NEW
MASTERS SHOP
1.About the Personal Data Protection Policy
The purpose of the Personal Data Protection Policy (hereinafter: the Policy) is to inform Clients, Users, and other persons (hereinafter: Individuals) about the purposes and basis of personal data processing by the company MASTER S, security systems, fire safety and video surveillance, d.o.o., Ručigajeva cesta 25A, 4000 Kranj (hereinafter: the company) and the rights of Individuals in this area.
This Policy also further explains the consent for data processing.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter General Data Protection Regulation), the following information is included in the Policy:
• Contact information of the company and contact details of the authorized person for data protection;
• The purposes, bases, and types of processing of various types of personal data of Individuals, including profiling of personal data of Individuals;
• Transfer of data to third parties and to third countries;
• Retention period of individual types of personal data;
• Rights of Individuals regarding the processing of personal data;
• The right to lodge a complaint regarding the processing of personal data.
Where appropriate, the provisions relating to Individuals also apply to issues of confidentiality and privacy of communications of users who are legal entities.
2. Data Controller and Authorized Person for Data Protection
The data controller of personal data of Individuals processed in accordance with the Personal Data Protection Policy is MASTER S, security systems, fire safety and video surveillance, d.o.o., Ručigajeva cesta 25A, 4000 Kranj.
3. Purposes of Processing and Legal Bases for Data Processing
Processing based on contract:
The Company processes individuals' personal data for the purposes of informing them about new posts on the website (subscription to Master S newsletters, which are informational nature and notify you about news, promotions, social events, training sessions, etc.), for direct marketing purposes (products, introduction of new products, notifications about special promotions), and for segmentation purposes (subscription to personalized and individually tailored emails and advertisements on Facebook and Instagram).
In the context of exercising rights and fulfilling contractual obligations, the company processes personal data of Individuals for the following purposes:
• Email address and name (for the purpose of notifications, sending email newsletters, advertising on Facebook and Instagram)
• Phone number (for notifications related to order placement)
• Home address (for fulfilling obligations under the sales contract – creating and sending invoices, delivering goods)
• Company data (for fulfilling obligations under the sales contract – creating and sending invoices, delivering goods)
Processing based on law:
The company processes personal data of Individuals for the purposes of concluding, executing, monitoring, and terminating the subscription relationship. Traffic data are any data processed for the purpose of transmitting a communication over an electronic communications network or for its billing. This includes, for example:
• Name and surname of the subscriber
• Email address
• Phone number
• Home address
• Company data (optional)
Other purposes of processing may arise from current legislation, such as notifications about border crossings in accordance with national roaming regulations.
Processing based on legitimate interest pursued by the company:
The company may also process data based on legitimate interests pursued by the company or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relate, which require protection of personal data, especially when the data subject is a child. When it comes to further use of data collected about an Individual, the company conducts an assessment in accordance with the General Data Protection Regulation.
Such further use of data in pseudonymized or aggregated form, for example, constitutes legitimate use of data for marketing and other business or technical analyses by the company. As an additional measure for some forms of further traffic data, certain data may also be deleted. An individual may object to the processing in accordance with point 6/iv of the Policy.
Based on legitimate interest, the company may contact Individuals for the purpose of improving services to determine their satisfaction with products or user experience, even in cases where it is not strictly necessary for the execution of the contract. Due to the balancing of this interest with the interests of the Individual, the company does not re-contact those Individuals who have objected to this.
The company stores aggregated traffic data, including roaming data, for the purpose of determining the predominant domestic use or presence of the Individual in Slovenia, for a period of six months.
In accordance with legitimate interest, the company may process personal data to the extent necessary and proportionate to ensure uninterrupted operation, network and information security, i.e., the ability of the network or information system to prevent accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data and the security of related services offered or accessible through networks and systems. This includes, for example, preventing unauthorized access to electronic communications networks, the spread of malicious codes, denial-of-service attacks, and damage to computer and electronic communication systems. This may involve processing network diagnostic data (technical data or equipment readings) and data on history in diagnostic tools that may enable re-identification of an individual.
