B2MS d.o.o. (hereinafter referred to as Sport Station), 4209 Žabnica, Zgornje Bitnje 411, Slovenia (the "Data Controller") respects and protects your privacy, seeks the highest level of protection and observes the principles of transparency and data protection. This Privacy Statement describes the treatment of data provided to us or collected by our digital platforms that allow visitors to access our website and use our services. Sport Station processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR"), in accordance with the applicable Personal Data Protection Act, and in compliance with other regulations in the field of personal data protection.
Please read below how we handle your personal data.
Legal basis for processing
The personal data collected in the online shop, namely through forms filled in by the individual - or otherwise communicated to the controller - Sport Station (name and surname, e-mail, telephone, street and house number, postcode, city/town, country, region, contents of the shopping basket, IP) is collected for the purpose of carrying out the core business of Sport Station, i.e. the online shop, namely to respond to enquiries, to prepare and conclude a contract and for the performance of the contract itself. Since the processing of this information is necessary for the performance of the service itself, the processing of this data is already carried out by virtue of the fact that the customer enters into a contractual relationship with the provider. The legal basis for the lawful processing of personal data is the performance of a contract to which the data subject is a party or the performance of measures at the request of such data subject prior to the conclusion of the contract (Article 6(1)(b) GDPR).
If the legal basis for the data processing is your consent (assent), you have the right to withdraw your consent at any time, but this does not affect the lawfulness of the processing by Obsession d.o.o., Ljubljana for the period before you withdraw your consent (Article 6 (1) (a) of the GDPR). In the event that you withdraw your consent to the processing of your personal data, we will cease to process the personal data collected for this purpose.
If we provide personal data to law enforcement authorities or other public authorities, we share your personal data because we have a legal obligation to do so. Our legal obligations also apply to the retention of documentation arising from accounting and tax regulations (Article 6 (1) (c) GDPR).
The sharing of personal data with our contractual partners, in order to ensure the effective management and protection of our business, as well as the establishment and exercise of legal claims or the defence thereof, constitute so-called legitimate interests of B2MS d.o.o (Sport Station) (Article 6 (1) (f) GDPR.
Reason and purpose for which Sport Station collects personal data
The main categories of data collected by Sport Station and the main purposes for which the data is collected are described here:
As part of Sport Station's general business processes
We collect personal information about website visitors, customers, suppliers (including third parties as service providers). The information may include the individual's name, contact details and other information necessary to conduct business with you or your organisation.
To assist you in your enquiries
You may choose to consent to us providing you with personal information, including your name, email address or other contact details when you contact us by telephone, email, post, using our digital platforms or other communication channels. This personal information enables us to respond to your requests for information, to take the appropriate steps and to provide you with a quote for the purchase of products, to respond to warranty or other claims.
Customers and potential customers
We collect personal information from customers and potential customers, including names, contact information, payment and credit card information, credit and other information, because we need it to do business with individuals or organizations. We may share information with logistics partners so that they can take care of order fulfillment, including the delivery of products. And the automatic collection of data on digital tools allows us to ensure the security of our site users.
The personal data that you entrust to us or that is collected automatically on our digital tools will be used to help us better understand the users of our products and solutions, and will form the basis for relevant messages and offers when you contact us. Personal data will be used to improve products, processes, website.
With your permission (consent), if requested, we may use your personal data to keep you informed about Sport Station's business, products and services. If you do not want Sport Station Ljubljana to use your personal data in this way, or if you do not wish to receive further information, you can unsubscribe from receiving our newsletter at any time. You will find an unsubscribe link at the bottom of the various communication channels or you can contact us by email or post to unsubscribe. We will delete your data from our systems once we have received your unsubscribe request, unless we are storing and processing the data on another legal basis such as your permission (consent).
Visitor and customer surveys
We may collect personal data from visitors to our website as part of surveys about Sport Station's services and products
Consideration of visitor and customer preferences
We may collect personal information from visitors to our site or customers to provide certain products and to consider customer interests.
Compliance with legislation
We may collect personal information as required or permitted by law. The personal and non-personal information we collect is treated as confidential and will not be sold or shared with third parties, except for the exceptions noted in this statement.
How we collect your information
We collect the information you provide when you contact us for products, services or information, register on our websites, participate in public forums or other activities on our digital tools, respond to customer surveys or otherwise communicate with us. We collect information through a variety of technologies, such as "cookies".
We will not share your personal data with others, except in the following exceptional circumstances:
When third parties perform services on our behalf, such as responding to your requests, or delivering packages and services to customers, and the like. These companies are prohibited from using your personal information for purposes other than those that we have asked them to do or that they are required to do by law.
