Content:
- Introduction
- Contact details of the controller and of the data protection officer
- Personal data
- Basis for processing and purpose of processing
- Recipients of personal data, contractual data processing and transfer of personal data to third countries (countries that are not members of the European Union or the European Economic Area)
- Personal data storage period
- Personal data protection
- Users’ rights in personal data protection
- Procedure to exercise rights
- Right to lodge a complaint regarding personal data processing
- Policy validity
1. Introduction
Pinal d.o.o., Savska
Loka 20, 4000 Kranj (hereinafter: “Pinal” or “controller”), is dedicated to
responsibly handling the personal data of our clients, potential clients, Pinal
website visitors and any natural persons who reveal their personal information
when contacting us (hereinafter: “users”), so we are implementing this Personal
Data Protection Policy (hereinafter: “Policy”) to inform our users in a
transparent, easy to understand way using plain language about the purpose, the
legal ground for the processing of their personal data and their rights
regarding the processing, as they are afforded to them under the Personal Data
Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia no.
94/2007) and the Regulation (EU) 2016/679 of the European Parliament and
Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC (hereinafter: “General Data Protection
Regulation”).
Terms, such as “controller”, “processing”, “restriction of processing”,
“processor”, “profiling”, “pseudonymisation”, “third party” and “company”, used
in this Policy have the meaning as stipulated in the General Data Protection
Regulation.
In accordance with the General Data Protection Regulation, the Policy covers
the following areas:
- Contact details of the controller and of the data protection officer,
- purposes and legal basis for processing various types of users’ personal data, including profiling the users’ personal data,
- recipients of the personal data, contractual data processing and the transfer of personal data to third countries,
- storage period for different categories of personal data,
- security of the personal data,
- users’ rights regarding the processing of their personal data,
- procedure to exercise users’ rights regarding personal data processing,
- the right to submit a complaint about personal data processing.
2. Contact details of the controller and of the data protection officer
The controller of the users’ personal data is Pinal d.o.o., Savska Loka 20, 4000 Kranj. Pinal has designated a data protection officer, who can be reached by e-mail at 4U@collagen36.com.
3. Personal data
Personal data constitutes any information that identifies you as an identified or identifiable natural person. The user is identifiable when they can be directly or indirectly determined, especially using an identifier, such as the name, identification number, location data, an online identifier or by stating one or more factors specific to the user’s physical, physiological, genetic, mental, economic, cultural or social identity. In accordance with the purposes stated in the following chapters of the Policy, the controller collects the following personal data:
- basic information on the user (full name, title, occupation and other information about the employer),
- contact information and information about the user’s communication with the controller (e-mail, telephone number, date, time and contents of the postal or e-mail communication, date, time and duration of phone calls),
- channel and campaign – manner of gaining the user’s consent or the source through which the user came into contact with the controller (website and advertising campaign or promotion),
- data on the user’s use of the controller’s website (dates and hours of visits to the site, visited pages or URLs, duration of time spent on a website, number of visited pages, total time spent on the website, performed settings on the webpage) and usage data on received messages (e-mail, SMS) from the controller,
- data from voluntarily filled in forms on the controller’s website, e.g. for prize contests,
- other data the user voluntarily submits to the controller when requesting certain services that demand such data.
The controller does not collect or process the user’s personal data without their expressed consent, i.e. when ordering products or services, subscribing to e-newsletters, participating in a prize contest etc., when there is a legal basis for the collection of the personal data, the processing is necessary to execute contractual obligations or when the processing is necessary for legitimate interested pursued by the controller (hereinafter: “legitimate interest”).
4. Basis for processing and purpose of processing
Pinal will process your personal data for one of the purposes listed below based on the following legal basis:
- your agreement or consent,
- for compliance with the legal obligations of the controller,
- based on legitimate interest,
- for compliance with their contractual obligation.
Pinal will process your personal data solely for the purposes, for which they were collected and will not process them for purposes that are not compatible with the purposes, for which they were collected. Pinal collects only that personal data from the user that is vital for achieving a set purpose.
Processing to fulfil contractual obligations
In certain cases, processing personal data is vital for the execution of the controller’s contractual obligations. If the user does not provide the necessary personal data, the controller is unable to finalize a contract with the user or perform services.
The controller will process your personal data to perform contractual obligations for the following purposes:
- business Cooperation Agreement,
- carrying out activities stated in the cooperation agreement,
- communicating with contracting parties and other contact persons for the purposes of executing an activity stated in the cooperation agreement.
