PRIVACY POLICY and COOKIE POLICY – THE RITE STORE
introductory provisions in line with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EZ (Official Journal of the European Union L 119, 4.5.2016, p. 1 (The General data Protection Regulation), which has been in full application since 25 May 2018 in the Republic of Croatia and all EU member States, as well as the Act on the implementation of the General data Protection Regulation (Official Gazette No. 42/18, hereinafter: The Act), i.e. in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and the best European practice, the company RUSFRAJ d.o.o., based in Donja Stubica, Toplička cesta 64, registered in the court register of the commercial Court in Zagreb under the registration number (MBS): 081261484, personal identification number (OIB): 61162759484 (stated under ”The Company”), being the personal data controller of users of its services and customers, has developed a policy on the protection of the privacy of users of services and customers. The privacy policy is a unilaterally binding legal act based on fundamental principles in the processing of personal data, regulating which user and/or customer data is collected, how such data is processed, and for what purposes it is used.
The Privacy Policy also introduces service users and/or customers to their rights in the collection and further processing of personal data, all to protect their privacy in a broad sense. The Privacy Policy shall be based on the following principles of personal data processing: the principle of lawfulness, transparency and best practices; the principle of limited processing and data minimization; the principle of accuracy and completeness of personal data; the principle of restricted storage; the principle of data integrity and confidentiality; the principle of accountability; the principle of trust and fair processing; the principle of opportunism (the purpose of processing); and the principle of processing in an unnamed (anonymized) form. The privacy policy applies to all services offered by the company, and the policy objective is to inform users and/or customers clearly and transparently about the processing operations of their data and their rights. In particular, users and/or buyers may at any time contact the company with a request to amend, change, and/or update the data relating to them, as well as with a request to comment on the purposes for which they wish or do not wish their data to be processed. The company is responsible for the processing of personal data: RUSFRAJ d.o.o., based in Donja Stubica, Toplička cesta 64, registered in the court register of the Commercial Court in Zagreb under the registration number (MBS): 081261484, personal identification number (OIB): 61162759484 Contact details for personal data protection: info@theritestore.com. The way of collection and type of data collected depend on the individual services provided by the company, which require the collection of personal data of users and/or customers, whereby basic data are collected in the following ways:
1. Directly by users and/or buyers themselves in such a way that users and/or buyers themselves provide them with the consent of the company as a controller to a certain extent of the data relevant for the provision of the relevant services. To provide appropriate services, the user and/or the customer shall provide the company with the information necessary to establish a contractual relationship to provide a particular service and/or sell certain products from their range, such as:
a) name and surname;
B) address;
C) e-mail address;
D) date of birth;
e) sex;
F) telephone and/or mobile contact number;
g) bank account and card number details to regulate the payment obligation;
H) information on user and/or customer habits, social profiles, and other information on online customer behaviour;
2. From other sources, such as our business partners or publicly available sources (for example, data available through insights into the directory and other publicly available services);
3. By automatically visiting online (web) sites, social networks, apps and web-shop portals of the company, which are data associated with network identifiers (internet protocol addresses and cookie identifiers, such as Google Analytics for tracking user and/or customer interactions). A cookie is a small data file stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience to each user, save user preferences, make the web pages more efficient, and track and test the use and attendance of the company’s website. In doing so, we distinguish between the following types of cookies that the company can use:
a) permanent cookies (cookies – persistent cookies), which help to store data and settings during future visits to the website, resulting in faster access to content on the website and a better user experience;
B) Temporary cookies (cookies) (session cookies), which enable the monitoring of movement through the company’s website in such a way that there is no re-searching and registration of data provided by the service user when visiting the website, enabling smooth movement without the need for additional authentication;
C) First-party cookies, which come from the website of the company visited by the user of the service and are used to store data on the next visit to the website of the company;
D) Third-party cookies, which come from advertisements on other websites, are located on the company’s website and are used for tracking and testing usage, attendance, and marketing purposes. Since these cookies do not come from the company’s website, it is recommended that users of services and/or buyers be interested in their data protection rights with each entrepreneur whose products are covered by such cookies.
