1 CONTROLLER OF THE PERSONAL DATA PROCESSED
The controller of the personal data processed in relation to the https://www.pakosignparts.com website (hereinafter: website) and in the other cases specified is Pako d.o.o., Slovenska vas 4c, 8261 Jesenice na Dolenjskem (hereinafter: Pako d.o.o.).
Pako d.o.o. is the parent company of Pako Zagreb d.o.o., Karlovačka cesta 50a, 10000 Zagreb, Croatia, and may, based on its legitimate interest, disclose certain personal data of its customers to its subsidiary, as specified in more detail below.
Pako d.o.o. specializes in the distribution of supplies and equipment for the advertising and printing industry and among other also acts as the provider and developer of the website and retailer of the goods sold in the online shop available on the website (hereinafter: "Pako online shop").
The Pako d.o.o. website and online shop are primarily intended for companies and their representatives, whereby in accordance with the General Terms and Conditions we do not offer our products and services to consumers (i.e. natural persons who acquire or use the goods and services for purposes outside of their professional or gainful activity).
As a result, most of the personal data processed at Pako d.o.o. (e.g. business email addresses, business telephone numbers, etc.) relate to company representatives.
This information on personal data processing has been prepared in accordance with the General Data Protection Regulation (hereinafter: GDPR) and refers to processing of personal data by Pako d.o.o. in relation to you when you visit and use this website or the Pako online shop or in relation to your other interactions with Pako d.o.o.
Here you will find answers to questions such as:
- what personal data is shared with Pako d.o.o. and why,
- what is the scope and purpose for which your data is being processed and what are the legal bases that allow such processing,
- how you can correct, delete or restrict the processing of your data, in whole or in part; and
- what are your other rights regarding your personal data.
2 CONTROLLER CONTACT DETAILS
Pako d.o.o. has not yet appointed a Data Protection Officer. For any information regarding the processing and protection of your personal data, please contact us at firstname.lastname@example.org at any time.
3 THE PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED AND THE LEGAL BASIS FOR PROCESSING
(a) If you are merely a website visitor
The way World Wide Web works is that certain data about website visits, such as IP number, browser version, time of visit, and URL of the page visited, is recorded on the web server hosting this website. Pako d.o.o. does not process the data collected in this way separately and does not link it to other data.
The purpose of these processes is to ensure network and information security, i.e. enable the detection and prevention of unauthorized access, which may jeopardize the availability, integrity and confidentiality of stored or transmitted personal data and the security of related services, accessible through these networks and systems. Such processing is necessary for safe operation of this website.
If you have accepted optional (advertising) cookies, these and other data may be processed by our advertising partners in order to improve the display of our (and others') advertisements, as set out in more detail later in this document or on the "Cookies" sub-page.
(b) If you register or make a purchase
In addition to the data we collect from visitors when mandatory (or optional) cookies have been accepted, we may also, when you register for an account, process your first name, surname, telephone number and email address, information about the company you are registering with, company contact details and company field of activity.
In addition to the information required for visiting the website and registering, we will also collect the delivery address and contact phone number, if you place an order. Card payments are made through a third-party electronic payment provider, meaning we do not collect or store any credit card information.
For more details about both cases, please refer to the section "Who MAY process your personal data (PERSONAL DATA RECIPIENTS)".
The data referred to above is processed on a contractual basis (Article 6(e) of GDPR) for the purposes of providing basic functionalities of the Pako online shop (i.e. sending a confirmation email, executing the payment transaction, delivering the goods, sending you update notifications, allowing you to access documentation relating to the purchase via your profile, etc.) and for the purposes of communicating with you regarding your purchase (e.g. answering your queries, resolving complaints, etc.). In the cases described above, personal data is provided as part of a contractual obligation or contract negotiation, whereby your explicit consent is consequently not required for the purposes and processing of your personal data referred to above.
The data is stored for the period necessary for the execution of the contract and for 5 years after its termination, except in cases where there is a dispute regarding the contract; in such cases, the data is stored for 5 years from the final decision of the court or arbitration or settlement or, if there were no court proceedings, for 5 years from the date of amicable dispute settlement.
However, based on our legitimate interest under Article 6(f) of the GDPR, we may also occasionally send commercial communications about our products and services to email addresses of registered users. Similarly, we may occasionally contact users who, for example, have added selected products to their shopping basket and have not completed their purchase. If you do not wish to receive this type of messages, you can indicate this when registering for an account or at any time by following the unsubscribe link featured in each such message. You may also opt-out of receiving such communications at any time, either in your user profile or by sending a message to email@example.com.
In this case, your data will be processed until your user account is terminated or we receive your opt-out from such communications.
(c) Marketing communication with persons who are not yet registered as users or customers of Pako d.o.o.
We will send marketing communication to persons who are not yet our customers (e.g. our newsletter) via e-mail, if such persons have given their explicit consent to such communication (e.g. if consent to such communication has been provided on our online prize draw form, on a paper form at the office, etc.).
In addition to your IP address, we may also process your e-mail address entered in the online or paper consent form, as well as the date and time of your sign up to receive marketing communication. The data is occasionally exported and processed in the Mailchimp online tool.
