On the basis of Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, I issue
GENERAL DATA PROTECTION REGULATION
IN COMPANY ROŽLE D.O.O. HORJUL
I. GENERAL PROVISIONS
(purpose of the policy)
This policy determines the compliance of personal data processing in the company Rožle d.o.o. Horjul, Mala ulica 16, 1354 Horjul, tax number: SI51121107, registration number: 5423937000 (hereinafter: Rožle), time of use and storage of personal data.
Employees and outsiders who process and use personal data in their work must be familiar with the applicable regulations in the field of personal data protection and with the content of these rules.
The basic principles for the objectives and importance of protecting personal data are:
legality, fairness and transparency;
purpose limitation (principle of purpose);
minimum data volume (principle of proportionality);
accuracy (principle of accuracy and promptness);
storage limit (retention time);
integrity and confidentiality;
(the meaning of the terms)
In this policy, the terms used are as follows:
- The administrator and processor of personal data is Rožle;
- the administrator is the processor of personal data contained in the personal data collection;
- he administrator of the personal data collection is Rožle, who is responsible for establishing, guiding, maintaining and storing the personal data collection;
- the manager is the head of the company Rožle;
- The record of the activities of the processing of personal data shall be a record of all types of processing activities carried out by the operator.
II. MANAGEMENT AND MAINTENANCE OF PERSONAL DATA COLLECTIONS
(establishing a personal data collection)
Rožle company collects, processes and stores the personal data of individuals who have cooperated with the company Rožle or are in the procedure for concluding a cooperation if the processing of personal data is necessary and appropriate for conducting the procedure before concluding the cooperation or for completing the cooperation.
Personal data obtained only on the basis of the consent of the individual, can also be processed in the company Rožle.
(data for registration on news and advertising and data for participation)
When buying at the Rožle online store (www.rozle-tea.si), the administrator collects the below-mentioned user data for the needs of business (we are not responsible for the accuracy of the data entered by users). Rožle will use data exclusively to send information material, offers, invoices, goods and other necessary communication. Rožle can also use users data in an anonymous summarized form for statistical analysis purposes. Data collected and processed by Rožle will only be disclosed if such an obligation is determined by law or in good faith that such action is necessary for proceedings before courts or other state authorities and for the protection and realization of legitimate interests of Rožle.
Rožle collects and uses data stored in the SAOP business program and on the business account on the employee’s computers at Rožle (Access to computers and personal data is password protected. The operating system has antivirus protection and the administrator updates it regularly). For this purpose, Rožle uses the following informations:
- Name and surname, address and place of residence, address and place of delivery, email address, contact telephone number, any other data that the users type into our form on www.rozle-tea.com website.
If the customer wish to participate in the Newletter program of Rožle, they must provide only their email address. The data is stored on the online mailing list of Mailchimp, which has the EU’s privacy and data protection certificate. Also, the informations are stored on the website of Rožle, on the secure server of our Neoserv online service provider.
If a customer gives his consent to process his personal information for the purposes of advertising and market research, Rožle may provide information (such as special offers, discounts and information about products and services) by post, during a shop visit, via e-news and e-mail. For this purpose, Rožle uses the following informations and analyzes them for the purpose of informing and advertising. In addition, Rozle can analyze the down-mentioned data in order to optimize the offer of products, locations and services.
- Membership data: your full name (first and last name), residence address, date of birth and email address;
- Discount information: data relating to goods/services, payment amounts, currency, discount amount, coupons used, location, cash register or POS terminal, time and transaction number and, if applicable, an office.
For smooth cooperation with the customers (such as stores, bars, restaurants, hotels and wellnesses), Rožle collects and uses data stored in the cloud service of the Jira server (for the protection of data privacy is responsible the parent software company Atlassian), in the SAOP business program and on the business account on the employee’s computers at Rožle (Access to computers and personal data is password protected. The operating system has antivirus protection and the administrator updates it regularly). For this purpose, Rožle uses the following informations:
- Company name, company address, company tax number, name of the place, region and location of the place, company’s manager name and surname, contact telephone, contact email, type of the place, GPS address, website of the place.
