Privacy Policy

GENERAL INFORMATION ON DATA PROCESSING

Data controller is company Karbonin do.o., Medno 80, 1210 Ljubljana-Šentvid, Slovenia, registration number: 2264943000, tax ID number: 59923504.

By opening and using the website, online store and B2B portal, various information and data are exchanged between your device and the server, which may also include personal data according to the EU General Data Protection Regulation (Regulation (EU) 2016/670, hereinafter referred to as the General Regulation) and the applicable Slovenian law on the protection of personal data. We present the exchange of data and precisely define the use, interest and reasons below.


GENERAL INFORMATION ON PERSONAL DATA AND PROCESSING

Personal data is information that identifies you as a specific or identifiable individual. The controller collects the following personal data in accordance with the purposes defined below in the Privacy Policy:

  • Basic information about the customer, which is collected when placing an order in the online store and online B2B portal (name, surname, address, e-mail address and phone number) and in the case of customer registration as a user in the online store and online B2B portal (username, e-mail address and password for access);
  • Information about the user’s purchases and invoices issued;
  • IP address of the device;
  • Date and time of access;
  • URL address of the website and referrer URL (channel and campaign – method of acquiring the visitor or the source through which the visitor came to the website);
  • Time spent on the website, number and URLs of visited pages and total visit time;
  • The type of browser you are using and the operating system used;
  • Other personal data listed in the following sections.

The controller does not collect or process your personal data, except when you allow it or consent to it, or there is a legal basis for this and the controller has a legitimate interest in the processing.


VISITING OUR WEBSITE

Purposes of data processing/legal bases:

When you open our website, the following are automatically and without your intervention accessible to us via the browser used on your end device: IP address of the device connected to the Internet that makes the request, date and time of access, name and URL of the file called up, website/application that access was gained through (referrer URL), the browser you use and, if necessary, the operating system of your internet-connected computer and the name of your access provider. This information is temporarily stored in a so-called log file for the following purposes: ensuring a smooth establishment of the connection, ensuring comfortable use of our website/application, evaluating system security and stability.

For the purposes of optimizing the website, monitoring the correct functioning of the website, analyzing sales, repeat purchases and customer behavior, as well as for the purposes of business optimization and measuring business efficiency, we use the Google analytics tools and Meta tools. With these tools, we monitor sales by sales channels, how many customers make repeat purchases and in what quantity and value, and we monitor responses to advertising campaigns and general statistical data on visits. We use IP address anonymization, so your IP address is never shared. After your IP address becomes anonymous, it is no longer possible to determine who you are, so Google, Meta and Lucky Orange cannot in any way connect your device with other data.

If you have agreed in your browser or operating system or other settings of your end device to the so-called geolocation, we use this function in order to be able to offer you individual services related to your current location. For this purpose, we process the processed location data exclusively for this function.

The data is stored in an anonymized form by a third party, i.e. Google in its analytics. This data is not stored on the Karbonin servers.


CONTACT FORM – NAME AND SURNAME, E-MAIL ADDRESS, TELEPHONE NUMBER

Purposes of data processing/legal bases:

We treat the personal data you provide us when filling out contact forms by phone, e-mail or via social networks as confidential. We use your data exclusively for the previously defined purpose, i.e. to process your request. The legal basis for data processing is Article 6 (1f) of the EU General Data Protection Regulation. Our and your legitimate interest in data processing arises from the desire to respond to your inquiry and, if necessary, solve existing problems, thereby building the trust and satisfaction of customers or users of our website.

In principle, we exclude the transfer of data to third parties. Exceptionally, this data is processed by order processors on our order. These are always carefully selected, and we monitor and contractually bind them in accordance with Article 28 of the EU General Data Protection Regulation.

Furthermore, it may be necessary for us to forward parts of your inquiry to contractual partners (e.g. suppliers for product-specific inquiries) for the purpose of further processing of your inquiry. In these cases, the inquiry is pre-anonymized so that a third party cannot link you to it. If, in an individual case, it is necessary to provide your personal data, we will first inform you about this and obtain your consent.

All personal data that you provide to us in our contact forms (including inquiries, initiatives, commendations or criticism) through this website or by e-mail are kept until the purpose for which the contact was established is achieved.