Pako d.o.o. processes this data exclusively for the purpose of providing information about sales news, promotions and other activities in the field of sales.
The personal data (e-mail address) is processed on the basis of your consent (Article 6(a) of the GDPR).
Your e-mail address may be stored as long as necessary for fulfilling the purpose or until you unsubscribe from the newsletter service. You can unsubscribe from receiving marketing communication and newsletters at any time by clicking on the unsubscribe link in the email received or by sending an email to firstname.lastname@example.org.
(d) If you are applying for a vacancy at Pako d.o.o.
If a CV, name, surname, contact details or other requested data are sent in relation to a vacancy notice to the email or physical address provided, such data will be processed for the purposes of screening applications and possibly contacting the applicants or conducting interviews. In these cases, the data will be processed on the basis of Article 6(e) of the GDPR (i.e. contract negotiations).
If the candidate is not contacted for an interview, all the data received will be deleted within 30 days from the date of their receipt, whereby in cases where there are indications that disputes may arise in relation to the recruitment procedure carried out, abbreviated data of successful and unsuccessful candidates (e.g. name, surname, solved employment test or correspondence with the candidate) shall be stored for 2 years after the recruitment procedure (i.e. until the expiry of the general limitation period for employment-related offences under the Minor Offences Act).
(g) Situations where your data is processed based on legal requirement (e.g. invoicing)
Pako d.o.o. may also process certain personal data for the purposes of complying with legal and other regulations (Article 6(c) of the GDPR), in particular the laws and regulations governing tax and accounting (e.g. records of issued and received invoices etc.).
For example, such cases can occur when Pako d.o.o. is ordered by an inspector or other holder of public authority to provide personal data of a specific customer in accordance with the law (e.g. in the context of carrying out inspections under the provisions of the Inspection Act (ZIN), etc.), or when Pako d.o.o. processes personal data of customers for invoicing purposes (e.g. name, contact details, in which case the personal data is processed on the basis of the Value Added Tax Act (ZDDV-1) etc.).
(h) Situations where your data is processed on the basis of our legitimate interests (e.g. fraud prevention)
Pako d.o.o. may also process certain personal data for the purposes of protecting our legitimate interests (Article 6(f) of the GDPR).
In addition to the aforementioned marketing communications with registered users or customers, data is also processed based on our legitimate interests when the processing of your data is necessary in order to protect our business against potential fraud, or necessary in view of inspections and civil or other proceedings. In all such cases, only strictly necessary data shall be processed for the pursuit of legitimate business purposes and the processed data shall also be minimized.
The company may also process the personal data of a data subject in cases where the processing is necessary to protect the vital interests of the data subject or of another natural person (e.g. to obtain the address of an individual who is at direct and serious risk in relation to a product purchased) (Article 6(d) of the GDPR).
Cookies are small text files that most modern website store on visitor devices, i.e. devices of individuals who use these devices to access a particular website online. We also use cookie technology on our website, which is indicated by a cookie pop-up when an individual visits the website.
The pop-up window also alerts you that the downloading of cookies that are not mandatory for the normal operation of the website (e.g. saving settings, adjusting the display dimensions of the device, etc.)
- is subject to the visitor's explicit consent (carried out by clicking the "accept non-mandatory cookies" button while first visiting the website),
- and under full control of the visitor, as the visitor can either limit or disable the cookies of the browser, or can also remove the cookies at any time, in accordance with the instructions available at https://www.pakosignparts.com/cookies.
A detailed description of the data collected for these purposes, the cookies that enable that, and the related services, as well as the retention period of this data and information on the provider of each cookie or service, are available at https://www.pakosignparts.com/cookies.
5 PERSONAL DATA PROTECTION
Personal data is stored in electronic databases for personal data that are equipped with appropriate technical protection and can only be accessed by authorized employees of Pako d.o.o.
6 WHO CAN PROCESS YOUR PERSONAL DATA (PERSONAL DATA RECIPIENTS)
6.1 Certain employees of Pako d.o.o.
Your personal data is processed by individual employees of Pako d.o.o. Pako d.o.o. employees only process the personal data required for their work tasks and may also share personal data with each other, to the extent permitted by their work tasks and the company's internal regulations. All employees are bound to confidentiality and to respecting the protection of personal data.
6.2 State authorities
In certain cases, as required by applicable law, Pako d.o.o. is obliged to provide your personal data or information about it to state authorities that are, for example, competent for financial, fiscal or other controls (e.g. the Labor Inspectorate, the Financial Administration of the Republic of Slovenia, courts, the Information Commissioner of the Republic of Slovenia, the Market Inspectorate of the Republic of Slovenia, etc.). In certain cases, Pako d.o.o. is also obliged to disclose data to third parties if such disclosure is required by law or by a third party's legal entitlement.
6.3 Contractual processing of personal data
In addition to employees of Pako d.o.o., the recipients of personal data may also include employees of the company's contractual processors, who may process personal data as confidential exclusively on behalf of Pako d.o.o. and only to the extent set out in the External Personal Data Processing Agreement that Pako d.o.o. has concluded with each such processor. Contractual processors are obliged to process personal data only within the framework of the instructions of Pako d.o.o., as the controller of the personal data, and are not allowed to use the data to pursue their own interests.
