Privacy Policy

English version

Politika varstva osebnih podatkov

Namen politike varstva osebnih podatkov je seznaniti posameznike, uporabnike storitev, sodelavce, zaposlene ter druge osebe (v nadaljevanju: »posameznik«), ki sodelujejo z Vialco d.o.o. (v nadaljevanju: »organizacija«) o namenih, pravnih podlagah, varnostnih ukrepih in pravicah posameznikov glede obdelave osebnih podatkov, ki jih izvaja naša organizacija.

Cenimo vašo zasebnost, zato vaše podatke vedno skrbno varujemo.

Osebne podatke obdelujemo v skladu z evropsko zakonodajo (Uredba (EU) 2016/697 o varstvu posameznikov pri obdelavi osebnih podatkov in o pretoku takih podatkov (v nadaljevanju: »Splošna uredba«)), veljavno slovensko zakonodajo s področja varstva osebnih podatkov in drugo zakonodajo, ki nam daje pravno podlago za obdelavo osebnih podatkov.

Politika varstva osebnih podatkov vsebuje informacije, na kak način naša organizacija kot upravljavec obdeluje osebne podatke, ki jih prejme od posameznika na osnovi pravnih podlag.

UPRAVLJALEC

Upravljavec osebnih podatkov je organizacija:

POOBLAŠČENA OSEBA

V skladu z določilom 37. člena Splošne uredbe pooblaščene osebe nismo imenovali, če pa imate kakršnakoli vprašanja v zvezi z obdelavo vaših osebnih podatkov, se lahko vedno obrnete na nas na info@onexarchery.com.

OSEBNI PODATKI

Osebni podatek pomeni katerokoli informacijo v zvezi z določenim ali določljivim posameznikom; določljiv posameznik je tisti, ki ga je mogoče neposredno ali posredno določiti, zlasti z navedbo identifikatorja, kot je ime, identifikacijska številka, podatki o lokaciji, spletni identifikator, ali z navedbo enega ali več dejavnikov, ki so značilni za fizično, fiziološko, genetsko, duševno, gospodarsko, kulturno ali družbeno identiteto tega posameznika.

NAMENI OBDELAVE IN PODLAGE ZA OBDELAVO PODATKOV

Organizacija zbira in obdeluje vaše osebne podatke na naslednjih pravnih podlagah:

Izpolnitev zakonske obveznosti

Na osnovi določil v zakonu organizacija obdeluje podatke o svojih strankah. Organizacija na podlagi zakonske obveznosti za namene spletne prodaje obdeluje predvsem naslednje vrste osebnih podatkov: ime in priimek, telefonsko številko, davčno številko, naslov prebivališča, naslov elektronske pošte. Določene podatke prav tako obdelujemo in hranimo na podlagi davčne zakonodaje (podatki o izdanih računih). V omejenih primerih je v organizaciji dopustna obdelava osebnih podatkov tudi na osnovi javnega interesa.

Izvajanje naročila

V primeru, ko posameznik organizaciji posreduje svoje povpraševanje, ta predstavlja pravno podlago za obdelavo osebnih podatkov. Osebne podatke smemo tako obdelovati za izdelavo ponudbe. Če posameznik osebnih podatkov ne posreduje, organizacija ne more izdelati ponudbe, prav tako vam organizacija ne more izvesti storitve oziroma dostaviti blaga ali drugih produktov v skladu s povpraševanjem, saj nima potrebnih podatkov za izvedbo.

Prav tako bo določene osebne podatke posameznikov (ime, priimek, elektronski naslov, telefonska številka, podatki o plačilu, …) organizacija obdelovala za namen izdelave ponudbe, računa ter dostave blaga.