Rožle collects and uses data of suppliers and subcontractors, which are stored on the business account on the employee’s computers of the company Rožle (Access to computers and personal data is protected by a password. The operating system has antivirus protection and the administrator updates it regularly). For this purpose Rožle uses the following informations:
Company name, company address, company tax number, company’s manager name and surname, contact telephone, contact email, website of the company.
The processing of personal data is carried out by the administrators of personal data collections. The contact details of the caregiver are indicated (in article 14). In accordance with their work tasks, the administrator is responsible for the diligent, professional and up-to-date processing of personal data.
III. TIME OF USE AND STORAGE OF PERSONAL DATA
(time of use and storage of personal data)
Personal data may only be used and stored for as long as it is necessary to achieve the purpose for which a specific database of personal data has been established.
For each collection of personal data, the time in which it will be used and the period of retention of personal data must be specified. If the collection of personal data is terminated, the data is deleted.
The membership data, personal data, customer, supplier and subcontractor data are stored for as long as it is strictly necessary to achieve the purposes described in articles 4 and 5 (participation in the Rožle program) for which they have been processed. If Rožle no longer needs personal data for purposes, they are only kept in accordance with tax legislation.
(deletion or destruction of personal data)
Personal data, which is used and stored for a certain period of time in a particular database, must be deleted, blocked or anonymize if they are computerized or destroyed in the case of books, files or the entire personal data collection database.
Deletion, blocking or anonymizing of computer-controlled personal data is carried out by the personal data administrator, who is indicated in article 14.
If the customer has given his consent to process his personal data for the purpose of advertising and market research, his consent may be revoked at any time in its entirety. The cancellation can be made via the contact form on the website: https://www.rozle-tea.com/kontakt-2/, via email: email@example.com or via writing to the address of the company Rožle, listed in 1 article.
Partial cancellation of consent is not possible. After the cancellation of the appropriate consent, the customer can not execute associated services anymore, and any related agreements are considered as canceled with the moment of cancellation of the consent.
The cancellation of the consent does not affect the legality of the processing of personal data on the basis of consent prior to cancellation. If the customer has not given or withdrawn the consent, personal data will not be used in the manner described in the paragraphs above.
IV. PROTECTION OF INDIVIDUAL RIGHTS
On the request of the customer, Rožle will inform him if and which information has been stored. Any consent may be revoked at any time by the customer (see article 8), and if so described, the customer may object to the processing of personal data.
The customer has the right to obtain from Rožle data submitted by him in a structured, up-to-date and machine-readable form; this information may Rožle send to the customer or other persons, upon request of the customer. Rožle must fulfill the customer’s request within one month of receipt, which may be extended, if necessary, by up to two additional months.
If a customer suspects a breach when processing his personal data, he or she has the right to file a complaint to the Office of the Information Commissioner with its registered office at Zaloška 59, 1000 Ljubljana, www.ip-rs.si.
V. PERSONAL DATA PROTECTION
In order to protect the personal data contained in the personal database, whose manager is Rožle, the employees of Rožle carry out the following security measures:
- when leaving their working premises, they must lock the desks, cupboards, cash registers and offices in which they store personal data;
documents with personal data must not be left on the tables in the presence of persons who are not employed in Rožle.
(protection of personal data in case of dealing with the customer)
When dealing with customers, the technical equipment must be installed in such a way that the clients do not have a direct access to the screen or to a printout with personal data.
(the responsibility of employees to implement security measures and procedures)
Anyone processing personal data is obliged to implement the prescribed procedures and measures for data protection and to protect the data for which he/she has learned or was acquainted with them in the performance of his/her work. The obligation to protect personal data does not end with the termination of the employment relationship.
VI. PRELIMINARY AND FINAL PROVISIONS
(appointment of the administrator)
The administrator responsible for the protection of personal data is Maša Zupančič, Mala ulica 16, 1354 Horjul. Contact phone: 040/506-700.
(the entry into force of the policy)
This policy shall enter into force on the date of signature.
Administrator: Maša Zupančič Director: Francka Zupančič