1. What is the purpose of this policy?
2. Who processes your personal data?
2.1. Controller of personal data
If you work with us, you trust us with your personal data. In this case, the controller of your personal data is Rol Group d.o.o., Cesta v Kleče 16, SI-1000 Ljubljana, Slovenia (hereinafter Rol Group), firstname.lastname@example.org, Tel: 00 386 (0)1 620 97 50. At Rol Group we understand the importance of privacy. Everyone at Rol Group is deeply committed to ensure the security of your personal data. To this end, we have established rules and procedures as well as technical and organisational measures aimed to ensure an adequate level of security for the processing of personal data. If you have any questions relating to the processing of your personal data or the exercise of your rights in relation to the processing of your personal data, you can contact our data protection officer at any time: Mitja Primožič, email: email@example.com, telephone: 00 386 (0)1 620 97 50.
Your personal data may also be processed by our processors on behalf of us. These are other trusted companies or persons to whom we have contractually entrusted specific tasks related to the processing of your personal data (e.g. authorised print shops, call centres, delivery services, etc.). Before choosing a processor, we carefully check their suitability, in particular that the processor’s business is registered to carry out their business activities and that they ensure an adequate level of protection of personal data. Processors process your personal data on documented instructions from us and solely on our behalf and for our account.
3. What personal data do we process about you and why?
Processing of personal data shall mean any operation relating to personal data, in particular collection, obtainment, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, classification or association, restriction, anonymisation, erasure or destruction. Processing can be manual or automated. The type, grounds and manner of processing of your personal data depend in particular on the specific purpose for which personal data are processed.
3.1. Website visit data that do not include personal data
In order to improve the user experience of our website, we collect and store certain non-personally identifiable data upon visit.
When you request a file from our website, we collect and store certain site visit data for the purpose of technical administration of the website.
These data include:
- the page from which the visit request was made,
- the address of the web page that was requested,
- the date and time of the request,
- time spent on the page,
- visit status (i.e. if the file has been downloaded successfully or not found, etc.),
- the IP address of the computer from which the access request was made,
- a description of the type and version of the web browser used,
- the operating system installed.
This data is analysed for technical and statistical purposes as well as for the technical management of the website and is not passed on to third parties under any circumstance. These anonymous data are stored separately from personal data and are in no way linked to your personal data, which means that it is not possible to establish a link to a specific person.
3.2. Processing of personal data for the purpose of entering into and performance of a contract
If you have entered into a contract with Rol Group, your personal data is primarily processed for the purpose of conclusion and performance of the contract (e.g. offer preparation, invoicing, resolving complaints, etc.). In particular, when completing your order we will need your personal name and your home address. In order to facilitate and speed up our communication with you, when you place your order we will also ask you for your other contact details, in particular your email address and telephone number, so that we can keep you informed of any important facts relating to your order, provided that you agree to such method of communication.
3.3. Processing of personal data based on your consent
Your personal data may also be processed for other purposes if you have given your consent to such processing. Consent means any freely given, explicit, informed and unambiguous indication of your will by which you consent to the processing of personal data for a specific purpose. You can give your personal consent by making a (written or oral) statement or by another clear affirmative action. For example, in the case of the use of the Rol Group website, consent is deemed to be given when you click on a blank confirmation box on the website to confirm that you allow the processing of personal data for a specific purpose. If you are under 15 years of age, you cannot give valid consent to the processing of your personal data. In this case, your parent or guardian must consent to the processing of your personal data.
3.4. Processing of personal data for direct marketing purposes
If you have entered into a contract with us or have any other business interaction with us that falls within the scope of our legitimate business, we may, on the basis of the law governing the protection of personal data, use your personal data (name and surname, address, telephone number, email address) also for direct marketing purposes. If you have consented to this, any personal data that Rol Group processes in its databases may also be used for direct marketing purposes, i.e.
- for sending offers, promotional material, magazines and invitations to events;
- for performing surveys;
- for segmentation (i.e. offering our services);
- creating tailored offers based on our assessment and prediction of your interests, needs (profiling), etc.
Direct marketing can be accomplished through a variety of communication channels: regular mail and email, SMS and MMS, telephone (land line and mobile), via Facebook and other social networks.
3.5. Other processing of your personal data
We also process personal data relating to your order for the purposes of various internal statistics, analyses and controls. In this context, we carry out, in particular, analyses aimed to determine the performance of particular marketing campaigns and controls to determine the correctness of the calculation of surcharges and commissions to our agents and brokers, which are necessary to ensure the correct fulfilment of our contractual obligations towards our contractual partners. In this case, the basis for processing your personal data is our legitimate interest and for that we will implement the data minimisation principle and will endeavour to avoid any unauthorised interference with your interests or fundamental rights.
