The service is owned by the company GIA Design pr Ana Marić, with headquarters in the Republic of Serbia, Učiteljice Ružice 6, 11277 Belgrade (hereinafter: the Company).
PURPOSE OF PERSONAL DATA PROCESSING NOTICE
This Notice on the processing of user personal data (hereinafter: Notice) informs users of the gia.moda website (hereinafter: Service) about all relevant information regarding the processing of user personal data.
Bearing in mind the legal regulations in the field of privacy of personal data of natural persons, primarily the Law on Protection of Personal Data ("Official Gazette of RS", No. 87/2018), (hereinafter: ZZPL), it is very important that users of the Service carefully read this Notice and become familiar with the types of personal data that the Company processes most often, the purpose of processing personal data, the persons who have access to this data, as well as the rights of users regarding the processing of personal data.
Personal data is any data relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular on the basis of an identity marker, such as name and identification number, location data, identifiers in electronic communication networks or one, i.e. more features of his physical, physiological, genetic, mental, economic, cultural and social identity.
Users can send questions, complaints, requests and additional information about the Privacy Notice, protection of personal data and exercise of rights to the Company's email address: email@example.com.
CHANGES AND AMENDMENTS
This Notice is subject to change. If this Notice is changed or supplemented, the date of the latest version of the document will be highlighted in its header.
LEGAL BASIS OF PROCESSING
The most common legal basis for the processing of personal data is a contractual relationship with the person to whom the personal data relates, i.e. a situation when a person in the capacity of a buyer addresses the Company and leaves personal data for the purpose of concluding a sales contract.
For certain processing purposes, the Company may process personal data based on the express consent of the user, with prior notification by the Company of all relevant aspects of the processing. It is important that users know that consent can be withdrawn at any time and without explanation, which results in the termination of further processing by the Company. Withdrawal of consent, however, does not affect data processing until the moment of withdrawal itself.
In some situations, the Company has a legitimate interest in processing personal data, such as e.g. when processing is necessary for the purpose of preventing fraud or potential abuse.
The company can process personal data if it is prescribed by law. It can also process personal data if the processing is necessary in order to protect the life interests of the user. If the Company processes personal data for one of the aforementioned reasons, the users will be informed about it without delay.
WHAT DATA DOES THE COMPANY PROCESS AND FOR WHAT PURPOSES
All data that the Company collects from users is collected for a specific purpose, about which the user of the Service will always be clearly informed.
The majority of personal data processing is carried out by the Company in order to facilitate the conclusion of sales contracts, and it is usually the following data of the user: name and surname, address, telephone number, e-mail address.
Based on the user's consent, the Company may save some personal data in order to facilitate an easier purchase, i.e. so that with each subsequent purchase, the sales contract will be concluded more quickly and easily.
Also, based on consent, the Company may use some of the user's personal data for marketing purposes.
PERIOD OF DATA STORAGE
The Company stores personal data for the period of time necessary to achieve the specific purpose of the processing. If, on the other hand, the Company performs processing on the basis of the user's consent, personal data is stored until the moment of revocation of the given consent, i.e. until the end of the time period for which the user gave consent for processing, after which the data is deleted or rendered unrecognizable.
After the sale has been completed, personal data is stored until the warranty expires, that is, until the time during which the customer has the right to complain.
Exceptionally, the Company may store data even after withdrawal of consent or fulfillment of the purpose, in situations where this is necessary for the performance of a certain legal obligation or for the purpose of submitting, realizing or defending a legal claim.
LEGITIMATE INTEREST OF THE COMPANY
In carrying out its business activities, the Company processes the user's personal data on the basis of legitimate interest. Of course, it does so only if the interest or fundamental rights and freedoms of the user do not prevail
Of course, it does so only if the interest or basic rights and freedoms of the user do not prevail over the legitimate interest of the Company.
The legitimate interest of the Company is used to:
diagnosed technical problems with the Service;
responded to requests and possible complaints of users;
better understand users through their behavior, interests and preferences;
protected business and provided support to users;
tested and developed new services and improved existing ones;
Identified and protected users of the Service and the Service itself from fraud or illegal activities.
By using the Service, the user agrees that employees of the Company may contact him based on the contact information he has left, in order to warn him of certain irregularities with the purchase or in the event that there is doubt or that certain fraudulent or illegal activities have been observed (e.g. hacker attacks, sending inappropriate files, spam and the like) over the user's account, all in order to protect the user from unwanted consequences.
In order to protect the Service, in addition to the above, the Company processes the following data: behavior on the site (previous searches), IP address, information about the access device, browser and operating system, and the like.
The user can at any time express an objection to such processing of personal data to the following e-mail address: firstname.lastname@example.org.
SECURITY OF USER DATA
In order to secure the data that is processed, the Company always strives to apply the highest possible standards in the protection of personal data, and to apply all necessary technical, organizational and personnel protection measures in accordance with the requirements of the valid ZZPL, including, but not limited to: technical protection measures, protection measures related to physical access to the place where data is stored, information security protection measures in accordance with current regulations, and other measures that are suitable for processing and necessary to ensure the protection of specific personal data.
Third parties that process data are also obliged to implement all necessary technical, organizational and personnel measures.
TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
Certain processors who can access personal data are based in foreign countries, primarily in EU member states, i.e. in member states of the Council of Europe Convention 108. The transfer of data to these countries is based on the default level of adequate protection of personal data in those countries. , in accordance with the law.
