The controller of personal data within the meaning of the General EU Regulation on Personal Data Protection and the applicable law governing the protection of personal data – GDPR is:
Jadranska cesta 28
TAX NUMBER: 25656066
PHONE: +38641 585 518
Personal data and the purpose of their processing
If you want to receive CirEco d. o. o. content(e-news, invitations to events, publications), or order products you must fill in the form / order form / application / registration on the CirEco d. o. o. website named marketplace.optifood.eu. By filling out form / order form / application / registration and confirmation, you provide CirEco d. o. o. with the following contact information:
- Full Adress
- Payment details
- Email address and phone number
- Purchasing details
Contact information that you provide us when filling out a form or need to submit the form / order form / application / registration, we need in order to process your order and to communicate with you regarding specific e-news, events, publications, and other products. If you do not provide us with the above contact information, we will not process your order and you will not be able to use the desired e-news, events, publications, and other products.
CirEco d. o. o. respects your privacy and is committed to the collection, storage, and processing of personal data with care and in accordance with applicable personal data protection regulations.
In order to prevent unauthorized access to or disclosure of the data obtained, to maintain the accuracy of personal data, and to ensure their proper use, we use appropriate technical and organizational procedures to secure the data we collect. CirEco d. o. o. cannot rule out possible misuse of data, as the Internet is an unpredictable medium despite security measures and secure communication protocols.
What data do we collect?
We may collect and receive information about you in various ways:
i. Information you provide through the use of the Service (for example, by creating the account on marketplace.optifood.eu).
ii. Information you decide to provide through getting in touch with us via ’Contact us’ form on the Website.
Some information we collect automatically when you use our website:
We use analytic tools to help us measure traffic and usage trends for the Service. These tools collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.
Your Usage Data
We collect and record data and sessions about how you are accessing and using the Website. Such information may include personal data.
Mobile Device Data
We collect limited data from your mobile device in order to provide the Service and analyze our performance. Such data includes your mobile device type, mobile device id, and the date and time stamps of Service use. In addition, we deploy tracking technologies within the Service to help us gather aggregate, non-personal statistics.
Whit whom do we share your data?
CirEco d. o. o. utilizes external processors for certain processing activities. We use information audits to identify, categorize and record all personal data that is processed outside the company, so that the information, processing activity, processor, and legal basis are all recorded, reviewed, and easily accessible.
We have strict due diligence procedures and measures in place and review, assess and background check all processors prior to forming a business relationship. We obtain company documents, certifications, and references and ensure that the processor is adequate, appropriate and effective for the task we are employing them for.
We audit their processes and activities prior to the contract and during the contract period to ensure compliance with the data protection regulations and review any codes of conduct that oblige them to confirm compliance.
This is the list of processors with whom we share your personal data:
|Sendinblue Company, SAS
||E-mail services based on Cloud
||Analytics and Marketing
||Analytics and Marketing
||Analytics and Marketing
||Creation of invoices
||Creation of Invoices
We may also share your personal data with our outside accountants, legal counsels, and auditors.
The personal data you provide to us when ordering or subscribing to e-news, events, publications, and other products is processed by CirEco d. o. o. with your clear and unambiguous consent based on Article 6 (1), (a) of the EU General Data Protection Regulation. GDPR). In order to improve the quality of our products and services and for statistical purposes, in connection with the e-mails we send you, we also process data on the display of received messages and clicks on links in received messages.
Consent to the processing of personal data is given by clicking “send” / “login” / “registration” / buy on the website marketplace.optifood.eu on the online order form or on the link “Change settings for receiving e-news and unsubscribe”. You can withdraw your consent at any time by clicking on the link “Change the settings for receiving e-news and unsubscribe”, which is located at the foot of each message you receive from Optifood.eu or. via e-mail to the address: email@example.com. In the event of withdrawal of consent, we will no longer use your personal data to inform about the contents of the Optifood.eu (e-news, events, publications and other products of the Optiood.eu). Any withdrawal of consent does not affect the lawfulness of the processing of your personal data at the time before the withdrawal was given.
We may transfer your personal data to countries other than the one you reside in. In these cases, we will transfer your personal data only:
To the countries within the EEA;
To the countries which do not form the EEA but are considered to ensure an adequate level of protection;
To the countries which do not belong to those specified under item 1. and 2, but only by applying the appropriate safeguard measure in accordance with the GDPR.
For instance, if we are to transfer personal data to the recipient in the USA (which is likely to occur as explained in Section 8), we will make sure that the recipient participates in the EU/US Privacy Shield Framework.
Right of Access (Article 15 GDPR)
You can send us a request for a copy of the personal data we hold about you.
We have ensured that appropriate measures have been taken to provide such in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data Subject and with prior verification as to the subject’s identity.
Information is provided to the Data Subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.
Right to Correction of Your Personal Data (Article 16 GDPR)
If the personal data we have about you is incorrect, you have the right to request that we correct those data. Where notified of inaccurate data by the Data Subject, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the personal data in question to them.
Right to Be Forgotten or Right to Erasure (Article 17 GDPR)
You have the right to request from us that your personal data is deleted in certain circumstances including:
The personal data are no longer needed for the purpose for which they were collected;
You withdraw your consent (where the processing was based on consent);
You object to the processing and no overriding legitimate grounds are justifying us processing the personal data;
The personal data have been unlawfully processed; or
To comply with a legal obligation.
However, this right does not apply where, for example, the processing is necessary:
To comply with a legal obligation; or
For the establishment, exercise or defense of legal claims.
Right to Restriction of Processing (Article 18 GDPR)
If the accuracy of the personal data is contested, you consider the processing is unlawful but you do not want it erased, we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims or you have objected to the processing and verification, you can exercise your right to the restriction of the processing.
Right to Withdraw the Consent (Article 13(2)c) GDPR)
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
Right to Lodge a Complaint
If you have any concerns or requests in relation to your personal data, please contact us at firstname.lastname@example.org and we will respond as soon as possible but not later than within 30 days.
If you are unsatisfied with how we process your data, you may contact the competent supervisory authority.
In case you believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority located in the EEA where you reside or work or where the alleged infringement took place.
How long do we keep your data?
The period for which we store your personal data depends on a particular purpose for the processing of personal data, as explained in detail above. We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration the applicable law (see Article 8 of the General Conditions of Sale), contractual obligations, and the expectations and requirements of our Users. When we no longer need personal information, or when you request us to delete your information, where this is legal, we will securely delete or destroy it.
However, as an exception to the retention periods, the data may be processed to determine, pursue, or defend claims and counterclaims.