M-Arms Privacy Policy and GDPR Regulation Policy
Section 1
Purpose
This Privacy policy and GDPR Regulation Policy has been adopted in order to familiarize all users of M-Arms webpage and webshop owned and run by M-Arms d.o.o. (hereinafter referred to also as ”Company”) with basic data policies as well as GDPR compliance policy, types and purposes of personal data usage and individual’s rights in the field of personal data protection, provided by an individual to the company.
Personal data are and will be used and discussed only for the purpose for which they were collected. The Company ensures that it implements appropriate technical and organizational measures in such a way that processing of personal data meets all requirements of regulations on the protection of personal data and also ensures protection of data subject’s rights and that it acts in accordance with applicable legislation in processing of personal data.
M-Arms webpage (https://shop.m-arms.eu) and M-Arms webshop (https://shop.m-arms.eu/shop/) are information systems designed to present and sell products to users, owned as well as managed by M-Arms d.o.o., Zagozd 7, 1273 Dole pri Litiji (Slovenia, EU), with registration number: 8382522000 and VAT number: SI 46340947 (the enterprise is liable to tax on added value). The head office is located at Zagozd 7, 1273 Dole pri Litiji (Slovenia, EU).
At the same time, this Privacy Policy and GDPR Regulation Policy further explain individual’s consent to process their personal data.
This Privacy Policy and GDPR Regulation Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and repealing Directive 95/46/EC (”General Data Protection Regulation”) and the legislation of the Republic of Slovenia (in particular Personal Data Protection Act – ZVOP-1 and the Law on Electronic Commerce on the Market – ZEPT) covers in particular the following information:
- contact information of the Company,
- purposes, legal bases and definitions about processing of various types of individual’s personal data,
- retention time of individual types of personal data,
- individuals’ rights regarding the processing of personal data.
In order to ensure personal data security, the Company has adopted appropriate organizational measures, work procedures and advanced technology solutions with a view to maximize the protection of your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect all collected personal data against unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to data that has been transferred, stored or otherwise processed.
Section 2
Personal Data Controller
Processed personal data controller is, in accordance with this Policy, M-Arms d.o.o., Zagozd 7, 1273 Dole pri Litiji (Slovenia, EU).
Section 3
Which Type of Personal Data do we Collect
M-Arms webpage and webshop collect the following types/categories of data:
- Permitted data (which you voluntarily specify/enter) when subscribing to a newsletter and/or make a purchase (name, surname, email address, payment method or financial account information, shipping address, phone number, social network account credentials), when you leave a review or contact us via e-mail or social media channels.
- Automatically collected data from devices (IP address, location information, social network account and profile data, unique device identifiers, usage data), while some may be collected from other sources.
- Cookies as a package of data/information, downloaded on user’s device or related technologies for analyzing our customer’s web activities.
Section 4
Categories of Individuals Whose Personal Data are Processed
This policy is intended for all individuals who visit M-Arms webpage and/or place orders on M-Arms webshop, as well as for those who voluntarily leave their personal data (e-mail address) to subscribe to M-Arms newsletter.
Section 5
Why do we Collect and Process Your Information
M-Arms webpage and webshop collect the above listed data for below listed purposes:
- to carry out (perform) the service, i.e. fulfill your orders and ship purchased items – we use your name, surname, billing address, shipping address and telephone number in order to prepare the offer, conclude the purchase process, provide services/products, inform a customer about eventual changes, additional details and instructions for using the services/products. The company strives to process personal data to the smallest extent and to process only data, which is necessary for realization/delivery of your order.
- to fulfill legal obligations – we use name, surname, country of origin, amount spend for purchase, purchased items due to regulatory records and compliance with reporting obligations for adverse reactions; to meet requirements of inspection bodies and other requirements of national or other authorities.
- to notify customers (you) about promotions, sales and to send marketing related material – we use your e-mail address but only when customers have given their consent by subscribing to our newsletter and/or by checking the opt-in form.
- for internal analyzes and self-evaluations for the purpose of improving our services – we use your country of origin, purchased items, eventual returning and/or refunding history, eventual complaint or abandoned baskets.
Section 6
Data Collection and Processing in Payment Process
When you shop at/via M-Arms webshop your payment is done via different payment sources and methods (that you choose) and payment processing companies, therefore you enter/share your information in order to make a payment. M-Arms webshop does not collect and/or see this information, and is not responsible for Privacy Policy of these payment companies.
Provision of your personal data is your legal or contractual obligation if and when such personal data are necessary for concluding a business relationship, in the concrete case realization of an order and delivery of purchased items. If you do not provide the requested information or if you do not agree with processing policies, M-Arms webshop (M-Arms d.o.o.) can opt out of or terminate such a business relationship at any time.
However, in any case and always M-Arms webpage and webshop guarantee that customers’ information will be carefully stored and will not be, in any case, published or exposed, neither sold, but solely used for above stated purposes.
Section 7
Forwarding your Personal Data to Third Parties
As stated above, M-Arms webpage and webshop may need to forward some of your personal data (name, surname, shipping address, telephone number, etc.) to third parties with whom we work in order to fulfill and ship/deliver your order. In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect the information, which we are required to provide to them for your purchase-related transactions (PayPal, SKB Banka Slovenije, FedEx, Pošta Slovenije).
