Facebook

Languages

  • Slovenščina
  • Italiano
  • English
  • Deutsch
  • Hrvatski
Designed by Aaron Burni
Production of fresh egg pasta and gnocchi

Production of fresh egg pasta and gnocchi

Privacy Policy of Barone d.o.o. Sežana, Partizanska cesta 123, 6210 Sežana

The purpose of this Privacy Policy is to inform customers and potential customers of Barone d.o.o. Sežana, Partizanska cesta 123, 6210 Sežana, Slovenia, e-mail info@barone.si (hereinafter: Barone or the Controller) of the method, purpose and the basis of personal data processing by the Controller and the rights of individuals whose personal data are processed by the Controller.

Data Controller

The Controller of personal data is Barone d.o.o. Sežana, Partizanska cesta 123, 6210 Sežana, Slovenia.

Personal data

Personal data is information that identifies you as a specific or determinable data subject. A data subject is determinable when he/she can be directly or indirectly determined, in particular by specifying an identifier, such as name, identification number, location data, web identifier or one or more factors that are specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.

The Controller collects the following personal data about its customers and potential customers, who are natural persons:

  • Basic data about the user (name and surname, street, place);
  • Contact details and data about your communication with the Controller (e-mail address (e-mail), telephone number);

The Controller shall only collect or process your personal data upon your agreement thereof, i.e. upon ordering products or services or contacting us through the form on our website, or when there is a legal basis for the collection of personal data or if the Controller has a legitimate interest in processing.

The Controller processes collected data for the purposes indicated below in the framework of the processing on an individual basis.

Legal basis for data processing

The Controller collects and processes your personal data on the following legal bases:

  • Law and contractual relations,
  • Consent of the individual,
  • Legitimate interest.

Processing based on law and contractual relations

In the event that the provision of personal data is a contractual obligation (this means the obligation necessary to conclude and implement a contract with the Controller) or a legal obligation (this means that the Controller must collect certain personal data based on the law), you are to provide personal data. If you fail to provide personal data, you may not conclude a contract with the Controller, nor can the Controller provide services or deliver products under the contract, as it shall not have the necessary data for the execution of the contract.

Processing on a legitimate interest basis

Your personal data is used based on a legitimate interest, in order to detect and prevent the fraudulent use and misuse of our services, ensure the stable and safe operation of our services, implement information security measures, meet the requirements in connection with the quality of services and detect technical failures of systems and service.

In the case of suspected abuses, the Controller shall process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing any fraud or abuse and, where appropriate, submit this data to the police, the state prosecutor's office or other competent national authorities.

In order to prevent future abuse or fraud, data on the history of identified abuses or fraud in connection with data subject, including data on the scope and content of past cooperation with the Controller, shall be kept for five years after the termination of business relationship or until the purpose is fulfilled, whichever is the sooner.

Processing based on your consent

Upon your consent, the Controller shall collect and process (use) your personal data for the following purposes:

  • Draw up offers based on your inquiries (via online form, telephone, personally, etc.), which also includes the submission of a catalogue of the Controller's products,
  • Inform customers about possible product defects (also based on the law and the legitimate interest, when expressly dictated by circumstances)
  • Send weekly sales promotions and other notifications about the Controller's current offer and novelties by e-mail.

Retention of personal data

The Controller shall keep personal data being processed based on the law for a period prescribed by the law.

The Controller shall keep personal data being processed due to the execution of a contractual relationship with a data subject for the period which is necessary for the execution of the contract and one year after its termination, except in the case of dispute over the contract between you and the Controller. In such case, the Controller shall keep the data for 5 years after the final court or arbitration decision or settlement, or, if there is no court dispute, 5 years from the date of the peaceful settlement of dispute.

The Controller shall keep personal data, being processed based on individual's personal consent, until the consent is withdrawn by the individual or the request for processing termination. The Controller shall delete such data before the withdrawal only if the purpose of personal data processing has already been achieved or if the law so provides.

The Controller shall retain personal data, being kept on a legitimate interest basis, for the period necessary to achieve the purpose, for which it was stored, unless otherwise provided for individual cases in this Privacy Policy.

After the expiry of the retention period, the Controller shall erase or anonymise personal data effectively and permanently, so that they can no longer be connected to a particular data subject.

Contractual processing of personal data

As a data subject, you are familiar with and agree that the Controller entrusts individual tasks related to your data to other persons (contractual processors). Contractual processors may process entrusted data solely on behalf of the Controller, within the limits of its authorisation (in a written contract or other legal act) and in accordance with the purposes defined in this Privacy Policy.

Contractual processors with whom the Controller participates are:

  • Accounting services and intermediaries of accounting applications;
  • Law firms and other providers of legal advice;
  • IT system maintenance staff (including computer scientists and website administrators);

The Controller shall not transfer your personal data to unauthorized third parties.

Freedom of choice

The information you provide about yourself is controlled by you.

Data subjects who want to unsubscribe from our newsletter please send your request thereof by e-mail: info@barone.si. Please inform us of any changes to your personal data (postal code, e-mail address, physical address, telephone number) by e-mail to info@barone.si.

