Privacy Policy

GENERAL PROVISIONS

Operator data

The controller is the one who manages your personal data and determines the purposes and means of processing your personal data.

The controller of personal data of users is:

Name of the legal entity: Slovenian Cycling Federation

Address of the legal entity: Celovška 25

Post office and place: 1000 Ljubljana

Tax number: SI94727244

Registration number: 5060885000

Contact e-mail: shop@kolesarska-zveza.si

Contact telephone number: +386 1 239 6600

Data on entry in the register or other public records: The company is entered in the court register under number IV-908 / 2-53

Contact person and contact for providing information regarding the user’s personal data: Aleš Kalan, Secretary General; email: shop@kolesarska-zveza.si

Processor data

The processor of personal data is the controller.

The personal data of users are processed in accordance with the applicable legislation, on the basis of a contractual relationship that exists and regulates all areas of processing.

The data processor and controller is the Slovenian Cycling Federation.

Law

Slovenian and European Law are used to assess these privacy conditions.

The privacy conditions have been prepared in accordance with the Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/2007 et seq.), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46 / EC (General Data Protection Regulation, GDPR), the Electronic Communications Act (ZEKom-1, Official Gazette of the Republic of Slovenia, No. 109/12) and amendments) and other Slovenian and European legislation governing individual areas.

Web site

The terms of privacy are intended for users of the website: shop@kolesarska-zveza.si

Legal principles

The controller and processors respect the general principles regarding the processing of users’ personal data:

  1. We process users’ personal data legally, fairly and transparently.
  2. We collect personal data for pre-determined, explicit and lawful purposes and do not further process personal data for other purposes, except in the case of processing for scientific or historical research purposes and for statistical purposes, under certain conditions.
  3. We process personal data to the smallest extent possible, for the purposes for which they are processed.
  4. We make sure that the personal data we process is accurate and regularly updated, and that inaccurate data is corrected or deleted.
  5. We store personal data only for as long as is necessary for the purposes for which we process them.
  6. We take care of the adequate security of personal data, which includes unauthorized or illegal processing and unintentional loss, destruction or damage through appropriate technical and organizational measures.

Additional operator warnings:

The processing of personal data may also be performed by the contractor’s external contractual partners, who ensure the delivery of the ordered services. The processing is performed exclusively for the purpose of delivering the ordered services and exclusively personal data that are absolutely necessary for this service and only for the time of performing the service. For more detailed information, the customer can contact the contact person of the operator.

MEANING OF TERMS

Privacy Policy

The privacy policy is an internal act of the controller and applies to all legal relationships between him, the processors and the users. The act determines the rights and obligations of the controller and processors in the management and processing of personal data of users.

Personal information

Personal data means any information relating to an identified or identifiable individual who is a natural person. A specific individual is one whose personal data is determined and processed in accordance with the purposes set by the controller. An identifiable individual is one who can be identified, directly or indirectly, and whose personal data can be processed in accordance with the purposes set by the controller.

User

A user is an individual who is a natural person whose personal data is processed on a legal or contractual basis between the controller and that individual or on the basis of the explicit consent given by the individual to the controller.

The manager

The controller determines the purposes and means of processing within the scope of its registered activity and / or legal powers. The user is informed in advance who is the controller of personal data and who is the processor of his personal data.

Processor

The processor processes the personal data of individuals on behalf of the controller, according to his instructions, within the framework of lawful purposes and methods of processing. The controller provides the user with information about the processors of their personal data in these privacy conditions.

Subprocessor

The sub-processor processes the personal data of individuals in the name and on the instructions of the processor, within the framework of lawful purposes and methods of processing. The sub-processor reports directly to the processor, the processor to the controller.

Processing

Processing of personal data means any act or set of actions carried out in relation to personal data or sets of personal data with or without automated means, such as collecting, recording, editing, structuring, storing, adapting or modifying, retrieving, viewing, using , disclosure by brokering, disseminating or otherwise making available, adapting or combining, restricting, deleting or destroying.

PERSONAL DATA

Processing of personal data

The operator may process personal data of website users, service subscribers and individuals in legal entities with which it cooperates.

The terms of privacy define the manner of processing personal data of such individuals who have concluded a contract or ordered services, if the processing of personal data is necessary and appropriate for concluding a contract or order or for fulfilling a contract.