DATA PROCESSING FOR MARKETING PURPOSES

Purposes of data processing/legal bases:

With your consent, we record your behavior during the use of websites the controller of which is the company Karbonin d.o.o., as well as online news that we provide to you. The evaluation of the behavior during use includes, in particular, which areas you stay in, and which links you use there. By doing so, we create personalized user profiles by assigning your personal data (name) and/or e-mail address, with the aim of better adapting the company’s promotional approach in the form of online news, online advertisements on websites, and printed leaflets in accordance with your interests and in order to improve our offer. You can withdraw your consent to the above-defined data processing at any time free of charge, for each communication channel separately and with effect for the future. The withdrawal of your consent leads to the erasure of collected user data.

The legal basis for the aforementioned processing is Article 6 (1f) of the EU General Data Protection Regulation or, upon submission of the appropriate consent, Article 6 (1a) of the EU General Data Protection Regulation.

If you withdraw your consent for individual advertising measures, or refuse certain advertising measures, your data will be deleted from the relevant distributors (e-mails).

If you withdraw your consent for an individual communication channel, this particular contact address will be blocked for further data processing for advertising purposes. Please note that in exceptional cases, even after receiving your objection, advertising material may still be sent temporarily. This is technically conditioned by the necessary display time of online advertisements and does not mean that we will not implement your request. Thank you for your understanding.


SENDING ONLINE NEWS THROUGH THE NEWSLETTER FORM

Purposes of data processing/legal bases:

On our website, we offer you the opportunity to sign up for our online news (the so-called Newsletter). If you have agreed to receive our online news, we use your e-mail address and, if necessary, your name as address in the message to send (as far as possible individual) information about products, promotions, prize games, news from the offer, stores and to conduct customer satisfaction surveys. We store and process this data for the purpose of sending online news.

The contents of online news include campaigns (offers, discount campaigns, prize games, etc.), as well as other products that are an integral part of the sales range.

With your consent, we record your behavior while using the websites, namely carbonin.com, shop.carbonin.com and B2B.carbonin.com, mobile applications and online news. The assessment of behavior during use includes, in particular, in which areas of individual websites, mobile applications or online news you stay, and which links you use there. In doing so, personalized user profiles are created by assigning your personal data (name) and/or e-mail address in order to be able to better adapt the promotional approach, especially in the form of online news, online advertisements on websites and printed leaflets, in accordance with your personal interests and to improve the online offer.

The legal basis for data processing in the context of sending online news is your consent in accordance with Article 6 (1a) of the EU General Data Protection Regulation.

You can withdraw your consent to receive online news or create personalized user profiles at any time with effect for the future, e.g. by unsubscribing from receiving online news on our website. You can find a link to the unsubscribe page at the end of each online news. Cancellation results in the deletion of the acquired user data.

If external order processors are used to carry out the sending of online news, they are contractually bound in accordance with Article 28 of the EU General Data Protection Regulation.

If you withdraw your consent to receive online news, your data will be blocked and deleted from the relevant e-mail distributors within six (6) months after the withdrawal request is received. When signing up for news via social media, the data protection provisions of the individual provider of the social media platform additionally apply.


PURCHASE IN THE ONLINE STORE AND ON THE B2B WEB PORTAL

Purposes of data processing/legal bases:

When concluding and implementing a contract between the customer and the company (in the case of a purchase in an online store), you must provide personal data for the purposes of concluding the contract. It is not possible to process an order in the online store without the provision of the following personal data: name, surname, full address and delivery address, country, e-mail address and telephone number.

When processing the order, we transfer your data to an accounting program that is registered in the EU and demonstrates appropriate technical and organizational measures in accordance with the General Regulation for the secure processing of your personal data.

We forward your personal data to a delivery service that is registered in the EU and demonstrates appropriate technical and organizational measures in accordance with the General Regulation for the secure processing of your personal data.

The legal basis for data processing in the context of the purchase or performance of the contract with you, or the implementation of measures prior to entering into a contract, is Article 6 (1b) of the EU General Data Protection Regulation.

The data is stored for a period of 5 years from entering into or fulfilment of the contract. In accordance with tax regulations, issued invoices are kept for 10 years after the end of the year in which the invoice was issued.


ACCESS TO ORDER HISTORY AND OTHER DATA

When you call or send an e-mail, the employees of the controller can access your order history and personal data if you provide them with your personal data or account or order number. On the basis of access, they can offer you a better service and offer, as well as an effective solution to any complaints.


CUSTOMIZED COMMUNICATION WITH EXISTING AND POTENTIAL CUSTOMERS

We use customized communications (via email, browser notifications, phone or social media) to present relevant offers, send you discounts and other content that may be of interest to you based on your past interactions with our website. To carry out this type of communication, we use your demographic information (state-level location), purchase history (purchased products, number of purchases), responses and product views (opening messages, clicking on links) and addressing behavior and clicking through the website that may trigger the sending of personalized messages.

