4WEB d.o.o. (hereinafter referred to as: "the provider") is the company that is operating the 4WEB website, including all its components, pages, subpages and sections which are available at *.4web.si (hereinafter referred to as: “the website”), and is committed to protecting your personal data and respecting your privacy.
The authorized person in available by e-mail at firstname.lastname@example.org.
Right of cancellation of consent: Users may always easily and quickly stop receiving notifications by following the procedure provided in the notification received, or by sending the cancellation request to the following e-mail address: email@example.com.
2. Collection and processing of personal data
3. The basis and purpose for the processing of personal data
a) Processing on the basis of a contract or in relation to the contract
4WEB may process personal data, if the processing is necessary for the performance of the contract, where the contracting party being the data subject, or for the implementation of measures at the request of such an individual before the conclusion of the contract. In cases where personal data are required to fulfil a contractual obligation and are not provided by the individual in a timely manner or altogether, this may result in an inability to fulfil a contractual obligation.
b) Processing in connection with the fulfilment of a legal obligation
4WEB may process personal data if the processing is necessary to fulfil the legal obligation applicable to the controller. In cases where personal data are necessary for the fulfilment of a legal obligation and are not provided by the individual in time or altogether, this can lead to an inability to fulfill a legal obligation.
c) Processing in relation to the protection of the vital interests of the individual
4WEB may process personal data if the processing is necessary to protect the vital interests of the data subject or other natural persons. In cases where personal data are necessary for the fulfilment of the aforementioned, and are not timely or fully transmitted, this may result in an inability to protect the life interests of the individual.
d) Treatment in respect of a legitimate interest
4WEB may process personal data, if processing is necessary for legitimate interests (for consideration of the timeliness of the implementation of an individual transaction, the correctness or accuracy of the actions carried out under each transaction, for the improvement of the quality of services or products, and the examination of customer satisfaction, for the optimization and rationalization of the work process, for preventing inappropriate actions during the conduct of an individual transaction and detection of abusive practices) for which the controller or a third party is striving, except if such interests would override the interests or the fundamental rights and freedoms of the data subject, or when the protection of personal data is required, in particular where the data subject is a child. In cases where personal data are necessary for the fulfilment all of the aforementioned and are not timely or fully transmitted, this can lead to an inability to attain a legitimate interest.
e) Processing in relation to consensus or assent
4WEB may process personal data if the data subject has consented to the processing of his personal data for one or more specified purposes. In cases where personal data are necessary for the fulfilment of the aforementioned and are not timely or fully transmitted, this may result in an inability to provide services or carrying out the activities in respect of which the consent was given.
The provider processes personal data for the following purposes:
• carrying out the necessary acts related to the sale or purchase transactions, or the performance of any other contract between the provider and the user, including verifying the payment and the shipping of the user’s order;
• registration of the product to provide the user with necessary information available regarding the authenticity of the product the user has purchased, and on the other hand to obtain some information related to the product that is relevant to the provider within its brand protection activities (such as acquiring information from users about distributors, retailers and/or dealers, who distribute, sell or deal counterfeited products as authentic provider’s products);
• registration of the user and granting the user rights and access to certain sections of the website, sending provider's instructions and notifications to the user, and fulfilling the provider's obligations regarding the registration of users, the registration of products and other uses of the website;
• keeping records of registered users of the website, of authentic provider's products and of registered provider's products;
•statistical, marketing and other analyses and research related to (registered) users and (registered) provider's products;
• sending advertising or non-advertising direct messages, e-mails and other messages (such as postal or mobile phone messages) and notifications about the website, products (from the provider and others; existing and new) and services, special offers, promotions and new items, and about daily, weekly and monthly actions;
• sending advertising or non-advertising direct messages, e-mails and other messages (such as postal or mobile phone messages) and notifications, containing e-journal, e-books, news, articles, catalogues and other promotional materials;
• sending advertising or non-advertising direct mail, e-mail and other messages and notifications for and from related companies and processors;
• providing customer care services (requesting the user’s opinion of products and services, conducting product surveys, facilitating and processing user’s inquiries and requests for information about the provider and its products and services, and informing users of rewards, competitions and promotional activities).
4. Use and Disclosure of Personal Data to Third Parties
The provider uses disclosed personal data for the purposes described above. The provider's employees are obliged to respect the confidentiality of the information provided by the users.
You acknowledge that the personal data you have disclosed to the provider is your personal data and you agree that the provider may provide, can make available or transmit your personal data to its related companies (such as SNBS d.o.o. and Feelif d.o.o.), for the purposes specified in the "Purpose for data processing" section (including the provision and marketing of the products and services of such those companies).
You agree that personal data may also be disclosed to third parties in cases, where a provider or a provider’s related companies reasonably consider it necessary in order to prevent fraud, comply with mandatory obligations, to enforce or defend the legitimate rights of the provider or any provider's related companies, or in connection with the corporate activities such as a merger, acquisition, sales or purchase of business assets and others.
5. Disclosure of Personal Data to Processors
You agree that personal data may be disclosed to other persons and entities (parties) in order to enable the performance of contracts in which the user itself is a party to and to ensure that the users can fully utilize all relevant special offers, promotions and other services of the provider. The provider uses the services of other persons to perform functions on its behalf, such as order fulfilment, package delivery, sending postal mail and e-mails, sending text messages (SMS), providing marketing assistance, processing credit card payments, providing fraud detection services and the provision of other services. Such persons will have access to personal data necessary for the performance of these functions, but they may not use personal data for any other purpose or for their own business purposes. The provider requests that these third parties comply strictly with its instructions and process the data in accordance with applicable legislation.
6. User rights
The granting of consent to the personal data processing by the provider is voluntary and the user has the right to withdraw such consent. The rights of the users with respect to the processing of their personal data include also the right to ask for the update of the data or deletion of the data from the provider’s information system and the right to a transcript of the personal data that are subject to the processing by the provider.
