Personal data protection statement
Širimo dobro besedo d.o.o. hereby undertakes to handle the personal data of customers and other registered users, obtained via the www.cosmethicallyactive.com, in accordance with valid regulations governing the protection of personal data (General Data Protection Regulation – Regulation (EU) 2016/679 (EU GDPR) and Personal Data Protection Act, Official Gazette of the Republic of Slovenia, No. 94/07; hereinafter: the ZVOP-1).
In accordance with the EU GDPR and ZVOP-1, Širimo dobro besedo d.o.o. may, as data manager, only process the personal data of subscribers, customers and other registered users if an individual gives their personal consent. By providing their personal consent, an individual agrees that their personal data may be processed for specific purposes. That personal consent shall be given based on information provided to the user by Širimo dobro besedo d.o.o. Personal consent may be given in writing, orally or in the form of other relevant consent. In the case of the CosmEthically ACTIVE website, personal consent shall be deemed the action of an individual who when subscribing to the newsletter, registering or making an online purchase confirms that they accept and agree with the general terms and conditions by checking the relevant box and/or clicking on the button ‘Confirm’ or ‘Subscribe’.
Definition of important terms
Registration for the newsletter and notifications regarding new announcements
A visitor may register for the monthly newsletter, notifications regarding new announcements or notifications regarding courses and other new developments by completing the registration form and indicating which content they wish to receive. In doing so, they shall become a subscriber to the content of the CosmEthically ACTIVE website. A customer may also subscribe to the monthly newsletter or other notifications when making a purchase by checking the box confirming that they wish to receive the newsletter. In order to register for the newsletter, and notifications regarding announcements and courses, an individual’s consent shall be required for each separate activity. A subscriber shall provide the data manager the following information at the time of registration:
email address;
name and surname; and
an indication of which information they wish to receive.
Registration for the newsletter and notifications shall only be possible by providing all required data and agreeing to the terms and conditions of data processing. A subscriber may cancel the receipt of the newsletter and notifications at any time.
2.1 Cancellation of a subscription
If a subscriber wishes to deregister, they may do so by clicking the link ‘Unsubscribe’ found at the bottom of each message, or by deregistering in writing via email to info@cosmethicallyactive.com. The data manager shall erase the subscriber’s personal data following final confirmation of deregistration. Cancelling their subscription means that a subscriber will no longer receive any notifications.
2.2 Subscription termination
If a subscriber is inactive (i.e. does not open the newsletter and notifications sent to them) for more than one year, their subscription to the newsletter and notifications will be automatically terminated. The subscriber will be informed accordingly via email to the address they provided. In this case, the data manager shall erase the personal data of the subscriber, who will no longer receive any notifications.
2.3 Scope of processed personal data and purpose of the collection thereof
The data manager shall process the following personal data entered by a subscriber in the registration form: email address, name and surname. When a subscriber registers, the data processor shall also obtain data regarding the subscriber’s location or IP address, device and program or application they use to read the newsletter. That data shall be obtained with the help of cookies or web beacons. You can read more about the processor’s terms and conditions at: https://mailchimp.com/legal/privacy/.
The data manager shall process the personal data received from subscribers for the purpose of sending notifications regarding the latest announcements and for the direct marketing of services, products and other activities. The term ‘direct marketing’ shall mean the use of an individual’s personal data for the purpose of offering goods or services (e.g. courses) through the use of postal services, telephone calls, email or other telecommunication channels (e.g. statistical processing, customer segmentation, the analysis of past purchasing habits, notifications regarding the latest developments, the sending of offers, advertising materials, magazines and invitations to events, and telephone, written and electronic surveys).
The term ‘personal data processing’ shall mean any action or series of actions performed in connection with personal data that are automatically processed, are a part of a collection of personal data used in manual processing or are intended for inclusion in a collection of personal data, in particular collecting, obtaining, entering, sorting, saving, altering or changing, recalling, viewing, using, disclosing via transfer, notifying, disseminating or otherwise making available, categorising or linking, blocking, anonymising, erasing or destroying data. Processing may be manual or automated (processing means). The purposes of collecting, processing, saving and using personal data from the CosmEthically ACTIVE website shall include: statistical processing, and the sending of the newsletter, notifications and offers, advertising materials and invitations to events.
Processing of data in connection with online orders
Submission of online orders
When submitting an online order, a customer shall provide the data manager the following data:
name and surname;
address, and place of temporary or permanent residence;
email address; and
telephone number.
3.1 Scope of processed personal data and purpose of the collection thereof
The data manager shall process the following personal data entered by a subscriber in the registration form: email address, name and surname, address, and place of temporary or permanent residence.
At the time of registration, the data manager shall also obtain data regarding a user’s location or IP address. That data is obtained with the help of cookies or web beacons. The data manager shall process the personal data received from a customer for the purpose of processing and filling orders. The term ‘personal data processing’ shall mean any action or series of actions performed in connection with personal data that are automatically processed, are a part of a collection of personal data used in manual processing or are intended for inclusion in a collection of personal data, in particular collecting, obtaining, entering, sorting, saving, altering or changing, recalling, viewing, using, disclosing via transfer, notifying, disseminating or otherwise making available, categorising or linking, blocking, anonymising, erasing or destroying data. Processing may be manual or automated (processing means).
Data accuracy
The data manager shall assume no responsibility for the credibility, accuracy and relevance of the personal data and contact data provided by a user. The user shall be obliged to ensure the accuracy and relevance of all submitted data.
Personal data protection
5.1 Notification regarding the use and processing of personal data
The data manager may use and process the personal data of users, obtained during the completion of the subscription form for the newsletter or notifications, or when an order is submitted, in accordance with valid regulations governing the protection of personal data (General Data Protection Regulation – Regulation (EU) 2016/679 (EU GDPR) and Personal Data Protection Act, Official Gazette of the Republic of Slovenia, No. 94/07; hereinafter: the ZVOP-1). The data manager may only use and process the personal data of a user for the purposes selected and confirmed by the user at the time of subscription or the submission of an order.
