What personal data we process
- Basic contact details (name, surname, phone number, e-mail address);
- Information about the use of our websites (links clicked, time spent) and information about the response to our emails (whether the email was opened, which links were clicked);
- The information we need to fulfil the contract and deliver the purchased goods (subject of purchase, price, delivery address, delivery time, payment method, payment date, details of complaints, invoice details, etc.).
Legal bases for processing personal data
We may process your personal data on the following legal bases:
- where necessary to comply with our legal obligations (e.g. invoicing for goods purchased);
- where the processing of your personal data is necessary for the conclusion and performance of Contractsyou have entered into with us or because you have requested an offer from us;
- where you have given your consent to the processing of your personal data consent for processing for a specific processing purpose, where you always have the right to withdraw your consent (e.g. for personalised information about our offer based on profiling);
- where we have a legitimate interest in processing your personal data (e.g. when we send you an email in case you have left the shopping basket on our website without completing your purchase).
Purposes of the processing of personal data
We may use your personal data for one or more of the following purposes:
- communicating with you about the provision of our services and responding to your enquiries;
- the conclusion of the contract and the fulfilment of the obligations arising from it;
- marketing communications (email, regular mail and SMS);
- marketing communications based on tailored or individualised offers and messages, user profiling or grouping, each of which can receive marketing communications with different content. When creating profiles, we also monitor the individual's activity (such as the amount of time spent on a particular piece of content, what content they are interested in and the opening of emails) and the frequency and value of past purchases;
- to pursue any legal claims and settle any disputes;
- for statistical analysis of the sale of our goods and the use of our websites;
How long we keep your personal data and what happens to it after that
We retain basic personal data for as long as you are a registered user of our websites.
We retain personal data processed on the basis of your consent permanently or until you withdraw your consent.
We keep records of invoices issued for 10 years from the date of issue.
We keep the data necessary for the conclusion and performance of the contract between you and us for 5 years after the performance of the contract (delivery of the goods).
After the expiry of the retention period, we effectively erase or anonymise the personal data, which means that we process it in such a way that it can no longer be associated with you or attributed to you.
Voluntary provision of data and consequences of non-provision
The provision of personal data is voluntary. You are not obliged to provide us with personal data, but if you do not provide us with personal data, you may not receive certain services or enter into a contract with us. We will specify what information is such that failure to provide it will have the consequences set out above each time we obtain personal data from you.
Who has access to your personal data
We do not transfer your personal data or make them available to third parties (outside Sojer d.o.o.), except to those who have a written contract with us, on the basis of which they carry out certain tasks related to data processing and are obliged to comply with the legislation on the processing and protection of personal data (so-called contractual processors). The contractual processors to whom we transfer personal data are:
- marketing service providers;
- call studio providers;
- email providers;
- web content and application administrators.
Contract processors may only process personal data within the scope of our instructions and may not process personal data for their own purposes. They, together with their employees, are committed to protecting the confidentiality of your personal data.
The contractual processors do not export personal data to third countries (outside the Member States of the European Economic Area - EU Member States plus Iceland, Norway and Liechtenstein).
What rights you have in relation to your personal data, how you can withdraw your consent to processing and the consequences of withdrawal
You have the following rights in relation to your personal data:
- to ask us at any time:
- confirm whether we are processing your personal data;
- access to personal data and the following information: the purposes of the processing; the types of personal data; the users or categories of users to whom the personal data have been or will be disclosed, in particular users in third countries or international organisations; the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine this period; the existence of automated decision-making, including profiling, and the reasons for it, as well as the significance for you and the foreseeable consequences of such processing;
- one (free) copy of the personal data in the format you specify (if the request is made by electronic means of communication and you do not request otherwise, the copy will be provided electronically); we may charge a reasonable fee, taking into account costs, for additional copies you request;
- correction of inaccurate personal data;
- restriction of processing where:
- contest the accuracy of the personal data for a period which allows us to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of your personal data and request instead that its use be restricted;
- we no longer need the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims;
- deletion of all personal data (right to be forgotten) if the conditions set out in Article 17 of the GDPR are met, and in particular if you withdraw your consent to the processing of personal data;
- extract personal data in a structured, commonly used and machine-readable format, with the right to transmit this data to another controller without hindrance from us;
- stop using personal data for direct marketing purposes, including profiling;
- that you are not subject to a decision based solely on automated processing, including profiling, provided that the conditions set out in Article 22 of the GDPR are met.
- the right to lodge a complaint against us with the Information Commissioner if you consider that the processing of your personal data breaches the General Data Protection Regulation.
Procedure for exercising rights
You may address your requests concerning the exercise of your rights in relation to personal data in writing to any of the contacts listed under Personal data controller and contact details.
We may request additional information from you for the purposes of reliable identification in the event that you exercise your rights in relation to personal data, but we may refuse to take action only if we can demonstrate that we cannot identify you reliably.
We must respond to your request to exercise your rights in relation to personal data without undue delay and no later than one month from receipt of your request.