If some processors have their headquarters outside the above-mentioned group of countries, the disclosure of data would be possible only with the application of the provisions of Article 65 of the ZZPL, which regulates the transfer with the application of appropriate protection measures.
USER RIGHTS REGARDING PERSONAL DATA PROCESSED BY THE COMPANY
TRANSPARENCY: When providing personal data, the company will transparently inform the user about the purpose for which certain data is needed and the persons who use this data, and will provide the user with all information relevant to the processing of his data. It will be considered that this right of the user has been realized by making this Notice available for inspection.
RIGHT TO INSPECTION: The user has the right to be informed about whether the Company is processing his personal data, and if it is processing them, he has the right, based on the performed inspection, to request correction, addition, update, deletion of data, as well as interruption and temporary suspension of processing. .
RIGHT TO CORRECTION, SUPPLEMENT AND UPDATE: Data processed should be accurate and complete. The user has the right to request that incorrect personal data be corrected without undue delay, or that incomplete data be supplemented.
RIGHT TO DELETE: The user has the right to have his personal data deleted in accordance with the ZZPL. If it is necessary for the Company to continue processing in order to fulfill its legal obligations (e.g. obligations prescribed by the Accounting Act and other laws) or for the purpose of submitting, exercising or defending a legal claim, the Company will delete only part of the data that is no longer necessary.
RIGHT TO PORTABILITY: If the user wants from the Company (i) to receive in a structured, commonly used and electronically readable form the personal data that he submitted during registration or (ii) for the Company to transfer to another controller the personal data that the user submitted to him as a controller, the user has the right to request this from the Company, provided that the processing is based on consent or a contract and that the processing is carried out by automated means.
RIGHT TO LIMITATION OF PROCESSING: The user has the right to request the limitation of the processing of his personal data in certain situations.
RIGHT TO OBJECT: The user has the right to object to the processing of his/her personal data based on a legitimate interest.
THE RIGHT TO ADDRESS THE COMPETENT AUTHORITY: The user has the right to file a complaint with the Commissioner for Access to Information of Public Importance and Protection of Personal Data - Bulevar kralja Aleksandra number 15, 11120 Belgrade, phone: +38111 3408 900, e-mail: email@example.com.
ALL OTHER RIGHTS PROVIDED BY LAW: The person to whom the data refer can exercise their rights by sending a request for exercising them to the following e-mail address of the Company: firstname.lastname@example.org.
In order to exercise the above-mentioned rights of the user, the Company will provide the user with all necessary additional information, as well as assistance, in accordance with the conditions and in the manner prescribed by the valid ZZPL.
The user can exercise his rights by sending a request to the following e-mail address of the Company: email@example.com.
The company will respond to the user's request as soon as possible, and no later than within 30 days from the date of receipt of the request. In case of complexity or a large number of requests, there is a possibility that the Company may need an additional deadline to respond to the request. That term cannot be longer than 90 days, and the Company will inform the user about this separately.
If the user's request is clearly unfounded or is frequently repeated, the Company may reject it or charge the costs for its implementation. It is considered frequent repetition when the user addresses the Company more than once in one year with a request to exercise one of the rights. If the user applies two or more times during one year for the same right, the Company will respond to his request only if there are justified reasons for doing so.
WHO HAS ACCESS TO THE USER'S PERSONAL DATA
Depending on the specific purpose, the following may have access to certain data about the user's personality:
Employees of the Company, as well as part-time and other collaborators (who undertake to keep data confidential), only to the extent that it is necessary for processing purposes;
The Company, as part of a group of business companies, may forward data to its related parties, when necessary and always within the legitimate interest of the Company and the defined purpose;
Newly established entities or entities acquiring ownership of the Company, if the Company is involved in a merger, acquisition, purchase, sale of shares or other status change;
The company shares some of the user's personal data with suppliers for the purpose of delivering goods, that is, for the possibility of realizing a sales contract;
Partners of the Company, who perform certain processing tasks for the Company as processors, such as external collaborators who provide certain services to the Company, as well as software companies that create and maintain software in which data is stored;
Exceptionally, personal data can also be submitted to the competent state authorities, if this is a legal obligation of the Controller, and only to the extent that it is necessary for the fulfillment of a specific legal obligation;
Any other recipients when reasonably necessary, e.g. in case of danger to life. All recipients are obliged to take appropriate technical, organizational and personnel measures to protect the user's personal data.
CONSENT AND WITHDRAWAL OF CONSENT
If the user has given the Company consent for the processing of his personal data, he can revoke it at any time. In the event that the user revokes his consent, the Company will stop further processing of his personal data and will delete those personal data within a period of no longer than 90 days from the day when the user sent the withdrawal of consent to the Company. The withdrawal of consent is free of charge and the user can send it to the Company at any time to the following e-mail address of the Company: firstname.lastname@example.org.
The Company uses various technologies on its Service. Some of them are controlled independently, and some are controlled by other organizations.
The technologies it uses include (but are not limited to) cookies and scripts. Some of them are necessary for the functioning of the Company's Services and for understanding user usage. Also, the Company uses certain technologies for marketing and other purposes, as described below.
PROTECTION OF CONFIDENTIAL TRANSACTION DATA
When entering payment card data, confidential information is transmitted via a public network in a protected (encrypted) form using the SSL protocol and the PKI system, as currently the most modern cryptographic technology. Data security during purchases is guaranteed by the payment card processor, Banca Intesa ad Beograd, so the entire payment process is carried out on the bank's website. Payment card information is not available to our system at any moment.