BREWWOOD, d.o.o., must ensure that the consent obtained is expressly, voluntarily given, specific and informed, and obtained by a statement or “clear act of consent”; the latter means that the validity of the consent requires the activity (not passivity) of the individual in stating that he wishes and allows the processing of his personal data.
The condition “voluntarily given consent” is thus not fulfilled if the consent is obtained through “pre-checked boxes”. We cannot talkabout voluntary consent if the individual does not have a genuine and free choice in deciding whether or not to allow the processing of their data.
The method of revoking consentmust also be as simpleas giving consent. The individual has the right to withdraw consentfor further processing of personal data, especially in the case of direct marketing.
In the following page, we have prepared a proposal of consents for the processing of personal data of users of the BREWWOOD online store.
Privacy means a lot to us, which is why this document explains our policy for collecting, using and dis-closuring of your personal information. This policy may change during updates and extensions of our services, so please review it when you discontinue and resume use of our online content and services. By using our online content and services, you consent to our data handling practices.
Personal data controller: controller means the company BREWWOOD, d.o.o., which determines the purposes and means of processing your personal data (hereinafter also the organization).
A contractual data processor is a legal or natural person to whom the controller entrusts certain tasks in the field of processing your personal data.
Personal data (s): means any data relating to the customer of the online store or. user of other online content and services.
Users of other online content and services: means a person who uses online content or. attends controller events.
Customer support: Customer support means a service that enables communication between the operator and users of online content and services.
The Rules on the Protection of Personal Data is an internal act on the protection of personal data of the controller or contractual processor of personal data.
The personal consent of an individual is a voluntary statement of the will of the individual that his personal data may be processed for a specific purpose, and is given on the basis of information to be provided by the controller under ZVOP-1; the personal consent of the individual may be the written, oral or other appropriate consent of the individual.
3. Who is the data protection officer?
4. Who has access to your data and to whom do we pass it on?
In some cases, we provide personal data to contractual processors who process personal data on our behalf. We have concluded contracts on the processing of personal data with all contractual processors, in which it is specified in detail for what purposes personal data may be processed and in what way contractual processors are obliged to provide adequate protection of personal data.
We may also provide information to organizations that have a basis in applicable law, your personal consent, or a contractual relationship for the acquisition, processing, transmission, or storage of personal information. Some personal information is provided to a contractual data processor in the United States. A contract data processor in the U.S. is appropriately self-certified under the Privacy Shield under a set of strict personal data protection rules and protections.
5. What data do we collect and process?
We collect and process only the data necessary to fulfill the contractual obligation or. to fulfill the purpose for which the data were collected. The online store processes the following types of personal data: name, surname, address, e-mail address, telephone, country, data on the use of the website, data from the analytical tool Google Analytics Solutions and data from the tool for mass sending of e-mails. In case of subscribing to online newsletters: e-mail address, name, date of birth (confirming legal drinking age), surname (optional).
6. Why do we process your data?
We process the above personal data for the purpose of invoicing, market analysis and improvement of our services, management of business and accounting data, recovery of unpaid liabilities, and for any other purposes required of us by applicable law.
We process personal data on the basis of your consent (the fields you have checked) for the purposes of:
- notifications of business e-news, articles and changes in legislation;
- analysis of your online behavior and consequently to improve your user experience;
- current news, products and services;
- contacting via e-mail or the postal address of the company as part of the satisfaction check.
7. How long do we keep your data?
Your data is stored for as long as we need it to further process personal data. Contact details may be kept for the purposes specified in point 6. until the fulfillment of the purpose for which the data were collected or. until your consent is revoked.
8. How do we protect your data?
All data in electronic form is stored on servers in accordance with regional legislation and the Rules on Personal Data Protection, which are binding on our employees.
9. What rights do you have and how can you exercise them?
We guarantee the exercise of the rights defined below without undue delay and in any case within one month of receiving your request. We reserve the right to extend the deadline for exercising the rights by a maximum of two months, taking into account the complexity and the number of requests received. If we intend to extend the deadline, we will notify you no later than one month from the receipt of the request, together with the reasons for the delay.
Where there is reasonable doubt as to the identity of an individual who submits a request in relation to any of his or her rights, we may request the provision of additional information necessary to confirm the identity of the data subject.
If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repeated, we reserve the right to charge a reasonable fee or refuse to act on the request received.
In accordance with the sectoral legislation, we enable you to exercise the following rights in relation to the processing of personal data:
Right of access to data
The data subject has the right to obtain confirmation from the organization whether personal data are being processed in relation to him and, where applicable, access to personal data and additional information relating to the processing of personal data. Please send us a request for exercising the right of access to data to the e-mail address firstname.lastname@example.org.
the right to rectification,
The data subject has the right to have the organization correct inaccurate personal data concerning him without undue delay. The user to whom the personal data relate has the right to supplement incomplete personal data, taking into account the purposes of processing. Please send us a request to exercise the right to rectification to the e-mail address email@example.com.
the right to erasure (“right to be forgotten”),
The user to whom personal data relate has the right to have the organization delete personal data without undue delay, and the organization has the obligation to delete personal data without undue delay, if there is no reason why the deletion of personal data is not allowed or. the organization has a legal interest in keeping the data for a certain period of time (eg. a legal requirement to store certain user data, proving the fulfillment of the organization’s contractual obligation to the user). Please send us a request for exercising the right to erasure to the e-mail address firstname.lastname@example.org.
the right to limit processing,
The data subject has the right to ensure that the organization restricts the processing of his personal data in accordance with the prescribed purposes of processing. You can restrict the processing of your personal data by requesting a restriction on processing sent to the e-mail address email@example.com.
the right to data portability,
The data subject has the right to receive personal data concerning him held by the organization in a structured, commonly used and machine-readable form, and the right to pass this data on to another controller without the organization to which the personal data were provided was hindered when processing is based on the consent of the user. Please send us a request to exercise the right to data portability to the e-mail address firstname.lastname@example.org.
right to objection
The data subject shall have the right, on grounds relating to his or her situation, to object at any time to the processing of personal data concerning him or her based on the processing of personal data necessary for the legitimate interests of the person concerned. the organization or a third party shall endeavor, except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, including profiling under these provisions. The organization shall cease to process personal data unless it demonstrates compelling legitimate reasons for the processing overriding the interests, rights and freedoms of the data subject or for asserting, enforcing or defending legal claims.
the right to lodge a complaint concerning the processing of personal data
The user to whom the personal data relate has the right to lodge a possible complaint regarding the processing of personal data. Please send us your complaint regarding the processing of personal data to the e-mail address email@example.com or by registered mail to the headquarters of the organization.
Also, any user to whom personal data relate has the right to lodge a complaint with the Information Commissioner if he / she considers that the processing of personal data concerning him / her violates the provisions in the field of personal data protection.