General
Ena plus, Igor Milosov s.p. (hereinafter referred to as the Trader) processes and protects your personal data in accordance with current legislation on the protection of personal data. The company will use your personal data exclusively for the purposes for which the personal data was provided and will not disclose it to unauthorised persons under any circumstances. Your personal data may be disclosed to others only if requested by a public authority on a legal basis.
Use of personal data
For the purposes of providing the services offered, the trader collects, manages, processes and stores the following user data:
- name and surname;
- delivery addresses;
- company or legal entity name (if the user is a legal entity);
- the tax number of the legal entity (if the user is a legal entity);
- email address (username);
- password in encrypted form;
- a contact telephone number;
- country of residence;
- other information that the user voluntarily enters in the forms in the online shop;
- other information that the user voluntarily adds subsequently in his/her profile.
The Merchant shall not be liable for the accuracy, completeness and timeliness of the information entered by Users.
Data storage
The trader shall keep your data only for as long as is necessary for the purposes for which the personal data are processed, unless another retention period is provided for by law.
The trader shall keep the customer data necessary for the performance of the services for 10 years after the performance of the contract on a contractual basis. The trader processes your personal data for the purposes of direct advertising only on the basis of the consent given, until your revocation. The trader may also advertise its activities and inform individuals about the company’s news and offers on the basis of the company’s legitimate interests, which are to improve the quality of service provision and advertising.
The trader shall keep the personal data contained in the invoices issued in accordance with the law for 10 years after the end of the year to which the invoices relate.
You may withdraw the data you provide to the Trader on the basis of consent at any time. Revocation does not affect the lawfulness of the processing of personal data based on consent prior to revocation.
Your rights
The Constitution of the Republic of Slovenia and the applicable European and Slovenian regulations guarantee you a number of rights regarding privacy and the protection of personal data, including in particular:
- the right to be informed about the processing of your personal data (the text you are reading is part of the exercise of this right);
- the right of access to personal data means that you have the right to obtain confirmation from us as the controller as to whether personal data concerning you are being processed and, where this is the case, access to these personal data and to additional information (purposes of processing, types of data, data users, storage period, existence of rights and possibilities of recourse, sources of the data, possible automated decision-making or specific profiling);
- the right to rectification means that you have the right to have inaccurate personal data concerning you rectified by us as controller without undue delay; taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by submitting a supplementary declaration;
- the right to erasure, also known as the “right to be forgotten”, means that you have the right to obtain the erasure of personal data relating to you by us as controller without undue delay if the conditions set out in the law are fulfilled (processing is no longer necessary, withdrawal of consent and no other legal basis, reasoned objection, unlawful processing, erasure is required by applicable law, etc.);
- the right to restriction of processing means the right to obtain from us, as the controller, the restriction of the processing of your data where you contest the accuracy of the data or have lodged an objection, or where the processing is unlawful or where the processing is no longer necessary for the controller but for the establishment, exercise or defence of legal claims;
- the right to data portability means the right to receive personal data relating to you that you have provided to us as controller in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller without any hindrance (applies to data processed by automated means on the basis of consent or a contractual relationship);
- the right to object means that you can object to certain types of processing of your personal data (public interest, legitimate interests of the controller, marketing purposes) at any time and we must demonstrate legitimate interests for the processing or stop the processing (always in the case of marketing);
- the rights concerning automated processing and profiling mean that you are not subject to a decision based solely on automated processing, including profiling, which has legal or similar effects concerning you, unless it is strictly necessary, mandatory or you consent to it.
- We will be happy to assist you in exercising any of your rights, or in obtaining further information or clarifying any dilemmas you may have, by email: info@merchandfun.com
Exercising those rights and remedies
The individual shall exercise those rights free of charge with the Trader. The Trader may request the data of the individual in order to confirm the identity of the individual. The Trader must decide on the individual’s request without undue delay and no later than one month after receipt of the request. This time limit may be extended by up to two additional months if necessary, taking into account the complexity and number of requests. The Trader must inform the individual of the extension and the individual may appeal against the extension. In the case of manifestly unfounded or excessive requests by the data subject, in particular where the requests are frequently repeated, the company may refuse to act on the request, giving specific reasons.
