FREE SHIPPING OVER 50 €!
PRIVACY POLICY
The Atlantida Shop brand and the website www.atlantida.shop through which it is presented to the public are the property of MEDIS-M d.o.o.
ON PERSONAL DATA PROTECTION POLICY
The purpose of the personal data protection policy is to inform individuals, service users, employees and other persons (hereinafter: the individual) who cooperate with Medis – M d.o.o. Limbuška cesta 78/b 2000 Maribor (hereinafter: the company) on the purposes and legal bases, security measures and the rights of individuals regarding the processing of personal data carried out by our company.
We value your privacy, so we always protect your information carefully.
We process your personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (hereinafter: the General Regulation)) and applicable legislation in the field of personal data protection. data (ZVOP-1, Ur. l. RS, no. 94/07)) and other legislation that gives us a legal basis for the processing of personal data.
The personal data protection policy contains information for individuals on how our company, as a controller, processes the personal data it receives from the individual on the basis of the legal bases described below.
CONTACT PERSON FOR PERSONAL DATA PROTECTION
Individuals to whom personal data relate may contact the contact person for personal data protection on any matter relating to the processing of their personal data and the exercise of their rights under the General Regulation:
Suzana Repnik Visočnik
Limbuška cesta 78 / b 2000 Maribor
Contact: Suzana Repnik Visočnik
E-mail: suzana@medis-m.si
Telephone: 02 460 53 85
PERSONAL DATA
Personal data means any information relating to an identified or identifiable individual (hereinafter: the data subject); an identifiable individual is one who can be identified directly or indirectly, in particular by indicating an identifier such as name, identification number, location data, web identifier, or by indicating one or more factors specific to the physical, physiological, genetic , the mental, economic, cultural or social identity of that individual.
PURPOSE OF PROCESSING AND BASIS OF DATA PROCESSING
The company collects and processes your personal data on the following legal bases:
- processing is necessary to fulfill the legal obligation applicable to the manager;
- processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures at the request of such data subject before the conclusion of the contract;
- processing is necessary for legitimate interests pursued by the manager or a third party;
- the data subject has consented to the processing of his or her personal data for one or more specific purposes;
- processing is necessary to protect the vital interests of the data subject or other natural persons.
FULFILLMENT OF LEGAL OBLIGATION
Based on the provisions in the law, the company primarily processes data on its employees, which is made possible by labor law. Thus, on the basis of a legal obligation for employment purposes, the company mainly processes the following types of personal data: name and surname, gender, date of birth, “EMŠO”, tax number, place, municipality and country of birth, citizenship, residence, etc.
PERFORMANCE OF THE CONTRACT
In the event that you enter into a contract with a company as an individual, this represents the legal basis for the processing of personal data. We may process your personal data for the conclusion and implementation of the contract, such as. sale of goods and services, participation in events, trainings, promotions, etc. If the individual does not provide personal data, the company cannot conclude a contract, nor can the company provide you with services or deliver goods in accordance with the contract, as it does not have the necessary data to perform. Based on the performance of a lawful activity, the company may inform individuals and users of its services on their e-mail address about its services, events, education, offers and other content. An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail to info@medis-m.si or by regular mail to the company address.
LEGAL INTEREST
The company may also process personal data on the basis of the legitimate interest it pursues. The latter is not permissible where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the case of a legitimate interest, the company always makes an assessment in accordance with the General Regulation.
The processing of personal data of individuals for the purposes of direct marketing is considered to have been carried out in the legitimate interest. The company can thus process personal data of individuals collected from publicly available sources or in the framework of lawful activities, also for the purposes of offering goods, services, employment, notification of benefits, events, etc. To achieve these purposes, the company may use ordinary mail, telephone calls, e-mail and other telecommunications means. For the purposes of direct marketing, the company may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number and e-mail address. The stated personal data may also be processed by the company for the purposes of direct marketing without the explicit consent of the individual.
An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail to info@medis-m.si or by regular mail to the company address.
PROCESSING ON THE BASIS OF CONSENT
- If the company does not have a legal basis demonstrated on the basis of law, contractual obligation or legitimate interest, it may ask the individual for consent or. consensus. Thus, it may process certain personal data of an individual also for the following purposes, when the individual gives his consent:
- address of residence and e-mail address for information and communication purposes,
- tax number or EMŠO for the purposes of possible execution in case of non-fulfillment of obligations (eg non-payment of the invoice),
- photographs, videos and other content relating to the individual (eg posting pictures of individuals on the company’s website) for the purpose of documenting activities and informing the public about the company’s work and events;
- other purposes for which the individual consents to the consent.
