When collecting, storing and using your personal data, we comply with the EU General Regulation on the Protection of Personal Data (hereinafter “GDPR”).
Personal data administrator and authorized person for data protection
The administrator of your personal data, as defined by the GDPR, is the company Nest Kind (hereinafter the “personal data administrator”). In case of problems or questions, please contact the authorized person for data protection, who is responsible for the storage and protection of your personal data in our company:
+386 31 314 322
Types of personal data collected by the personal data administrator
- your basic personal data, needed to deliver products and issue invoices (name and surname, address);
- your contact information and information about your communication with us (email address, telephone number);
- data about your use of our website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, etc.);
- data from completed inquiry forms on our website (name, surname, email address);
- data provided when registering for e-news (name, surname, e-mail address);
- other data that the user voluntarily provides to the personal data administrator.
Legal basis for processing personal data
The personal data administrator collects and processes your personal data on the following legal bases:
- processing based on law,
- processing on the basis of a contract,
- processing based on the individual’s consent,
- processing based on legitimate interest.
Processing based on the law
We process your personal data when such processing is required by law (e.g. tax legislation mandates the retention of issued invoices). We process this personal data in accordance with the requirements of the law.
Processing on the basis of a contract
We process your data when it is necessary to conclude a contract and perform contractual obligations. The transmission of personal data is voluntary in this case. If the individual does not provide personal data, the company cannot conclude a contract with him and cannot perform the service or deliver goods or other products in accordance with the concluded contract, as it does not have the necessary data for implementation.
Processing based on individual consent
We process your data when you give us your explicit consent. Typical examples are: signing up for e-newsletters, sending inquiries via online forms, participating in a prize game, etc. If an individual gives his consent to the processing of personal data and at some point no longer wants it, he can revoke it at any time.
Processing based on legitimate interest
The personal data administrator’s legitimate interest may be a permissible basis for the processing of personal data, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data refer. The basis arising from legitimate interests is often implemented without the active influence of individuals on the processing itself.
Storage time of personal data
The storage time of your personal data is conditioned by legal requirements and the purpose of data collection and storage. We will keep your personal data for the time specified by the GDPR regulations or for as long as it is necessary to achieve the purpose for which certain personal data were obtained.
After the retention period has expired, the personal data administrator effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.
Transfer of personal data to third parties
The contractual processors with whom the personal data manager cooperates are:
- maintainers of IT systems,
- website maintainers,
- email providers,
- online advertising solution providers,
- accounting service providers.
The personal data administrator will not forward your personal data to unauthorized third parties.
Naša spletna stran ne uporablja piškotkov.
Access to social networks
Security and protection of personal data
The personal data administrator makes great efforts to ensure the security of your personal data by means of organizational and technical measures such as:
- protection of information systems with anti-virus programs and a firewall;
- employee education;
- careful selection and control of contract processors;
- preventing access to personal data by unauthorized persons;
- backup of electronically stored data;
- regular maintenance and updating of computer equipment;
- providing an effective way to block, destroy, delete or anonymize personal data;
- adoption of relevant internal regulations and instructions on the protection of personal data;
With the mentioned measures, we try to protect the obtained personal data against loss, destruction, falsification, manipulation and unauthorized access or unauthorized discovery. Nevertheless, we must not forget that no form of data transmission over the Internet and no method of electronic storage is 100% secure. As a result, we cannot guarantee the complete security of your personal data.
In accordance with the GDPR, you have the right to:
- access to your personal data,
- changes to your personal data,
- deletion of your personal data,
- transmission of your personal data,
- limit the processing of your personal data,
- withdrawal of consent to the processing of your personal data.
Notification to the supervisory authority about a violation of personal data protection
In the event of a violation of the protection of personal data, the personal data administrator is obliged to notify the competent supervisory authority, except when it is likely that the rights and freedoms of individuals were not threatened by the violation. When there is a suspicion that a criminal offense has been committed at the time of the violation, the personal data administrator is obliged to inform the police and/or the competent prosecutor’s office about the violation.
In the event that it is a violation that may cause a great risk to the rights and freedoms of individuals, the personal data administrator is obliged to report the violation immediately or when it is not possible, without undue delay, to inform the individuals to whom the personal data refer. The notification to the individual must be made in understandable and clear language.
Last updated: October 2022