Zakoniti interes

Uveljavljanje pravne podlage zakonitega interesa je omejena za obdelavo s strani javnih organov pri opravljanju njihovih nalog. Vseeno pa lahko organizacija osebne podatke obdeluje tudi na podlagi zakonitega interesa, za katerega si organizacija prizadeva v omejenem obsegu. Slednje ni dopustno, kadar nad takimi interesi prevladajo interesi ali temeljne pravice in svoboščine posameznika, na katerega se nanašajo osebni podatki, ki zahtevajo varstvo osebnih podatkov. V primeru uporabe zakonitega interesa organizacija vedno opravi presojo skladno s Splošno uredbo.

Tako lahko posameznike občasno obveščamo o storitvah, dogodkih, ponudbah in drugih vsebinah preko elektronske pošte, preko telefonskih klicev in po navadni pošti. Posameznik lahko kadarkoli zahteva prekinitev tovrstnega komuniciranja in obdelave osebnih podatkov in prekliče prejemanje sporočil preko povezave za odjavo v prejetem sporočilu, ali kot zahtevek po elektronski pošti na info@onexarchery.com si ali z redno pošto na naslov organizacije.

HRAMBA IN IZBRIS OSEBNIH PODATKOV

Organizacija bo hranila osebne podatke le toliko časa, dokler bo to potrebno za uresničitev namena, zaradi katerega so bili osebni podatki zbrani in obdelovani. V kolikor organizacija podatke obdeluje na podlagi zakona, jih bo hranilo za obdobje, ki ga predpisuje zakon. Pri tem se nekateri podatki hranijo za časa sodelovanja z organizacijo, nekatere podatke pa je treba hraniti trajno. Osebne podatke, ki jih organizacija obdeluje na osnovi pogodbenega odnosa s posameznikom, organizacija hrani za obdobje, ki je potrebno za izvršitev pogodbe in še 6 let po njenem prenehanju, razen v primerih, ko pride med posameznikom in organizacijo do spora v zvezi s pogodbo. V takem primeru hrani organizacija podatke še 10 let po pravnomočnosti sodne odločbe, arbitraže ali sodne poravnave ali, če sodnega spora ni bilo, 5 let od dneva mirne razrešitve spora. Tiste osebne podatke, ki jih organizacija obdeluje na podlagi osebne privolitve posameznika ali zakonitega interesa, bo organizacija hranila do preklica privolitve ali do zahteve do izbrisa podatkov. Po prejemu preklica ali zahteve za izbris se podatki izbrišejo najkasneje v 15 dneh. Organizacija lahko te podatke izbriše tudi pred preklicem, kadar je bil dosežen namen obdelave osebnih podatkov ali če tako določa zakon.

Izjemoma lahko organizacija zavrne zahtevo za izbris iz razlogov iz Splošne uredbe, kot so našteti: uresničevanje pravice do svobode izražanja in obveščanja, izpolnjevanje pravne obveznosti obdelave, razlogi javnega interesa na področju javnega zdravja, nameni arhiviranja v javnem interesu, znanstveno- ali zgodovinsko raziskovalne nameni ali statistični nameni, izvajanje ali obramba pravnih zahtevkov. Po preteku obdobja hrambe mora organizacija osebne podatke učinkovito in trajno izbrisati ali anonimizirati, tako da jih ni več mogoče povezati z določenim posameznikom.

POGODBENA OBDELAVA OSEBNIH PODATKOV IN IZNOS

Organizacija lahko za posamezne obdelave osebnih podatkov na osnovi pogodbe o pogodbeni obdelavi zaupa pogodbenemu obdelovalcu. Pogodbeni obdelovalci lahko zaupane podatke obdelujejo izključno v imenu upravljavca, v mejah njegovega pooblastila, ki je zapisan v pisni pogodbi oziroma drugem pravnem aktu in skladno z nameni, ki so opredeljeni v tej politiki zasebnosti.

Pogodbeni obdelovalci, s katerimi sodeluje organizacija so predvsem:

Organizacija za namene boljšega pregleda in nadzora nad pogodbenimi obdelovalci in urejenosti medsebojnega pogodbenega razmerja, vodi tudi seznam pogodbenih obdelovalcev, kjer so navedeni vsi konkretni pogodbeni obdelovalci s katerimi organizacija sodeluje.

