PELIA ORGANIC, d. o. o., respects the privacy of its customers, therefore we handle personal data attentively, responsibly, carefully and in accordance with applicable regulations in the field of personal data protection in the Republic of Slovenia and the European Union.
Your personal data will be protected and accessible only to authorized personnel and carefully selected contract processors, to the extent and for purposes strictly necessary to exercise the rights and obligations arising from the contractual relationship with the online-store customer or website user – in accordance with express consents given and for the needs of legitimate interests pursued by the operator.
Throughout the processing, we care to maintain the confidentiality and integrity of personal data as well as to prevent their loss or unintentional destruction. We will not use personal information for any purpose that would harm the data subject or any other person involved.
1. Categories of collected data
THE OPERATOR/ DATA CONTROLLER WILL COLLECT AND PROCESS THE FOLLOWING DATA:
1. IDENTIFICATION DATA (name, surname, company name, TIN, country, street, apartment, floor, ZIP code, city, telephone number, e-mail address, password, VAT ID (if the buyer is a legal entity) – these data are collected when placing an order in the online store and when registering a user profile;
2. CONTACT DATA (delivery address, e-mail address, telephone number, invoice address, and social media profiles, if you use the “Share on social networks” function) – these data are collected when placing an order in the online store and when registering a user profile;
3. USER-ACCOUNT SETTINGS (user profile, saved delivery address, newsletter subscriptions, shopping list, favourite items, etc.) – these data are stored only for inspection by the registered user, the administrator does not have access to the list of favourite items and wishes;
4. DATA ON ORDERS (data on ordered items, payment method, claims, enforcement of factual errors, complaints);
5. INFORMATION ON THE HABITS AND INTERESTS OF ONLINE STORE VISITORS (how anonymized users use the website, information on searched items and services, links used, the method of searching and navigating the website/online store and information on devices used to access the website (IP-address, location, device ID, other technical parameters of the device, such as operating system, version, screen resolution, selected browser and browser version, reference page, date and time of access, amount of transferred data, transfer status, interface, language and data obtained through cookies and similar device identification technologies)) – these data are used for Google Analytics services, especially the Search Console; we do not use these data for advertising purposes.
We provide you with access to our website via your IP-address. When we no longer need your IP-address for this purpose, we shorten it by removing the last octet of your IP-address. We will use metadata, including the abbreviated IP-address, to analyse user behaviour, which helps to improve the quality of performance and services within our website or application.
6. DERIVED DATA, including personal data obtained from the user profile, data on items purchased by the user, data on online habits and user behaviour concerning reading messages – these are mainly data on consumer habits and attitudes towards various items and services.
2. Purposes of personal data processing
2.1 Processing unregistered guests’ personal data for the purpose of monitoring and execution of received orders and obtaining analytical data in order to optimize the website and the online store offer
For the purpose of order execution, the following personal data are processed: name, surname, company name, TIN, VAT ID number, country, street, apartment, floor, ZIP code, city, phone number, e-mail address. The provision of these personal data by the user is mandatory for the purposes of order execution and represents a condition for the use of the above service. The user’s Failure to provide personal data will result in the inability of placing an order.
2.2 Processing of personal data due to the registration of a user profile in the online store
For the purposes of using a user account in the online store www.pelia-organic.com, including all e-services of the online store, the following personal data are processed: name, surname, company name, TIN, VAT ID number, country, street, apartment, floor, ZIP code, city, phone number, e-mail address and password.
Personal data are collected and processed to simplify and facilitate the ordering of items and services; to provide users with access to information related to their orders; to improve the transparency of administrative procedures when executing orders; to store favourite items and items added to the cart; to review past orders; to provide advantages following the use of coupons; to arrange Newsletter and advertising messages subscriptions; to inform the user about customized offers; to optimize the business activity by analysing and studying shopping habits of users and to adjust the offer to the wishes and interests of the user; to optimize business costs aiming to achieve the highest level of user satisfaction (these data are processed by the operator in an anonymized or pseudonymous form); to facilitate processing of complaints and exercising other consumer rights; to inform the user in case of technical or legal issues concerning the use of the online store and other online services provided by the operator.
The operator may also from time to time prompt the user to verify the accuracy of his or her user profile data. The provision of these personal data by the user is voluntary, however, it represents a registration condition. Failure to provide personal data will result in the inability of the user to register and use the user profile in the online store.
Data processing during the use of the user profile does not include profiling.
2.3 Processing of personal data for direct marketing purposes
The operator will use the user’s personal data for the purpose of direct marketing exclusively following prior explicit and voluntary consent of the user. The user can revoke his consent at any time by sending a written message via the e-mail address firstname.lastname@example.org, or by using the unsubscribe link provided within each operator’s direct marketing e-mail. User consent revocation does not affect the lawfulness of personal data processing carried out based on a previously granted consent (i.e. before the consent revocation).
2.4 Processing of personal data for the purpose of fulfilling legal obligations
The operator may process the user’s personal data in order to fulfil own legal obligations. This particularly includes:
a) Processing data on payments for services, to meet tax and accounting obligations; and
b) Information disclosure as requested by authorities, including courts, based on and to the extent of generally applicable provisions.