Cookies are also used to track internet usage, create user profiles, and then display customized online advertisements based on user and/or customer preferences. By turning off and/or blocking cookies, the user and/or customer can still browse the company’s website. However, it is likely that certain possibilities and/or functionalities of the website will not be available to such a user and/or customer, i.e., the time taken to access certain functionalities of the website will be longer than usual. The network identifiers concerned may leave traces that, in combination with other identifiers and information provided by internet service providers, can serve to identify the user and/or the customer. Also, for the stated purpose, the company collects and processes the following data: a) IP address information and cookie ID; b) data on the use of individual applications and web browsers; c) data on user and/or customer habits; the company creates these data to profile users and/or customers. The quantity or scope of personal data collected by the company depends on the type of service provided by the company to its users and/or customers, as well as on the legal basis on which the company collects data. The company shall continuously take care of the collection of only the necessary volume of personal data necessary to achieve the statutory purpose for which the data are processed.
For what purposes personal data are collected and further processed personal data the
The company collects this information to be able to provide, maintain, protect and improve its services related to the purchase of certain products, to understand how users and/or buyers use the services provided and the company’s website and to fulfill the company’s contractual obligations. Data are collected to receive information about the services and news of the company and Internet store THE RITE STORE (Newsletter), take part in web activities including our social media channels and blogs, store data for future communication, help track and improve the development of services and products, troubleshoot customer or service issues, receive customized offers, messages or promotional content created according to customer preferences, and communicate with suppliers, business partners and potential employees.
Such data are collected by the company based on consent given by the user and/or the customer for one or more specified purposes, as well as in one of the following cases:
Execution of contractual obligations
The company collects and further processes the personal data of users and/or customers to conclude and execute contracts, deliver ordered products, advise and assist in the use of products, provide appropriate additional and/or extended guarantees for products, resolve user and/or customer complaints, and take other actions related to the conclusion and execution of contracts as required by relevant regulations. The legal basis for the processing of personal data of users and/or buyers for the aforementioned purposes is the necessity of concluding the contract, i.e., if the user and/or buyer refuse to provide relevant data, the company will not be able to conclude the contract and/or undertake certain actions related to the execution of the concluded contract.
Compliance with legal obligations
The company is obliged, based on a written request submitted by users and/or buyers to the above-mentioned address of the personal data protection officer, to enable them to access personal data that it processes about them, correct inaccurate personal data, erase personal data or restrict the processing of personal data, as well as to acquaint them with the possibility of objecting to the processing of personal data and the right to data portability. Direct promotion (marketing): User and/or customer contact details may be used to send promotional notices about the products and services of the company if the user and/or customer have given consent to such processing or if there is a legitimate interest of the company in such actions unless those interests are stronger than the interests or fundamental rights and freedoms of the user and/or customer that require the protection of personal data. The company may use contact details and personally contact users and/or customers whose personal data it already possesses, based on a legitimate interest in sending promotional notices about similar products and services it provides, using all available promotional channels, unless the user and/or customer oppose such processing. For the user and/or the customer to be able to receive notifications that correspond to his wishes and habits, the company must use certain data about the user and/or the customer to create personalized promotional notices until the user and/or the customer expressly oppose such data processing, i.e., withdraw their previously given application for processing (consent). The legitimate basis for the processing of personal data for these purposes is the legitimate interest of the company unless the interest or fundamental rights and freedoms requiring data protection are stronger than that interest.
For internal purposes
The company uses certain data about users and/or buyers solely for its records to protect the legitimate interests of users and/or buyers and/or companies. For example, this includes the use of personal data to create offers that meet the needs and wishes of users and/or customers, market research and analysis.
Data on potential users
The company is also authorized to collect data on potential users and/or buyers of its services and/or products. This information includes basic information (first and last name, e-mail address) as well as the interests of potential users and/or buyers who are seeking to be informed and/or offered certain goods and services. The legal basis for collection in the described case is the consent of the beneficiary and/or the buyer.
Loyalty program
Also, personal data is collected about customers who opt to participate in the loyalty program of The Rite Store, and by accepting this privacy policy, customers also give consent for the processing of personal data made available to the company to include and participate in the loyalty program described in more detail in the General Terms and Conditions. Personal data collected for loyalty to the program includes the data specified in this privacy policy, as well as IP addresses, MAC addresses, dates and times of login to the system, login information (username) and data on purchased or inspected products. Data made available to the company will be processed for inclusion in the loyalty program THE RITE STORE with benefits, for better service delivery and registration of purchased and inspected products (profiling of consumer habits), as well as for marketing purposes (provision of information, offers, newsletters and promotional materials on THE RITE STORE products and market research).
