PRIVACY AND COOKIE POLICY

The purpose of this Privacy and Cookie Policy is to inform users (hereinafter also referred to as: individuals or you) of the website _____________ (the “website”) about the purposes and basis for the processing of personal data by Sovza Wooden Dreams s.p., Konjiška vas 37, 3210 Slovenske Konjice (hereinafter: Sovza Wooden Dreams, the company, we or the controller).

We process, store and protect all personal data in accordance with the applicable legislation governing the protection of personal data, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter: ZVOP-2). Please read our Privacy and Cookie Policy carefully to understand how we protect your privacy.

By submitting your personal data, you declare that you have read our Privacy and Cookie Policy and are aware of the methods and legal basis for the processing of personal data. If you do not agree with the methods of processing, please do not submit your personal data to us.

BASIC TERMS

The following section describes the basic terms you will encounter when reading our Privacy and Cookie Policy:

Personal data: personal data is information that identifies an individual as a specific or identifiable individual. An individual is identifiable when they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: a natural person who is identified or identifiable and whose personal data is processed by the controller responsible for the processing.

Processing of personal data: means any operation or set of operations which is performed on personal data, in particular collection, recording, organisation, organising, storing, adapting or altering, retrieving, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, blocking, anonymising, erasing or destroying personal data. Processing may be manual or automated.

Restriction of processing of personal data: means marking stored personal data with the aim of limiting their processing in the future.

Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Automated decision-making: means a decision based solely on automated processing (including profiling) which produces legal effects concerning the individual or significantly affects him or her.

Anonymisation: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, if such additional information is stored separately and subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual.

Personal data controller: a natural or legal person or other person in the public or private sector who, alone or jointly with others, determines the purposes and means of data processing, or a person designated by law who also determines the purposes and means of processing.

Personal data processor: a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Personal data user: a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. Public authorities that may obtain personal data in the course of their inquiries, as provided for by EU or Member State law, are not considered users, and their processing of personal data must comply with the applicable regulations on the processing of personal data in relation to the purposes of the processing.

Third party: a natural or legal person, public authority, agency or other body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the individual: the consent of the individual to whom the personal data relates means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

CONTROLLER AND AUTHORISED PERSON FOR THE PROTECTION OF PERSONAL DATA

The personal data controller is Sovza Wooden Dreams s.p., Konjiška vas 37, 3210 Slovenske Konjice, tax number: SI ________, registration number: _________, e-mail: info@sovza.si.

The company does not have an appointed authorised person for personal data protection.

PURPOSE OF PROCESSING, LEGAL BASIS FOR DATA PROCESSING AND RETENTION PERIODS

VISITING THE WEBSITE

When you visit our website, we store your IP address until the end of your session at the latest. If our system determines that you are not performing any activities that could compromise the functioning of our website, this information is automatically deleted.

If our system detects that you are performing activities that are clearly illegal or clearly aimed at disrupting the functioning of the website, your IP address will be stored permanently and our system will blacklist it, thereby preventing you from continuing to use the website.

Legal basis for the processing of personal data: on the basis of its own legitimate interest (Article 6(1)(f) of the General Regulation), the controller also processes personal data for the purpose of website security and the prevention of illegal activities on the website (e.g. hacking, phishing, etc.).

Categories of users: website hosting provider and security solutions provider. Users process personal data exclusively on the instructions and under the supervision of the controller.

Retention period: depends on the cookies loaded. For more information, see the “Cookies” section below in this Privacy and Cookie Policy.

NEWSLETTER SUBSCRIPTION

If you have subscribed to the online newsletter with your e-mail address on the website, you consent to us sending you the latest news. You can unsubscribe from the e-newsletter at any time by clicking on the unsubscribe link in the e-newsletter you receive.

Legal basis: personal consent pursuant to Article 6(1)(a) of the GDPR.

Categories of recipients: website hosting provider, email delivery provider.

Retention period: until revoked.

COMPLETING THE CONTACT FORM

We will process your personal data, such as your first and last name, address, telephone number and e-mail address, for the purpose of communicating with you regarding orders placed in the online store and sending offers for enquiries and customised product orders. If you do not wish to provide us with your personal data on the form, we will not be able to respond to your questions.

Legal basis: legitimate interest (communication with the general public) – 6(1)f GDPR.

Categories of users: website hosting provider with whom we have concluded an appropriate contract in accordance with Article 28 of the GDPR.

Retention period: until the end of communication, but you may request the deletion of your personal data before that.

PURCHASE OF PRODUCTS IN THE ONLINE STORE

If you purchase a product in our online store, we will need your first and last name, address, telephone number and email address. We need this information in order to sell you the product, deliver it to you and resolve any complaints. You will receive a copy of your order at your e-mail address, in accordance with General Terms and Conditions . We need your telephone number so that we can quickly resolve any complications (e.g. if you have ordered a product that is no longer in stock) and so that our delivery drivers can deliver your purchased products efficiently. We also need this information in case you fail to meet your obligations. All of this information is therefore necessary to complete your purchase. In order to improve our services and product selection in the future, we may occasionally ask you by e-mail to provide us with your opinion on your purchase and the products you have purchased. If you do not wish to provide us with your data, we will not be able to allow you to make a purchase in our online shop.

Legal basis: performance of a contract (Article 6(1)(b) of the GDPR), in certain cases a legal obligation (e.g. to comply with obligations under tax law).

Categories of users: delivery services, website providers with whom we have concluded an appropriate contract in accordance with Article 28 of the GDPR, state authorities (e.g. FURS) – if they demonstrate a legal basis.

Retention period: We store this data for 5 years from the completion of the purchase or settlement of all obligations, and for 10 years for tax purposes.