4. Will we pass on your personal data to third parties?
We share personal data with other companies, organisations or individuals when we believe in good faith that access to, use, storage or disclosure of such data is reasonably necessary for:
- compliance with any applicable regulations, legislation, legal process or enforceable instruments of official authorities.
We will not disclose your personal data to other natural or legal persons unless you have given your explicit consent.
5. When and how can you request that we stop using your personal data?
If we process your personal data on the basis of your consent (e.g. processing for direct marketing), you may at any time in person, in writing by post to our address (Cesta v Kleče 16, SI-1000 Ljubljana, Slovenia) or by email to our email address (firstname.lastname@example.org), or by telephone (Tel: 00 386 (0)1 620 97 50) request that we stop using your personal data for these purposes, permanently or temporarily, in part or in full. In such case, Rol Group will adequately suppress the use of the personal data for these purposes within 15 (fifteen) days and will notify you thereof within a further 5 (five) days in writing or by other agreed means. Your withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
6. What other rights do you have and how can you exercise them?
If Rol Group processes your personal data, you have the following rights:
- you may request access to your personal data and a copy thereof;
- you may request that your personal data be completed or rectified if it is incomplete or inaccurate;
- you may request that your personal data be erased, in particular if the personal data are no longer necessary in relation to the purposes for which they were collected, or if they have been unlawfully processed, or if they have been processed on the basis of your consent and you have withdrawn your consent and there is no other legal ground for their processing;
- you may request restriction of processing of your personal data, in particular if you contest their accuracy - for a period enabling us to verify the accuracy of your personal data; if the processing is unlawful and you oppose the erasure of your personal data; if the retention period of data has expired but you require the data for the establishment of legal claims;
- you may object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, unless processing is necessary for the performance of a task carried out for reasons of public interest or for legitimate interests. In this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.
You can exercise the above rights by sending a request to our data protection officer, by post to Cesta v Kleče 16, SI-1000 Ljubljana, Slovenia marked "For Personal Data Protection", or by email to: email@example.com.
We will respond to your request without undue delay, and within 15 or 30 days at the latest.
7. How do we implement the protection of your personal data?
Because the security of your data is important to us, we transmit your personal data over a secure SSL connection. If personal data are collected, the data transmission is encrypted using SSL. Your personal data is then transmitted over the internet with at least 256-bit SSL. SSL encryption protects your personal data from access by third parties. SSL (Secure Socket Layer) is a protocol for encrypting messages sent over the internet that offers a particularly high level of security.
Our website and related support systems are provided with technical and organisational measures to prevent the loss, erasure, access, alteration or dissemination of data by unauthorised persons. Despite regular checks, it is not possible to guarantee absolute protection against risks.
Our website is hosted on the servers of hosting provider G-server d.o.o., located in Ljubljana, Slovenia. More detailed informations about their location are not disclosed for security reasons.
In order to ensure the protection of personal data, Rol Group uses organisational, technical and other appropriate procedures and measures to prevent unauthorised destruction, alteration or loss of data and unauthorised processing. The procedures and measures are described in detail in the internal Personal Data Protection Policy of Rol Group.
8. Web analytics
To improve the online experience of www.rol-group.si, the website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics analyses how you use the website.
The rol-group.si website does not store cookies for the purposes of Google Analytics. For analytics purposes, rol-group.si provides Google with a user identification number (UserID), which it has previously obtained from Google Analytics. Google stores data for Google Analytics on its own servers, the location of which is unknown to us. Rol Group does not transmit any personal data to Google. Please note that this website uses Google Analytics with the IP Anonymization extension, so the IP address is handled only in a truncated form, which means that personal identification is prevented.
Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity intended for website operators and other operators that relate to website activity and internet usage. The truncated IP address transmitted by your browser to Google Analytics is not linked to other Google data. You can refuse to be tracked by selecting the appropriate settings in your browser (the "Do not track" option).
9. Social plugins
The rol-group.si website may include plugins from social networks such as Facebook, YouTube and others.
The plugins displayed on the site appear in the form such as is served by the social network. When the plugin is displayed, only the address of the currently displayed web page is passed to the plugin, while the IP address is also passed automatically.
Social plugins usually store cookies, which are used to identify their users. In such cases, these cookies do not come from the rol-group.si website, but from the social network website.
The content of a certain plugin can be tailored to the user, provided that the user is a user of the social network in question. The way the plugin is displayed is dictated by the social network, Rol Group has no influence on its content, nor does it provide the plugin with any information that could identify the user.
10. How long do we maintain your personal data?
Personal data collected for the purposes of concluding and performing contracts are retained for 10 years from the conclusion of the contract. Other personal data are kept until the purpose for which they were collected has been fulfilled. Personal data processed on the basis of your consent is kept for ten years from the date of withdrawal of your consent.
This policy may change from time to time. Any changes to this policy will be published on this page. In case of major changes we will provide for a highly visible announcement.
Rol Group d.o.o.,
on 8 April 2019