Processing based on consent or agreement
Based on your written consent, Pinal will process your personal data for the following purposes:
- sending e-mails for the purpose of informing about training courses, new features (in standards and in publications), services as well as events at the controller or third person,
- for contacting on the phone for the purposes of presenting professional system solutions to the user or employer (by prior appointment also at their location),
- for publishing in media and on websites with the basic purpose of promoting the user,
- for monitoring the user’s reading of sent e-mails, including which e-mail you opened or did not open, which links you clicked (which contents you read), how long you were reading them or surveyed certain contents,
- for segmenting users based on the factors from the previous paragraph and for further sending adapted (individualized) e-mails, which means different users can receive e-mails with different contents for the purpose of a better (more relevant) informing and achieving a higher level of response to the received e-mails,
- for the purposes of analysing the user’s pattern-of-life on the website: from where the user came to the website (source of the traffic), for monitoring their activities on the website, which websites they visited, which contents they downloaded or viewed,
- for segmenting users based on the facts from the previous paragraph and further sending adapted (individualized) messages through multichannel communication, which means different users can receive messages with different contents for the purpose of a better (more relevant) informing of individuals and reaching a higher level of user enthusiasm,
- for all other purposes for which you expressly agree in cooperating with the controller.
Any time you give consent for the processing of your personal data, the consent can be withdrawn at 4U@collagen36.com.
Processing is necessary for completing Pinal legal obligations
Your personal data is also processed when required of us by the law. One example of such processing is processing your personal data for the purposes of judicial or administrative processes.
Processing based on legitimate interest for which Pinal strives
The controller can also process data based on legitimate interest, except when this interest is overruled by interests or basic rights and freedoms of the user to whom the personal data requiring data protection applies. In the case of using legitimate interest, the controller’s judgement always complies with the General Data Protection Regulation.
In certain cases, Pinal can, for further processing of your personal data based on legitimate interest that was collected based on one of the aforementioned legal basis (consent, contract), implement certain safeguards for the protection of your personal data, such as pseudonymisation, encryption, processing in an aggregated form and/or deleting certain categories of personal data.
Pinal will process your personal data based on a legitimate interest for the following purposes:
- Marketing, business and other technical analyses, such as analysing and determining which organizations the event attendees are coming from and what functions they perform in these organizations, for keeping records of how many and which events a user attended, for keeping records of awarded receipts, certificates and licences of event attendees.
- Preventing fraud, ensuring safety, submitting claims or defence of legal claims in court proceeding or administrative procedures. This allows the controller to process your personal data in cases of suspicion of fraud in an appropriate and proportional scope for the purpose of identifying and stopping potential fraud and deceit and can, if appropriate, forward the data to the police, the Prosecutor’s Office or other competent authority.
- Direct marketing, including creating user profiles, based on legally acquired personal data. The stated processing can be objected to in accordance with the chapter Right to Object in this Policy.
5. Recipients of personal data, contractual data processing and transfer of personal data to third countries (countries that are not members of the European Union or the European Economic Area)
Your personal data can be accessed solely by Pinal employees and authorized processers of personal data.
Pinal will never forward your personal data to unauthorized third persons.
By using Pinal websites and other services, you agree that Pinal may entrust individual tasks about your personal data to its authorized processers of personal data. The listed processers can process your personal data exclusively in the name and in accordance with Pinal’ written instructions, within the limits of the authorization, as stated in the agreement between Pinal and the processor, and in accordance with the purposes as stated in the Policy. The processors of your personal data may under no circumstances use your personal data to pursue any kind of personal interest.
- The FrodX d.o.o. company, Celovška cesta 280, 1000 Ljubljana, has contracts with Pinal for the purposes of performing digital marketing activities and information system maintenance: Business Cooperation Agreement, Data Protection Agreement and Data Processing Agreement.
6. Personal data storage period
The controller will not process personal data longer than necessary to achieve the purposes for which the personal data was collected and further processed.
The personal data processed by Pinal is processed in compliance with the agreement and is stored by Pinal for the period that is necessary to complete the contract and for 5 years after its completion, except in cases when a disagreement arises about the contract between you and the controller. In that case, Pinal keeps that data for 5 years after the finalized court judgements or arbitration decisions or settlement, or in the case of no litigation, for 5 years after the dispute has been resolved peacefully.
The personal data processed by Pinal based on the law is stored by Pinal for the legally determined duration of time.
The personal data processed by the controller based on your personal consent or legitimate interest are kept by Pinal permanently until you withdraw your consent or submit a request that the processing be terminated. Pinal will delete such data before they are withdrawn only if the purpose of the processing of the personal data has been achieved or if it is determined by the law.
After the storage duration period has elapsed, Pinal will effectively and permanently delete or anonymize your personal data so that it can no longer be traced back to you.
7. Personal data protection
Pinal is dedicated to protecting your personal data. They prevent any unauthorized access to it, their use and their revelation with the following measures:
- The data is protected with the workspace, equipment and system software, including input-output units.
- The data is protected by application software that is used for processing personal data.
- Pinal prevents unauthorized access to personal data during their transfer, including forwarding using telecommunication means and networks.
- Pinal enables an effective way of blocking, destroying, deleting or anonimizing personal data after the purpose, for which they were collected, ceases.
- Pinal enables later detection of when individual data that had been entered into the personal data database were used, forwarded or otherwise processed and by whom.
