Information concerning personal data processing.
(Articles 13 and 14 of EUROPEAN REGULATION NO. 679/2016)
The following information is intended for all subjects visiting or interacting with the e-commerce site of Q-BRICKS® d.o.o., the so-called web-store (“e-shop”), to buy products online.
Dear web surfer,
the undersigned Q-BRICKS® d.o.o., with its registered office in Opekarska cesta 16, 1360 Vrhnika, Slovenia, VAT number: SI11971789, the “Data Controller”, pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”), informs you that your data will be processed as indicated below:
1. Object of processing
The Data Controller informs you that your personal identifying information (e.g. name, surname, company name, address, phone number, email address, bank and/or payment information, etc.), hereinafter referred to as “personal data” or simply “data”, acquired even orally either directly or through third parties, and the information that will be collected in the future, may be processed in full compliance with the EU Regulation. The Data Controller will lawfully carry out the processing and, in fact, the execution of an agreement in which you are a party or the execution of pre-contractual measures (e.g. in the context of the preparation of an offer, etc.) that you previously required (EU Regulation, Art. 6).
Data processing means any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, disclosure, dissemination and destruction of data.
2. Legal basis and intended purpose of the processing
Legal basis: EU Regulation no. 679/2016
A) without your explicit consent (EU Regulation, Art. 6 letter b), c) and e)), for the following purposes:
- to manage access to the e-shop services and to assist in the online product purchasing process, and to allow your registration with the e-shop and the possible conclusion of a purchase agreement through the e-shop;
- to fulfill any pre-contractual, contractual and fiscal obligations arising from an existing relationship with you;
- to allow your access to the e-shop, even as an unlogged user, and to browse the e-shop;
- to allow you to register on the Site and create an account, and to make use of the services reserved for registered users, including in particular the possibility to make purchases through the e-shop;
- to allow your access to the e-shop and to browse the e-shop as a logged user;
- to maintain and manage your account;
- to store in your account data and information, including, without limitation, your personal data, purchasing and any returns history, preferred sipping and/or billing addresses;
- to allow you to add products to your cart and to conclude the purchase through the e-shop;
- to execute any obligation arising from the purchase agreement concluded in the e-shop, including, without limitation, the delivery of the purchased products;
- to allow you to fulfill your obligations arising from the purchase agreement concluded in the e-shop, including, without limitation, the payment (including online) for the purchased products;
- for general support and custom care activities and therefore to respond to all information requests from the users or to respond to any complaint, report or dispute;
- to comply with the obligations provided for by law, regulations, EU legislation or public order (e.g. anti-money laundering);
- to exercise the rights of the Data Controller, e.g. the right of defence;
- for general bookkeeping matters;
- for management purposes (billing, any document management, etc.);
- for credit management;
- for statistical analysis and quality control;
- for insurance management;
- for technical assistance.
In particular, your data will be processes for purposes related to the implementation of the following obligations, both legal and contractual:
- Technical and functional access to the Site: no data will be kept after closing the web browser;
- Advanced navigation or custom content management;
- Statistical and navigation analysis and user purposes.
B) Only with your prior specific and separate consent (UE Regulation, Art. 7), for the following commercial and/or marketing and/or profiling purposes:
- sending by email, mail and/or SMS and/or phone contacts in the form of newsletters, commercial communications and/or marketing material concerning the products or services offered by the Data Controller, and/or surveying activities to assess the degree of satisfaction with the activities performed at your request;
- sending by email, mail and/or SMS and/or phone contacts in the form of newsletters, commercial and/or marketing communications of third parties (e.g. business partners).
3. Data processing terms
Your personal data processing is carried out through the operation referred to in Art. 4 no. 2) of the EU Regulation, specifically: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, interconnection, limitation, erasure or destruction and blocking. Your personal data will be processed either in printed or electronically and/or automated form (in any case, suitable to ensure data security and confidentiality).
4. Data storage times and other information.
The Data Controller will process the personal data for the time necessary to fulfill the above-mentioned purposes, and in any case within the legal terms from the termination of the agreement for the Purposes of the existing relationship (e.g.: data necessary for the execution of the purchasing agreement until the delivery of the product or, in the case of non delivery, until the termination of the agreement).