When we share personal information within our company or with third parties to ensure the safety and security of our customers, to protect our rights and property in accordance with legal process, or in other cases where we have a good faith belief that disclosure is required by law.
Your control and your choices
We give you certain controls and choices over our collection, use and sharing of your information. In accordance with local law, your control and decision-making may include the following:
You can change your decision about receiving newsletters and notifications.
You can choose whether to receive marketing communications from us about products and services that we think may be of interest to you.
You can choose whether to receive notifications from targeted advertising from advertising networks, data sharing and market analytics providers and other services.
You can request access to your personal data that we hold about you in order to correct inaccurate or incomplete information and, in certain circumstances, you can request that we delete information that we hold about you from our records (natural person rights).
You can exercise your control and choices or request access to your personal data by calling us or contacting us in writing and following the instructions you have received. Please be aware that we may not be able to provide you with certain products and services if you do not allow us to collect your personal information, and that some of our services may not be able to accommodate your interests and preferences. If you have any questions about the specific personal data about you that we process or store, please contact Sport Station in writing or at email@example.com or contact the Data Protection Officer via email at firstname.lastname@example.org. We will respond to your request within one month, with the possibility of extending the time limit by an additional month. In the event of an extension, we will notify you within one month of receipt of your request.
Security, integrity and data retention
The security, integrity and confidentiality of your data are of the utmost importance to us. Our Group implements technical, administrative and physical security measures designed to protect your data from unauthorised access, disclosure, use and alteration. We periodically review our security procedures to consider the latest appropriate technologies and methods.
The transmission of sensitive personal and transactional information on the Website is conducted in a secure manner using the Secure Sockets Layer (SSL) protocol. The data is encrypted and transmitted to the provider's server in a protected format. The system thus prevents anyone from intercepting the personal and transactional data that customers send to the online shop.
Secure authorisations and payment card transactions are handled and intermediated by Stripe, a global payment platform. Card authorisations are carried out in real time with instant verification of data in the banking system.
Please note that despite our best efforts, no security measures are perfect or impossible to circumvent.
We will retain your personal data for as long as necessary for the purposes set out in this Privacy Statement, unless a longer retention period is necessary or permitted by law. We will refresh the information regularly to keep it up to date.
Changes to this privacy statement
We may change this statement from time to time to adapt it to the latest technologies, industry practices, legislative requirements or for other purposes. The current version of this Privacy Statement will be posted on our digital platforms. You are advised to check the Privacy Statement regularly and, if required by applicable law, we will obtain your consent before making any changes to it.
Comments and questions
If you have a comment or question about privacy, please contact Sport Station in writing If you are dissatisfied with the way we have handled your personal data, you may lodge a complaint. Please use the contact details provided. If you make a complaint, you must provide Sport Station with your contact details. We will consider and respond to your complaint within 30 days. If you believe that Sport Station has not adequately addressed your complaint, you may complain to the Information Commissioner, Zaloška cesta 59, 1000 Ljubljana, email@example.com; https://www.ip-rs.si/.
Privacy and cookies
The personal data of our users is one of the areas to which we pay the utmost care and attention. We make sure that all requirements are not only met, but exceeded if possible, as we are aware of the sensitive nature of this area.
For the purposes of our business, we collect the following user data:
first and last name;
the name of the company or legal entity (if the user is a legal entity);
the tax number of the legal entity (if the user is a legal entity);
e-mail address (username);
a password in encrypted form;
a contact telephone number;
country of residence;
other information that the user voluntarily enters in the forms in the online shop;
other information that the user voluntarily adds subsequently to his/her profile.
The Seller shall not be liable for the correctness, completeness and up-to-dateness of the data entered by the Users. For security purposes, the IP addresses from which users access the Website are also collected. Each user is assigned a session cookie at the start of their visit to identify and monitor their shopping basket. www.obsession.si may also store other cookies on your computer, such as: a user identification number in encrypted form (to identify you on your next visit), product ratings (so you know which products you have already rated) and Google Analytics cookies (to analyse visits to the website), among others.
All of the above-mentioned data, with the exception of cookies, is stored on the obsession.si server in accordance with applicable law. Session cookies are only stored in the server's memory for the duration of the visit and are deleted after one hour of inactivity, while persistent cookies are stored on the visitor's computer.