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than you or us. So, if you select to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our website or webshop’s page or you are redirected to a third-party website or application, you are no longer governed by this Privacy Policy and GDPR Regulation Policy or our website and webpage’s Terms of Service.
Section 8
Your Consent
When you provide us with personal information to place an order, arrange a delivery or return a purchase, we imply that you consent to collect the information, which are needed for these transactions, and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
You can withdraw your consent at any time, either by unchecked the ”opt-in” thick box, either by emailing us at info@m-arms.eu or by contacting us at M-Arms d.o.o., Zagozd 7, 1273 Dole pri Litiji (Slovenia, EU).
Section 9
Who Uses your Personal Information at M-Arms Webpage and Webshop
Your personal information that you provide to our Company can be processed by company employees as well as employees of contractual partners, i.e. suppliers to fulfill your order and shipping companies to deliver your purchased products. All data processing will be done in accordance with applicable legislation in the field of personal data protection or contracts for protection of confidential information.
When the Company will forward personal data of individuals to above mentioned contractors, they will sign a personal data processing agreement, by which they will commit themselves in advance to respect the confidentiality of your personal data, taking into account the same standards of protection of personal data as the operator and all standards of processing personal data imposed by the applicable law. The processors will only have access to data needed to achieve a specific purpose and may only be used for these purposes.
Personal information, which you provide to our company (M-Arms d.o.o.) is processed by:
- company employees (all information you voluntarily give),
- suppliers (name and surname, shipping address)
- shipping providing companies (name and surname, shipping address).
On the basis of a reasoned request, M-Arms d.o.o. may also forward personal data to the competent national authorities and institutions if such an obligation to mediate or disclosures to the company is imposed by the law.
Section 10
Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Section 11
Data Storage Manner
M-Arms webpage and webshop are hosted on an open source platform WordPress.com, which provide us with an online e-commerce platform that allows us to sell our products and services to you. Your data is stored through WordPress.com data storage, databases and the general WordPress.com application. WordPress.com stores your data on a secure server behind a firewall.
Section 12
Data Storage Period
Customers’ data is stored for the time period necessary to complete the purposes for which data was collected in the first place, and used in accordance with requirements of applicable laws.
For the purpose of fulfilling contractual obligations, accounting data and data regarding a purchase may be kept until the full payment of the service or at the latest until the expiration of the limitation period in relation to an individual claim, which can be statutory from one to five years. Accounts are kept for 10 years after the expiration date to which the bill relates in accordance with the law governing value added tax.
After the expiry of the retention period, all data is deleted, destroyed, blocked or anonymized, unless the law specifies otherwise for a particular type of data.
Section 13
Your Rights and How to Exercise it
As a data controller, M-Arms d.o.o. (M-Arms webpage and webshop) allows you to exercise the following rights in accordance with GDPR Directive:
- Right of access by the data subject: data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information (see Art. 15 of GDPR Directive);
- Right to rectification: data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (see Art. 16 of GDPR Directive);
- Right to erasure (”right to be forgotten”): data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies (see Art. 17 of GDPR Directive);
- Right to restriction of processing: data subject shall have the right to obtain from the controller restriction of processing where one of the following applies (see Art. 18 of GDPR Directive);
- Notification obligation regarding rectification or erasure of personal data or restriction of processing: data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it (see Art. 19 of GDPR Directive);
- Right to data portability: data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (see Art. 20 of GDPR Directive);
- Right to object: data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions (see Art. 21 of GDPR Directive);
- The right to file a complaint concerning processing of personal data to which an individual has the right with the Information Commissioner of the Republic of Slovenia if he considers that processing of his/her personal data violates Slovenian or EU regulations on the protection of personal data.
You can send a request regarding the exercise of any of the above rights:
- to our e-mail address info@m-arms.eu or
- by post to M-Arms d.o.o., Zagozd 7, 1273 Dole pri Litiji (Slovenia, EU).
M-Arms d.o.o. will deal with such a request without undue delay and will be decided upon within 30 days from the receipt of such request. In the case of complexity, the deadline for reply can be extended by a maximum of three months, of which data subject must be specifically informed.
Section 14
Final Provisions
Questions/terms which are not covered and/or governed by this Privacy Policy and GDPR Regulation Policy are subjected to applicable law(s).
Section 15
Changes to this Privacy Policy and GDPR Regulation Policy
M-Arms d.o.o. reserves the right to amend this Privacy Policy and GDPR Regulation Policy at any time. Any eventual changes will be published on M-Arms website (www.m-arms.eu), M-Arms webshop (https://shop.m-arms.eu/shop/) and/or social media channels.
Changes and clarifications will take effect immediately upon their posting on the webpage and webshop. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. If our webpage and/or webshop is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Section 16
Validity of this Privacy Policy and GDPR Regulation Policy
This Privacy Policy and GDPR Regulation Policy is published on M-Arms webpage and webshop and shall enter into force on 1st April 2020.