With reference to the personal data processed for Marketing or Profiling Purposes, such data will be stored in compliance with the principle of proportionality, and in any case until the pursuit of the purposes of processing is complete or until the revocation of the consent by the data subject. Specifically, the Data Controller will process the data for no longer than 2 years from collection for Marketing Purposes and 1 year for data collected for Profiling Purposes.
The personal data you supplied will be processed in a “lawful, correct and transparent manner”, protecting your rights and privacy.
On an annual basis, we will carry out a periodical check of the processed data and of the possibility to cancel it if it is no longer necessary for the intended purposes.
5. Access to data
Your data may be made accessible for the purposes referred to in points 2.A) and 2.B) above:
- to Data Controller partners, employees and contract staff, in Slovenia and abroad, in their capacity of internal data processor and/or controllers and/or system administrators;
- to third-party companies or other subjects carrying out outsourcing activities on behalf of the Data Controller, in their quality of external data processors (including, but not limited to: associated firms, lawyers, data processing companies, certifying bodies, accounting/tax consultants and in general all bodies responsible for checks and controls on the correct fulfillment of the above-mentioned purposes, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal authorities and/or offices, consultants and service and health and safety in the workplace providers, which may in turn disclose the data or grant access to it within their partners, users and assignees for specific market researches. The collected and processed data may also be disclosed, in Slovenia and abroad, to subcontractors, suppliers, for information system management, to carriers, forwarders and customs agents).
For the sake of brevity, a detailed list of these subjects is available and at your disposal at our headquarters.
6. Data disclosure
Without any obligation to obtain an explicit consent (EU Regulation, Art. 6 letters b) and c)), the Data Controller may disclose your data for the purposes referred to in the above point 2.A) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom disclosure is required by law for the accomplishment of the above-mentioned purposes.
Such subjects will process the data in their role of independent data controllers.
During and after the browsing activity, your data may be disclosed to third parties, in particular to:
- Google: advertising service, advertising target, analytics/measurement, content customization, optimization;
- Google AdWords: advertising service, advertising target, analytics/measurement, content customization, optimization;
- Google Analytics: advertising target, analytics/measurement, optimization.
Your data will not be disclosed.
7. Data transfer
Personal data is stored on devices located at the Data controller headquarters or at providers within the EU. In any case, it remains understood that the Data Controller, if necessary, may transfer the data to non-EU countries as well. In such a case, the Data Controller already ensures that the extra-EU transfer will take place in compliance with the applicable legal provisions, subject to the conclusion of the agreement clauses and to the standard controls provided for by the European Commission. Regarding data on both its own devices and at providers, the Data Controller has implemented technical and organizational measures to ensure an adequate safety level, in full compliance with the provisions stated in Art. 32 of the EU Regulation.
Browsing: your browsing data may be transferred, limited to the above-mentioned purposes, to the following countries: EU countries, United States.
Each browser, and different versions of the same browser, may differ significantly; if you decide to act on your own initiative by changing the privacy settings of your browser, detailed information on the procedure will be available in your browser Help section.
8. Nature of data provision and the consequences of a refusal to provide data
The provision of data for the purposes referred to in the above point 2.A) is mandatory. If not provided, we are unable to guarantee the services stated in point 2.A) (as an example, the failure to provide the data will result in the impossibility of finalizing the agreement and therefore of purchasing on the e-shop). The provision of data for the purposes referred to in the above point 2.B) is instead optional. You may decide to provide no data or to deny the processing of data you’ve already submitted: in such a case, you may not receive any newsletter, marketing communication or material and/or anything else related to the Services offered by the Data Controller.
In any case, you’ll be entitled to receive the Services referred to in point 2.A).
9. The data subject’s rights
In your capacity as data subject, you’re entitled to the rights set forth in Art. 15 of the EU Regulation below, and specifically:
1. the right to obtain confirmation from the Data Controller as regards the existence of your personal data processing, and in such a case to obtain access to the personal data and to the following information:
a) purpose of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
e) the existence of the right to request the Controller to rectify or erase personal data or the restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority (Authority for the protection of personal data);
g) when the personal data was not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22 par. 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. When your personal data is transferred to a third country or to an international organisation, you shall have the right to be informed about the appropriate safeguards pursuant to Article 46 of the EU Regulation relating to the transfer.
