PERSONAL DATA PROTECTION POLICY
Controller of personal data and contact information
This policy applies to the processing and use of any personal data conducted by the company Via International d.o.o. (the Controller) or performed on behalf of the Controller.
What kind of personal data we process
Basic contact information (name, surname, phone number, e-mail (personal or business);
- Data about the use of our web pages (clicks on links, time spent) and data regarding the responsiveness to our e-mails (we only track the anonymized cumulative percentage of opened messages and clicks on links);
- Data we need to fill in the contract and for the delivery of the purchased items (the subject of purchase, price, delivery address, delivery time, payment method, payment date, information about complaints, invoice information, etc.).
Legal bases for the processing of personal data
We are allowed to process your personal data based on the following legal provisions:
- When necessary to fulfil our legal obligations (e.g. making an invoice for a purchased service or product);
- When the processing of your personal data is required to conclude and fulfil a contract you have concluded with us or because you have requested an offer from us;
- When you have given your consent to the processing of your personal data for a specific purpose of the processing, and you can always withdraw the given consent;
- When we have a legitimate interest in the processing of your personal data.
Purposes of personal data processing
We can use your personal data for one or more of the following purposes:
- For communication with you regarding the provision of our services and responding to your requests;
- For the conclusion of the contract and fulfilment of obligations arising from the concluded contract;
- For marketing communication (sending of e-mails, ordinary mail, and SMS messages);
- For enforcement of any legal claims and dispute resolution;
- For statistical analysis of the sale of our services and products and the use of our web pages.
How long do we keep your personal data and what happens to it afterwards
We keep your basic personal data as long as you are subscribed to our newsletter or as long as you did not give us a request to delete your data.
We hold personal data that we process based on your consent permanently or until your consent is revoked.
Data on invoices are kept for 10 years from the date of issue.
We keep the information on the conclusion and fulfilment of the contract between you and us for 5 years from the completion of the contract. We keep data about which services or products you have purchased from us permanently or until we receive your request to delete the data.
Upon expiration of the data storage period, personal data are effectively deleted or anonymized, which means that we process data in such a way that they can no longer be linked or attributed to you.
Voluntary data provision and consequence of non-provision
The provision of personal data is voluntary. You are not obliged to provide personal data to us, but if you do not provide your personal data, you cannot receive a certain service and conclude a contract with us. When we will be gathering your personal information, we will inform you about which data bring the above-mentioned consequences.
Who has access to your personal data
We do not share or disclose your personal data to third parties (outside the company Via International d.o.o.) except to those, who have a written contract with us, on the basis of which they perform certain data-processing tasks and are required to comply with the laws regarding the processing and protection of personal data (so-called contractual processors). The contractors to whom we provide personal data are:
- e-mail provider (Mailchimp);
- accounting service (Nucleus accounting).
Contractors are allowed to process personal data only within the scope of our instructions and are not allowed to process personal data for their own purposes. They are obliged, together with their employees, to protect the confidentiality of your personal data. Contractors do not transfer personal data to third countries (outside the Member States of the European Economic Area – i.e. EU Member States, Iceland, Norway, and Liechtenstein). The exception is Mailchimp service, which respects the requirements of the EU-US Privacy Shield and strives for the highest security of the stored data through various physical, technical and organisational measures, such as encrypting online links, which prevents access to unauthorized persons, using secure passwords and preventing intrusion. Mailchimp service monitors the delivery performance of sent e-mails by collecting open message data, clicks on links, e-mail clients and browsers, approximate location, IP address, logins and logouts, and unsuccessful e-mail delivery.
What rights do you have concerning personal data, how can you revoke consent to processing and what are the consequences of revocation
You have the following rights regarding your personal data:
- You are able to request from us any time:
- Confirmation whether we are processing your personal data;
- Access to personal data and the following information: processing purposes; types of personal data; users or categories of users to whom personal data have been or will be disclosed, in particular to users in third countries or international organisations; the expected storage period of the personal data or if that not possible, the criteria that are used to determine that period;
- One (free of charge) copy of the personal data in a format you specify (unless the request is made by electronic means of communications and you do not request otherwise, a copy is provided electronically); for additional copies, your request can be charged a reasonable fee;
- Correction of inaccurate personal data;
- Processing restrictions when:
- You deny the accuracy of personal data for a period, for which we still can verify the accuracy of personal data;
- The processing is illegal and you oppose the erasure of personal data and instead request a restriction on their use;
- We no longer need personal data for processing purposes, but you need them to enforce, execute or defend legal claims;
- Erasure of all personal data (right to be forgotten) if the conditions written in Article 17 of the General Data Protection Regulation are fulfilled, and in particular when you withdraw the consent to the processing of personal data;
- Printing of personal data in a structured, commonly used and machine-readable form, with the right to pass this information on to another controller without obstructing you;
- Not using personal data for direct marketing purposes anymore.
- The right to file a complaint with us with the Information Commissioner if you believe that the processing of your personal data violated the General Data Protection Regulation.
You can send your requests regarding the exercise of your rights regarding personal data in writing to the contact written at the top of this document under the Controller of personal data and contact information.
For the purposes of reliable identification in the event of the exercise of personal data rights, we can require additional data from you, and we can only refuse action if we can prove that we cannot reliably identify you.
We must respond to your request to exercises your rights regarding personal data without undue delay and within one month of receiving your request.
GDPR Personal Data Protection Policy GK/ed 01 – 05/2018.