1) About the Privacy Policy
The purpose of the Medilip Adria d.o.o. privacy policy. (hereinafter: “Privacy Policy”) is an introduction to the users of Medilip d.o.o. services. and other persons (hereinafter also referred to as: “individuals”) with the purpose and basis of the processing of personal data by the company Medilip Adria d.o.o., Drage Gervaisa 9, 51500 Krk, and the rights of individuals in that area. The company offers special care regarding the security of your personal data. All forwarded personal data are treated with complete trust and used for the purpose for which they were forwarded. We manage your private data with the greatest care, taking into account the currently valid legislation and the highest standards of their handling. Among other things, we take care of the security of your personal data with appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts with the aim of protecting your personal data as efficiently as possible.
In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from accidental or illegal destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been transferred, stored or otherwise processed. . At the same time, this Privacy Policy additionally clarifies the consent you have given for the processing of your personal data. The Privacy Ordinance is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the World dated April 27, 2016 on the protection of individuals during the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (below: “General provision on data protection”), the following information is covered: – company contact information, – purposes, bases and types of processing of different types of personal data of individuals, – storage time of certain types of personal data, – rights of individuals in connection with the processing of personal data, – the right to file a complaint regarding the processing of personal data, – the validity of the Privacy Policy
2) Personal data collected by the company If you are only a visitor to the website, we collect data about you only with the use of cookies. If you are a user of services or an orderer of services offered by the company, we also collect other personal data about you, which we need to perform the services you ordered or use. These personal data are: – first and last name – contact e-mail address – contact phone – IP address – data for making an offer based on your question (your address, tax number) 3) Manager of personal data The manager of personal data processed in accordance with these Privacy Rules is Medilip Adria d.o.o., Drage Gervaisa 9, 51500 Krk.
4) Categories of individuals for whom personal data is processed This Privacy Policy is intended for everyone who has subscribed and/or used our services or sent an inquiry, as well as those who visit our website. 5) Purpose of processing and basis for data processing 5.1. Processing based on contract: As part of exercising contractual rights and fulfilling contractual obligations, the company processes your personal data for the following purposes: identification of an individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of possible changes, additional details and instructions for using services, complaints , charging for services and for other purposes necessary for the implementation or conclusion of the contractual relationship between the company and the individual. When billing for services, based on tax regulations, we obtain and process your address data for correct billing. 5.2. Processing based on law: Based on legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further to ensure stable and secure operation of our system and services, as well as to implement information security measures, meet service quality requirements and detection of technical failures of systems and services. On the basis of legitimate interest, we also use your personal data for the purpose of possible enforcement, judicial and extrajudicial proceedings.
In accordance with the General Regulation, in case of suspected abuse, the company may process data about individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and, if appropriate, forward this data to other service providers, business partners and the police. , the state attorney’s office or other competent authorities. In order to prevent future abuse or fraud, information about an individual’s history of identified abuse or fraud, which includes information about the subscriber relationship and, for example, IP address, may be retained for five years after the end of the business relationship. 5.3. Processing based on consent for the processing of personal data: Data processing can also be based on your consent, which has been forwarded to the company. For example, consent may relate to the communication of offers, benefits and service improvements provided by the company. The purpose of such information is to bring the services as close as possible to your needs and wishes and to increase their useful value for you. The notification is made through the channels you have chosen in the consent. You may revoke the notice at any time, as defined in the Privacy Policy. You can withdraw or change your consent at any time in the same way you gave it or as otherwise defined in the Privacy Policy, while the company reserves the right to identify the customer. Change of consent can also be arranged by email to kontakt@activeluxe-cosmetics.com or by written request sent to the company headquarters. Withdrawal or change of consent applies only to data processed on the basis of your consent. Your last consent that you forwarded to us is valid. The possibility of revocation of consent does not represent the right to withdraw from the business relationship of an individual with the company. Data for which your consent has been given is processed without revocation for up to two years after the termination of the business relationship with the company.
6) Restrictions on the transfer of personal information If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also provide personal data to such carefully selected external managers who will enter into a personal data processing agreement with the company or the same agreement or other binding document (hereinafter: “Processing Agreement”). We will provide or make available such data to external controllers for processing only to the extent necessary for the specific purpose. These data may not be used by the external administrator for any other purposes, provided that they meet at least all standards for processing personal data provided by the current legislation. The company contractually obliges external managers to respect the confidentiality of your personal data. On the basis of a reasoned request, companies also submit personal data to competent state bodies that have a legal basis for this. Companies d.o.o. whether, for example, they will respond to requests from courts, law enforcement authorities and other national authorities, which may include national authorities from another EU member state. 7) Personal data storage period The data storage period is determined according to the category of individual data. Data is stored for the longest time necessary to achieve the purpose for which it was collected or further processed or until the expiration of the statute of limitations for the fulfillment of obligations or the legally prescribed storage period. Accounting information and related contact information about individuals may be stored for the purpose of fulfilling contractual obligations until full payment for the service or until the expiration of the statute of limitations in relation to an individual request, which can last from one to five years. Invoices are kept for 10 years after the end of the year to which the invoice refers, in accordance with the law regulating value added tax. Other data obtained on the basis of your consent are stored for the duration of the business relationship and for 2 years after termination, unless the law provides for a longer storage period. If the individual who has given consent for the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the date of submission or until revoked. At the end of the storage period, the data will be deleted, destroyed, blocked or anonymized, unless otherwise specified by law for each type of data.