What are my rights under the GDPR?
a) Right to be informed
In accordance with the provisions of the GDPR, we guarantee the exercise of all your rights to which you are entitled in relation to the processing of your personal data You have the right to free information about the personal data we hold about you, as well as the right to inspect, rectify or erase this data. If you have any questions about the deletion or use of your data, please contact us by email at firstname.lastname@example.org or send us a request by post to Sport Station You can also contact our Data Protection Officer (DPO) by email at email@example.com. Our Data Protection Officer will also answer questions about the confidentiality of your data, how we collect and process your data, or your requests to exercise rights in relation to your data.
Notifications after receipt of your order: your user experience is important to us, so after receipt of your order, our clerk will call you to check that you were satisfied with your purchase and the product. If you wish, our clerk will also inform you of other benefits you can obtain or benefit from when you make a repeat purchase in the online shop. In this case, you will receive regular e-mail and sms notifications about the company's benefits to your phone number and e-mail address. You can withdraw your consent at any time by sending us an email to firstname.lastname@example.org or by unsubscribing from receiving notifications by clicking on the "unsubscribe" link. We also reserve the right, as part of our business, to ask you about the frequency with which you visit our website. We will use your feedback to improve the website and user experience. If you fill in promotional forms (discount vouchers) on social networks, you will receive notifications to your email address, which will keep you informed about the possibilities of redeeming promotional vouchers. You can also unsubscribe from these notifications in the same way as described above.
b) Right of access
You have the right to request access to your personal data (confirmation of whether or not data relating to you is being processed) and the following information at any time from Sport Station as the data controller, in accordance with Article 15 of the General Data Protection Regulation (GDPR):
the purposes of the processing,
the types of personal data, the users or categories of users to whom the personal data have been or will be disclosed, in particular users in third countries or international organisations,
the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine this period,
the existence of automated decision-making, including profiling.
the reasons for it, as well as the significance and the envisaged consequences of such processing for the data subject.
One (free) copy of the personal data in a format determined by me (if the request is made by electronic means of communication and I do not request otherwise, the copy shall be provided in electronic form). For additional copies that I request, the controller may charge a reasonable fee, taking into account the costs.
c) Right of rectification
You have the right to request the rectification of inaccurate personal data about you (Article 16 of the General Data Protection Regulation - GDPR).
d) Restriction of processing
Pursuant to Article 18 of the General Data Protection Regulation - GDPR, you have the right at any time to request from B2MS d.o.o. (Zgornje Bitnje 411, 4209 Žabnica) as the controller of your personal data the restriction of the processing of your personal data where:
you contest the accuracy of the personal data for a period which allows the controller to verify the accuracy of the personal data,
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of their use,
the controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the establishment, exercise or defence of legal claims,
you, as an individual, have raised an objection to processing in accordance with Article 21(1), pending verification whether the legitimate interests override your grounds.
e) Right to be forgotten, to object, to data portability and to lodge a complaint
You also have the right, under the terms of the General Data Protection Regulation:
to the erasure of all personal data (right to be forgotten) if the prerequisites of Article 17 of the General Data Protection Regulation (GDPR) are met, and in particular if the data have been processed unlawfully;
the right to have personal data extracted in a structured, commonly used and machine-readable format, with the right to transmit this data to another controller (portability), without being hindered by the original controller, in accordance with Article 20 of the General Data Protection Regulation (GDPR);
to the cessation of the use of personal data where the processing is carried out on the basis of the legitimate interest of the controller, and for direct marketing purposes, including profiling (right to object) - Article 21 of the General Data Protection Regulation (GDPR),
that you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the preconditions set out in Article 22 of the GDPR are met;
You may lodge a complaint against the controller with the Information Commissioner if you consider that the processing of your personal data violates the General Data Protection Regulation and other applicable law, by writing to the Information Commissioner, Zaloška 59, 1000 Ljubljana or by sending an email to: email@example.com.
Procedure for exercising rights
I am aware that I may address any of the above requests concerning the exercise of my rights in relation to my personal data in writing to the controller at the following e-mail address: firstname.lastname@example.org.
I am aware that the controller may request additional information from me for the purposes of reliable identification in the exercise of the rights relating to personal data and may refuse to act only if it demonstrates that it cannot identify me reliably.
What are cookies and why are they necessary?
You decide whether to allow cookies to be stored on your device. You can control and change your cookie settings in your web browser.
For information about your cookie settings, please select the web browser you are using.
Internet Explorer 9
Internet Explorer 7 and 8
If you change or delete your browser's cookie file, modify or reward your browser or device, you may need to disable cookies again. The process for managing and deleting cookies varies from browser to browser. If you need help with this, you can check your browser's help section.
You can also disable Google Analytics tracking at the following link https://marketingplatform.google.com/about/.