The data subject may at any time request, in writing or by any other agreed means, the controller to permanently or temporarily cease using or otherwise processing his or her personal data for direct marketing purposes. In the case referred to in the preceding sentence, the controller shall, within 15 days at the latest, cease processing the personal data for the purpose of direct marketing and shall inform the data subject who made the request thereof thereof in writing or by any other agreed means within a further period of five days.
If, after receiving a decision from the controller, the data subject considers that the personal data he or she has received are not the personal data he or she requested or that he or she has not received all the personal data requested, he or she may, before lodging a complaint with the Information Commissioner, lodge a reasoned objection with the controller within fifteen days. The controller must decide on the objection as a new request within five working days. If the controller does not decide on the individual’s request within the time limit, the individual may lodge a complaint for silence with the Information Commissioner.
The Information Commissioner shall decide on the appeal against the controller’s decision in accordance with the rules of general administrative procedure. In cases which cannot be resolved otherwise, the Information Commissioner shall decide on the appeal by means of a decision. The decision shall not be subject to appeal, but shall be subject to administrative litigation.
Contractual processing of personal data
The trader may contractually entrust a processor with specific tasks relating to the processing of personal data. The contract shall be in writing or in an equivalent electronic form and shall comply with the requirements of the General Data Protection Regulation, the provisions of the law governing the protection of personal data and other regulations governing the protection of personal data.
Payments: depending on the method of payment, we pass your payment details to third parties (e.g. when paying by credit card to your credit card provider). We use third party services Stripe and PayPal to process payments. We will not store or collect your payment card details. We pass this information directly to our third party payment processors, whose use of your personal data is governed by their privacy policies
Stripe: You can view their privacy policy at: https://stripe.com/us/privacy
PayPal: You can view their privacy policy at: www.paypal.com/de/webapps/mpp/ua/privacy–full
Delivery: we cooperate with Post Slovenije for the delivery of the ordered goods: for the delivery of the ordered goods or for the announcement of the delivery, we may transfer the following data to them: first name, last name, postal address, if necessary also e-mail address and telephone number.
Posta Slovenije: You can view their privacy policy at: https://www.posta.si/zakoni–insplosni–pogoji
Cookies
We use cookies on various pages to make your visit to our website more attractive and to enable you to use certain features, as well as to record the use of our website statistically. Cookies are small text files that are automatically generated by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not damage your end device, do not contain viruses, Trojan horses or other malware. The cookie stores information related to the specific device used. However, this does not mean that this identifies you.
Most of the cookies we use are deleted at the end of the browser session (so-called temporary or session cookies). For example, we may offer you a multi-page shopping basket display where you can see how many items are currently in your shopping basket and how much you are currently buying. Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called persistent or inter-session cookies). These cookies are primarily used to make our offer more user-friendly, more efficient and more secure. Thanks to these files, you can, for example, receive information on the site that is tailored to your interests.
You can, of course, set your browser not to store cookies on your device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to warn your browser when you receive a new cookie, or how to delete any cookies that have already been received and block any others.
Proceed as follows:
In Internet Explorer:
- In the “Tools” menu, select “Internet options”.
- Click on the “Privacy” tab.
- You can now configure the security settings for the internet zone. Here you can specify whether and which cookies should be accepted or rejected.
- Confirm your setting with “OK”.
In Firefox:
- In the “Tools” menu, select Settings.
- Click “Privacy”.
- In the drop-down menu, select the entry “create according to custom settings”.
- You can now specify whether cookies should be accepted, how long you want them to be kept, and add exceptions to which websites you want to allow to use cookies always or never.
- Confirm the setting with “OK”.
In Google Chrome:
- Click the Chrome menu in your browser toolbar.
- Now select “Settings”.
- Click “Show additional settings”.
- In the “Privacy” section, click “Content settings”.
- In the “Cookies” section, you can set the following: delete cookies, block cookies by default, delete cookies and website data by default when you exit the browser, allow exceptions for cookies from certain websites or domains