Unauthorized access to personal data, their use and revelation is prevented by Pinal with the following safety technologies and procedures:
- controlling physical access,
- locking rooms, closets, computers,
- storing carriers of personal data in secured rooms,
- preventing office maintenance workers, clients and other visitors of the controller’s offices from having any consultation with the personal data,
- preventing password use to persons who have not been directly assigned to the stated purpose,
- limiting data transfer by the employees,
- controlling the number of copies and data transfer,
- limiting, documenting and securing the transfer of the data through telecommunication networks,
- preventing insight into the data to persons whose employment contract has been terminated,
- strictly separating their data from the data of any other possible controllers.
8. Users’ rights in personal data protection
In accordance with the General Data Protection Regulation, Pinal guarantees you the following rights relating to personal data protection, which are further elaborated in the following chapters of the Policy:
- right of access to the data,
- right to rectification,
- right to erasure (“right to be forgotten”),
- right to restriction of processing,
- right to data portability,
- right to object.
Right of access to the data
You have the right to obtain confirmation from Pinal as to whether or not they are processing your personal data, and, where that is the case, you have the right to access your personal data and the following information about personal data processing:
- the purposes of the processing,
- the categories of personal data,
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the user or to object to such processing,
- the right to lodge a complaint with a supervisory authority,
- where the personal data are not collected from the user, any available information as to their source,
- the existence of automated decision-making, including profiling, and meaningful information about the reasons for it, as well as the significance and the envisaged consequences of such processing for the user.
Based on your request, Pinal will provide you with a free copy of your personal data undergoing processing. For any further copies you request, Pinal will charge a reasonable fee based on administrative costs.
Right to rectification
You have the right to obtain from Pinal without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (“right to be forgotten”)
You have the right to obtain from Pinal the erasure of personal data concerning you without undue delay and Pinal shall have the obligation to erase your personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- you withdraw consent on which the processing is based, and where there is no other legal ground for the processing,
- you object to the processing pursuant the controller’s legitimate interest and there are no overriding legitimate grounds for the processing,
- you object to the processing for the purposes of direct marketing,
- the personal data have to be erased for compliance with a legal obligation in accordance with EU or Slovenian State law.
Where Pinal has acted in accordance with the Policy and has made your personal data public, Pinal shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user has requested the erasure of any links to, or copy or replication of those personal data.
Right to restriction of processing
You have the right to obtain from Pinal the restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of your personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- When Pinal no longer needs the personal data for the purposes of the processing, but you required them for the establishment, exercise or defense of legal claims.
- You have objected to processing, pending the verification whether the legitimate grounds of the controller override yours.
Right to data
portability:
You have the right to receive personal data concerning you, provided by Pinal,
in a structured, commonly used and machine-readable format and have the right
to transmit those data to another controller without hindrance from Pinal to
which the personal data have been provided, when:
- the processing is based on consent or agreement, and
- the processing is carried out by automated means.
Right to object
On grounds relating to your particular situation, you have the right to object,
at any time to processing of your personal data, if your objection is based on
legitimate interests pursued by Pinal or a third party. Pinal shall no longer
process the personal data unless they demonstrate compelling legitimate grounds
for the processing which override your interests, rights and freedoms or for
the establishment, exercise or defense of legal claims. Where personal data are
processed for direct marketing purposes, you have the right to object at any
time to processing of your personal data for such marketing, which includes
profiling to the extent that it is related to such direct marketing. If the
direct marketing is based on consent, the right to object can also be achieved
by withdrawing the personal consent.
9. Procedure to exercise rights
All the aforementioned claims on exercising rights regarding your personal data can be addressed in written form to the controller at the e-mail address 4U@collagen36.com or by post to the address Pinal d.o.o., Savska Loka 20, 4000 Kranj, Slovenia.
If you submit your claim, in accordance with the previous paragraph, using
electronic means, the information, where possible, will be provided to you in
electronic means, unless you request otherwise.
The controller can, for the purposes of reliable identification in cases of claiming rights on personal data, request additional information from you that is necessary to confirm your identity, and may decline acting in accordance with this chapter only in the event that they cannot reliably identify you.
The controller will respond to your request exercising your rights regarding your personal data without undue delay in no more than a month after receiving the claim. Pinal can extend the deadline to comply with the rights for no more than two additional months, taking into account the complexity and number of claims. If Pinal extends the deadline, they will inform you about the extension within one month of receiving the claim, including the reasons for the delay.
If your claims regarding this chapter are obviously unfounded or excessive, especially when repetitive, Pinal can:
- charge a reasonable fee based on administrative costs of forwarding the information or the claim or of processing the claim,
- decline to act on the claim.
10. Right to lodge a complaint regarding personal data processing
You can send any potential complaint regarding the processing of your personal data to the e-mail address 4U@collagen36.com or by post to the address Pinal d.o.o., Savska Loka 20, 4000 Kranj, Slovenia.
You have the right to lodge your complaint directly to the Information Commissioner, if you believe processing your personal data is infringing on Slovenian State or EU rules on personal data protection.
11. Policy validity
This Policy enters into force on 25 May 2019 and can be changed or amended at any time.