The personal data protection policy or the privacy policy governs the collection, storage and processing of personal data that SITIK d.o.o., Cistercijanska opatija Stična collects and processes as part of a visit to the Patra Simon Ašič Herbal Pharmacy website (www.pater-simon-asic.si), submission of inquiries, product orders and store visits.
Manager
The controller of personal data in the sense defined by the EU General Regulation on the Protection of Personal Data and the applicable law governing the protection of personal data – GDPR is:
SITIK d.o.o., Cistercijanska opatija Stična
Stična 17
1295 Ivančna Gorica
Phone: +386 (0)1 787 70 65
Email: info@sitik.si
Personal data and the purpose of their processing
Sitik d.o.o., Cistercijanska opatija Stična collects, processes and stores personal data of three groups of individuals in its work. These are people who are customers in the online store, people who create a user account in the online store, people who present a white prescription with their purchase and people who sign up to receive e-news and people who participate in prize games . For each group of persons, we have defined below what personal data is collected, what is the purpose of collection and the retention period.
| A group of individuals | Personal data | Purpose of collection | Retention period |
| Records of customers in the online store | Name and surname, address, telephone, e-mail address, purchase information | Delivery of ordered products and notification of order status. | Maximum 10 years from completed of purchase |
| Records of registered users of the online store | Username, name and surname, address, telephone, address, information about past purchases | Delivery of ordered products, notification of status orders and the possibility of viewing past orders and making purchases faster. | Maximum 10 years from recent activities (entry) of the buyer |
| Record of customers in the physical store who buy with a white prescription | Name and surname, prescribed mixture herbs | The purpose of the processing is the provision of services for the preparation and sale of a mixture of herbs on a white recipe and the subsequent provision of the same service. White recipes are stored in order to make it easier for the customer to re-order the same blend of herbs. | Maximum 3 years |
| Records of subscribers to e-newsletters | Name and surname, e-mail address | Informing potential customers and existing customers who have agreed to this, about news, promotions and other things from the company’s offer and about the company. | Until consent is revoked |
| Record of participants in prize games | Name and surname, username at social network Facebook, address (if sending by post) | The data is obtained for the purpose of running the prize draw itself, gaining followers on social networks and for the purposes of promoting the company and products. The address is only collected and processed if the prize is sent by post. | For the duration of the game upgrade and award delivery. |
Sitik d.o.o., Cistercijanska opatija Stična respects your privacy and is committed to collecting, storing and processing personal data carefully and in accordance with applicable regulations on the protection of personal data.
In order to prevent unauthorized access to the obtained data or their disclosure, maintain the accuracy of personal data and ensure their appropriate use, we have introduced appropriate technical and organizational procedures for data security.
Contractual processing and forwarding to third parties
Your personal data is passed on to third parties and contractual processors only in the event that this is absolutely necessary for the successful implementation of the processing purpose. These examples are:
– to payment service providers for the purpose of processing payments and to banks based on an individual’s order for the purpose of fulfilling a sales contract,
– carriers or postal service providers for the purpose of delivering ordered products and
– contractual processors of personal data for the purposes of maintaining the information system and online store.
Transfer of data to third countries
We do not export your data to third countries under any circumstances.
Legal basis
The personal data that you provide to us when placing an order in our online store is processed with your clear and unequivocal consent based on Article 6 (1), (a) of the EU General Data Protection Regulation (GDPR), a legitimate interest or based on the fulfillment of the contract when ordering the products.
You can withdraw your consent at any time by sending a message to the address: info@sitik.si. Any withdrawal of consent does not affect the lawfulness of the processing of your personal data at the time before the withdrawal was given. Withdrawal of consent will be carried out within a maximum of 14 days from the receipt of a written request to the e-mail address, as far as the purpose of personal data processing and the legal basis allow.
Your rights
In accordance with the provisions of the EU General Data Protection Regulation (GDPR), you have the following rights:
The right to withdraw consent: if you, as a user, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw this consent at any time, without affecting the legality of the data processing based on consent performed until its cancellation.
The right of access to personal data: as a user, you have the right to receive confirmation from the provider (personal data manager) as to whether personal data is being processed in relation to you and, if this is the case, access to personal data and certain information.
The right to correct personal data: as a user, you have the right to have the provider correct inaccurate personal data relating to you without undue delay. As a user, you have the right to complete incomplete data, taking into account the purposes of the processing.
Right to deletion of personal data (“right to be forgotten”): as a user, you have the right to have your personal data deleted when there is no longer a legitimate reason for further processing. The prevention of processing is possible in special circumstances.
The right to limit processing: as a user, you have the right to have the provider limit processing if you, as a user, dispute the accuracy of personal data; when the processing is illegal and as a user you object to the deletion and request a restriction of use; when the data is no longer necessary for the purpose of processing, but as a user you need it to assert legal claims.
Right to data portability: As a user, you have the right to receive the personal data relating to you that you have provided to the provider in a structured, commonly used and machine-readable format.
The right to object to processing: as a user, you can object to processing in the case of processing for the purposes of performing tasks in the public interest or in the exercise of public authority and direct marketing (including profiling).
Personal data retention time
Sitik d.o.o., Cistercijanska opatija Stična stores your personal data for as long as it is necessary for the purpose of personal data processing. Individual collections of personal data have different retention periods. The data of persons who make a purchase in the online store are kept for a maximum of 10 years, but only the data found on the account (name, surname and address). The data of persons with a user account are stored for a maximum of 10 years from the last activity in the online store. Data on a customer with a white prescription is kept for a maximum of 3 years from the submission of the white prescription. Information about e-news recipients is kept until the individual’s consent is revoked. Information about participants in prize games is stored only in during the duration of the prize game, the drawing of the prize winner and the delivery or sending of the prize.
Additional information and exercise of rights
When exercising all your rights or obtaining additional information, please contact our authorized data protection officer, who is available at the e-mail address: info@sitik.si. We will process and respond to your application in accordance with the EU General Data Protection Regulation – GDPR.
Stična, February 1st, 2023
Sitik d. o. o., Cistercijanska opatija Stična