Data subject’s rights with regard to data processing

If you have any questions regarding our policy on the protection of personal data or personal data processing or want to claim any of your rights in connection with personal data, please feel free to contact us without reservation. Contact us at: info@barone.si.

As a data subject you have the following rights in connection with the provision of fair and transparent processing:

Right of consent withdrawal: if you, as a data subject, give consent to the processing of your personal data (for one or more specific purposes), you shall have the right to withdraw your consent at any time, in whole or in part, without prejudice to the legality of the data processing that has been carried out based on the consent until the withdrawal.

The consent may be withdrawn by a written statement submitted to the Controller to: info@barone.si.

The withdrawal of the consent for personal data processing shall have no negative consequences or sanctions for the data subject.

Right of access to personal data: as a data subject, you have the right to obtain confirmation from the Controller on whether personal data is processed in relation to you and, where that is the case, access to personal data and certain information (about the purposes of the processing, types of personal data, the user, the retention periods or the criteria for determining the periods, the existence of the right to rectification or deletion of data, the right to restrict and object to the processing and the right to appeal to the supervisory authority and the source of the data if the data has not been provided by you);

Right to rectification of personal data: as a data subject, you have the right to obtain from the Controller to rectify inaccurate personal data in relation to you without undue delay. With regard to the purposes of processing, you, as the data subject, have the right to supplement incomplete data and to submit a supplementary declaration;

Right to deletion of personal data (“right to oblivion”): as a data subject, you have the right to request the Controller to delete personal data in relation to you without undue delay. The Controller may refuse your request if it needs such data to fulfil its statutory obligations or establish, exercise or defend legal claims.

Right to restriction of processing: as a data subject, you have the right to request from the Controller the restriction of processing, where one of the following applies:

(a) If you dispute the accuracy of the data for a period enabling the Controller to verify the accuracy of the data;

(b) The processing is unlawful, you oppose to the deletion of data and instead request a restriction on its use;

(c) The Controller no longer needs data for processing purposes, but you need it for the establishment, exercise or defence of legal claims;

(d) In the case you have filed an objection regarding the processing - until it is verified that the Controller's legitimate reasons prevail over yours;

Right to data transferability: as a data subject, you have the right to receive personal data relating to you, which you have provided to the Controller in a structured, widely used and machine-readable form and to transmit this data to another data controller without hindrance, namely when:

(a) Processing is based on consent or contract

(b) Processing is carried out by automated means.

In exercising the indicated right to transferability, you, as a data subject, shall have the right to have personal data transmitted directly from one controller (provider) to another, where technically feasible.

Right to object to processing: based on the grounds related to your particular situation, you, as a data subject, shall at any time have the right to object to the personal data processing, which the Controller carries out based on own legitimate interest. The Controller shall cease to process personal data unless it proves necessary legitimate grounds for the processing that prevail over your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

When you consent to receiving news from the Controller, you, as a data subject, shall at any time have the right to object to the processing of data in relation to the submission of news. The Controller shall immediately cease any such processing.

Right to file a complaint with the supervisory authority: without prejudice to any other (administrative or other) legal remedy, you, as a data subject, shall have the right to file a complaint with the supervisory authority, in particular in the state of your habitual residence, place of work or place of the alleged infringement (in Slovenia, the Information Commissioner) if you consider that the processing of personal data relating to you infringes data protection regulations.

Without prejudice to any other (administrative or non-judicial) remedy, you, as a data subject, shall have the right to an effective legal remedy, namely, against a legally binding decision of the supervisory authority in relation to it, as well as in cases where the supervisory authority fails to consider your complaint or fails to inform you of the state of the case or the decision on the appeal in the prescribed period. Proceedings against a supervisory authority should be brought before the courts of the Member State where the supervisory authority is established.

If we fail to reliably identify you upon the received request for the enforcement of rights, the Controller shall ask you to provide additional data; the Controller may refuse to act on the request only if it proves that it cannot reliably identify you.

The Controller is obliged to respond to the request, by which the data subject exercises his/her rights with regard to personal data, without undue delay and no later than one month after the receipt of the request.

Notification to the supervisory authority of an infringement of the protection of personal data

In the event of a violation of the protection of personal data, the Controller shall inform the Information Commissioner thereof, except where it is likely that the rights and freedoms of individuals are not jeopardized by the violation. If, upon the case of violation, there are reasonable grounds to suspect that a criminal offence has been committed, the Controller shall be obliged to inform the police and/or the competent prosecutor's office of the violation.

If the violation may pose a great risk to the rights and freedoms of data subjects, the Controller shall be obliged to inform them thereof immediately or, when this is not possible, without undue delay. The notice to the data subject is to be submitted in understandable and clear language.

Publication of changes

This Privacy Policy may be amended or supplemented at any time without prior warning or notice. Any amendments to our Privacy Policy shall be posted on this website. By continuing unchanged cooperation with the Controller after the amendment or supplementation to this Policy has been made, the data subject confirms that he/she agrees with the amendments and supplements.

This Privacy Policy, which shall apply as of 25 May 2018, is published on the Controller's web site and is available at its headquarters.

Updated: 19 June 2018