With this Privacy policy and protection of personal data, the company Nest Kind, trgovina, svetovanje in druge storitve, d.o.o., Vajngerlova ulica 11, 2000 Maribor, Slovenia (hereinafter “the company Nest Kind”) informs users about our policy of collecting, storing and processing personal data, which the company receives from users of the website www.nest-kind.si or in any other form in the case of business cooperation.

When collecting, storing and using your personal data, we comply with the EU General Regulation on the Protection of Personal Data (hereinafter “GDPR”).

Personal data administrator and authorized person for data protection

The administrator of your personal data, as defined by the GDPR, is the company Nest Kind (hereinafter the “personal data administrator”). In case of problems or questions, please contact the authorized person for data protection, who is responsible for the storage and protection of your personal data in our company:

Mihela Gostenčnik
*telefonska številka
info@nest-kind.si

Types of personal data collected by the personal data administrator

In accordance with this Privacy policy, the personal data administrator may collect the following personal data:

  • your basic personal data, needed to deliver products and issue invoices (name and surname, address);
  • your contact information and information about your communication with us (email address, telephone number);
  • data about your use of our website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, etc.);
  • data from completed inquiry forms on our website (name, surname, email address);
  • data provided when registering for e-news (name, surname, e-mail address);
  • other data that the user voluntarily provides to the personal data administrator.
The personal data administrator does not collect or process your personal data, except when you allow it or you agree to this, i.e. when you subscribe to receive e-news, when you fill out a form on the website or when there is an appropriate legal basis for collecting personal data.

Legal basis for processing personal data

The personal data administrator collects and processes your personal data on the following legal bases:

  • processing based on law,
  • processing on the basis of a contract,
  • processing based on the individual’s consent,
  • processing based on legitimate interest.

Processing based on the law

We process your personal data when such processing is required by law (e.g. tax legislation mandates the retention of issued invoices). We process this personal data in accordance with the requirements of the law.

Processing on the basis of a contract

We process your data when it is necessary to conclude a contract and perform contractual obligations. The transmission of personal data is voluntary in this case. If the individual does not provide personal data, the company cannot conclude a contract with him and cannot perform the service or deliver goods or other products in accordance with the concluded contract, as it does not have the necessary data for implementation.

Processing based on individual consent

We process your data when you give us your explicit consent. Typical examples are: signing up for e-newsletters, sending inquiries via online forms, participating in a prize game, etc. If an individual gives his consent to the processing of personal data and at some point no longer wants it, he can revoke it at any time.

Processing based on legitimate interest

The personal data administrator’s legitimate interest may be a permissible basis for the processing of personal data, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data refer. The basis arising from legitimate interests is often implemented without the active influence of individuals on the processing itself.

Storage time of personal data

The storage time of your personal data is conditioned by legal requirements and the purpose of data collection and storage. We will keep your personal data for the time specified by the GDPR regulations or for as long as it is necessary to achieve the purpose for which certain personal data were obtained.

After the retention period has expired, the personal data administrator effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.

Transfer of personal data to third parties

As a user of our website, you are aware and agree that the personal data administrator may entrust the collected personal data to authorized third parties (contractual processors). Contractual processors may process confidential data exclusively on behalf of the personal data administrator and in accordance with the purposes defined in this Privacy policy.

The contractual processors with whom the personal data manager cooperates are:

  • maintainers of IT systems,
  • website maintainers,
  • email providers,
  • online advertising solution providers,
  • accounting service providers.

The personal data administrator will not forward your personal data to unauthorized third parties.

Cookies

Unsere Website verwendet keine Cookies oder andere Tracking-Codes.

Access to social networks

Via our website www.nest-kind.si you can access our Facebook page (https://www.facebook.com/nestkind.si) and Instagram page (https://www.instagram.com/nest_kind/). As social networks, Facebook and Instagram act in accordance with their terms of use and privacy policies when providing their services. Questions and the exercise of rights should therefore be addressed directly to the social network in question.

Security and protection of personal data

The personal data administrator makes great efforts to ensure the security of your personal data by means of organizational and technical measures such as:

  • protection of information systems with anti-virus programs and a firewall;
  • employee education;
  • careful selection and control of contract processors;
  • preventing access to personal data by unauthorized persons;
  • backup of electronically stored data;
  • regular maintenance and updating of computer equipment;
  • providing an effective way to block, destroy, delete or anonymize personal data;
  • adoption of relevant internal regulations and instructions on the protection of personal data;
  • etc.

With the mentioned measures, we try to protect the obtained personal data against loss, destruction, falsification, manipulation and unauthorized access or unauthorized discovery. Nevertheless, we must not forget that no form of data transmission over the Internet and no method of electronic storage is 100% secure. As a result, we cannot guarantee the complete security of your personal data.

Your rights

In accordance with the GDPR, you have the right to:

  • access to your personal data,
  • changes to your personal data,
  • deletion of your personal data,
  • transmission of your personal data,
  • limit the processing of your personal data,
  • withdrawal of consent to the processing of your personal data.

If you wish to exercise any of your rights, please contact our authorized person for data protection previously listed in this Privacy policy.

Notification to the supervisory authority about a violation of personal data protection

In the event of a violation of the protection of personal data, the personal data administrator is obliged to notify the competent supervisory authority, except when it is likely that the rights and freedoms of individuals were not threatened by the violation. When there is a suspicion that a criminal offense has been committed at the time of the violation, the personal data administrator is obliged to inform the police and/or the competent prosecutor’s office about the violation.

In the event that it is a violation that may cause a great risk to the rights and freedoms of individuals, the personal data administrator is obliged to report the violation immediately or when it is not possible, without undue delay, to inform the individuals to whom the personal data refer. The notification to the individual must be made in understandable and clear language.

Announcement of changes to this Privacy policy

This Privacy policy and protection of personal data may be changed or supplemented at any time, without prior warning or notification, so it is recommended that you regularly monitor it. Any changes will be posted on this website page.

By using our website, the individual confirms that he accepts and agrees with the entire content of this Privacy policy.

If you have any questions or concerns, please contact our authorized person for data protection previously listed in this Privacy policy.

Last updated: October 2022