Last updated: 8.3.2023
Please note that this document applies to the website policy only and doesn’t apply to the product policy itself.
This policy applies to the processing (use) of any personal data carried out by the company YFLab LLC. (the Controller) or which is carried out on behalf of the Controller.
Information about the Controller:
Celovška cesta 150,
Tax No.: SI 79155049,
Registration No.: 8727155000
T: +386 51 894 440
We process personal data in accordance with the European legislation (Regulation(EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: “the General Regulation”)), the current Slovenian legislation in the field of personal data protectionand other legislation, which gives us the legal basis for processing of personal data.
Data Protection Officer (DPO) has not been appointed.
Basic contact details (name, telephone number, e-mail address);
Data about the use of our websites (clicks on links, time spent) and data about the response to our emails (whether the email was opened, which links were clicked on);
The information we need to fulfill the contract and deliver the goods purchased (subject of purchase, price, delivery address, delivery time, method of payment, date of payment, details of complaints, invoice details, etc.).
We may process your personal data on the following legal bases:
- Where it is necessary for the performance of our legal obligations (e.g. invoicing for goods purchased);
- Where the processing of your personal data is necessary for the conclusion and performance of a contract you have entered into with us or because you have requested a quotation from us;
- Where you have given your consent to the processing of your personal data for a specific processing purpose, in which case you always have the right to withdraw your consent;
- Where we have a legitimate interest in processing your personal data (when we send you an email in case you have left the shopping basket on our website without completing your purchase).
- Purposes of processing personal data
- We may use your personal data for one or more of the following purposes:
- Communicating with you about the provision of our services and responding to your enquiries;
- To enter into a contract and to perform our obligations under that contract;
- Marketing communications (sending emails and SMS messages);
- To pursue any legal claims and resolve disputes;
- For statistical analysis of the sale of our goods and the use of our websites;
We retain basic personal data for as long as you are a registered user of our websites.
Personal data that we process on the basis of your consent is retained permanently or until you withdraw that consent. We keep data on invoices issued for 10 years from the date of issue.
We retain the data necessary for the conclusion and performance of a contract between you and us for 5 years from the performance of the contract (delivery of the goods).
In the case of exercising the rights of an individual, the company stores the personal data of this individual until a final decision has been made on the matter, and aftert he final decision in accordance with the final decision in the case.
After the expiry of the retention period, we effectively delete or anonymise the personal data, which means that we process it in such a way that it can no longer be linked to you or attributed to you.
The provision of personal data is voluntary. You are not obliged to provide us with personal data, but if you do not provide it, you cannot enter into a contract with us (as we need it to deliver your order). We will specify what information is such that providing it will have the consequences set out above each time we collect personal data from you.
We have reasonable state-of-the-art security measures in place to protect against theloss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it. You should bear in mind that the submission of information over the internet is never entirely secure.
We do not pass on your personal data or make it available to third parties (outside YFLab d.o.o.), except to those who have a written contract with us, on the basis of which they carry out certain data processing tasks and are obliged to comply with the legislation on the processing and protection of personal data (so-called “contract processors”).
The contractual processors to whom we provide personal data are:
- Marketing service providers;
- providers of sending e-mails;
- providers of text messaging services;
- software solution providers;
- delivery services.
Contract processors may only process personal data within the scope of our instructions and may not process personal data for their own purposes. They, together with their employees, are committed to protecting the confidentiality of your personal data.
Contract processors do not export personal data to third countries (outside the member states of the European Economic Area – these are EU member states plus Iceland, Norway and Liechtenstein).
You have the following rights in relation to your personal data:
To request from us at any time:
- to confirm whether we are processing your personal data;
- access to personal data and the following information: the purposes of the processing; the types of personal data; the users or categories of users to whom the personal data have been or will be disclosed, in particular users in third countries or international organizations; the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine this period; the existence of automated decision-making, including profiling, and the reasons therefor, as well as the relevance to you and the foreseeable consequences for you of such processing;
- one (free) copy of the personal data in the format you specify (if the request is made by electronic means of communication and you do not request otherwise, the copy will be provided in electronic form); we may charge a reasonable fee, taking into account costs, for additional copies you request;
- correction of incorrect personal data;
Restriction of processing where:
- you contest the accuracy of the personal data, for a period which allows us to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use;
- we no longer need the personal data for the purposes of the processing, but you need the personal data for the establishment, exercise or defense of legal claims;
- deletion of all personal data (right to be forgotten) if the prerequisites set out in Article 17 of the GDPR are met, and in particular if you withdraw your consent to the processing of personal data;
- the extraction of personal data in a structured, commonly used and machine-readable format, with the right to transmit this data to another controller without hindrance from us;
- stop using your personal data for direct marketing purposes, including profiling;
- not to be subject to a decision based solely on automated processing, including profiling, provided that the conditions set out in Article 22 of the GDPR are met.
- the right to lodge a complaint against us with the Information Commissioner if you consider that the processing of your personal data breaches the General Data Protection Regulation.
You may address your requests concerning the exercise of your rights in relation to your personal data in writing to any of the contacts listed at the top of this document under Data Controller and contact details.
We may request additional information from you for the purposes of reliable identification in the event that you exercise your rights in relation to personal data, and we may refuse to take action only if we can demonstrate that we cannot identify you reliably.
We must respond to your request to exercise your rights in relation to personal data without undue delay and at the latest within one month of receipt of your request.
In the decision on the individual's request, the company will also inform the individual of the reasons for the decision and information about the right to appeal to the supervisory authority within 15 days of being informed of the decision. Individuals can exercise their right to file a complaint with the supervisory authority at: Information Commissioner of the Republic of Slovenia at the address: Dunajska cesta 22, 1000Ljubljana (e-mail address: email@example.com, website: www.ip-rs.si).