Your privacy is important to Ekoman. This Privacy Statement describes how we handle your personal data. We shall only use your personal data for the purposes stated in this Privacy Statement and for no other purposes unless the further processing of the personal data is compatible with the purposes for which this data was originally processed.
2. Personal data we collect
We collect personal data via our website www.ekoman.si, when you contact us and/or when we send a newsletter. Personal data is data that can be used to identify your identity. We collect the following information from you in the following way:
• If you create an account on our website, we ask you for your name, e-mail address and password so that you can log in and use our services. We request your billing information and delivery address so that you do not have to enter it again for your next order.
• When you place an order on our website, we ask you for your name, address, contact details and invoicing details in order to process the order and deliver your order.
• If you write a review, we will ask for your e-mail address to contact you if you are not satisfied with your purchase.
• If you contact our customer service by means of the chat function, filling in the web form, or sending us an e-mail, we ask you for your name and e-mail address in order to be able to answer your question.
• If you wish to receive our newsletter, we ask you for your e-mail address in order to be able to send you this newsletter.
• When you visit our website, we collect information about your visit and click behaviour on our website in order to bring our products to your attention and to personalise your website visit. This concerns the IP address of your computer, your username, the time of retrieval, and any other data your browser sends to us.
3. Why we collect your personal data: purposes
We only process your personal data for the purposes described above.
We shall ask you for your consent before we use your personal data for other purposes, unless the further processing of the personal data is compatible with the purposes for which this data was originally processed. If we wish to process your personal data for other purposes, we shall inform you in advance.
We may have to share your personal data with authorities or other third parties, for example when there are legal obligations.
We shall not use your personal data to take a decision based solely on automated processing, including profiling.
4. Legal bases for processing
When you place an order, you enter into a contract with us, which means we require certain information from you, such as your name, e-mail address and billing information.
We may process your data if we have certain legitimate interests in processing your personal data, except if your interest in not having the data processed is greater. Optimizing our marketing campaign, personalizing our website, and answering your questions are part of our regular business activities. In addition, we would like to keep you informed about our products via the newsletter as part of our regular business activities. Ekoman also has an interest in a website with good functionality that is tailored to the wishes of the visitors of the website. When you place an order for the first time via www.ekoman.si we first ask you to create a user account. This fits in our justified interests because this will speed up the order process and your personal data only needs to be filled in once.
You have the right to object to these processing operations. If you wish to object, please contact us. You can reach us via e-mail: email@example.com or call : +386 (0) 1 560 76 44. In that case, we shall cease processing your personal data unless there are compelling, justifiable reasons why our interest in the processing is greater than your interest in stopping the processing. You may not be able to make the best use of our services if you request us to cease processing.
In certain cases, we ask you for permission before we process your data. This concerns the following processing:
• Before you create an account on our website
• Before we send you a newsletter
You have the right to withdraw your consent at any time. In that case your personal data shall be deleted. You can withdraw your consent in the following way:
• Send an e-mail to: firstname.lastname@example.org.
• Via telephone: +386 (0) 1 560 76 44.
• Newsletter: each newsletter contains a link that allows you to unsubscribe with one click.
5. Personal data of minors
We only process the personal data of minors if written permission is given by the parent, caregiver or legal representative.
• To allow the website to function properly or better by, for example, recognizing the visitor and thus providing a better service.
• Traffic analysis on a website with the aim of identifying potential improvements.
7. Google Analytics
We use Google Analytics for gathering statistical information about our website use with the purpose of creating targeted marketing campaigns.
8. How long we store your data
We do not store your personal data longer than is necessary for the purpose for which we process the data.
• Newsletter: your name and contact details will be kept for as long as you are interested in receiving our newsletter.
• Answering your questions: your name and contact details are stored for a maximum period of 1 year. Unless there are other (legal) reasons for retaining the data.
• Delivery of our products: we do not store your data longer than is necessary to deliver the product, to collect the invoice, and for other administrative purposes. We shall not store the data we need to collect the invoice for more than two years unless there are other (legal) reasons for retaining the data.
• Technical reasons, such as website optimization: technical data is stored in an anonymous form as far as possible and used as long as necessary to optimize the website, but not longer than six months.
• Surveys: we keep this information no longer than necessary to monitor our quality of service.
9. How we secure your data
We have taken technical and organizational measures to protect your personal data against unlawful processing or loss. The security measures we have taken include, but are not limited to, the following measures:
• All persons working with us are bound to maintain the confidentiality of your personal data.
• We ensure third parties who have access to your personal data comply with the requirements we set for security. We have entered into contracts with these third parties to protect your data.
• Where possible, we pseudonymize your data and we encrypt personal data.
• We have created a secure backup environment in order to be able to restore personal data in the event of physical or technical incidents.
• We test and evaluate the set measures regularly.
We cannot completely prevent third parties from accessing your data or prevent a loss of your data through a breach of our security measures, but we shall take all appropriate measures to ensure your personal data is not accessible to unauthorized persons.
10. Where your personal data is processed
We process your personal data in the European Union. Your personal data will not be processed or transmitted to other countries.
11. Who has access to your data
We shall not provide your personal data to third parties, except to the parties described below or if you have given permission for this.
We work with the following external parties who have access to your personal data:
• Maintaining our financial administration via our ERP system (Vasco)
• Klaviyo for direct mailings.
• Intrix, for statistic purposes.
We have entered into a processing agreement with those parties that process your personal data in order to protect your personal data.
We reserve the right to share your personal data with third parties when this is required by law or when this is necessary to protect the interests of you, us, or third parties.
12. Changes to our policy
This Privacy Statement may be amended in the event of changes to our products or services, or changes in privacy legislation. We shall publish every amendment on this website. In the case of substantial amendments that apply to you, we shall inform you personally about this by sending you an e-mail for example.
13. How can you exercise your rights?
You have a number of rights under the privacy legislation (including the GDPR). These rights are described in articles 12 – 23 of the GDPR and in related legislation. In any case, you have the following rights with regard to your personal data:
• Right to request access to your personal data
• Right to request the correction of your personal data if it is incorrect (rectification)
• Right to request the removal of your personal data
• Right to request the restriction of your personal data
• If we have processed your personal data on the basis of our legitimate interests: the right to object to the (further) processing of your personal data (opposition)
• If we have processed your data on the basis of your permission: the right to request the transfer of personal data (data portability).
If you want to receive more information about this or if you want to use one or more of these rights, you can contact us via email@example.com
14. Objection and right of complaint
We process certain personal data about you based on our justified interests. You have the right to object to the processing of your personal data on this basis at all times. In that case, we shall cease processing your personal data unless there are compelling, justified reasons why our processing interest is greater than your interest to stop the processing.
What should you do if you disagree with a decision by us, for example when we decide not to delete your personal data? You can use one or more of the following options:
• Contact us: in that case we shall try to work with you to find a solution. You can find our contact information at the bottom of this Privacy Statement.
The responsibility for processing personal data lies with:
Brnčičeva ulica 29
1231 Ljubljana Črnuče, Slovenia
Telephone: +386 (0)1 560 76 44