- If an individual gives consent for the processing of personal data and at some point no longer wishes to do so, he may request the termination of the processing of personal data by requesting an e-mail to info@medis-m.si or by regular mail to the company’s address. Withdrawal of consent does not affect the lawfulness of processing on the basis of consent prior to its withdrawal.
TREATMENT IS NECESSARY TO PROTECT THE LIFE INTERESTS OF THE INDIVIDUAL
The company may process the personal data of the data subject insofar as this is necessary to protect his or her vital interests. Thus, a company can search for an individual’s identity document, check whether that person exists in his or her database, examine his or her medical history, or contact his or her relatives, for which the company does not need his or her consent. This applies in cases where this is strictly necessary to protect the vital interests of the individual.
STORAGE AND DELETION OF PERSONAL DATA
The Company will only retain personal data for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the company processes the data on the basis of the law, it will keep them for the period prescribed by law. In doing so, some data is kept for the duration of the cooperation with the company, and some data must be kept permanently.
Personal data processed by the company on the basis of a contractual relationship with an individual are kept by the company for the period necessary for the performance of the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the company. In such a case, the company keeps the data for 10 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful settlement of the dispute.
Those personal data that the company processes on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for deletion, the data shall be deleted within 15 days at the latest.
The company may also delete this data before the cancellation, when the purpose of processing personal data has been achieved or if so provided by law.
Exceptionally, an undertaking may refuse a request for cancellation on grounds set out in the General Regulation, such as the following:
the exercise of the right to freedom of expression and information,
compliance with the legal obligation to process,
reasons of public interest in the field of public health,
archiving purposes in the public interest,
scientific or historical research purposes or statistical purposes,
enforcement or defense of legal claims.
After the retention period, the company must delete or anonymize personal data efficiently and permanently so that it can no longer be linked to a specific individual.
CONTRACTUAL PROCESSING OF PERSONAL DATA AND EXPORT OF DATA
The company may entrust the contractual processor for individual processing of personal data on the basis of a contractual contract. Contractual processors may process confidential data only on behalf of the controller, within the limits of his authority, which is written in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.
The contractual processors with which the company cooperates are mainly:
- legal and business advice providers;
- infrastructure maintainers (video surveillance, security, cleaning services);
- information system maintainers;
- email service providers and software providers, cloud services (e.g. Telecom, Microsoft, Google);
- providers of social networks and online advertising (Google, Facebook, Instagram, etc.).
- Under no circumstances will the company pass on the individual’s personal data to unauthorized third parties.
Contractual processors may only process personal data in accordance with the company’s instructions and may not use personal data for any other purpose.
As a controller and its employees, the company does not export personal data to third countries (outside the European Economic Area – EU member states and Iceland, Norway and Liechtenstein) and to international organizations except the US, with US contractual processors included in the Privacy Program. EU-US Privacy Shield. The Information Commissioner writes more about the EU-US Privacy Shield: https://www.ip-rs.si/varstvo-osebnih-podatkov/obveznosti-upravljavcev/prenos-osebnih-podatkov-v-tretje-drzave-in-mednarodne-organizacije/
COOKIES
The company’s website works with the help of t.i. cookies. A cookie is a file that stores website settings. Websites store cookies on users’ devices that they use to access the Internet in order to identify individual devices and settings that users have used to access them. Cookies allow websites to identify if the user has already visited this website, and with advanced applications they can be used to adjust individual settings accordingly. Their storage is under the full control of the browser used by the individual – the latter can restrict or disable the storage of cookies as desired.
Cookies are fundamental to providing individual-friendly online services. They are used to store information about the status of an individual website, help collect statistics about users and website traffic, etc. We can therefore use cookies to evaluate the effectiveness of the design of our website. The exact definition of which cookies are used by a particular website of the company is given in the appendix.
The storage and management of cookies is under the full control of the browser used by the individual. The browser can restrict or disable the storage of cookies as desired. You can also delete cookies stored by the browser, instructions can be found on the websites of each browser.