The duration of the retention and processing of personal data
Depending on the purpose and legal basis on which personal data of users and/or customers is collected, in certain cases, the company is obliged to keep personal data for some time (period) prescribed for a particular purpose by the relevant regulations or until the end of the purpose for which they were collected. Upon expiration of the legal period obliging the company to keep individual personal data or their end of purpose, they are deleted. We will keep your data for the time necessary to achieve the appropriate purposes described, i.e., as long as you want to stay in contact with us and/or as long as you want to receive our notifications according to the preferences you informed us about when giving us your data, i.e., until you withdraw the consent you gave us for certain purposes.
The rights of users and purchasers to collect and use data may be requested.
The right to access personal data
The company, as the controller, undertakes, based on a written request submitted by the user and/or the customer, which may also take the form of an e-mail, to provide access to the personal data it processes about them and to inform them about the purpose of processing the personal data in which they are processed, about the type of personal data processed, about the recipients or categories of recipients to whom the personal data have been or will be disclosed, about the envisaged processing period, or about the criteria used to determine that period.
The right to rectify inaccurate data
The company, as the controller, will enable the correction of inaccurate personal data in each case when it is established that the collected personal data on the user and/or the customer are incorrect or there has been a change in the data of the user and/or the customer.
The company will delete the personal data of the user and/or customer in the following cases:
a) where the personal data of the user and/or the customer are no longer necessary for processing, i.e., the termination of the purpose of processing;
B) where consent is withdrawn by the user and/or the customer as the legal basis for data processing and there is no other legal basis for data processing;
C) where the user and/or the customer object to the processing of the data;
D) where personal data have been unlawfully processed;
e) where personal data must be erased to comply with legal obligations under the law of the European Union or of the Member State to which the controller is subject;
f) where personal data have been collected in connection with the provision of information society services with the consent of the child.
The company will ensure the restriction of the processing of personal data in cases where the user and/or the customer challenges the accuracy of the data, where the processing is unlawful and the user and/or the customer opposes the erasure of the data and instead requests the restriction of their use, where the controller no longer needs personal data for processing but the user and/or the customer requests data for the fulfillment of legal requirements, as well as in cases where the user and/or the customer objects to the processing of personal data based on the company’s legitimate interest, including profiling of users and/or customers.
The right to data portability
The portability of personal data to another controller will be carried out by the company at the request of the service user, provided that it has given its consent for such a transfer and the processing is carried out by automated means, as well as provided that such a transfer is technically feasible.
The right to object to the processing of personal data
The user and/or the customer have the right to object to the processing of personal data relating to them if the data are processed for the legitimate interest of the controller. In this case, the company, as the controller, will stop processing personal data unless it proves that there are compelling legitimate reasons for processing personal data about the rights of the user and/or the customer or where the processing of the data serves to set, execute or defend legal claims. If the personal data of the user and/or the customer are processed for direct marketing purposes, the user has the right to object to processing for direct marketing purposes at any time, especially if the personal data are used for profiling purposes. Where personal data is processed, the company processes personal data of users and/or buyers in the Republic of Croatia. Under what conditions is personal data forwarded to third parties? Personal data of users and/or customers of the company is forwarded to third parties only in the following cases:
a) where the information is to be transmitted to fulfill the undertaking of the company under a contract concluded with the beneficiary and/or the buyer;
B) if there is a legal obligation of the company under which it is obliged to forward certain data to third parties;
C) if there is consent from the user and/or the customer.
Consent Management
The active role of the user and/or customer in the protection of privacy is reflected in the granting of consent as a voluntary, particularly informed and unambiguous expression of the wishes of the individual (data subject) to whom he gives consent for the processing of personal data using a statement or a clear affirmative action. The management of consent implies the possibility for the user and/or the buyer, through an active and unambiguous action, to authorize the company to collect and process individual personal data for one or more purposes (the consent of the data subject) or to withdraw the previously given consent in the same way to collect and process personal data for one or more purposes.
The customer has the right to withdraw without consequences or explanation until the given consent is terminated and to terminate and request the termination of the activities of processing his personal data and marketing activities directed towards him. He may revoke the consent in writing to the company’s address or via email to info@theritestore.com.
In the event of any questions concerning the protection of personal data by the company, users and/or customers may contact the personal data protection officer by e-mail to the email address specified in this privacy policy or in writing to the following address: info@theritestore.com
Amendments to the Privacy Policy
The company reserves the right to amend this policy at any time and to inform users of the changes.