The privacy conditions also define the method of processing personal data for which the controller has a basis in law or for which he has obtained the written consent of the user, insofar as personal data are entered directly on the controller’s website.

Legal basis for processing

The legal basis means that the controller processes users’ personal data, as this is required by law to comply with the legal obligations applicable to the controller.

In the Republic of Slovenia, the legal obligations to process certain personal data are determined in particular by:

  1. Value Added Tax Act ZDDV-1;
  2. Rules on the implementation of the value added law;
  3. Tax Procedure Act;
  4. Companies Act;
  5. Slovenian Accounting Standards;
  6. Law on Accounting;

If the controller processes the user’s personal data because he has made an online purchase or ordered services from the controller, he keeps this account for another 10 years (as well as the user / customer data on the account).

Contractual basis for processing

The contractual legal basis for the processing of users’ personal data means that the processing is necessary for:

  1. the performance of a contract to which the data subject is a party or;
  2. implementation of measures at the request of such user prior to the conclusion of the contract.

The controller provides the user with information on the processing of his personal data in these privacy conditions and, where necessary, through notifications on his website.

The controller does not need explicit consent for the contractual processing of the user’s personal data.

If the user does not provide all the personal data that the controller needs to fulfill the contractual relationship, the controller cannot execute the user’s order. In doing so, the controller always makes sure that it obtains and further processes from the user only as much personal data as it needs to fulfill the contractual relationship.

Explicit consent as a legal basis

Explicit consent is the basis for the processing of those personal data for which the controller does not have a legal or contractual legal basis for the processing.

The operator provides the possibility of explicit consent of the user, where necessary, without a pre-filled check box. The personal consent of the user is his voluntary declaration of intent that his personal data may be processed for a specific purpose and is given on the basis of information provided by the controller with these privacy terms and directly on the website before the user explicitly consents to the processing.

The controller specifically states the individual purposes for such processing of personal data on the website, where the user has the opportunity to give such consent. The operator shall inform the user of the intentions in an understandable and easily accessible form and in clear and simple language, and shall give the user explicit consent for each different purpose.

The operator guarantees the user the right to revoke the explicit consent at any time in an easy way. Withdrawal of consent does not affect the lawfulness of processing on the basis of consent prior to its withdrawal.

Public interest

The controller may process personal data of users, insofar as the processing is necessary for:

  1. performing tasks in the public interest; or
  2. to exercise the public authority conferred on the controller.

Legitimate interest

Insofar as the processing is necessary for legitimate interests pursued by the controller or a third party, the controller may process users’ personal data to the extent strictly necessary to pursue those legitimate interests, except where such interests are outweighed by the user’s interests or fundamental rights and freedoms. , to which this data relates, in particular as regards the processing of personal data of persons under 16 years of age.

Types of personal data

Types of personal data of users that we process for predetermined purposes:

  1. name and surname
  2. address of permanent or temporary residence
  3. name of post office and place
  4. email address
  5. telephone number
  6. transaction account number
  7. geneder
  8. date of birth
  9. tax number
  10. credit card number
  11. IP address
  12. second: Cookie ID

Purpose of collecting personal data

The controller processes the personal data of users for the purposes stated, defining the legal basis on which it processes this data and determines whether the explicit consent of the user is required or not:

  1. fulfillment of a contractual obligation (order of a product or service by the user), contractual basis, explicit consent is NOT required
  2. sending information and notifications arising from the contractual obligation (subscription to e-news and / or sms notification), which do not have market content), contractual basis and legitimate interest, explicit consent is NOT required
  3. sending responses to user inquiries (filling in the inquiry form and / or contact form), contractual basis and legitimate interest, explicit consent is NOT required
  4. sending advertising messages, advertisements, campaigns that do not arise from the contractual obligation (subscription to e-news and / or sms notifications that have market content), explicit consent IS required
  5. user profiling for the purposes of targeted advertising, including remarketing (non-anonymous profiling, use of Google Analytics, Facebook tools, etc.), explicit consent to the loading of cookies that allow this profiling, explicit consent IS required
  6. registration of the user for the purposes of using the services of the operator (online store, application, commenting, giving opinions), contractual basis, explicit consent is NOT required
  7. market research and statistics for the purposes of carrying out the activities of the controller (anonymously, without processing users’ personal data), legitimate interest, explicit consent NOT required

New purposes for the processing of personal data

The controller may process personal data for new purposes for which it has no appropriate legal basis and no explicit consent, provided that the user provides all necessary information for the processing of his personal data for new purposes and obtains new explicit consent for the processing of personal data.