In accordance with the EU GDPR and ZVOP-1, the data manager may only process personal data if an individual gives their personal consent. Personal consent shall mean a user’s voluntary statement that their personal data may be processed for a specific purpose. That consent shall be given based on information provided by the data manager. An individual’s personal consent may be written or oral, or take another appropriate form of consent. When subscribing to the newsletter, personal consent shall be deemed the action of an individual who when subscribing to the newsletter confirms that they accept and agree with the general terms and conditions by checking the relevant box and clicking on the button ‘Subscribe’, and thus notifies the data manager in what manner and for what purposes their data may be used.
5.2 Consent to the processing of personal data
An individual shall be deemed to have given their personal consent to the use and processing of personal data for a voluntarily selected purpose, as required by regulations governing personal data protection, when they confirm that they accept and agree with these general terms and conditions through the selection of the content that they wish to receive by checking the relevant box and clicking on the ‘Subscribe’ button in the process of submitting an order or subscribing to the newsletter. Based on a user’s personal consent, the data manager may process personal data for the purposes described in points 2.3 and 3.1 of this personal data protection statement.
5.3 User’s right to request a change, access to or the cessation of the use of personal data
A user may request a change to personal data at any time in writing, via email or by clicking on the link ‘Change settings’, which is found in every newsletter. A user may also request access to personal data at any time in writing via email or another appropriate form. The data manager shall have the right to request that a user prove their identity based on a justified suspicion of abuse.
A user may request that the data manager permanently or temporarily cease to use their personal data for the purposes of notifications or direct marketing at any time in writing, via email or by clicking on the link ‘Unsubscribe’, which is found in every newsletter. The data manager shall prevent the use of personal data for notifications and direct marketing in the shortest time possible.
5.4 Right to object to processing, right to portability and the right to lodge a complaint with the competent supervisory authority
A user may object to the processing of personal data at any time in writing via email or another appropriate form.
A user shall have the right to receive personal data that it provided to the data manager, in a structured, commonly used and machine-readable form, and the right to transmit data to another data manager.
A user shall have the right to lodge a complaint with the competent supervisory body if they suspect the improper handling to personal data.
5.5 Security of personal data
The data manager shall conduct itself in accordance with the requirements of regulations governing personal data protection (General Data Protection Regulation – Regulation (EU) 2016/679 (EU GDPR) and ZVOP-1; Official Gazette of the Republic of Slovenia, No. 94/2007) when processing and handling the personal data of users.
In order to ensure the security of personal data, the data manager shall employ organisational, technical and other appropriate procedures and measures, with the aim of preventing the unauthorised destruction, alteration, loss and processing of data. The data manager shall not be liable for potential errors that are the result of the provision of erroneous data in the process of subscribing to the newsletter or submitting orders.
5.6 Personal data retention period
Submitted personal data shall only be stored and used for the amount of time necessary to achieve the purpose for which they were processed, and shall be erased immediately if so requested by a user. In the case of a purchase or subscription to the newsletter, data shall be stored and used indefinitely. A user shall be informed of erasure via email to the address they provided.
5.7 Cookies
The website places cookies in the browser on the computer of a visitor or subscriber. Cookies are text files that are stored on a user’s computer and facilitate the analysis of users’ visits, the number of visits and the content of interest during those visits. Cookies contain basic data regarding a user’s visit to a specific website (e.g. the name of a website visited on the worldwide web). The content of cookies is stored is a special directory on a user’s computer. By double-clicking on a file, we obtain more detailed information about a website, and the date and hour of a visit. All of these data are also saved by the administrator of a website visited by an individual.
A user may delete cookies using certain settings or use them conditionally, but may not be able to use all of the functions of a website to their full extent. As a rule, browsers are set up to accept cookies, but reject the setting of cookies that do not derive from the domain described in the title bar.
The data manager may link the personal data provided by a user when submitting an order or subscribing to the newsletter with the data stored in a cookie. The data manager may use the data generated by cookies separately or in combination with the personal data provided by a user to evaluate the use of a website, to generate reports regarding a website’s activities, for the statistical analysis of data, to formulate a direct marketing approach based on purchasing habits, to provide further services linked to the use of a website, and for other direct marketing activities.
When it submits an order or subscribes to the newsletter, a user shall be deemed to have given their consent to the placement of cookies, and their personal consent to the use and processing of personal data, which also includes the possibility of the processing and linking of data contained in cookies with the personal data provided by a user for the direct marketing of services, products or other activities.
5.8 Users of personal data
The user of personal data is:
Širimo dobro besedo d.o.o., Črnova 3a, 3320 Velenje, Slovenia
For potential questions regarding data confidentiality, the way in which data are collected and used, or requests for additional information, contact us via email to info@cosmethicallyactive.com.
Disclaimer
The data manager shall strive to the best of its abilities to provide accurate and relevant data. However, users are warned that texts are of an informative nature. The data manager thus makes no guarantee and assumes no liability whatsoever for the accuracy and relevance thereof. The data manager shall likewise assume no liability whatsoever for actions taken by users based on published data. The data manager shall not be liable for the temporary malfunctioning of the website or for potential damage due to the use of inaccurate or incomplete information. Neither the data manager or any other legal entity or natural person involved in the development of websites shall be liable for damage that is the result of access to information and the use or potential use of information on such websites, or for any errors or deficiencies in their content.
The data manager shall reserve the right to change or remove contents on such websites at any time, regardless of the reason and without prior notification. Users shall use published contents at their own risk.
Last change: January, 14th, 2020