PERSONAL DATA PROTECTION POLICY
This Privacy Policy governs the collection, storage, use and other processing of personal data that Seltron d.o.o. collects from you when you make an online purchase through the B2B portal (b2b.seltron.si), when you send your request via the website www.seltron.siwhen you subscribe to the newsletter, when you visit the website www.seltron.eu or website www.selizobrazevanja.com etc.
Personal data controller and contact details
The data controller is:
SELTRON production, trade and brokerage company d.o.o.
Tržaška cesta 85 A, 2000 Maribor
Registration number: 5347297000
Telephone: 02 671 96 00
E-mail: info@seltron.si
What personal data we process
- basic contact or identification information (first name, last name, telephone number, postcode, location, e-mail address, and if you are a legal entity and you are logging into our B2B shop, your username and password and VAT ID);
- the information we need to fulfil the contract and deliver the purchased goods (delivery address, payment details, complaints details, invoice details, etc.);
- information about the use of our websites (IP address, saved preferences, newsletter subscriptions, etc.) and information about the response to our emails (whether the email has been opened).
Legal bases for processing personal data
We may process your personal data on the following legal bases:
- Contract - where the processing of your personal data is necessary for the conclusion and performance of a contract you have concluded with us or because you have requested a quotation from us;
- legal obligation - where the processing of your personal data is necessary to comply with a legal obligation (e.g. issuing and keeping invoices for a legally required period of time, etc.);
- consent - where you have given your consent to the processing of your personal data for a specific processing purpose, where you always have the right to withdraw your consent (e.g. for sending newsletters, sales updates, promotions and benefits, participating in surveys, etc.);
- legitimate interest - where we have a legitimate interest in processing your personal data (e.g. when we send you an email in case you have left the shopping basket on our website without completing your purchase or for direct marketing purposes).
Purposes of the processing of personal data
We may use your personal data for one or more of the following purposes:
- communicating with you about the provision of our services and responding to your enquiries;
- the conclusion of the contract and the fulfilment of the obligations arising from it;
- marketing communications (email, regular mail and SMS);
- to pursue any legal claims and settle any disputes;
- for statistical analysis of the sale of our goods and the use of our websites.
List of websites managed by the controller
SELTRON d.o.o. operates the following websites:
- seltron.si (information and sales website),
- seltron.eu (information and sales website),
- b2b.seltron.si (information and sales website),
- seltronhome.com (information and sales website),
- selizobrazobrazovaniya.com (informative website).
How long we keep your personal data and what happens to it after that
We retain basic personal data for as long as you are a registered user of our websites.
We retain personal data processed on the basis of your consent permanently or until you withdraw your consent.
We keep records of invoices issued for 10 years from the date of issue.
We keep the data necessary for the conclusion and performance of the contract between you and us for 6 years after the performance of the contract (delivery of the goods).
After the expiry of the retention period, we effectively erase or anonymise the personal data, which means that we process them in such a way that they can no longer be associated with you or attributed to you.
Voluntary provision of data and consequences of non-provision
The provision of personal data is voluntary and we process it with your explicit and unambiguous consent. You are not obliged to provide us with personal data, but if you do not provide us with personal data, you may not receive certain services or enter into a contract with us. We will specify what information is such that failure to provide it will result in the consequences set out above each time we obtain personal data from you.
We may also obtain personal data from public records and other publicly available sources.
Who has access to your personal data
We do not disclose or make your personal data available to third parties (outside Seltron), except where it is strictly necessary for the smooth running of our business. We only pass on your personal data to third parties if they have a written contract with us, on the basis of which they carry out certain data processing tasks and are obliged to comply with the law on the processing and protection of personal data (so-called "contract processors"). The contract processors to whom we pass on your personal data are:
- installation and service providers;
- providers of delivery services;
- email providers;
- CRM provider Intrix;
- provider of the Pantheon business information system;
- Sharepoint business support provider.
Contract processors may only process personal data within the scope of our instructions and may not process personal data for their own purposes. They, together with their employees, are committed to protecting the confidentiality of your personal data.
Data transfers outside the EU
In some cases, we may also transfer your personal data to countries that are not members of the EU or the European Economic Area. However, any such transfer will only take place if that country also ensures the same level of protection of personal data as the EU (here we are referring in particular to data archiving on servers in Switzerland) or if the recipient in question contractually commits to the protection of personal data as provided for by the European Commission.
What rights you have in relation to your personal data, how you can withdraw your consent to processing and the consequences of withdrawal.
You have the right to ask us at any time, free of charge, for your personal data:
- confirm whether we are processing your personal data;
- access to personal data - we provide you free of charge (one copy) with what data we collect, for what purpose, for how long and who has accessed it;
- Correction of inaccurate personal data - at your request, we will correct incorrect or incomplete personal data;
- restriction of processing - at your request, we will restrict the processing of your data if you contest the accuracy of the data or have lodged an objection, or if the processing is unlawful or if the processing is no longer necessary for the controller but for the establishment, exercise or defence of legal claims;
- deletion of all personal data (right to be forgotten) - we will delete all your personal data that we collect without undue delay at your request if: the personal data are no longer necessary for the purposes for which they were collected; you have withdrawn your consent; you have objected to the processing; the processing was unlawful; or we are under a legal obligation to do so;
- stop using personal data for direct marketing purposes,
- the right to data portability - you have the right to obtain from us the data that we process by automated means and that we can provide to you in a structured, structured and legible form;
- the right to object to processing;
- the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until its withdrawal.
You also have the right to lodge a complaint with the supervisory authority - the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si telephone: 012309730, website: www.ip-rs.si) if you believe that the processing of your personal data violates the General Data Protection Regulation.
Procedure for exercising rights
You may address your requests concerning the exercise of your rights in relation to personal data in writing (including by email) to the contact details set out under Data controller and contact details.
We may request additional information from you for the purposes of reliable identification in the event that you exercise your rights in relation to personal data, but we may refuse to take action only if we can demonstrate that we cannot identify you reliably.
We must respond to your request to exercise your rights in relation to your personal data without undue delay and no later than 30 days from receipt of your request.
Workers' awareness of the protection of personal data
The protection of personal data is defined in more detail in the internal Data Protection Policy and the Policy on Technical and Organisational Procedures for the Protection of Personal Data and in other internal documents with which employees are familiar.