The company has a legitimate interest in anonymizing or aggregating data until the end of the lawful retention period and further using them for analyses and research for marketing, network planning, and similar purposes.
Other legitimate interests may include preventing abuse, enforcing claims or defending against claims in administrative and judicial proceedings. Legitimate interest also includes legitimate creditworthiness checks of Individuals.
In case of suspected abuse, the company may process data about Individuals to a reasonable and proportionate extent to identify and prevent potential fraud or abuse and may, if appropriate, share this data with certain other persons, e.g., business partners, the police, the state prosecutor's office, or other competent authorities. To prevent future abuse or fraud, data on the history of identified abuses is retained.
The company reserves the right to process data on the fulfilment of contractual obligations of Individuals (data on payment of invoices) to ensure higher quality of its services.
Processing based on consent for personal data processing:
Data processing may be based on the consent given by the individual to the company. Consent may, for example, relate to notifications about offers and products, preparation of offers tailored to the individual's user habits, or providing value-added services. Notifications are carried out through channels selected by the Individual in the consent. Notification using an email address includes forwarding the email address to an external processor for displaying advertising messages of the company while browsing the web.
The individual to whom the personal data relate may withdraw or change their consent at any time in the same manner as it was given or in another way defined by the company, with the company reserving the right to identify the client. The withdrawal or change of consent applies only to data processed based on consent. The last given consent of the Individual received by the company is valid. The possibility of withdrawing consent does not constitute a termination right in the business relationship between the Individual and the company.
Consent may be given by a parent, guardian, or custodian for a minor child who, according to applicable legislation, cannot give such consent on their own. Such consent will remain valid until it is withdrawn or changed by one of the parents, guardian, or custodian or by the child themselves, once they gain this right according to applicable legislation.
4. Transfer of Data to Third Parties and Transfer of Data to Third Countries (countries that are not members of the European Union or the European Economic Area)
The company may, if consistent with the purpose for which the personal data are processed under EU law and Slovenian regulations, transfer personal data about Individuals:
• To persons performing individual processing tasks for the company, such as preparing and sending invoices or data analysis, maintaining and developing services, when these tasks involve the necessary extent of personal data processing;
• To persons providing sales and marketing services for the company, including sales and marketing in the field, or cooperating with the company in marketing and sales of their own services or services of third parties, to the extent necessary for such tasks within the purposes and bases defined in this Policy.
If the company is merged with or acquired by another company, personal data are transferred to the acquirer in accordance with the law. By using our services, you agree to the continued processing of your personal data by the acquirer.
5. Retention Period of Personal Data
Billing data and related contact data of Individuals may be retained for the purpose of fulfilling contractual obligations until full payment for the service, or for the maximum period allowed by law, which can range from one to five years. Invoices are kept for 10 years after the end of the year to which the invoice relates, in accordance with the law governing value-added tax.
If traffic data are processed based on the individual's consent for marketing services, sale of goods, or providing value-added services, these data may be processed to the necessary extent as long as it is necessary for such marketing or services.
6. Rights of Individuals Regarding the Processing of Personal Data
The Company ensures that Individuals can exercise their rights without undue delay and, in any case, within one month of receiving the request. The Company may extend the period for fulfilling an Individual's rights by a maximum of two additional months, considering the complexity and number of requests. If the Company extends the period, it will inform the Individual of such an extension within one month of receiving the request, along with the reasons for the delay.
The Company accepts requests related to the rights of Individuals via email or by mail at info@masters.si.
When an Individual whose personal data is processed submits a request using electronic means, the information will, where possible, be provided by electronic means unless the Individual requests otherwise.
When there is reasonable doubt regarding the identity of the Individual submitting a request concerning any of their rights, the Company may request additional information necessary to confirm the identity of the Individual whose personal data is being processed.
If the requests of the Individual whose personal data is being processed are manifestly unfounded or excessive, particularly due to their repetitive nature, the Company may:
• Charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or
• Refuse to act on the request.
