Because Barada sport values your privacy, we pay close attention to the protection of personal data.
All our activities are in line with:
- with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data) (General Data Protection Regulation or GDPR) and Council of Europe conventions (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189))
- and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Ur. l. RS, no. 94/07), the Electronic Commerce on the Market Act (ZEPT, Ur. l. RS, no. 96/09 and 19/15) etc.).
Personal Data Protection Officer
In all cases with the processing of your personal data, our personal data protection officer is at your disposal. You can contact the Commissioner at the e-mail address: firstname.lastname@example.org.
COLLECTION OF PERSONAL DATA
Personal data is information that identifies you as a specific or identifiable individual. An individual is identifiable when he or she can be identified directly or indirectly, in particular by providing an identifier such as name, identification number, location data, web identifier, or by specifying one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
The provider collects various types of user data, such as username, contact information and other information. The Baradashop website allows the user to track which items they view on the website and through which device. The data allows us to create offers that are close to the user and interesting. If the user creates an account or makes a purchase on the Baradashop online store, the provider processes the name and surname, the user’s orders and the data that the user sets on his account.
- identification data (name and surname, address of residence, date of birth, VAT ID, if the user is a legal entity);
- contact details and information about your communication with the operator (e-mail address, telephone number, date, time and content of e-mail communication, delivery address and invoice address);
- user settings (user account information, especially delivery addresses, loyalty points collected, shopping lists, favorites list, ratings and comments about items and services);
- channel and campaign – the method of acquiring a member or the source through which the user came into contact with the manager (website and advertising campaign or campaign, call center);
- data on the user’s orders (date of purchase, purchased items, prices of purchased items, total purchase amount, method of payment, delivery address, number and date of invoice, code of the person who issued the invoice, etc.) and data on complaints;
- information on the user’s web habits (dates and times of site visits, pages or URLs visited, time spent on each page, number of pages visited, total time of site visit, settings made on the site) and data on the use of received messages -mail, SMS) of the provider;
- data from forms voluntarily completed by the user (eg in the context of sweepstakes or demand for samples);
- other information that the user voluntarily provides to the provider upon request to certain services that request this information.
The provider does not collect or process your personal data, except when you allow or consent to it, when ordering products or services, when you subscribe to receive news, participate in a prize draw, etc., or when there is a legal basis for the collection of personal data whether the processing provider has a legitimate interest.
PURPOSE OF DATA PROCESSING
The provider collects and processes your personal data on the following legal bases:
- law and contractual relations,
- legitimate interest and
- the consent of the individual.
Processing by law and contractual relations
In the event that the provision of personal data is a contractual obligation, an obligation required for the conclusion and performance of a contract with a provider, or a legal obligation, you must provide personal data. In the event that you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider perform services or supply products under the contract, as it does not have the necessary data to perform the contract.
|Purpose of processing||Explanation|
|Conclusion and implementation of the contract||Conclusion and implementation of the contract concluded with the provider, including the provider’s fulfillment of your orders (supply of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations of the provider and / or your obligations. point (f) of Article 6 (1) of the GDPR).|
|Direct notification of customers about special offers, discounts and other content via e-mail or SMS||In the company Barada sport s.p. Pursuant to the ZEKom-1 Act (Electronic Communications Act of the Republic of Slovenia, which is implemented on the basis of Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002), we inform our customers about our products, services and contents. The customer may at any time request the termination of such communication and processing of personal data. The customer can terminate such communication at any time via the unsubscribe link in received messages, or by a written request to the e-mail address email@example.com.|
Processing on the basis of a legitimate interest
The provider may also process data on the basis of a legitimate interest pursued by the provider, except when such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the case of the use of a legitimate interest, the provider always carries out an assessment in accordance with the General Data Protection Regulation.
|Purpose of processing||Explanation|
|General statistical processing of data on customers and their orders and potential customers (contacts) for the purposes of internal analysis of sales, repurchases, aggregate customer behavior, advertising optimization and business optimization||In the company Barada sport s.p. we perform general statistical processing of data on customers and their orders and potential customers (contacts), on the basis of which we perform internal analyzes of sales, repurchases and aggregate customer behavior and monitor and optimize our business efficiency and optimize our advertising, eg:|
a) We monitor sales through our sales channels (internet).