The controller may transfer personal data of users to third parties only in the case of criminal and civil proceedings to the extent required by law.

Cookies

The operator provides users with a notification about the use of cookies in a visible place on the website when the user visits the operator’s website. The operator shall provide up-to-date information on cookies in the notification, in particular:

  1. types and names of cookies,
  2. the purpose of their use and
  3. the duration of each cookie.

The operator provides notification without consent if he uses the following cookies:

  1. cookies required solely for the purpose of transmitting a message over an electronic communications network; and
  2. cookies that are strictly necessary to provide the information society service explicitly requested by the subscriber or user.

The operator provides the notification with the consent of the user in all other cases and informs the user accordingly about the options for setting cookies. The operator does not use cookies that require the user’s consent for installation without explicit consent. The operator provides the possibility of subsequent change of the user’s consent by keeping the notice in a visible place on the website.

The operator provides the notice on a special link on the website.

USER RIGHTS

Rights in general

The user can request from the operator:

  1. access to personal data,
  2. correction of personal data,
  3. deletion of personal data (right to forget),
  4. restriction on the processing of personal data,
  5. objection to the processing of personal data,
  6. transfer of personal data.

The operator shall respond to the user’s request no later than 30 days from the receipt of the request.

Right of access to information

The user has the right to obtain confirmation from the controller whether personal data are processed in relation to him.

The operator shall provide the following information:

  1. processing purposes,
  2. the types of personal data it processes,
  3. to which processors the personal data were transmitted for processing or disclosed,
  4. the envisaged retention period of personal data,
  5. acquaintance with the rights of the user: the right to erase, correct, restrict processing or object to such processing,
  6. the right to lodge a complaint with the supervisory authority,
  7. if the personal data for processing have not been provided by the user, information regarding the source where the controller obtained the data,
  8. the existence of automated decision-making, including profiling.

The user can use this right via the form: Exercise of rights – form

Right to correct the data

The user may request from the operator, without delay, that:

  1. corrects inaccurate data processed by the controller (or its processors) in relation to it or
  2. complete incomplete personal data.

The administrator provides a form for submitting a supplementary statement: Exercise of rights – form

Right of deletion

The user may request the controller to delete his personal data without delay if at least one of the following conditions is met:

  1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  2. the user revokes the consent given to the controller for processing and where there is no other legal basis for processing,
  3. the user objects to the processing of his personal data for the following reasons:
    1. the processing of personal data takes place in the public interest or
    1. processing takes place for the legitimate interests of the controller, or
    1. the processing of personal data takes place for the purposes of direct marketing and / or profiling.
  4. if his personal data are processed illegally,
  5. if personal data need to be deleted in order to fulfill a legal obligation imposed on the controller by law,
  6. if personal data have been collected in connection with the provision of information society services for a person under the age of 16.

The user can exercise the right to delete personal data via the form: Exercise of rights – form

The right to limit processing

The user may request a processing restriction from the operator in the case of one of the following cases:

  1. when the user disputes the accuracy of the data, for the period during which the controller can verify the accuracy of the personal data,
  2. if the processing of the user’s personal data is illegal, and the user opposes the deletion, but requests a restriction on the processing or use,
  3. when the controller no longer needs the personal data for the purposes of processing for which he had a legal basis or the explicit consent of the user, but needs them to enforce, implement and defend legal claims,
  4. if the user has lodged an objection (right to object) until it is verified that the legal reasons of the controller for processing outweigh the reasons of the user to whom the personal data relate.

When a user exercises this right, the controller may only store his data and may only process:

  1. with the user’s (subsequently given) explicit consent,
  2. to assert, enforce or defend legal claims,
  3. to protect the rights of other users (natural or legal persons),
  4. due to the important public interest of the European Union or the Republic of Slovenia.

This right can be exercised by the user via the form: Exercising rights – form

The right to data portability

The user has the right to receive from the controller the personal data he processes in relation to him. This information must be provided by the operator in:

  1. structured form,
  2. a commonly used format,
  3. machine-readable form so that the user can read the information without difficulty.

The user also has the right to pass this acquired data on to another controller, without us, as the controller, impeding him if:

  1. the data have been processed with the express consent and
  2. the processing is carried out by automated means.

The user has the right to have his data transferred from one controller to another when technically feasible.

