PRIVACY

PROTECTION OF DATA AND PRIVACY

At Neafisha d.o.o. we pay a lot of attention to the protection of your personal data. We respect your privacy and we protect data carefully and in accordance with applicable laws. We only collect and process your data if we have a legal basis for doing so, and only to extent strictly necessary to achieve the purpose of the processing of personal data.

Below is our contact information as a controller of personal data, information about what personal data we process, on what legal basis, for what specific purposes, to whom we can transfer it, what cookies we use and for what purposes and what are your rights in connection with processing of your personal data.

I. Who are we and where you can contact us?

Information about us as a data controller:

  • Company name: Neafisha, obratovanje spletnih portalov d.o.o.
  • Short company name: Neafisha d.o.o.
  • Headquarters: Ljubljana
  • Business address: Barjanska cesta 70, 1000 Ljubljana
  • Registration number: 8747849000
  • Tax number: SI 69649049
  • e-mail address: hello@glrjewelry.com

II. What data do we process, for what purposes, why are we entitled to it, to whom and where do we transfer it and how long do we keep it?

We process your data or data relating to you in different situations for different purposes. In order to make the processing of your personal data as transparent as possible, below we have separated the different situations in which we process your data. For each situation, we have explained what data we process, for what purposes, why are we entitled to it, to whom we transfer the data, how long we store it and other information that is important so that you can understand the nature of the processing of your data.

II.1) If you visit our online shop

When you visit our website or online shop (hereinafter: "online shop"), we process your data for the purpose of ensuring the safe and efficient operation of the online shop, for the purpose of analysing the behaviour in our online shop in order to improve website functionality and optimize display of our offers, and for the purpose of displaying personalized offers.

a) Functioning of the online shop

Our online shop operates on the Shopify platform. The operation of the online shop is enabled with necessary cookies of the Shopify platform set by our domain. Cookies are small text files that we store on your device (computer, mobile phone or tablet) and consequently read from it. These cookies e.g. enable the safe functioning of the online shop, identification and elimination of errors in the operation of the online shop, identification when switching between individual websites of our domain and revisits, which prevents the deletion of your shopping cart, allow you to save your cookie settings, etc. If you disable cookies on your browser, the online shop may not work properly.

Cookies and technologies (Cookie · Purpose · Duration · Domain):

  • _ab · Used to access the administrator · One session · www.glrjewelry.com
  • _secure_session_id · Provides the visitor with navigation through the online shop · 1 day · www.glrjewelry.com
  • cart / cart_ver / cart_ts · Ensure the operation of the online shopping cart · 14 days · www.glrjewelry.com
  • cart_sig · Used in connection with the operation of the online cash register · 14 days · www.glrjewelry.com
  • checkout_token / checkout / secret / tracked_start_checkout · 1 year / 3 weeks / one session / 1 year
  • secure_customer_sig · Used in connection with the user's login to the account · 20 years · www.glrjewelry.com
  • cookieconsent_status · Tells us whether you have agreed to the use of cookies · 1 year · www.glrjewelry.com
  • cookieconsent_preferences_disabled · Tells us if you have refused consent · 1 year · www.glrjewelry.com
  • __cfduid · Used for the CDN service to identify customers by a common IP address and apply security settings · 1 month · www.glrjewelry.com

Information we acquire and process: information about how you access our websites, your account and the Shopify platform, including information about the device and browser you use, your network connection and your IP address.

Basis for data acquisition and processing: it is in our legitimate interest that we can provide you with a secure and efficient online sales service.

Data transfer: data is provided to Shopify International Ltd. incorporated in Ireland (2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4 D04 Xn32 Ireland) acting as our data processor. Shopify may transfer data to its sub-processors (list: https://help.shopify.com/en/manual/your-account/privacy/GDPR/subprocessors), and data may also be transferred to other countries, including Canada (on the basis of a Commission adequacy decision) and the United States (on the basis of standard contractual clauses). The processor's privacy policy: https://www.shopify.com/legal/privacy/customers. Shopify also provides certain information to MaxMind, Inc. (United States) which processes personal data as a stand-alone controller to provide risk assessments that detect fraudulent transactions, including automated decision making. If the data is transferred to the U.S., there is a risk that the U.S. authorities will process your data as a result of control and monitoring measures, for which no legal remedies may be available.