b) We monitor how many customers make repeat purchases, how quickly and in what value.
c) We monitor general sales statistics, such as the average value of the cart, the number of products on order and the like.
d) Such statistical monitoring enables us to optimize business and advertising in general, and on that basis to offer users affordable products and services.
|Access to your past orders and other data by consultants at the Sabex Call Center||When you call the call center or. our outgoing call to you we have access to your recorded personal information and purchase history.|
|Processing of data on non-accepted remote orders in order to prevent fraud||In the company Barada sport s.p. On the basis of our legitimate interest, we process data on sent and not received distance orders, in order to determine whether and which customers order products at an above-distance distance with payment upon receipt and then do not accept these products, thus causing the business damage we want. to prevent.|
|Automatic e-mail communication with the user based on his or. its start of the online buying process||In the company Barada sport s.p. Based on our legitimate interest, we occasionally send e-mail messages or messages on social networks related to their unfinished purchase to potential buyers who have added selected products to the shopping cart but have not completed the purchase, with the aim of trying to complete the purchase or providing help and information. in this regard.|
|Direct notification of special offers, discounts and other content via phone calls and regular mail||In the company Barada sport s.p. based on our legitimate interest, we periodically inform customers about our products, services, discounts and content via email.|
|Using Facebook and Instagram advertising tools||In the company Barada sport s.p. based on our legitimate interest in online advertising, we also use the Facebook and Instagram services, either as part of the implementation of basic personalized communication based on our legitimate interest, or as part of the obtained consent to communicate with personalized offers and content based on user profile.|
judicial or arbitral award or settlement or, in the absence of litigation, 5 years from the date of the amicable settlement of the dispute.
Those personal data that the provider processes on the basis of the personal consent of the individual or a legitimate interest, the provider keeps permanently, until the revocation of this consent by the individual or. requests to interrupt processing. The provider deletes such data before cancellation only when the purpose of processing personal data has already been achieved (eg in the event that the provider ceases to run the online store Baradashop, all personal data collected for this purpose would be deleted, even if the individual consented in the processing of personal data on the Baradashop website, has not given such revocation) or if so provided by law.
At the end of the retention period, the controller effectively and permanently deletes personal data so that it can no longer be linked to a specific individual.
CONTRACTUAL PROCESSING OF PERSONAL DATA
The contractual processors with which the provider cooperates are:
- GLS courier service, to carry out the delivery of your order;
- Accounting Service; law firms and other legal advice providers;
- data processing and analytics providers;
- IT system maintainers;
- email providers
- payment system providers;
- customer relationship management system providers (eg Microsoft);
- online advertising solution providers (e.g. Google, Facebook).
The provider will not pass on your personal data to unauthorized third parties. Contractual processors may only process personal data in accordance with the controller’s instructions and may not use personal data to pursue any of their own interests.
The controller and users do not export personal data to third countries (outside the European Economic Area – EU Member States and Iceland, Norway and Liechtenstein) and to international organizations except the US – all contractual processors in the US are included in the Privacy Shield program.
INDIVIDUAL RIGHTS REGARDING DATA PROCESSING
To ensure fair and transparent processing, you as an individual have the following rights under the regulations:
- Right to revoke consent: If you, as an individual, have consented to the processing of your personal data, you have the right to revoke your consent at any time, without prejudice to the lawfulness of the data processing carried out before consent was revoked. Withdrawal of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, after revoking the consent to the processing of personal data, the controller may no longer be able to provide one or more of its services to the individual in the case of services that cannot be provided without personal data (eg loyalty points or personalized information);
- Right of access to personal data: as an individual you have the right to obtain confirmation from the provider (personal data controller) whether personal data are processed in relation to you and, where applicable, access to personal data and certain information (on the purposes of processing, types of personal data, on users, on retention periods or criteria for determining periods, on the existence of the right to rectify or delete data, the right to limit and object to processing and the right to appeal to the supervisory authority, the source of data if data were not collected. you, on the existence of automated decision-making, including profiling, the reasons for it and the importance and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR);
Right to correct personal data: As an individual, you have the right to have the provider correct inaccurate personal data about you without undue delay. As an individual, you have the right to supplement incomplete data, including the submission of a supplementary statement, taking into account the purposes of the processing;
- Right to delete personal data (“right to forget”): as an individual, you have the right to have the provider delete personal data concerning you without undue delay, and the provider must delete data without undue delay when there is one of the following reasons:
– the data are no longer needed for the purposes for which they were collected or otherwise treated,
– if you revoke the consent and there is no other legal basis for the processing,
– if you object to the processing and there are no overriding legitimate reasons for the processing,
– the data have been processed unlawfully,
– the data must be deleted in order to fulfill legal obligations under EU law or the law of the Member State applicable to the provider,
– data were collected in relation to offers of information society services.