Organizacija v nobenem primeru ne bo posredovalo osebnih podatkov posameznika tretjim nepooblaščenim osebam. Pogodbeni obdelovalci smejo osebne podatke obdelovati zgolj v okviru navodil organizacije in osebnih podatkov ne smejo uporabiti za katerekoli druge namene.

Organizacija kot upravljavec in njeni zaposleni osebnih podatkov ne iznašajo v tretje države (izven držav članic Evropskega gospodarskega prostora – članice EU ter Islandija, Norveška in Liechtenstein) in v mednarodne organizacije, razen v ZDA, pri so čemer razmerja s pogodbenimi obdelovalci iz ZDA urejena na podlagi standardnih pogodbenih klavzul (tipske pogodbe, ki jih je sprejela Evropska komisija) in/ali zavezujočih poslovnih pravil (ki jih sprejme organizacija in potrdijo nadzorni organi v EU).

PIŠKOTKI

Spletna stran www.onexarchery.com ne uporablja piškotkov.

VAROVANJE IN TOČNOST PODATKOV

Organizacija skrbi za informacijsko varnost in varnost infrastrukture (prostorov in aplikativno sistemske programske opreme). Naši informacijski sistemi so med drugim zaščiteni s protivirusnimi programi in požarnim zidom. Uvedli smo ustrezne organizacijsko tehnične varnostne ukrepe, namenjene varstvu osebnih podatkov pred naključnim ali nezakonitim uničenjem, izgubo, spreminjanjem, nepooblaščenim razkrivanjem ali dostopom ter pred drugimi nezakonitimi in nepooblaščenimi oblikami obdelave. V primeru posredovanja posebnih vrst osebnih podatkov, jih posredujemo v šifrirani obliki in zaščiteni z geslom.

Posameznik je sam odgovoren, da svoje osebne podatke posreduje varno in da so posredovani podatki točni in verodostojni. Organizacija se bo trudila, da bodo osebni podatki, ki jih obdeluje, točni in po potrebi ažurirani, občasno se lahko na posameznika obrne za potrditev točnosti osebnih podatkov.

PRAVICE POSAMEZNIKA GLEDE OBDELAVE PODATKOV

V skladu s Splošno uredbo ima posameznik sledeče pravice iz varstva osebnih podatkov:

Pri uveljavljanju pravic iz tega naslova, oziroma v primeru, da posameznik meni, da so mu pravice kršene, se lahko za zaščito ali pomoč obrne na nadzorni organ, to je Informacijski pooblaščenec na spletni strani: https://www.ip-rs.si/.

Če želi posameznik uveljavljati katero koli od prej navedenih pravic, lahko pošlje zahtevek po elektronski pošti na info@onexarchery.com ali z redno pošto na naslov organizacije. Na zahtevo, ki se nanaša na pravice posameznika, bo organizacija odgovorila brez nepotrebnega odlašanja in v vsakem primeru v enem mesecu po prejemu zahteve. V primeru, da bi se ta rok ob upoštevanju kompleksnosti in števila zahtev, podaljšal (za največ dva dodatna meseca), boste o tem obveščeni. Dostop do posameznikovih osebnih podatkov in uveljavljene pravic je za posameznika brezplačno. Vendar pa lahko organizacija zaračuna razumno plačilo, v kolikor je zahteva posameznika, na katerega se nanašajo osebni podatki, očitno neutemeljena ali pretirana, zlasti če se ponavlja. V takšnem primeru lahko organizacija zahtevo tudi zavrne. V primeru uveljavljanja pravic iz tega naslova bo morebiti morala organizacija od posameznika zahtevati določene informacije, ki mu bodo pomagale pri potrditvi identitete posameznika, kar je le varnostni ukrep, ki zagotavlja, da se osebni podatki ne razkrijejo nepooblaščenim osebam.

