This policy pertains to the processing of personal data conducted by the company Malinca d.o.o. (hereinafter referred to as the controller) or on behalf of the controller.
CONTROLLER AND CONTACT INFORMATION
Controller details:
Malinca d.o.o.
Ulica svežih idej 2C 3320 Velenje, Slovenia
Registration number: 6367801000
Phone: 00386 51 244 557
All inquiries and exercising of rights related to the processing of personal data by the controller can be submitted in writing via email to [email protected] or via postal mail to the address of the controller as stated in the preceding paragraph.
PROCESSING, STORAGE, AND COLLECTION OF PERSONAL DATA
In the course of providing its services, the controller processes personal data for various purposes and to varying extents. Among other things, the controller processes the following data (individuals can contact the controller for an accurate and updated list of personal data):
Data on subscribers and customers of products and programs:
• Name and surname;
• Address;
• Shipping address;
• Telephone (mobile) number;
• Email address;
• Past purchases;
• Payment information;
• Invoice number;
• Social media information (optional);
• Avatar (optional).
Personal data of individuals subscribing to regular receipt of messages/news:
• Name and surname;
• Email address;
• Telephone (mobile) number;
• Response data to email messages;
• Location.
Personal data of individuals uploading recipes and reviews:
• Name and surname;
• Avatar (optional);
• Date.
Personal data of individuals participating in prize draws:
• Name and surname;
• Email address;
• Telephone (mobile) number;
• Shipping address (in case of winner).
Data of visitors to the controller's websites (extent of personal data depends on individual preferences):
• IP address;
• Network location (where possible based on IP address);
• Unique identification number (automatically generated);
• URLs (domains) of all visited web pages on the website;
• Date and time, duration of visit to each web page;
• Number of visited web pages and time spent on each page;
• URL of the web page that redirected the individual to the controller's website.
LEGAL BASES AND PURPOSES OF PERSONAL DATA PROCESSING
The controller processes personal data based on one of the legal bases described below:
Contractual Obligations
The controller processes personal data for the purpose of entering into and fulfilling contracts in cases where an individual orders or purchases any of the controller's products and/or programs.
Within the scope of contractual obligations, the controller sends SMS notifications in cases:
• when a customer selects payment via UPN (Universal Payment Order), the controller sends payment details to the customer via SMS; and
• for informing customers about the processing of their orders (e.g., in case of shipment delays, etc.).
Consent
The controller processes personal data based on the individual's consent in cases where the individual subscribes to regular receipt of messages/news from the controller, participates in a giveaway, or when the individual uploads a recipe or review on the controller's website. Consent is also used for sending notifications via SMS messages (e.g., when a user abandons their shopping cart on the controller's website without completing the purchase).
An individual can revoke their consent at any time without adverse effects. This can be done by using the unsubscribe options provided in each message or by contacting the controller using the contact details provided in this Policy.
Legal Obligations
In certain cases, the processing of personal data is necessary to fulfil the controller's legal obligations (e.g., processing personal data for issuing invoices for purchased goods/services).
Legitimate Interest
The controller uses legitimate interest as a legal basis for processing personal data in cases where email is sent when a user abandons their shopping cart on the controller's website without completing the purchase, and in cases where the controller processes personal data of website visitors with the purpose of preventing, detecting, and sanctioning any abuses or attempted abuses of the controller's websites.
STORAGE AND ERASURE
The controller retains personal data in a user's profile for as long as the user is registered on the controller's websites.
Personal data processed based on consent is stored indefinitely or until revocation of such consent by the individual.
Invoice data is retained by the controller for 10 years from the date of issuance.
Data necessary for the conclusion and performance of a contract between the controller and the purchaser of products/programs is retained for an additional 5 years from the fulfilment of the contract.
Upon expiration of the aforementioned retention periods, personal data is deleted or anonymized, meaning that the controller modifies the data in such a way that it can no longer be associated with an individual.
VOLUNTARY TRANSMISSION OF DATA AND CONSEQUENCES OF NON – TRANSMISSION
The provision of personal data is voluntary. In the event that an individual does not provide their data, they cannot avail themselves of certain services provided by the controller (e.g., it is not possible to enter into a contract for the purchase of products/programs, as personal data is necessary for order delivery and invoice issuance).
ACCESS TO PERSONAL DATA
The controller of personal data does not disclose or allow unauthorized third parties to access them. Outside of the controller - Malinca d.o.o. company, only those individuals who have entered into a written contract with the controller regarding the processing of personal data have access to personal data. They perform certain tasks related to data processing and are obliged to comply with legislation and the controller's requirements regarding the processing and protection of personal data (so-called contracted processors).
Contracted processors who process the controller's personal data are:
• Marketing service providers;
• Email delivery service providers;
• SMS delivery service providers;
• Software solution providers;
• Delivery services.
Contracted processors may only process personal data within the scope of the controller's instructions and may not process personal data for their own purposes. They are obligated, along with their employees, to maintain the confidentiality of personal data.
INDIVIDUAL RIGHTS
An individual who wishes to exercise any of their rights related to their personal data or has questions regarding the processing of their personal data can do so at any time using the contact details provided at the beginning of this Policy.
For the purpose of reliable identification when exercising rights related to personal data, the controller will require additional information from the individual, and action can only be refused if it can be proven that the individual cannot be reliably identified.
The controller undertakes to respond to the individual's request to exercise any of the rights listed below within 30 days. If it is not possible to fulfil the request in full within the specified period, the controller will inform the individual along with an appropriate explanation.
Right to Information
An individual has the right to information about which personal data the controller processes, on what basis, for what purpose, and for how long they are retained.
Right to Erasure
If an individual no longer wishes their personal data held and processed by the controller, and provided there are no other legal grounds for their further retention and processing, they can request the deletion of such personal data from the controller at any time.
Right to Request Correction, Deletion, or Lodge a Complaint
An individual can request the correction or deletion of personal data and lodge a complaint regarding the processing of their personal data by the controller at any time using the contact details provided in this Policy.
Individuals can unsubscribe from the newsletter recipient database at any time using the contact details provided in this Policy or by clicking on the unsubscribe link at the bottom of promotional emails.
Registered users can discontinue using the online store and revoke their registration at any time by providing a written statement of revocation.
Before submitting a statement of registration revocation, the user must settle all outstanding obligations arising from purchases made in the online store. The controller will continue to protect the confidentiality of personal data and the privacy of online store users within the framework of this Policy, even in the event of registration revocation.
Right to Data Portability
An individual can request the controller to provide them with personal data relating to them that they have provided to the controller in a structured, commonly used, and machine-readable format.
Right to Remedy and Sanctions
An individual has the right to lodge a complaint with the supervisory authority (Information Commissioner of the Republic of Slovenia) and also the right to legal remedies against the decision of the supervisory authority or in case of the supervisory authority's inaction.
In any case, the controller requests that the individual first exercise their right to lodge a complaint directly with the controller.
Rights related to Automated Processing
An individual has the right not to be subject to measures based solely on profiling, analysis, or predictions using automated processing means. In this case, the individual can lodge a complaint with the controller.
Right to Withdraw Consent
An individual has the right to withdraw consent for further processing of personal data when such processing is based on consent (e.g., in the case of receiving promotional messages).
Any changes to the Personal Data Protection Policy will be published on this website.
Updated: January 31, 2024
