1. INTRODUCTORY INFORMATION
The processing of personal data carried out by the personal data controller ABBA Nutrition Ltd. complies with the applicable legislation in the field of personal data protection.
2. PERSONAL DATA MANAGER
Personal data manager is: ABBA Nutrition Ltd.
85 Great Portland Street
London, W1W 7LT
For questions regarding the protection of personal data or the exercise of your rights regarding the protection of personal data, you can also contact us at the contacts listed below:
- By e-mail: email@example.com, with the subject «personal data protection».
3. POLICY VALIDITY
This Policy applies to:
- Users of our websites;
- Recipients of our e-news;
- Participants in prize games;
- Customers in our online store and
- Individuals where we conduct telephone marketing.
4. PERSONAL DATA PROCESSING
Personal data is collected and processed by ABBA Nutrition only on the basis of pre-defined and lawful purposes and only when there is an appropriate legal basis for such processing as provided by applicable law.
Categories of personal data
ABBA Nutrition collects following categories of personal data:
- basic personal data
- contact details
- data needed to execute the order in the online store, and
- data needed to perform orders in the online store.
Accurate information about the types of personal data we process
Changes to personal data can be reported to us at: firstname.lastname@example.org
Legal basis for the processing of personal data
Your personal data will be processed on an appropriate legal basis, which are defined below:
|Purpose of processing||Categories of personal data||Legal basis||Retention period|
|Conclusion and implementation of the contract||Name, surname, address, post and postal code, country, telephone, e-mail, payment details||Contractual relationship||5 years from the termination of the contractual relationship|
|Sending e-news to our customers||Name, surname, e-mail address||The law||Until cancel|
|Sending e-news to potential customers||Name, surname, e-mail address||Consent||Until cancel|
|Communication with you regarding inquiries for our service||Name, surname, e-mail address, message of the individual||Legitimate interest in ensuring effective communication with customers||30 days after the communication was ended|
|Conducting satisfaction surveys||Name, surname, telephone number||Legitimate interest||30 days from the survey|
|Ensuring registration and use of the user profile on our website||E-mail address||Legitimate interest||Until cancel|
|Ensuring a constant supply of products||Name, surname, telephone number, date and subject of purchase||Legitimate interest in ensuring product performance and product quality||Until cancel|
|Compliance with legal requirements||The data set depends on the legal requirement||The law||The deadline depends on the individual request|
|To enforce any legal claims and resolve disputes||The data set depends on the individual request||The law||The deadline depends on the individual request|
|Performing statistical analyzes||Data aggregates||Legitimate interest||We process aggregated data where identification is not possible|
- We may process your personal data when this is necessary for the conclusion and execution of the contract you have concluded with us (e.g. purchase in an online store);
- We may process your personal data when required to do so by law (e.g. keeping records of the purchase and sale of investment metals or issuing an invoice);
- Your explicit consent. We may process your personal data when you expressly consent to it. You will be given an advance notice when we process data on the basis of consent.
- Legitimate interests. We may process your personal information based on our legitimate interests.
Transmission of your personal data:
You provide us with personal data that we process on the legal bases presented above on a voluntary basis. In case you decide not to provide us with personal data, we warn you that there is a possibility that we might not be able to provide you with certain services (e.g. if you do not provide us with your delivery address, we will not be able to deliver the ordered goods).
When you consent to the processing of personal data, you have the option to revoke your consent at any time. Withdrawal of consent does not have any negative consequences for you, but it is possible that after the withdrawal of consent you will no longer be able to provide certain services (e.g. after withdrawal of consent we will no longer be able to send you our news).
Purposes for which we process personal data
We will process your personal data on the basis of pre-defined, legal and specific purposes only. They are presented in the table above.
All personal data that have expired will be deleted, destroyed or anonymised – in the latter case, so that the reconstruction of such personal data will no longer be possible (it will not be possible to determine to whom it relates).