8) Rights of Individuals in connection with the processing of personal data We guarantee the execution of your rights in connection with the processing of your personal data without undue delay. We will decide on your request within one month of receiving the request. In case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, together with the reasons for the extension.
Requests regarding the exercise of your rights are accepted by e-mail kontakt@activeluxe-cosmetics.com or by mail to the address Medilip Adria d.o.o., Drage Gervaisa 9, 51500 Krk. When you submit a request by electronic means, we will provide you with information electronically whenever possible, unless you request otherwise. If there is reasonable doubt as to the identity of the individual making the request in relation to any of his rights, we may request the provision of additional information necessary to confirm the identity to which the personal data relates. If the requests of the data subject are manifestly unfounded or excessive, in particular because they are repeated, the company may: – charge a reasonable fee, taking into account the administrative costs of providing information or communication or carrying out the necessary action, or – refuse to act on the request
We provide you with the following rights in connection with the processing of your personal data: (i) the right to access data (ii) the right to repair (iii) the right to deletion (“right to be forgotten”) (iv) the right to limit data processing (v) the right to transfer of data (vi) the right to a contract (i) the right to access data You always have the right to know and be informed, whether personal data is being processed in connection with you and if this is the correct claim, then access to personal data includes the following: – purpose of processing , – type of personal data, which are processed – users or categories of users, who have been or will disclose personal data to them – the intended period of personal data storage or, if this is not possible, the criteria used to determine that period – the existence of rights and that requires the controller to correct or delete personal data or limit the processing of your personal data, or the existence of the right to object to such processing, – the right to file a complaint with a supervisory authority, – personal data is not collected from you, all information is available in connection with their by source (ii) right to rectification You have the right to correct inaccurate personal data relating to you without undue delay and taking into account the purposes of processing, the right to supplement incomplete personal data, including submitting a supplementary statement. (iii) right to deletion (“right to be forgotten”) You have the right to delete your personal data without undue delay when it relates to one of the following reasons: – where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed , – when you revoke the consent on the basis of which the processing is carried out, there is no other legal basis for processing, – if you object to the processing of data and there are no necessary justified reasons for their processing, – when personal data have been processed illegally, – when personal data must be deleted in order to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.
(iv) the right to limit data processing You have the right to limit the processing of your personal data in connection with one of the following cases: – when you dispute the accuracy of the data, during the period that allows us to check the accuracy of the personal data, – the processing is illegal and you object to the deletion of the personal data and instead request a restriction of their use, – we no longer need your personal data for processing purposes, but you need them to establish, exercise or defend legal claims, – if you have objected to the processing based on the company’s legitimate interests until it has been verified that our legitimate reasons outweigh your reasons. If the processing of your personal data is limited in accordance with the previous paragraph, such personal data, apart from their storage, will be processed only with your consent, either for the purpose of achieving, enforcing or defending legal claims or for the protection of the rights of another natural or legal person. We are obliged to inform you before lifting restrictions on the processing of your personal data. (v) right to data transfer You have the right to receive your personal data provided to us in a structured, frequently used and machine-readable form and the right to forward this data to another controller without interference from the company when the processing is based on your consent, and the processing is performed by automated means.
At your request, where technically feasible, personal data may be transferred directly to another data controller. (vi) right to contract When we process your data based on legitimate interest for marketing purposes, you can object to such processing at any time. We stop processing your personal data unless we prove compelling reasons for the processing that exceed your interests, rights and freedoms or if it is for the establishment, enforcement or defense of legal claims. 9) The right to submit a complaint regarding the processing of personal data You can send a possible complaint regarding the processing of your personal data to the e-mail address: kontakt@activeluxe-cosmetics.com or by mail to the address Medilip Adria d.o.o., Drage Gervaisa 9, 51500 Krk . In the event that we do not decide on your request within the legal deadline or if we reject your request, you have the option of submitting a complaint to the Information Commissioner. You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates EU regulations in the field of personal data protection. If you have exercised your right to access the data and after receiving the decision you believe that the personal data you received are not the personal data you requested or that you did not receive all the requested personal data, you can submit a reasoned appeal to the Information Commissioner in the company within 15 days. We must decide on your appeal as if it were a new request within five working days. 10) Final Provisions Anything not covered by this Privacy Policy is subject to applicable law. The Company reserves the right to change this Privacy Policy. We will inform you about the change by publishing it on the official website of Medilip Adria d.o.o. 30 days before coming into force. In case of questions about the Privacy Policy or about the data we have about you, write to us at the e-mail address kontakt@activeluxe-cosmetics.com 11) Validity of the Privacy Policy These Privacy Policy are published on the website of Active Luxe Cosmetics and are effective from 25.5.2018 Medilip Adria d.o.o.