The user can exercise this right via the form: Exercising rights – form

Right to contract

The user may at any time object to the processing of personal data relating to him when the controller processes his personal data:

  1. in the public interest, or
  2. due to the legitimate interests of the operator, including profiling this user.

The controller does not stop processing the user’s personal data on the basis of an objection if:

  1. demonstrates the legitimate reasons for the processing which outweigh the interests, rights and freedoms of the user, or
  2. needs them to assert, enforce or defend legal claims.

The controller must always comply with the user’s request when he objects that his personal data is processed for the purposes of direct marketing, including the creation of profiles, insofar as this is related to direct marketing. The controller must stop processing this personal data for direct marketing purposes.

To this end, the controller shall have clear and separate information at places where it obtains consent from the user to process his data for direct marketing purposes, so that the user may at any time revoke the consent and object to the processing of such data for these purposes.

The user can exercise the right to object via the form: Exercise of rights – form

Automated processing and design of user profiles

The user has the right not to be subject to a decision based solely on the automated processing of his data, including the creation of profiles, which has significant legal effects on him or in a similar way.

The user may not exercise the right not to have his data processed automatically, including profiling, if such a decision (automated processing) is:

  1. necessary for the conclusion or implementation of a contract between the user and the operator (eg online shopping cart),
  2. permitted under the law of the European Union or the Republic of Slovenia and also determines appropriate measures for the protection of the rights and freedoms and legitimate interests of the user (eg processing of FURS data),
  3. justified by the explicit consent of the user (eg for direct marketing through automated marketing messaging systems).

Where explicit consent is required, the operator shall provide appropriate notices to the user and a check box for explicit consent.

Withdrawal of explicit consent

The operator is obliged to give the user the possibility to fulfill the right to exemption provided by law by means of an e-mail notification in any form of direct marketing.

The controller shall prevent the use of personal data for the purpose of direct marketing within 15 days and shall inform the user who requested it in writing within a further five days or in another agreed manner.

Right to appeal

If the user considers that his rights under these privacy conditions have been violated, he may lodge a complaint with the competent supervisory body located in the Republic of Slovenia: the Office of the Information Commissioner.

COPYRIGHT

Texts on the website

It is forbidden to copy or otherwise use the contents and texts on the operator’s website outside the needs of cooperation between the operator and the user, unless otherwise stated on the website. Any infringement of copyright is considered an infringement of intellectual property rights and may be subject to the initiation of appropriate legal proceedings by the controller.

Legal document

The text of these privacy terms is in the possession of the controller and it is prohibited to copy, distribute or otherwise dispose of this text without the written consent of the owner of the information system that maintains the privacy conditions for the controller, except as permitted by law. Any encroachment on copyright is considered a violation of intellectual property rights and may be subject to the initiation of appropriate legal proceedings by the owner of the information system, ie the Slovenian Cycling Federation. For additional information regarding this issue, contact: shop@kolesarska-zveza.si.

FINAL PROVISIONS

Binding nature of legal conditions

  1. The privacy policy applies to all users who use the website and provide personal data to the controller for management and further processing.
  2. The conditions of privacy shall be binding on the controller, processors and users in the transmission, management and processing of personal data of the user and in the exercise of users’ rights and obligations of the controller and processors.
  3. The conditions of privacy shall form an integral part of any processing of personal data, in accordance with pre-defined purposes, the grounds for processing, the consent of the user and the types of personal data which are the subject of further processing.
  4. The user is informed in advance of these privacy conditions, which are available on the website of the controller and in all forms and actions where the user can provide personal data for processing.

Changes to the Terms of Privacy

  1. The operator shall regularly update the privacy conditions in accordance with legal changes.
  2. The operator shall inform users regularly and in a timely manner of changes in writing by e-mail.
  3. The controller shall provide an archive of changes to the privacy conditions, which shall be accessible to each user upon prior written request to the contact e-mail address of the controller.

Conflict solving

The operator and the user undertake to resolve any disagreements and disputes amicably and amicably. To the extent that an amicable solution is not possible, the court in the Republic of Slovenia at the seat of the administrator shall have jurisdiction to resolve the dispute.

Territorial validity

The privacy policy applies to all users, regardless of the country of access, and to all types of personal data processing, regardless of the user’s registered office.

Time validity

Legal conditions are valid from: 20.07.2020

All rights reserved.