Please note that the provider may need up to 30 days to meet such a user's request. A user who no longer wishes to receive the provider’s e-mails with promotion notifications may follow the procedure provided in the received notification or send a cancellation request to the provider’s e-mail address firstname.lastname@example.org.
7. The rights of individuals with regard to the processing of personal data
a) The right of access to data
The individual is informed at his request whether personal data are processed in relation to him and when this is the case, we provide the following information:
• Types of personal data;
• Categories of the user to whom personal data were or will be disclosed;
• Data storage times;
• The existence of the right to request for correction or deletion of the personal data by the controller or to limit the processing of the personal data relating to the data subject, or the existence of the right to object to such processing;
• The right to file a complaint with the Information Commissioner;
• When personal data are not collected from a concerned person, all available information relating to their source;
• The existence of automated decision-making, including profiling, and meaningful information about the logic involved, the significance and the envisaged consequences of such processing for the data subject.
Upon request, the controller shall make a copy of the personal data processed and transmit it to the individual.
For additional copies required by an individual, to whom the data relates, 4WEB may charge a reasonable fee taking into account the costs incurred.
Where the data subject applies the request by electronic means and unless the data subject refers otherwise, the information shall be provided in an electronic form that is generally used.
b) The right to a correction:
The data subject may at any time request 4WEB to correct inaccurate personal data relating to him/her. The data subject shall, having regard to the purposes of the processing, have the right to supplement incomplete personal data, including the submission of a supplementary declaration.
c) The right to revoke consent:
The data subject who has given consent to the processing of personal data has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal. Likewise, withdrawal of the consent does not affect the lawfulness of data processing carried out on some other legitimate basis, laid down by law (inter alia statutes, contracts, etc.)
d) The right to erasure or the right to be forgotten:
An individual may request the erasure of personal data concerning him or her, if there is no overriding legitimate exception against the erasure, or if this is not contrary to the regulations.
4WEB erases personal data on the basis of a reasoned request for erasure by an eligible person when one of the following grounds applies:
(a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the General Data Protection Regulation, and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) of the General Data Protection Regulation, and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2) of the General Data Protection Regulation;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the General Data Protection Regulation;
e) The right to object to the processing
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the General Data Protection Regulation.
4WEB (the controller) shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
f) The right to transfer data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(i) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the General Data Protection Regulation, or on a contract pursuant to point (b) of Article 6(1) of the General Data Protection Regulation; and
(ii) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
g) The right to lodge a complaint with the supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her violates the rules.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
In the Republic of Slovenia, the Supervisory Body is the Information Commissioner of the Republic of Slovenia, Zaloška cesta 59, 1000 Ljubljana.
h) Deadlines for storing personal data (storage limitation principle)
Data storage times differ according to the type of document in which they are stored or depending on the
purposes for the collection of personal data, namely:
- In the case of the processing of personal data in the procedures for the prevention of money laundering and terrorist financing, the data is stored for ten years, until the expiration of special deadlines for their preservation laid down by regulations;
- In the case of the processing of personal data in procedures based on a contractual relationship, the information is kept for as long as the contractual relationship takes effect or until the rights from the contractual relationship can be exercised, unless the regulations stipulate a special retention period in individual cases;
- In the case of the processing of personal data on the basis of assent or consent, the data is kept until the cancellation;
- In the case of litigation in respect of a particular transaction, the data shall be retained for 10 years after the completion of the legal proceedings;
- In the case of the storage of personal data on the basis of accounting standards or of tax regulations, the data shall be retained until the expiration of the period specified in the accounting standards or tax regulations;
- In other cases, the retention of personal data is a retention period of 5 years, until the expiry of the prescribed deadline.
The Provider strongly advises all parents and guardians to teach their children safe and responsible handling of personal data on the Internet. Persons under age of 18 may not transmit their personal information to the provider through its website without the special permission of their parents or guardians.
The provider will never intentionally collect any personal data from a person, who is less than 18 years of age, or in any way use such data or disclose it to third parties without this special permission. In relation to the above, the provider assumes that the users of its website are 18 years old or older.
When you access the website of the provider (as an unregistered regular user), some non-personal information is automatically recorded (about the type of Internet browser used, the number of visits, the average time spent on the website, viewed web pages, etc.). This information is used as feedback to improve the appearance, content and functionality of the provider's website. For more information about cookies please read this link [Cookie Statement].
The provider intends to protect and manage the personal data of all users on its website in accordance with applicable law. The provider has taken all appropriate technical, organizational and personal measures in order to keep the maintained personal data of its users secure and protected from accidental or unlawful destruction and accidental loss, unlawful conduct, unauthorized disclosure or access, and against any other unlawful forms of processing.
11. Links to Other Web Sites
When users leave our website, they are advised to follow these links carefully and read the principles of personal data protection for each such individual website that collects personal information.
The provider does not control any information contained within these links and the principles of the personal data protection applicable to the other websites and is not responsible for any content, goods or services offered by these other websites.
The use of these linked websites is subject to the terms and agreements applicable to such linked websites.
The provider does not accept any responsibility or liability for the privacy practices of such third-party websites and the use of these websites is the sole responsibility of the user.
12. Exclusion of Liability
The user must properly ensure the security and confidentiality of the data disclosed to the provider when using the website.
The provider reasonably assumes that personal data has been disclosed by the user to whom the data apply or by another authorized person.
If the user suspects that the personal data is being used by a third unauthorised party or that the data has been disclosed without authorisation, he or she must immediately inform the provider thereof.
The provider shall in no event be held liable for any damage that may arise due to unauthorised disclosure of personal data to the provider.
13. Notification of Changes