COOKIES ON THE SITE
Cookie name | Duration | Function | Additional info |
_fbp | 1 month | It is used by Facebook to deliver a range of advertising products, such as real-time offers from third-party advertisers. | |
_ga | 2 years | It registers a unique ID that is used to generate statistics about how a visitor uses the site. | |
_gat | 24 hours | Used to control the speed of the request. | |
_gid | 24 hours | It registers a unique ID that is used to generate statistics about how a visitor uses the site. | |
_cookie_notice_accepted | 1 year | Recorded agreement with cookies | |
PHPSESSID | 1 year | PHP session on the page | |
woocommerce_cart_hash | 1 year | Used to maintain the current shopping cart | |
woocommerce_items_in_cart | 1 year | Record the number of items in the cart | |
wordpress_logged_in_* | 72 hours | Used to record WordPress login sessions | * indicates any user identifier |
wp_woocommerce_session | 72 hours | A session that accompanies shopping on the website | |
wp_settings-* | 1 year | Used to maintain the admin panel user configuration. | * indicates any user identifier |
wp_settings-time-* | 1 year | Time setting WordPress settings for the user | “*” indicates any user identifier |
wordpres_test_cookie | Session | Check if a cookie can be set | |
woocommerce_recently_viewed cookie | 1 year | Recentyl viewed products |
DATA PROTECTION AND DATA ACCURACY
The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected, among other things, by anti-virus programs and a firewall. We have put in place appropriate organizational and technical security measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In the case of the transmission of special types of personal data, we provide them in encrypted form and protected by a password.
It is the individual’s responsibility to provide their personal information securely and to ensure that the information provided is accurate and credible. The company will make every effort to ensure that the personal data it processes is accurate and, if necessary, updated, and we may from time to time contact you to confirm the accuracy of your personal data.
INDIVIDUAL RIGHTS REGARDING DATA PROCESSING
According to the General Regulation, an individual has the following rights from the protection of personal data:
- It may request information on whether we have his personal data and, if so, what data we have and on what basis we have it and why we use it.
- He may request access to his personal data, which allows him to receive a copy of the personal data held by the company and to verify that the company is processing them legally.
- It may request corrections to personal data, such as the correction of incomplete or inaccurate personal data.
- He may request the deletion of his personal data when there is no reason for further processing or when he exercises his right to object to further processing.
- It may object to the further processing of personal data where the company invokes a legitimate business interest (even in the case of a legitimate interest of a third party) when there are reasons related to the individual’s special situation; the individual has the right to object at any time if the company processes personal data for the purposes of direct marketing.
- It may request a restriction on the processing of its personal data, which means the cessation of the processing of personal data, for example, if the individual wants the company to establish accuracy or to verify the reasons for further processing of personal data.
- It may request the transfer of its personal data in a structured electronic form to another controller, as far as possible and practicable.
- He may revoke the consent or consent he has given for the collection, processing and transfer of his personal data for a specific purpose; upon receipt of notice that it has withdrawn its consent, the company will cease to process personal data for the purposes it originally accepted, unless the company has no other legitimate legal basis for doing so lawfully.
- If an individual wishes to exercise any of the aforementioned rights, he can send a request by e-mail to info@medis-m.si or by regular mail to the company’s address. Access to the individual’s personal data and established rights is free of charge for the individual. However, the company may charge a reasonable fee if the data subject’s request is manifestly unfounded or excessive, especially if repeated. In such a case, the company may also reject the request.
In the event of exercising the rights under this title, the company may need to request certain information from you to help him confirm the identity of the individual, which is only a security measure to ensure that personal data is not disclosed to unauthorized persons.
When exercising the rights under this title, an individual may use the form of the Information Commissioner, which is available on their website. Link to: https://www.ip-rs.si/fileadmin/user_upload/doc/obrazci/ZVOP/Zahteva_za_seznanitev_z_lastnimi_osebnimi_podatki__Obrazec_SLOP_.doc
In the event that an individual believes that his rights have been violated, he can turn to the supervisory authority for protection or assistance. to the Information Commissioner. Link to: https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/
If an individual has any questions regarding the processing of their personal data, you can always contact our company via e-mail at info@medis-m.si or by regular mail to the company’s address.
ANNOUNCEMENT OF CHANGES
Any changes to our privacy policy will be posted on the website www.atlantida.shop. By using the website, the individual confirms that he / she accepts and agrees with the entire content of this personal data protection policy.
The personal data protection policy was accepted by Stanko Obradović on 25. November 2019.