3. The Data Controller shall provide a copy of the personal data undergoing processing if you request it. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. When you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others. In addition, when applicable, you may enjoy the rights set out in Articles 16 to 22 of the EU Regulation; more precisely you’re entitled to:
- right to the rectification of personal data;
- right to be forgotten (right to erasure);
- right to restrict processing;
- right to data portability;
- right to object;
- right to lodge a complaint to the competent Supervisory authority.
You also have the right to revoke at any time any consent already given, without prejudice to the lawfulness of treatment based on a consent given prior to the revocation.
10. Procedure to exercise your rights
You may exercise your rights at any time, by:
- sending us a registered letter with notification of receipt (see address indicated on letterhead);
- sending an email to email@example.com
Anything offered by the Data Controller with regard to the existing relationship with you does not provide for the intentional acquisition of personal data referring to minors. In the event of such an unintentional record related to minors, the Data Controller will erase it in a timely manner, at the request of the data subject.
12. Personal data not obtained from the data subject
It may happen that we’re not the Data Controller to whom you have provided your personal data, just the Data Co-controller or external data processor, and therefore your data has been disclosed to us in the second instance due to an agreement between parties. In such a case, please note that we will make every effort to ensure that you’ve been informed and given the consent to the processing. You may ask us at any time about the origin/acquisition of your personal data.
13. Data controller and processors
Below we provide some information that we need to bring to your attention, not only to comply with the legal obligations, but also because we believe in fairness and transparency while conducting our business activities.
The Data Controller of your personal data is Q-BRICKS® d.o.o., on behalf of its legal representative, who is responsible to you for the correct and legitimate use of your personal data. You can contact the Data Controller for any information or request by phone; +386 31 249 097 or email: firstname.lastname@example.org.
Processors. The updated list of Data Processors is available at the Data Controller’ headquarter.
Cookies are text files that are automatically saved on the user’s computer while browsing the web. Their purpose is to offer a more complete website experience, as they serve as tools for storing the user’s preferences.
This website uses proprietary and third-party cookies, as described below. Their presence is subject to the functionalities provided for the website in the design phase:
Technical cookies are essential for the proper functioning of some Site areas. For this reason, technical cookies are always used on the Site, regardless of the user preferences. In particular, the Site uses: PHPSESSID (browsing session duration); this contains information on the browser session and allows users to access the Site.
Reserved area cookies
If the Site has a reserved area, a cookie is generated to remember the user’s username and password. In this way, this information won’t have to be re-entered at each subsequent visit.
Mobile browsing cookie
With the aim of providing a better browsing experience even on the latest generation mobile devices, this website has adopted a cookie able to detect and store the mobile device used to access the site. The Site will present the most appropriate version according to the information collected.
E-shop order recovery cookies
If the Site has an e-commerce area, the system stores information about the user’s interaction with the shop area, generating a cookie that is able to recover the orders placed by the user.
Third-party cookies - Google Analytics
This website uses third-party cookies belonging to Google Inc. to collect users' browsing data. This data is used solely to generate statistical reports within the Google Analytics statistical tool.
A demographic profiling of users can also be carried out by extracting statistically relevant data including age group, gender and interest categories. More information on the processing of data by Google Inc. is available at http://www.google.com/analytics/learn/privacy.html
To disable Google Analytics for display advertising or to customize the type of ads displayed, please access https://www.google.it/settings/ads
To completely disable the collection of statistical data by Google Analytics, you can install an optional browser add-on, available free of charge at https://tools.google.com/dlpage/gaoptout/
Other active third-party cookies may be: AddThis (http://www.addthis.com/privacy), Bing (https://privacy.microsoft.com/en-us/privacystatement), CloudFlare (https://www.cloudflare.com/it-it/privacypolicy/), Facebook (https://www.facebook.com/policies/cookies/), Feedaty (https://www.feedaty.com/privacy), HotJar (https://www.hotjar.com/privacy), Linkedin (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy), ShareThis (https://www.sharethis.com/privacy/), TrustedShop (https://www.trustedshops.eu/legal-notice-privacy.html), Twitter(https://help.twitter.com/en/rules-and-policies/twitter-cookies), Yotpo (https://www.yotpo.com/privacy-policy/), Zendesk (https://www.zendesk.com/company/customers-partners/cookie-policy/)
To discover all cookies active on this website, you can use the service available at http://www.cookie-checker.com/ or similar services.
Please note that all data collected on this site by cookies will never be provided to third parties other than Google Inc. or its certified partners.