The Company grants individuals the following rights concerning the processing of personal data:
• the right to access data,
• the right to rectification,
• the right to erasure ("right to be forgotten"),
• the right to restrict processing,
• the right to data portability,
• the right to
(i) Right of Access to Data
The Individual whose personal data is being processed has the right to obtain from the Company confirmation as to whether personal data concerning them are being processed, and where that is the case, access to the personal data and additional information regarding the processing of personal data, including:
• The purposes of processing;
• The categories of personal data;
• The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations;
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Individual, or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where the personal data are not collected from the Individual, any available information as to their source;
• The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Individual.
Upon request, the Company provides a copy of the personal data undergoing processing. For any additional copies requested by the Individual, the Company may charge a reasonable fee based on administrative costs.
(ii) Right to Rectification
The Individual whose personal data is being processed has the right to obtain from the Company the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the Individual has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to Erasure (the "Right to be Forgotten")
The Individual whose personal data is being processed has the right to obtain from the Company the erasure of personal data concerning them without undue delay, and the Company has the obligation to erase personal data without undue delay where one of the following grounds applies:
• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• The Individual withdraws consent on which the processing is based, and there is no other legal ground for the processing;
• The Individual objects to the processing based on the Company's legitimate interests, and there are no overriding legitimate grounds for the processing;
• The Individual objects to the processing for direct marketing purposes;
• The personal data have been unlawfully processed;
• The personal data have to be erased for compliance with a legal obligation in accordance with EU or Slovenian law;
• The personal data have been collected in relation to the offer of information society services from a child who, in accordance with applicable law, could not have consented to such data collection.
Where the Company has made the personal data public and is obliged to erase them, the Company shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the Individual has requested the erasure of any links to, or copies or replication of, those personal data.
(iv) Right to Restriction of Processing
The Individual whose personal data is being processed has the right to obtain from the Company restriction of processing where one of the following applies:
• The accuracy of the personal data is contested by the Individual, for a period enabling the Company to verify the accuracy of the personal data;
• The processing is unlawful, and the Individual opposes the erasure of the personal data and requests the restriction of their use instead;
• The Company no longer needs the personal data for the purposes of the processing, but they are required by the Individual for the establishment, exercise, or defense of legal claims;
• The Individual has objected to processing pending the verification of whether the legitimate grounds of the Company override those of the Individual.
(v) Right to Data Portability
The Individual whose personal data is being processed has the right to receive the personal data concerning them, which they have provided to the Company, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from the Company to which the personal data have been provided, where:
• The processing is based on consent or on a contract, and
• The processing is carried out by automated means.
(vi) Right to Object
The Individual whose personal data is being processed has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them based on the Company's legitimate interests or those of a third party. The Company shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Individual or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, the Individual shall have the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing. Where direct marketing is based on consent, the right to object may be exercised by withdrawing the given consent.
(vii) Right to Lodge a Complaint Regarding the Processing of Personal Data
The Individual may submit any complaint regarding the processing of personal data to the email address info@masters.si or by mail to MASTER S d.o.o., Ručigajeva cesta 25A, 4000 Kranj.
Each Individual whose personal data is being processed also has the right to lodge a complaint directly with the Information Commissioner if they believe that the processing of personal data concerning them violates Slovenian regulations or EU regulations on data protection.
If the Individual has exercised the right of access to data with the Company and, after receiving the Company's decision, believes that the personal data received are not the personal data they requested or that not all requested personal data have been received, the Individual may submit a reasoned complaint to the Company within 15 days before lodging a complaint with the Information Commissioner. The Company must decide on the complaint as if it were a new request within five working days.
7. Validity of the Policy
This Policy is published on the website www.masters.si and comes into effect on April 1, 2020.
In addition to the above information, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to your browser. They send certain information back to the entity that placed the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the overall internet offering more user-friendly and efficient.This website uses the following types of cookies, the scope and functioning of which are explained below:Temporary cookies are automatically deleted when you close your browser. These include session cookies. They store a session ID, which allows various requests from your browser to be allocated to the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete cookies at any time in your browser's security settings.You can configure your browser settings according to your preferences, e.g., refusing third-party cookies or all cookies. Please note that you may not be able to use all functions of this website if you do so.