Če ima posameznik kakršnakoli vprašanja v zvezi z obdelavo svojih osebnih podatkov, se lahko vedno obrne na našo organizacijo preko elektronske pošte na info@onexarchery.com ali z redno pošto na naslov organizacije.

OBJAVA SPREMEMB

Vsaka sprememba naše Politike o varstvu osebnih podatkov bo objavljena na spletni strani organizacije: onexarchery.com. Z uporabo spletne strani posameznik potrjuje, da sprejema in soglaša s celotno vsebino te politike varstva osebnih podatkov.

Politiko varstva osebnih podatkov je sprejela odgovorna oseba, dne 25. Marca 2023.

Privacy Policy

The purpose of the Personal Data Protection Policy is to inform individuals, service users, colleagues, employees and other persons (hereinafter referred to as "the individual") who interact with Vialco d.o.o. (hereinafter referred to as "the organisation") about the purposes, legal bases, safeguards and rights of individuals with regard to the processing of personal data carried out by our organisation.

We value your privacy and therefore always protect your data carefully.

We process personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the movement of such data (the "General Regulation")), applicable Slovenian legislation on the protection of personal data and other legislation that provides us with a legal basis for processing personal data.

The Personal Data Protection Policy contains information on how our organisation, as the controller, processes personal data received from an individual on the basis of legal grounds.

THE ADMINISTRATOR

The controller of personal data is the organisation:

AUTHORISED PERSON

In accordance with Article 37 of the General Regulation, we have not appointed an authorised person, but if you have any questions regarding the processing of your personal data, you can always contact us at info@onexarchery.com.

PERSONAL DATA

Personal data means any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

PURPOSES OF PROCESSING AND GROUNDS FOR PROCESSING

The Organisation collects and processes your personal data on the following legal bases:

Compliance with a legal obligation

Based on the provisions in the law, the organisation processes data about its customers. Based on the legal obligation, the organisation processes in particular the following types of personal data for the purpose of online sales: name and surname, telephone number, tax number, residential address, e-mail address. We also process and store certain data on the basis of tax legislation (invoice data). In limited cases, the organisation may also process personal data on the basis of public interest.

Execution of the contract

When an individual submits an enquiry to the organisation, this constitutes the legal basis for the processing of personal data. We are thus allowed to process personal data for the purpose of making an offer. If the individual does not provide personal data, the organisation cannot make the offer, nor can the organisation provide you with the service or goods or other products in accordance with the request, as it does not have the necessary data to do so.

The organisation will also process certain personal data of individuals (name, surname, email address, telephone number, payment details, etc.) for the purpose of making an offer, invoice and delivery of goods.

Legitimate interest

The assertion of the legal basis of legitimate interest is limited to processing by public authorities in the performance of their tasks. However, an organisation may also process personal data on the basis of legitimate interest, which the organisation pursues to a limited extent. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. In the case of the application of legitimate interest, the organisation shall always carry out an assessment in accordance with the GDPR.

As a result, we may from time to time inform individuals about services, events, training, offers and other content via email, telephone calls and ordinary mail. An individual may at any time request to cease such communications and processing of personal data and to opt-out of receiving communications via the unsubscribe link in the communication received, or as a request by email to info@onexarchery.com si or by regular mail to the address of the organisation.

STORAGE AND DELETION OF PERSONAL DATA

The Organisation will keep personal data only for as long as is necessary to fulfil the purpose for which the personal data were collected and processed. If the organisation processes the data on the basis of the law, it will keep the data for the period prescribed by the law. In this respect, some data will be kept for the duration of the cooperation with the organisation, while some data must be kept permanently. Personal data processed by the organisation on the basis of a contractual relationship with an individual will be kept by the organisation for the period necessary for the performance of the contract and for a period of 6 years after its termination, except in cases where there is a dispute between the individual and the organisation in relation to the contract. In such a case, the organisation shall keep the data for 10 years after the final decision of a court, arbitration or court settlement or, if there has been no court settlement, for 5 years from the date of amicable settlement of the dispute. Those personal data processed by the organisation on the basis of the individual's personal consent or legitimate interest will be kept by the organisation until the consent is withdrawn or until the data are erased. Upon receipt of a revocation or a request for deletion, the data shall be deleted within 15 days at the latest. The organisation may also delete the data prior to revocation where the purpose of the processing of personal data has been achieved or where required by law.

