At Trendills, we value your privacy so that your information is always secure.
This data protection guideline can be changed or supplemented at any time without prior notice. By using the provider’s website after changes or additions, the person confirms that he or she agrees to the changes and additions.
All our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and the flow of data (General Data Protection Regulation or GDPR) and the Council of European Conventions (ETS No. 108 , ETS No. 181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Law on the Protection of Personal Data (ZVOP-1, Official Gazette of the Republic of Slovenia), No. 94/07), the Electronic Commerce Market Act (ZEPT, Official Gazette of the RS, Nos. 96/09 and 19/15, etc.).
Personal information is information that identifies you as a specific or identifiable person. A person is identifiable if it can be determined directly or indirectly, in particular by specifying an identifier such as name, identification number, location information, web identifier or by specifying one or more factors that are specific to the physical, physiological, genetic or mental property of the person , economic, cultural or social identity.
– basic information about the user (first and last name, address, date of birth, place);
– Contact information and information about your communication with the operator (e-mail address, e-mail, telephone number, – – – date, time and content of the post or e-mail communication, date, time and duration of phone calls, recording of phone calls)
– the method of acquiring a member of the source through which the user contacted the manager (website and advertising campaign or campaign, call center);
– Information on the user’s purchases and invoices (date and place of purchase, items purchased, prices of items purchased, total purchase amount, payment method, delivery address, invoice number and date, invoice label, etc.) and information on resolving product complaints;
– Information on the use of the manager’s website by the user (date and time of website visits, pages or URLs visited, retention time per page, number of pages visited, total time of website visit, settings made on the website) and information on how to use the manager for received messages (e-mail, SMS);
– Information from forms filled in voluntarily by the user, e.g. in connection with competitions or the use of configurators to determine optimal products for the needs of the user;
– other information that the user voluntarily provides to the provider upon request to certain services that request this information.
The provider collects or processes your personal data only if you allow it or. Consent to this, ie. If you order products or services, subscribe to an e-journal, take part in competitions, etc. or if there is a legal basis for the collection of personal data or the processing provider has a legitimate interest.
The period of time that the provider will retain the information collected is further specified in the Retention of Personal Information section of this Policy.
The purposes of the processing and the basis for the data processing
The provider collects and processes your personal data on the following legal bases:
– law and contractual relationships,
– individual consent and
– legitimate interest.
– Law and contractual processing
If the provision of personal data is a contractual obligation, an obligation to conclude and fulfill a contract with the provider or a legal obligation, you must provide personal data. If you do not provide any personal data, you will not be able to conclude a contract with the provider, nor will the provider be able to provide the services or deliver the products under the contract, as they do not have the data required to fulfill the contract.
Processing on the basis of a legitimate interest
The provider can also process the data on the basis of a legitimate interest pursued by the provider, unless these interests outweigh the interests or fundamental rights and freedoms of the data.
The contractors with whom the bidder works are:
accounting service; Law firms and other legal advice providers;
Data processing and analysis provider;
IT system administrator;
Email providers (e.g. Mailchimp and others);
Payment system providers such as Adyen, PayPal, PayU, Klarna, Sofort, Multibanco, dotPay and others)
Providers of customer relationship management systems (e.g. Microsoft);
Provider of web advertising solutions (e.g. Google, Facebook).
The provider does not pass on your personal data to third parties.
Contractors may only process personal data within the framework of the instructions of the person responsible for processing and may not use personal data to pursue personal interests.
The controller and the users of personal data are not exported to third countries (outside the European Economic Area – EU member states and Iceland, Norway and Liechtenstein) and to international organizations with the exception of the USA. All contractors in the US are included in the US Privacy Shield program.
Freedom of Choice
The information you provide about yourself is controlled by you. If you do not provide your information to the provider, you will not be able to access certain websites or functions on the website.
Automatic recording of information (non-personal data)
Every time a website is accessed, general, non-personal data (number of visits, average time the website was visited, pages visited) is automatically recorded (not as part of the request) . We use this information to measure the attractiveness of our website and to improve the content and user-friendliness. Your data are not subject to any further verification and will not be passed on to third parties.
The provider makes every effort to ensure the security of personal data. Your data is protected from loss, destruction, forgery, manipulation and unauthorized access or disclosure at all times.
Consent of a minor in relation to information society services
Minors under 16 years of age should not disclose any personal information on the website or in any other way without the permission (consent or consent) of parental responsibility for the child (any of the parents or legal guardian). The Provider will never knowingly collect personally identifiable information from anyone known to be a minor (under the age of 16) or otherwise use it or disclose it to unauthorized third parties without the permission of the child’s parent.
This has no impact on the general contract law of the Member States, such as B. the rules governing the validity, conclusion or effects of a contract in relation to a child.
In such cases, the provider will use reasonable efforts in such cases to verify that parental responsibility for the child has given or approved consent.
Individual data processing rights
In order to ensure fair and transparent processing, you as an individual have the following rights in accordance with the regulations:
Right of withdrawal: If you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw this consent at any time, without prejudice to the lawfulness of the processing of the consent-based data, until it is withdrawn be exercised.
Consent can be withdrawn by a written statement sent to the manager at one of the contacts listed at https://www.trendills.com/.
