The Personal Data Protection Policy or the Privacy Policy governs the collection, storage and processing of personal data collected and processed by SITIK d.o.o., Cistercijanska opatija Stična in the context of visits to the Monk Simon Ašič’s Herbal Pharmacy website (www.pater-simon-asic.si), and submission of inquiries, orders of products and shop visits.
Controller
The personal data controller in the meaning as defined by the EU General Data Protection Regulation and the applicable act regulating personal data protection – GDPR is:
SITIK d.o.o., Cistercijanska opatija Stična
Stična 17
1295 Ivančna Gorica
Telephone: +386 (0)1 787 70 65
Email: info@sitik.si
Personal data and purpose of processing thereof
Sitik d.o.o., Cistercijanska opatija Stična collects, processes and stores personal data of five groups of individuals. These are website buyers, people who create a user account in the on-line store, people who present a white prescription when making a purchase and people who sign up for newsletter and people who participate in prize games. In the continuation, we have defined which data are collected for individual groups of people, the purpose of collection, and the storage period.
| A group of individuals | Personal data | Purpose of collection | Storage period |
| Record of on-line store buyers | Name and surname, address, telephone, e-mail address, data on purchase | Delivery of the ordered products and notification about order status. | Up to 10 years from purchase |
| Record of registered on-line store users | Username, name and surname, address, telephone, e-mail address, data about previous purchases | Delivery of the ordered products, notification about order status and option to see previous orders and speed up purchases. | Up to 10 years from the buyer’s last activity (entry) |
| Record of buyers using the white prescription in the physical shop | Name and surname, prescribed herbal blend | The purpose of processing is the provision of the services of preparing and selling herbal blend on the white prescription and the subsequent provision of the same service. White prescriptions are retained in order to make it easier for customers to re-order the same herbal blends. | Up to 3 years |
| Record of those who have signed up for newsletter | Name and surname, e-mail address | Notifying potential buyers and existing customers who have consented to this about the news, special offers, and other products and services from the company’s offer and about the company. | Until consent revocation |
| Record of prize game participants | Name and surname, Facebook username, address (in case of sending by post) | The data is collected for the purpose of conducting a prize game, gaining followers on social networks and for the purpose of promoting the company and products. The address is collected and processed solely in case a prize is sent by ordinary mail. | For the duration of prize game and prize handover |
Sitik d.o.o., Cistercijanska opatija Stična respects your privacy and undertakes to apply due care and comply with the applicable personal data protection regulations when collecting, storing and processing personal data.
In order to prevent unauthorised access to, or the disclosure of, the data obtained, maintain the accuracy of personal data and ensure an appropriate use thereof, we have introduced appropriate technical and organizational procedures to protect the data.
Contractual processing and transmission to third parties
Your personal data is transmitted to third parties and contractual processors solely when necessary for a successful implementation of the processing purpose, as follows:
– to payment service providers with the purpose of processing payments and to banks based on an individual’s order for the purpose of fulfilling a sales contract,
– to carriers or postal service providers for the purpose of delivering the ordered products, and
– to contractual processors of personal data for the purpose of maintaining the information system and on-line store.
Data transfer to third countries
We will never transfer your data to third countries.
Legal basis
The personal data that you provide to us when placing an order in our on-line store is processed based on your clear and unequivocal consent in accordance with Article 6 (1), (a) of the GDPR regulation, the lawful interest or based on the fulfilment of the contract when ordering products.
You can withdraw your consent at any time by sending an e-mail to info@sitik.si. Potential consent withdrawal shall not affect the lawfulness of processing your personal data at the time before the withdrawal was given. Consent withdrawal will be carried out within a maximum of 14 days from the receipt of the written request to the e-mail address, if permitted by the purpose of processing personal data and the legal basis.
Your rights
In accordance with the provisions of the GDPR regulation, you have the following rights:
Right to withdraw the consent: if you have consented to the processing of your personal data as a user (for one or more specific purposes), you have the right to revoke your consent at any time without this affecting the legality of the data processing which was carried out on the basis of the consent until revocation.
Right of access to personal data: As a user, you have the right to obtain from the supplier (controller of personal data) confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information.
Right to personal data rectification: As a user, you have the right to obtain from the supplier without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to personal data erasure (“right to be forgotten”): As a user, you have the right to obtain erasure of your personal data where legitimate grounds for further processing no longer exist. Processing can be prevented under special circumstances.
Right to restriction of processing: as a user, you have the right to obtain from the supplier restriction of processing where you, as a user, contest the accuracy of the personal data; when the processing is unlawful and you, as a user, oppose the erasure of the personal data and request the restriction of their use instead; when the data is no longer needed for the purposes of processing, but they are required by you, as a user, for the establishment of legal claims.
Right to data portability: As a user, you have the right to receive the personal data concerning you, which you have provided to the supplier, in a structured, commonly user and machine-readable format.
Right to object to processing: kot As a user, you can object to processing in case of processing for the need of performing the tasks in the public interest or in the exercising of public authority and direct marketing (including profiling).
Personal data storage period
Sitik d.o.o., Cistercijanska opatija Stična will keep your personal data for as long as necessary for the purpose of personal data processing. Individual collections of personal data have different storage periods. The data of persons who make purchases in the on-line store are retained for a maximum of 10 years, but this only refers to the data included on the invoice (name, surname and address). The data of persons who have a user account are kept for a maximum of 10 years from the last activity in the on-line store. The data about buyers with the white prescription are kept for a maximum of three years from the submission of the white prescription. The data about newsletter recipients are kept until revoked by the relevant individual. The data about participants in prize games are kept only for the duration of the prize game, the drawing of the winner and the handing over or sending of the prize.
Additional information and exercising of rights
If you wish to exercise your rights or need additional information, please contact our Data Protection Officer at info@sitik.si. We will process and respond to your application in accordance with the EU General Data Protection Regulation – GDPR.
Stična, February 1st, 2023
Sitik d. o. o., Cistercijanska opatija Stična