When using customized communication, we never create user profiles, we also do not profile you and focus on your personal data, but only perform processing on the basis of large groups, which makes it impossible to identify you as an individual.


PROCESSING OF PERSONAL DATA BY PROCESSORS, AUTHORISED BY THE CONTROLLER (KARBONIN D.O.O.)

By using the website, online store and B2B portal, you are aware that the controller may entrust your personal data to other contractual processors who can process the data exclusively on behalf of the controller and within the limits of the controller’s authority.

Your privacy means a lot to us, which is why the controller will never forward your personal data to unauthorized third parties, and the controller only chooses verified contractual processors whose software is regulated in accordance with the General Regulation.

In the case of transfer of personal data to third countries outside the EU, the controller ensures that such transfer is justified by the Commission’s decision on adequacy, or by special contractual provisions between the employer and the processor or user from a third country, in accordance with Article 46 of Regulation (EU) 2016/679


TECHNICAL PROTECTION OF PERSONAL DATA AND LIMITATION OF LIABILITY

The controller Karbonin d.o.o. implements several technical and organizational measures to ensure the security of personal data during collection, transmission and storage and strives to adequately protect your personal data. The controller uses SSL (Secure Sockets Layer) technology to ensure encryption of personal and credit card information, and our servers are additionally protected by the use of firewalls and other technologies to ensure data security.

The user themselves is also responsible for data protection by adequately ensuring the security of their mobile device or computer, as well as by protecting their username and password and ensuring appropriate software (anti-virus) protection of their electronic or mobile device, and at the same time by protecting (e.g. 3D secure) their banking data or sensitive data related to means of payment. Use a browser that allows you to set security features before transmitting your personal or credit card information over the Internet.

Most browsers provide notification if you are on a website that does not provide a secure connection, or if you are sending data via an unsecured connection.

The controller Karbonin d.o.o. undertakes to protect personal data and information about you, but no connection through the Internet can be 100% secure and cannot guarantee the complete security of the data you provide to us. You provide us with your personal data at your own risk.


RIGHTS OF INDIVIDUALS

The Controller ensures the realization of the rights of individuals to whom personal data refer.

Requests from individuals regarding the exercise of rights can be sent to the email address info@carbonin.com or by post to Karbonin D.O.O., Medno 80, 1210 Ljubljana-Šentvid. The individual is obliged to submit proof of identity and/or address with a request that is not forwarded from the e-mail address of the registered user.

The individual has the following rights in relation to personal data:

  • Right of access to data – An individual can at any time request that the controller confirm to them whether data relating to them is being processed and, if so, enable access to personal data and provide information related to the processing of their personal data (e.g. about purpose of processing, type of personal data, users to whom personal data has been or will be provided, expected data retention period, technical and organizational measures for data protection, etc.).
  • Right to rectification – An individual may at any time request that the controller enable them to correct inaccurate personal data relating to them and to supplement incomplete personal data. Registered users can do this through their user account settings in the online store.
  • Right to erasure – An individual can request at any time that the controller grant them the right to erase personal data (the so-called right to be forgotten).
  • Right to data portability – An individual can request at any time that the controller allow them to view the list of personal data kept for the applicant.
  • Right to object – In the event that the controller processes personal data on the basis of legitimate interests, as presented above, an individual may in certain cases object to such processing. The controller will stop processing this personal data, unless it judges that it has justified and legitimate reasons for continuing the processing or if the processing is necessary for legal reasons.
  • Withdrawal of consent – An individual can withdraw consent at any time, in cases where they have given consent for a specific purpose of processing their personal data. The withdrawal of consent does not affect the legality of any processing of personal data that was carried out prior to withdrawal.
  • Right to lodge a complaint to the supervisory authority – An individual has the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia if they believe that their personal data is being processed in violation of the applicable regulations governing the protection of personal data. The complaint procedure with the supervisory authority is to be lodged with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, Ljubljana, ip@ip-rs.si


CHANGES TO THE PRIVACY POLICY

The controller reserves the right to change the Privacy Policy depending on the situation and legislation in the field of personal data protection. Please follow it regularly and review the news. We will notify you in advance of any changes regarding the processing of your personal data and/or changes (updates) to the Privacy Policy. If you do not agree with the Privacy Policy, please stop using our online services and close your user account and withdraw any consents given.


Date of the document: 30. 8. 2022