5. PROTECTION OF PERSONAL DATA
We do our best to protect your personal information from loss, destruction and damage. To make your data as secure as possible, we use various technical and organizational measures such as:
- restricting access to personal data to those persons who need the data to perform the work
- ensuring the adequate protection of personal data contained in digitized form by establishing security mechanisms on both software and hardware
- ensuring the adequate protection of personal data contained in physical form,
- regular verification of the adequacy of security measures for both digitized and physical data, including in particular software updates
- training of employees in the field of personal data protection
- supervise the processing of personal data carried out by employees
- careful and thorough verification of contractual processors before deciding to cooperate
- conducting audits on the work of contractual processors, and
- establish appropriate protocols for security incident cases.
In case of a breach of personal data protection, we will notify the Information Commissioner, who represents the competent supervisory authority in Slovenia, of any such breach without delay.
However, in case of a data protection breach that could pose a significant risk to the rights and freedoms of individuals, we will notify you immediately.
6. TRANSMISSION OF PERSONAL DATA
We will only share your personal information with the third parties listed in this policy section. Any third party may process your personal data to a limited extent expressly specified in the contract.
ABBA Nutrition has concluded an appropriate contract with each processor for the processing of personal data, on the basis of which the scope of processing performed by each contractual processor is defined in more detail. All contractual processors are obliged to respect the protection of personal data as established by the personal data controller.
We may share your personal information with:
- Contractual processors that enable the operation of our company. Contractual processors include: accounting, IT companies, marketing agencies, mass e-mail providers.
- State authorities (e.g. tax authorities, court, etc.).
We may also transfer your personal data outside the European Economic Area (EEA), where this data may be processed by us and an individual third party. For each transfer outside the European Economic Area, we will take specific additional measures to ensure the adequate security of your personal data.
7. RIGHTS OF INDIVIDUALS
Regarding the processing of personal data, you have the following rights, which are described below:
- Right of access to personal data: at your request, we will provide you with information on whether we process personal data about you, and if so, we will also provide you with access to your personal data and certain processing information (which data we process and the origin of this data).
- The right to correct personal data: at your request, we will correct or complete incomplete or inaccurate data we process about you.
- Right to request a restriction on processing: at your request, we will restrict the processing of your personal data. We would like to remind you that the requirement to restrict processing is a limited right that cannot be used for all processing (restriction of processing is possible, e.g. the accuracy or completeness of your personal data is being checked). We are committed to examining your every request with all seriousness.
- Right to delete personal data: at your request, we will delete personal data. Please note that we cannot delete personal data that we hold due to legal requirements or on the basis of a contractual relationship.
- The right to print personal data: at your request, we will provide you with the personal data you have provided to us in a structured, commonly used and machine-readable form.
- Revocation of consent: you have the right to revoke your consent to the processing of personal data you have given at any time. Upon cancellation, we will delete all data we collect and process on the basis of consent and cease further processing. Withdrawal of consent may be provided to the contacts listed in point 2 of this Policy. Withdrawal of consent does not have any negative consequences. However, we warn you that we may not be able to provide you with certain services after you cancel. We will not be able to provide the service to you when it comes to services that cannot be performed without processing certain personal data (e.g. after revoking consent, we cannot send you our e-news, as we urgently need your e-mail address – the latter however, we may not use it without your consent.
- The right to object to the processing of personal data: you have the right to object to the processing of your personal data that we carry out. You have this right when it comes to processing for the purposes of direct marketing or to pass on your personal data to third parties for direct marketing purposes. You can also object to the processing when we use your data for the purposes of direct marketing using customized or individual offers (“profiling”). You can object to the contacts listed in point 2 of this Policy.
- Right to data portability: at your request, we will provide you with personal data that you have provided to us in a structured, commonly used and machine-readable form. You are entitled to pass this information on to another operator of your choice.
- You exercise the rights defined above by contacting us at:: email@example.com with the annotation of personal data protection.
- You have the right to lodge a complaint against us with the competent personal data protection supervisory authority in your country.
In the case of exercising the rights set out in this point, we reserve the right to identify you with certainty. If your request does not provide enough information to identify you with reliability.
8. THE USE OF WEB PLUG-INS
On our website we offer you the possibility to use plug-ins of the following social networks: Facebook, LinkedIn, Pinterest, Telegram.
ABBA Nutrition assumes no responsibility for the use of social networks.
9. FINAL PROVISIONS
This Policy enters into force on: 08. 10. 2021