Exceptionally, an organisation may refuse a request for erasure on the grounds set out in the General Regulation, such as the following: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process, grounds of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defence of legal claims. After the retention period has expired, the personal data must be effectively and permanently erased or anonymised by the organisation so that it can no longer be linked to a specific individual.

CONTRACTUAL PROCESSING OF PERSONAL DATA AND EXPORT

The Organisation may entrust a contractual processor with the processing of personal data on the basis of a contractual processing agreement. Contract processors may process the entrusted data exclusively on behalf of the controller, within the limits of the controller's authorisation, which is enshrined in a written contract or other legal act and in accordance with the purposes set out in this Privacy Policy.

The contractual processors with which the organisation cooperates are mainly:

In order to improve the overview and control of the contractual processors and the regularity of the contractual relationship between them, the Organisation also maintains a list of contractual processors, which lists all the specific contractual processors with which the Organisation cooperates.

Under no circumstances will the Organisation transmit personal data of an individual to unauthorised third parties. Contract processors may only process personal data within the framework of the instructions of the organisation and may not use personal data for any other purpose.

The Organisation, as controller, and its employees do not export personal data to third countries (outside the Member States of the European Economic Area - EU Member States plus Iceland, Norway and Liechtenstein) and to international organisations, except to the USA, whereby the relationship with US contract processors is governed by standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the Organisation and approved by the supervisory authorities in the EU).

COOKIES

The www.onexarchery.com website does not use cookies.

DATA PROTECTION AND ACCURACY

The Organisation ensures information and infrastructure security (premises and application system software). Our information systems are protected by, among other things, antivirus and firewalls. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful and unauthorised forms of processing. In the case of transmission of special types of personal data, we transmit them in encrypted and password-protected form.

It is the individual's responsibility to ensure that his or her personal data is provided securely and that the data provided is accurate and reliable. The Organisation will endeavour to ensure that the personal data it processes is accurate and, where necessary, kept up to date and may from time to time contact the individual to confirm the accuracy of the personal data.

RIGHTS OF THE DATA SUBJECT WITH REGARD TO THE PROCESSING OF DATA

Under the GDPR, the data subject has the following data protection rights:

In exercising his or her rights under this Title, or if the individual considers that his or her rights have been infringed, he or she may, for protection or assistance, contact the supervisory authority, the Information Commissioner, at the following website: https://www.ip-rs.si/.

If the individual wishes to exercise any of the rights set out above, he or she may send a request by e-mail to info@onexarchery.com or by regular mail to the address of the organisation. The organisation will respond to the request concerning the rights of the individual without undue delay and in any event within one month of receipt of the request. Should this time limit be extended (by up to two additional months), taking into account the complexity and number of requests, you will be informed. Access to personal data and the exercise of rights is free of charge for the data subject. However, the organisation may charge a reasonable fee if the data subject's request is manifestly unfounded or excessive, in particular if it is repetitive. In such a case, the organisation may also refuse the request. In the case of the exercise of rights under this title, the organisation may need to request certain information from the data subject to help it confirm the identity of the data subject, which is only a precautionary measure to ensure that personal data are not disclosed to unauthorised persons.

If an individual has any questions regarding the processing of his or her personal data, he or she can always contact our organisation by email at info@onexarchery.com or by regular mail to the organisation's address.

PUBLICATION OF CHANGES

Any changes to our Personal Data Protection Policy will be published on our website: onexarchery.com. By using the website, the individual confirms that he/she accepts and agrees to the entire content of this Privacy Policy.

The Personal Data Protection Policy has been adopted by the responsible person on 25th March 2023.