The personal data collected through website www.sweetsweat.si is fully managed by NutriFit d.o.o. (hereinafter referred as the “Provider”). The provider manages personal data in accordance with the valid Data Protection Act and the provisions of the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data – GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).
This privacy statement applies to the website www.sweetsweat.si. By using www.sweetsweat.si website you consent to the personal data usage described in this statement.
Collection of personal data
The provider on the website collects the following information about you:
- personal information about the user (name, surname and address of residence);
- Contact details and information about your communication with the operator e-mail address (e-mail), telephone number);
- Information about users purchases and issued invoices (date and place of purchase, purchased items, prices of purchased items, total purchase amount, payment method, delivery address, number and date of issued invoice etc.) and information about resolving reclamations of the product.
Use of personal data
The provider collects and processes your personal data on the basis of law and contractual relations: in the case where the provision of personal data is a contractual obligation, an obligation required for the conclusion and implementation of the contract with the provider or a legal obligation, you must provide personal information; if you do not provide personal data, you cannot enter into a contract with the provider, also the provider cannot do its services or supply products to you under the contract as it does not have the necessary information to perform the contract. Conclusion and implementation of the contract concluded with the provider, including the provider’s fulfillment of your orders (supply of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations of the provider and / or your obligations (legitimate interest of the provider in the processing of your personal data, point (f) of Article 6 (1) of the GDPR).
Time of storage of personal data
The provider will keep your personal data only as long as this is necessary to achieve the purpose for which the personal data was collected for and further processed. Personal data processed by the provider on the basis of the law shall be kept by the provider for the period prescribed by law.
Protection of personal data
The provider commits to protect your personal data in accordance with the act of Private Data Protection. Your data will only be used for internal purposes and will not be passed on to the third parties.
The provider commits to protect the privacy of users in accordance with the law. The protection of users’ personal data includes organizational, technical and logically-technical procedures and measures to protect personal data, prevent accidental or intentional unauthorized destruction of data, their change, transmission to third parties or loss and unauthorized processing of such data. All data is stored on secure servers located in secure spaces.
User rights to personal data
If you have an account on this website, you may request that we receive an exported file of the personal information we hold about you, including the information you have provided to us. You may also request that we delete any personal information we hold about you. This does not include data that we need to keep for administrative, legal or security purposes.