The withdrawal of consent to the processing of personal data for a person has no negative consequences or sanctions. However, the controller may no longer be able to offer one or more of its services after revoking consent to the processing of personal data if services cannot be provided without personal data (e.g. Benefits Club) or personalized information ).
Right of access to personal data: As an individual, you have the right from the provider (person responsible for personal data) to confirm that personal data relating to you is being processed and, if necessary, to access personal data and certain information (about the Purposes of processing, o types of personal data, users, retention periods or criteria for determining periods of time, the existence of the right to correct or delete data, the right to restrict and object to the processing and the right to complain to the supervisory authority about the source the data, if the data was not collected from you, about the existence of automated decisions, including the creation of profiles, the reasons for this and the significance and consequences of such processing for you and other information in accordance with Article 15 GDPR)
Right to correction of personal data: As an individual, you have the right to have the provider correct the inaccurate personal data concerning you without delay. As an individual, you have the right to complete incomplete information, including the submission of a supplementary statement, taking into account the purposes of the processing.
Right to delete personal data (the “right to be forgotten”): As an individual, you have the right to have the provider delete personal data about you immediately, and the provider must delete the data immediately if there is one of the following reasons:
(a) The data is no longer required for the purposes for which it was collected or otherwise treated.
(b) if you withdraw your consent and there is no other legal basis for the processing,
(c) if you object to the processing and there are no overriding legitimate reasons for the processing,
(d) the data has been processed illegally,
(e) The data must be deleted in order to meet the legal obligations applicable to the provider under EU or Member State law.
(f) The information was collected in relation to information society services.
As an individual, however, you are not entitled to delete the data in the special cases described in Article 17 (3) of the GDPR.
Right to restrict processing: As an individual, you have the right to have a provider restrict processing if one of the following situations applies:
(a) If you dispute the accuracy of the data for a period of time in which the provider can verify the accuracy of the data,
(b) The processing is unlawful and you reject the deletion of the data and instead request a restriction on its use.
(c) You no longer need the data provider for processing purposes, but for the enforcement, enforcement and defense of legal claims.
(d) You have objected to the processing until it has been verified that the legitimate reasons of the provider outweigh your reasons.
Right to data portability: As an individual, you have the right to receive personal information about you that you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to pass this information on to one other controller without you, the provider who provided the personal data with this obstacle, if:
The processing is based on consent or on a contract. and
(b) The processing is automated.
As an individual, you have the right to transfer personal data directly from one controller (provider) to another, provided this is technically feasible.
Right to object to processing: As an individual, you have the right at any time to object to the processing of personal data that is necessary for the performance of tasks in the public interest or for the exercise of the provider for reasons relating to your particular situation (Article 6 Paragraph 1 Letter e GDPR) or are necessary for the legitimate interests of the provider or a third party (Article 6 Paragraph 1 GDPR Letter f); including creating profiles based on these treatments; The provider will stop processing personal data unless it has compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or for the enforcement, enforcement or defense of legal claims.
If personal data is processed for marketing purposes, the individual has the right to object at any time to the processing of data concerning him for the purposes of such marketing, including the creation of profiles for direct marketing. If individual objects are to be processed for direct marketing purposes, the data will no longer be processed for this purpose.
If the data are processed for scientific, historical, research or statistical purposes, the individual has the right to object to the processing of data concerning him for reasons related to his particular situation, unless the processing is necessary for the execution of the task being performed. for reasons of public interest;
Right to lodge a complaint with a supervisory authority: Without prejudice to other (administrative or other) remedial measures, you as an individual have the right to lodge a complaint with the supervisory authority, in particular in the country in which you are habitually resident or a presumed one Infringement (in Slovenia this is the Information Commissioner) if you believe that the processing of personal data concerning you violates the provisions on the protection of personal data.
Without prejudice to other legal remedies (administrative or extrajudicial), you as an individual have the right to an effective legal remedy against a legally binding decision of the supervisory authority in relation to it, as well as in cases where your manager does not hear or address you. She is not allowed to inform the state of the matter or the decision on the complaint for three months. The courts of the Member State in which the supervisory authority has its seat are responsible for the proceedings against the supervisory authority.
A person can direct all inquiries regarding the exercise of personal rights and addresses in writing to the person responsible at one of the contacts listed at https://www.trendills.com/.
For the purpose of reliable identification in the event of the exercise of rights in relation to personal data, the controller may request additional information from the person and only refuse to act if he proves that he cannot trust the person can identify.
At the request of the data subject, the person responsible for processing must respond immediately and at the latest within one month of receipt of the request.
Notification of the supervisory authority about a violation of the protection of personal data
In the event of a violation of the protection of personal data, the bidder is obliged to inform the competent supervisory authority, unless it is likely that the violation The rights and freedoms of the individual were not endangered. If there is suspicion that a violation has committed a criminal offense, the bidder is obliged to inform the police and / or the responsible public prosecutor’s office about the violation.
In the event of a breach that can pose a great risk to the rights and freedoms of the individual, the bidder is obliged to breach the breach immediately or against the breach. If this is not possible, inform the data subjects immediately. Notification of the individual must be in clear and straightforward language.
Updated: February 14, 2020