Retention/processing period: the data is retained and processed for the duration of each cookie.

b) Analytics

We use cookies and other web beacons to analyse behaviour in our online shop. We process the data based on your consent, which you can actively provide when you visit our online shop. We use the data to create statistics and reviews, to track the number of visits, to measure the effectiveness of ads and to improve the user's experience.

i. Shopify Analytics — cookies: _orig_referrer / _landing_page (track landing pages, 14 days); _shopify_fs / _shopify_s / _shopify_uniq / _shopify_visit / _shopify_y / _y (Shopify analytics); _shopify_sa_t / _shopify_sa_p (marketing and referral analytics, 30 minutes). Basis: your consent. Data is provided to Shopify International Ltd. (Ireland) as processor and may be transferred to sub-processors and to Canada/US as described above.

Google Analytics — cookies: _ga (main Google Analytics cookie, 2 years); _gid (distinguishes users, 24 hours); _gat (limits request rate, 1 minute); _utma (separates users and sessions, 2 years). Purpose: to calculate data about visitors, sessions and campaigns and to monitor website use. Basis: your consent. Processor: Google Ireland Limited; data may be transferred to Google LLC (USA) under standard contractual clauses. Privacy policy: https://policies.google.com/privacy. If the data is transferred to the US, there is a risk that the U.S. authorities will process your data, for which no legal remedies may be available.

c) Customized offers and marketing

i. Web plugins (AddThis) — __atuvs and __atuvc cookies (2 years) used with the AddThis tool to share content via social networks; AddThis also uses pixel tags and device identifiers. Data such as unique IDs, IP addresses and derived geolocation, device information, visit date/time and reference URL may be processed. Data is transferred to Oracle America, Inc. (USA) based on your consent, under standard contractual clauses. Privacy policy: https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

ii. Facebook tools — we use various Facebook tools for targeted marketing and analysis, including cookies _fbp (identifies browsers for advertising and analytics, 90 days) and _fr (display/measure/improve ad relevance, 90 days). Purpose: analytics and measurement, targeted marketing on Facebook, creating lookalike audiences, sending personalized marketing and improving ad serving. Basis: your consent. Data is provided to Facebook Ireland Limited (Ireland) which acts either as our processor (analytics) or as joint controller (advertising tools). Data may be transferred to Facebook Inc. (USA) under standard contractual clauses. Facebook privacy policy: https://www.facebook.com/policy.php. Retention: cookie-based data for the duration of cookies, other data for a maximum of 90 days.

II.2) Processing of personal data when subscribing to E-newsletter

a) Pop-up window for subscribing to e-newsletter

You can subscribe to our E-newsletter via pop-ups, which are occasionally displayed on our website. Purpose: sending e-newsletter with customized offers, additional discounts, promotions and news; analysis of responses to e-mails using online tracking technologies. Cookies: _privy_suppress_ID (tells us if the user has closed the pop-up, one session); _privy_ID (tells us whether a pop-up has been shown, one session). Data: name and surname, telephone number, e-mail address, IP address, device and browser data. Basis: your consent. Processor: Privy, Inc. (USA); data may be transferred to the USA under standard contractual clauses. Privacy policy: https://www.privy.com/privacy-policy. Retention: until your consent is revoked. The data we obtain is imported and managed in the Mailchimp system.

b) Other subscriptions to E-newsletter

You can also subscribe via other channels (form in the footer, as part of the purchase process, etc.). Purpose: to send E-newsletters and carry out analysis of responses. Processed data: first and last name, phone number, email address, IP address, operating system, browser ID and your interactions with campaigns/emails. Basis: your consent. Processor: The Rocket Science Group LLC d/b/a Mailchimp (USA); data may be transferred to the USA under standard contractual clauses. Sub-processors: https://mailchimp.com/legal/subprocessors/. Retention: until your consent is revoked.

c) Unsubscribing from E-newsletter

You can unsubscribe from receiving E-newsletter at any time by clicking on the "unsubscribe" link in any e-mail you receive.