– as an individual, in certain cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete data.
- Right to limit processing: as an individual, you have the right to have the provider restrict processing when there is one of the following cases:
1. if you dispute the accuracy of the data for a period that allows the provider to verify the accuracy of the data,
2. the processing is illegal and you oppose the deletion of the data and instead request a restriction on their use,
3. the data provider is no longer needed for the purposes of processing, but you need them to enforce, implement and defend legal claims,
4. you have lodged an objection to the processing until it is verified that the legitimate reasons of the provider outweigh your reasons.
- Right to data portability: as an individual, you have the right to receive personal data concerning you that you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to pass this data to another controller without you the provider to whom the personal data have been provided has obstructed this, namely when:
5. processing is based on consent or a contract; and
6. processing is carried out by automated means. As an individual, in exercising this right of transferability, you have the right to transfer personal data directly from one controller (provider) to another, where technically feasible.
- Right to object to processing: As an individual, you have the right, on grounds relating to your specific situation, to object at any time to the processing of personal data necessary to perform tasks in the public interest or exercise public authority conferred on the provider. 6 (1) GDPR) or is necessary for legitimate interests pursued by the tenderer or a third party (point (f) of Article 6 (1) GDPR), including profiling based on those treatments; the provider ceases to process personal data unless it proves compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or for asserting, enforcing or defending legal claims.
Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles in so far as it relates to such direct marketing; where an individual objects to the processing for direct marketing purposes, the data shall no longer be processed for those purposes.
Where data are processed for scientific, historical or statistical purposes, the individual has the right to object to the processing of data relating to him or her for reasons related to his or her particular situation, unless the processing is necessary for the performance of the task carried out. for reasons of public interest;
- Right to lodge a complaint with the supervisory authority: without prejudice to any other (administrative or other) remedy, you as an individual have the right to lodge a complaint with the supervisory authority, in particular in your country of residence, place of work or which allegedly occurred in the breach (in Slovenia it is the Information Commissioner), if you believe that the processing of personal data in relation to you violates the regulations on personal data protection.
Without prejudice to any other (administrative or extrajudicial) remedy, you as an individual have the right to an effective remedy, against a legally binding decision of the supervisory authority in relation to it, as well as in the event that the supervisory authority does not consider your complaint or does not inform the situation or the decision on the appeal within three months. Proceedings against the supervisory authority shall be subject to the jurisdiction of the courts of the Member State in which the supervisory authority is established.
An individual may address all requests concerning the exercise of rights in relation to personal data to the controller in writing or electronically.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, the controller may request additional data from the individual, and may refuse to act only if he proves that he cannot reliably identify the individual.
The controller must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receiving the request.
NOTICE TO THE SUPERVISORY AUTHORITY ON THE BREACH OF PERSONAL DATA PROTECTION
In the event of a breach of personal data protection, the provider is obliged to inform the competent supervisory authority, except when it is probable that the breach did not endanger the rights and freedoms of individuals. When there is a suspicion that a criminal offense has been committed in the event of a violation, the provider is obliged to inform the police and / or the competent prosecutor’s office about the violation.
In the event of a violation that may cause a great risk to the rights and freedoms of individuals, the provider is obliged to immediately or where this is not possible, without undue delay, inform the data subject. The notice to the individual must be made in understandable and clear language.
ANNOUNCEMENT OF CHANGES