PERSONAL DATA PROTECTION POLICY
Personal data controller and contact details
This policy applies to the processing (use) of any personal data carried out by or on behalf of MEDILINE Mešana trgovska družba, d.o.o., Perovo 30, 1241 Kamnik (the Controller).
Information about the controller:
– MEDILINE Mešana trgovska družba, d.o.o.-
– Location: Perovo 30, 1241 Kamnik
– Registration number: 1124072000
– Telephone: +38618308040
– E-mail: firstname.lastname@example.org
Data protection officer:
– Nadja Kristan, Director
– Contact phone: +38618308050
– Contact e-mail address: email@example.com
What personal data we process
– Basic contact details (name, surname, organisation, function, telephone number, e-mail address);
– Information about previous communication (information about the data and products requested and provided)
– Information about the response to our emails (whether the email has been opened);
– Information we need to fulfil the contract and deliver the goods purchased (subject of purchase, price, address for
delivery, delivery time, method of payment, date of payment, details of complaints, details of invoice, etc.).
Legal bases for the processing of personal data
We may process your personal data on the following legal bases:
– Where it is necessary for the performance of our legal obligations (e.g. invoicing for goods purchased);
– where the processing of your personal data is necessary for the conclusion and performance of a contract you have entered into with us or because you have requested a quotation from us;
– where you have given your consent to the processing of your personal data for a specific processing purpose, in which case you always have the right to withdraw your consent (e.g. for the purpose of informing you about our offers);
– where we have a legitimate interest in processing your personal data.
Purposes of processing of personal data
We may use your personal data for one or more of the following purposes:
– Communicating with you about the provision of our services and responding to your enquiries (legitimate interest for the efficient operation of our business, communications with customers and prospective customers);
– the conclusion of a contract and the performance of our obligations under that contract;
– marketing communications (sending emails, ordinary mail);
– marketing communications based on tailored offers, carried out by non-automated grouping, each of which may receive marketing communications with different content. We monitor the individual’s activity (such as what content they are interested in) and the frequency and value of past purchases;
– to pursue any legal claims and resolve disputes;
– for statistical analysis of sales of our goods.
How long we keep your personal data and what happens to it after that
We keep personal data processed on the basis of your consent permanently or until you withdraw your consent.
We keep data on invoices issued for 10 years from the date of issue.
We retain the data necessary for the conclusion and performance of a contract between you and us for 5 years from the performance of the contract (delivery of the goods).
After the expiry of the retention period, we effectively delete or anonymise the personal data, which means that we process it in such a way that it can no longer be linked to you or attributed to you.
Voluntary provision of data and consequences of non-provision
The provision of personal data is voluntary. You are not obliged to provide us with personal data, but if you do not provide us with personal data, you may not receive certain services or enter into a contract with us. We will specify what information is such that its non-disclosure will have the consequences set out above each time we obtain personal data from you.
Who has access to your personal data
We do not pass on your personal data or make it available to third parties (outside MEDILINE Mešane trgovska družba, d.o.o.), except to those who have a written contract with us, on the basis of which they carry out certain tasks relating to the processing of data and are obliged to comply with the legislation on the processing and protection of personal data (so-called contractual processors).
The contractual processors to whom we provide personal data are:
– providers of postal services, shipping services, file destruction services and data storage media;
– providers of information technology services in the context of servicing and maintenance of software;
– website administrators and webmasters;
– processors engaged by the company to provide services necessary for the performance of contracts and external service companies;
– providers of electronic document transmission;
– carriers of goods to customers’ addresses;
– the Company’s agents for the conclusion and performance of contracts, including collection and any legal proceedings; and
– the parent company and other related companies.
Contract processors may only process personal data within the scope of our instructions and may not process personal data for their own purposes. They, together with their employees, are committed to protecting the confidentiality of your personal data.
Contract processors do not export personal data to third countries (outside the member states of the European Economic Area – EU member states plus Iceland, Norway and Liechtenstein).
What rights you have in relation to your personal data, how you can withdraw your consent to processing and the consequences of withdrawal
You have the following rights in relation to your personal data:
– To request from us at any time:
– Confirm whether we are processing your personal data;
– access to personal data and the following information: the purposes of the processing; the types of personal data; the users or categories of users to whom the personal data have been or will be disclosed, in particular users in third countries or international organisations; the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine this period; the possible existence of automated decision-making, including profiling, and the reasons therefor, as well as the relevance to you and the foreseeable consequences for you of such processing;
– one (free) copy of the personal data in the format you specify (if the request is made by electronic means of communication and you do not request otherwise, the copy will be provided in electronic form); we may charge a reasonable fee, taking into account costs, for additional copies you request;
– correction of inaccurate personal data;
– restriction of processing where:
– you contest the accuracy of the personal data, for a period which allows us to verify the accuracy of the personal data;
– the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use;
– we no longer need the personal data for the purposes of the processing, but you need the personal data for the establishment, exercise or defence of legal claims;
– deletion of all personal data (right to be forgotten) if the prerequisites set out in Article 17 of the GDPR are met, and in particular if you withdraw your consent to the processing of personal data;
– the extraction of personal data in a structured, commonly used and machine-readable format, with the right to transmit this data to another controller without hindrance from us;
– stop using your personal data for direct marketing purposes;
– the right to lodge a complaint against us with the Information Commissioner if you consider that the processing of your personal data breaches the General Data Protection Regulation.
Procedure for exercising your rights
You may address your requests concerning the exercise of your rights in relation to personal data in writing to any of the contacts listed under Data Controller and Contact Details.
We may request additional information from you for the purpose of reliable identification in the event that you exercise your rights in relation to personal data, and we may refuse to take action only if we can prove that we cannot identify you reliably.
We must respond to your request to exercise your rights in relation to personal data without undue delay and at the latest within one month of receipt of your request.
The provisions of this Policy complement and do not override the provisions of legislation on the protection of personal data. In the event of any inconsistency between the provisions of this Policy and the provisions of legislation on the protection of personal data, the provisions of the legislation shall prevail.
Mediline d.o.o. may modify this policy at any time. You may consult the changes on the website www.mediline.si.