2.5 Processing of personal data for the purposes of legitimate interests of the operator or a third party, provided that such legitimate interests do not outweigh the interests or fundamental rights and freedoms of the user
The operator may process the user’s personal data for the purposes of operator’s legitimate interests, e.g. asserting, enforcing or defending legal claims in order to protect the rights and interests of the operator, other users or third parties, to exercise and enforce the rights and obligations set out in the General Terms & Conditions of Trade (and Use) or for the purposes of status changes and reorganization.
The operator provides all necessary technologies and organizational measures to ensure complete security of the purchase and protection of personal data when purchasing items and ordering services online. The data are encrypted and transferred to the operator’s server in a secure form. Thus, we ensure security against third-party interception of the user’s personal data in the online store. The operator ensures a secure payment transfer using a certified payment system.
3. Functions of third parties: social media and payment service providers
The website uses functions of social networks (Facebook, Instagram) and payment service providers (PayPal, etc.) – operated by third parties. These features may a.) collect data (name, e-mail address, telephone number, postal address, date of birth, payment information (credit/debit card number, expiration date, CVV / CVC number and cardholder’s name, your IP-address, the pages you visit on our website) and b.) set cookies or use similar technologies enabling proper functioning of individual website features.
4. Links to other sites
5. Prize games
Within the frame of prize games, the company PELIA ORGANIC, d. o. o., will collect and process the following personal data based on your written consent: your name and surname, postal address, e-mail address, start date of participation, selection of the winner, prize, answer to the respective question. PELIA ORGANIC, d. o. o., will process such personal data in order to organize a prize game, inform the winner, hand over the prize, carry out the event, fulfil its legal obligations and for marketing purposes in accordance with the consents given.
6. Website user rights
6.1 Change and accuracy of data, and the right to rectification
The user guarantees the correctness, accuracy and truthfulness of the data provided to the operator. The operator will not be held responsible for any possible consequences of inaccurate, incorrect or untrue data provided by the user.
The user is obliged to notify the operator of any change or addition to personal data (especially name, surname, e-mail address, etc.) in writing, no later than 15 days after the occurrence of the change.
The user can exercise his right to data rectification in writing via the e-mail address email@example.com.
The operator will process the change of personal data within 5 working days, however not later than 1 month from receiving the written notice. If the user does not report the respective change of personal data, the operator will not be held responsible for any errors considering sent orders, promotional and other messages as well as granted price advantages.
To change personal data for an order already placed, please see the General Terms and Conditions of Trade.
6.2 The right to objection or revocation of consent to the use of personal data for advertising and marketing purposes
A user who has given consent to the use of his personal data may at any time, temporarily or permanently, object to data processing for the purposes of:
a) Direct marketing – sending of general offers and price advantages;
b) Informing the user about customized offers;
c) Conducting market research.
The user may not object to other purposes of personal data processing, related to the use of the user account, unless he requests the user profile to be deleted, as provided by the General Terms and Conditions of Trade (and Use) of the online store. In this case, the user loses all rights and advantages arising from the possession of the respective user profile.
The user may inform the operator of changes to his consent via the e-mail address firstname.lastname@example.org.
In case of receiving an objection or changes of information settings, the operator typically prevents or adjusts client information within a maximum of 5 business days, however not later than 1 month from receiving the objection notice or changes of user settings. If the information campaign was prepared before processing the objection or change of settings, it is possible that the user will still receive one last notification. Revocation of consent does not affect the lawfulness of personal data processing executed before the consent revocation.
The user will be able to use his profile in the online store despite the above objection or change of settings. After that, the user will receive only the information necessary to execute placed orders and to enable the basic use of the user profile.
7. Other users of personal data
The operator will not provide the user’s personal data to third parties without prior written consent or submission of authorization by the user. Exceptions only apply for:
a) EXTERNAL CONTRACTORS processing data exclusively on behalf of, for the account of, under the direction and under the control of the operator (e.g. service providers providing services to the operator and from whom the operator orders certain items, as necessary for contract performance; printers, advertising agencies, IT-services, accounting services and external administrators); external contractors are carefully selected and monitored by the operator;
b) STATE BODIES, on the basis of their reasoned written request for the purposes of a specific procedure.
The above companies may be located in countries outside the European Union (hereinafter “third countries”), where the level of personal data protection may not be as comprehensive as in the European Union. In the event of personal data transfer to third countries, the operator undertakes to ensure appropriate user data protection measures (e.g. by concluding agreements on the transfer of personal data including standard data protection provisions adopted or approved by the European Commission).
8. Personal data retention period
The operator will retain the user’s personal data as long as the user has a registered profile unless longer retention of certain data is provided by law and a special retention period is set for it.
In case of cancellation/deletion of the user profile by the operator, the data, in accordance with the internal rules of the controller and tax legislation, will be stored for 5 years from cancellation/deletion (unless the law provides a longer retention period) and will not be processed for other purposes.
