases and customer behavior, and for business optimization and business performance measurement, we use the Analytics tool Google Analytics. We use the tool to track sales by sales channels, how many customers make repur purchases, and in what quantity and value, we monitor responses to advertising campaigns and general survey statistics. We use IP address anonymization so that your IP address is never forwarded. After your IP address becomes anonymous, finding your data is no longer possible, so Analytics can't possibly connect your device to other Google data.
Access order and other data history
In the event of your call or e-mail, employees of the provider may, if you provide them with your personal information or account or order number, access your order history and personal information. Access can thus offer you a better service and offer and an effective solution to any complaints.
Personalized communication with existing and potential customers
We use personalized communication (via email, browser notifications or social networks) to present the relevant offer, send discounts and other content that might be of interest to you based on your past interactions with our website. To perform this kind of communication, we use your demographic information (gender, age and location), purchase history (purchased products, number of purchases), responses and product views (opening messages, clicks on links), and handling behavior and clicking on a website that can trigger personalized messages.
When using personalized communication, we never create user profiles, nor do we profile you or devote ourselves to your personal data, but we only process on the basis of larger groups, which makes it impossible to determine you as an individual.
Using Facebook Advertising Tool "Custom Audience"
The company also uses FacebookCustom Audience as part of the personalized communication mentioned in the previous item. We provide the Service on the basis of legitimate interest or as part of the consent obtained from your site. Facebook Custom Audience works by uploading your e-mail address you entered in the purchase process or by voluntarily entering it to Facebook and linking it to your facebook profile, if it exists. Facebook then adds you to the list of customized audiences, or custom audience, and allows us to show personalized ads in this way.
Processing of personal data on the basis of consent
The Provider may process and collect your personal data, if you give your consent, for the purposes of verifying and ensuring that you access and use your online account created by registering on the website, and for sending promotional messages and other content by e-mail, where there is no other legal basis for this and you have given your explicit consent to do so. The provider may also process and collect your personal data for other purposes, but only if you have been accurately informed of these intentions and have given express consent.
If you do not wish to process the data or wish to delete or terminate the processing, you can inform us by e-mail email@example.com.
Profiling potential and existing customers with explicit consent
On the basis of the consent given, the provider may carry out advanced personalised communication through different marketing channels. With this, we can present you with the best deals tailored to you based on your demographic information, your history of purchases, your behavior on the website, and your responses and clicks on the website. Based on the consent and personal information provided, we can thus create a user profile and serve the best and personalised offers on this basis.
Using the contact form
By using the contact form on the website, your data (content of the text and your e-mail address) are sent to our mail server owned by hitrost.com Internet Storitve d.o.o.. We store this information exclusively for the purposes of correspondence and we do not share it with third parties, nor do we use it for marketing purposes.
Place an order in the online store
The following information shall be recorded on the server by placing an order in an online store:
Device IP address and order date and time.
Your e-mail address and phone number, if you have entered it.
Your name, surname and address of the payer and any delivery address if it differs from the address of the payer.
Company tax number and company name if you entered this information.
Products you ordered and payment and delivery method.
If you choose to pay by credit card, our website never stores or in any way holds payment card data or payment processor access data that is not owned by us.
Our server transfers your data to an accounting program owned by a Slovenian company that meets the standards required by the EU General Regulation when the order is processed. We also transfer your data to the delivery services program, as this is necessary for processing and sending products to your address.
Retention of personal data
The provider shall keep your data for as long as necessary to achieve the purpose for which the personal data was collected and delived. If a specific law provides for the retention of data for a certain period, the provider shall then process that data in accordance with this Law.
If you have placed, completed and received the goods, then we store the order information on the server 2 years after taking the order from your site. We store the information exclusively to ensure that any complaints are quickly resolved under the warranty we offer. If you request the deletion of your data from our databases, we may delete the data earlier, except for account data that is not permitted under law and must be stored by the provider for 5 years.
Data in analytics tools (GoogleAnalytics) is deleted after 26 months.
Processing of personal data under contract
By using the Website, you are aware that the provider may also share your personal data with other contractual processors who can process the data exclusively on behalf of the provider and within the limits of the provider's authority. The company cooperates with the following contract processors:
The provider of the accounting program and the customer relationship management program,
Email provider (e.g. Google Mail, Mailchimp),
Payment system provider (e.g. Stripe),
Online advertising solution providers (e.g. Facebook, Google).
Your privacy means a lot to us, so your personal data will never be passed on by the provider to third parties, and the provider chooses exclusively verified contract processors that have the software regulated in accordance with the GDPR. Users do not send personal data to third countries outside the EU except the US. All contract processors that are in the U.S. are part of the Privacy Shield Association.
Your rights with regard to data processing and contact person
In accordance with Article 15, 16, 17, 18th, 20th and 21st articles of the EU General Regulation on the protection of personal data, you have the right to obtain information about your personal data stored with us, the right to rectification and supplementation of the data, the right to delete data, the right to restrict data processing, the right to refuse and the right to data portability.
You can request a printout of the data we hold by e-mail to firstname.lastname@example.org or in writing to the company address (Skayana Tropicals, Jana Cindro, s.p., Postojnska ulica 20, 1000 Ljubljana). You can also request the deletion or modification of the data at that e-mail address.
For more information on data processing and further questions, please contact the representative of our company, Jana Cindro, via the aforementioned e-mail or by written request to the aforementioned company address. We are also available on the phone number 031 489 234.