The contractual processors with which Pako d.o.o. cooperates include, but are not limited to:
- Pako Zagreb, d.o.o., Karlovačka cesta 50a, 10000 Zagreb, Croatia (https://hr.pakosignparts.com/),
- persons cooperating with the company under other contracts for provision of services or copyrighted work (legal advice, advertising, etc.),
- accounting firm,
- PayPal and Braintree, payment services offered by PayPal (Europe) S.a.r.l. et Cie, S.C.A. with servers in the EU (https://www.paypal.com/si/webapps/mpp/home),
- delivery and shipping services,
- IT system administrators.
Pako d.o.o. will not disclose your personal data to unauthorized third parties.
For a detailed list of all contractual processors of Pako d.o.o., contact us at email@example.com.
6.4 Cooperation with advertising partners
Our advertising partners have access to certain technical information and other data that we record about visitors in relation to their interaction with our website and the Pako d.o.o. online shop using cookies (see the Cookies section):
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (services: Google Analytics / Remarketing for Google Display Advertising / Google Tag Manager / Google DoubleClick), whose servers may be located in the EU and in the United States (https://policies.google.com/technologies/ads?hl=en-US)
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (services: visitor action pixel (FB Pixel), whose servers may be located in the EU and in the United States (https://www.facebook.com/policies/cookies/)
The advertising cookies enable our advertising partners to serve relevant ads to visitors on all the devices or browsers they use.
A detailed description of the data collected for these purposes, the cookies that enable that, and the related services, as well as the retention period of data and the possibility of removing a cookie, are available at https://www.pakosignparts.com/cookies.
6.5 Hosting provider
Pako d.o.o. website and online shop hosting and storage of the data you submit online (e.g. data obtained from communication via the contact form on the website, when placing an order) are provided by the contractor as the contractual processor:
- Stroka d.o.o., Koroška cesta 61a, 2360 Radlje ob Dravi, Slovenia
6.6 Newsletter service provide
The provider of the email newsletter service, which stores the email addresses of those data subjects who have explicitly consented to such processing (see section THE PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED AND THE LEGAL BASIS FOR PROCESSING), is:
- The Rocket Science Group LLC., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (service: Mailchimp), whose servers are located in the United States (https://mailchimp.com/legal/privacy/).
7 TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
As a rule, Pako d.o.o. does not transfer personal data to third countries (i.e. outside the European Union, Iceland, Norway and Liechtenstein) and international organizations. An exception to this rule is the occasional transfer of certain technical and personal data to the servers of the aforementioned processors whose registered offices or servers are located in the United States (e.g. the automatic transfer of certain data collected by cookies of Google Inc. or Facebook Inc., entering email addresses in a foreign tool for sending newsletters, etc.), whereby the contractual processors concerned are former members of the Privacy Shield program (https://www.privacyshield.gov/) and, since 12 July 2020, comply with and have adopted all the security measures regarding the receipt or transfer of data deemed appropriate at the time of drafting this document.
More detailed information on the categories of recipients, contractual processors and data transfers can be obtained by sending a request to
- the email address: firstname.lastname@example.org
8 IS THE PROVISION OF PERSONAL DATA NECESSARY AND WHAT ARE THE POSSIBLE CONSEQUENCES IF SUCH DATA IS NOT PROVIDED?
In principle, your cooperation with and the use of Pako d.o.o. services are not subject to your consent to the processing of your personal data insofar as this is not logically related to the service itself or required for its provision (e.g. if registering for a user account and purchasing a product).
Pako d.o.o. guarantees the right of the data subject to withdraw his or her explicit consent at any time in a way that is simple for the data subject, i.e. by contacting us at any time at email@example.com.
The withdrawal of consent shall be without prejudice to the lawfulness of the processing based on consent prior to its withdrawal.
In the event that you do not consent to the processing of your personal data or provide your consent partially, or (partially) withdraw your consent, we will, insofar possible, cooperate with you only to the extent of the consent given or in the ways permitted by applicable law.
Consent is voluntary and if you decide not to provide it or subsequently withdraw it, this shall in no way prejudice your other rights arising from your business relationship with Pako d.o.o. or result in additional costs or aggravating circumstances.
9 AUTOMATED DECISION MAKING, INCLUDING WEBSITE VISITOR PROFILING
Automated decision making or profiling are not carried out.
10 THE RIGHT TO REQUEST FROM THE CONTROLLER ACCESS TO AND RECITIFICATION OR ERASURE OF PERSONAL DATA OR RESTRICTION OF PROCESSING CONCERNING THE DATA SUBJECT OR TO OBJECT TO PROCESSING AS WELL AS THE RIGHT TO DATA PORTABILITY
You may at any time request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (the right to transfer the data to another controller at your request).
Please send the request to: firstname.lastname@example.org and it will be processed in accordance with the provisions of the General Data Protection Regulation.
11 THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The website of the Information Commissioner features a form for lodging a complaint due to infringements of legislation in the field of personal data protection.
Last modified: August 30 2021