9. User rights and enforcement thereof
The user has the right to send a written request for access to his personal data or data relating to him to the registered office of Pelia Organic, d. o. o., Ulica škofa Maksimilijana Držečnika 6, SI-2000 Maribor, EU, or via the e-mail address email@example.com. In the same way, the user may exercise the right to restrict the processing, to rectification, deletion, portability of his personal data or object to the processing thereof.
The operator is obliged to fulfill user requests within 1 month from receiving the request. This deadline can be extended by a maximum of 2 additional months, if necessary (depending on the complexity of the matter).
In case of suspicion of data processing violations, an individual has the right to file a complaint to the Office of the Information Commissioner, at the address: Zaloška 59, SI-1000 Ljubljana, www.ip-rs.si.
10. Information on personal data protection
Users can send all questions related to personal data protection and exercise of their rights:
a) Via regular mail to: Pelia Organic, d. o. o., Ulica škofa Maksimilijana Držečnika 6, SI-2000 Maribor, EU;
b) Via e-mail to: firstname.lastname@example.org
11.1 What are cookies?
Information downloaded from websites to the user’s hard drive are called “cookies”. Those are no computer programs, but small data files allowing websites to access and store data on browsing patterns of individual users.
There are several types of cookies (listed below). However, depending on the duration of cookie storage: temporary cookies (or session cookies) are deleted when you close the browser. On the other hand, persistent cookies are not deleted, but remain stored on the user’s hard drive until they expire or are actively deleted by the user (depending on the cookie storage time (on the user’s hard drive) settings by the operator).
11.2 Disabling or deleting cookies
Most browsers are set to automatically accept cookies. You can disable cookies in your browser, but be aware that you can also disable features of key importance for proper functioning of this website.
For detailed information on cookies, visit www.aboutcookies.org . This website contains comprehensive and independent information about disabling cookies using your browser settings or deleting cookies already stored on your computer. To delete cookies from your mobile device, see your device’s instructions for use.
11.3 Different types of cookies
Strictly necessary cookies – These cookies are necessary for navigating the website and using all functions, such as access to safe areas of the site. Without these cookies, we cannot provide you with required services, such as making a purchase.
Performance cookies – These cookies collect information about the way users use the website, e.g. which pages they access most often and whether they get error messages on those pages. These cookies do not collect data enabling user identification. All data collected by these cookies are displayed in aggregate form and are therefore anonymized. They are used exclusively to improve the performance of the site.
Functionality cookies – These cookies allow the website to store your selections (such as name, language or region) and provide you with enhanced, personalized features. The data collected by these cookies are anonymized, so these cookies cannot track your activities while you are browsing other websites.
Targeting or Advertising cookies – These cookies are used to display advertisements according to your interests. In addition, we use them to limit the display number of a particular ad and to measure the effectiveness of an advertising campaign. With the express permission of PELIA ORGANIC, d. o. o., they are installed by market operators within our advertising network. These cookies remember your website visits and share this information with other organizations, e.g. with advertisers. Targeting or advertising cookies are often associated with the functionality of the site, provided by the respective other organization.
11.4 List of used cookies
|NID||A cookie that records your search preferences (eg: preferred language).||1 year|
|PH_HPXY_CHECK||The cookie is used by the web hosting security system to prevent brute force attacks and does not enable the identification of individual users.||Pelia Organic||Session|
|cookielawinfo-checkbox-non-necessary||The cookies is used to store the user consent for the cookies in the category “Non-necessary”.||Pelia Organic||1 year|
|CookieLawInfoConsent||The cookie is used to store the summary of the consent given for cookie usage. It does not store any personal data.||Pelia Organic||1 year|
|_fbp||This cookie is used to provide you with more relevant advertising across Facebook.||1 year|
|_ga||Used to distinguish users.||2 years|
|cookielawinfo-checkbox-necessary||The cookies is used to store the user consent for the cookies in the category “Necessary”.||Pelia Organic||1 year|
|_gat_gtag_UA_||The cookies is used to store the user consent for the cookies in the category “Non-necessary”.||1 minute|
|_gid||The cookie is used to store information of how visitors use the website.||24 hours|
|fr||To Enable ad retargeting.||3 months|
|viewed_cookie_policy||The cookie is set to “yes” when the Cookie law info bar has been viewed and accepted.||Pelia Organic||1 year|
|wp-wpml_current_language||Determines the language that is selected on the page.||Pelia Organic||Session|
|woocommerce_cart_hash||Helps WooCommerce determine when cart contents/data changes.||Pelia Organic||Session|
|wp_woocommerce_session_||Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.||Pelia Organic||2 days|
|woocommerce_items_in_cart||Helps WooCommerce determine when cart contents/data changes.||Pelia Organic||Session|
|wordpress_logged_in_||Indicates when the user is logged in, and who it is.||Pelia Organic||Session|
|wordpress_sec_||Indicates when you’re logged in, and who you are, path /wp-admin.||Pelia Organic||Session|
PELIA ORGANIC, d. o. o.
Iva Rat, CEO