II.3) Processing of personal data during the purchase process

In the event that you make a purchase in our online shop, the processing of your data will be extended as listed below.

a) Placing an order, creating a user account, conclusion of a contract and payment realization

Data: contact details such as name, surname, billing address, delivery address, e-mail address, telephone number and payment details. Basis: the conclusion and performance of the contract and our legitimate interest in ensuring efficient purchase of items. Retention: until the above purposes are fulfilled. Data transfer: to Shopify International Ltd. (Ireland) for placing orders and concluding contracts; to PayPal (Europe) S.a.r.l. et CIE, S.C.A. for the PayPal payment service; and via Braintree (PayPal) for credit card payments. These act as independent controllers/processors as applicable.

b) Delivery of goods and execution of the contract

Data: name, surname, delivery address, e-mail address, telephone number, purchase/order information. Basis: performance of the contract and legitimate interest in effective order execution. Data transfer: to DHL Express (Slovenija) d.o.o. and to GENERAL LOGISTICS SYSTEMS d.o.o. (GLS) as data controllers (GLS via the XConnector platform operated by Infoquest SRL, Romania, acting as our processor); and to MetaKocka d.o.o. for issuing and sending invoices. Retention: until the above purposes are met.

c) Resolving complaints, answering questions, accounting and business records, internal control and protecting legal claims

Data: contact details, order data, content of conversations through various channels. Basis: our legitimate interest in dealing with complaints and claims, answering questions, internal control and improving support services. Data transfer: we process data using Gorgias Inc.'s customer relationship management system (USA); MetaKocka d.o.o. for invoices and accounting; and external accounting services. Retention: for as long as statutory and contractual deadlines for asserting claims require, plus one year after the statute of limitations, and for the duration of any proceedings.

II.4) Processing of personal data for fulfilment of legal obligations

We can also process your contact, identification and order data when necessary to fulfil legal obligations (e.g. Obligations Code, Consumer Protection Act, VAT Act, Accounting Act, Fiscal Validation of Receipts, Electronic Communications Act, Companies Act, etc.). In these cases, we may transfer the data to external partners, such as accounting services. For this purpose, we use personal data for a maximum of 10 years after the last issued document regarding your order.

III. Cookie setting management

You can change your cookie settings at any time by clicking on the "Manage cookie settings" icon. You may need to refresh the page for the settings to take effect. Most web browsers also provide some control over cookies through browser settings. You can find out how to manage cookies on the browser provider's website.

IV. What rights do you have in relation to the processing of your data?

You may exercise the following rights with respect to your information:

  • Right to access your personal data: if you have questions, contact us and we will provide all necessary explanations and make all information available.
  • Right to rectification: if we keep inaccurate or incomplete information, you have the right to request that we correct and/or supplement it.
  • Right to erasure: in some cases you have the right to request deletion of your personal data (e.g. when we no longer need it, you withdraw consent, or you object to processing).
  • Right to restriction of processing: in some cases you may request that we limit processing of your personal data.
  • Right to data portability: you can request the personal data you provided in a structured, machine-readable form, and request its transfer to another controller where technically feasible.
  • Right to object: based on your special situation, you may object to processing based on our legitimate interests, and you always have the right to object to processing for direct marketing.
  • Right to withdraw consent: where we process data on the basis of your consent.

You have the right to file a complaint with the Information Commissioner, the Slovenian supervisory body responsible for data protection (Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si). We would appreciate it if you could contact us before filing a complaint.

V. How can you exercise your rights with us?

If you have a question or would like to exercise your rights, simply email us at hello@glrjewelry.com. We will try to respond to your request as soon as possible, and within one month at the latest.