Bright start d.o.o. respects the privacy and protects the personal data of its users, business partners or other persons with whom it establishes business cooperation, and whose personal data it collects and processes in its daily business.
The rules are formed in accordance with the applicable regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR and the Act Implementing the General Data Protection Regulation (OG 42/18).
Bright start d.o.o. has appointed a data protection officer who you can contact at the e-mail address email@example.com or by mail to the address Svijetli start d.o.o. Malešnica 27, 10090 Zagreb.
DATA WE COLLECT
1.1. During a visit to our website and web store
You can visit our website and store without providing information about yourself. In this case, we will collect technical access data that your browser will automatically transmit to our server (server) when browsing our websites. Access data includes the following information:
– time and date of access
– The address of the website you have accessed and are accessing
– content of the request (addresses and names of requested files)
– information about the used browser and operating system (versions, language settings)
– online identification data (eg IP address, device identification, session IDs)
– error messages, where applicable (if the requested content cannot be displayed)
– The last visited page where you were redirected to our page via a link
When you visit our website, your access data will be automatically stored in the log files (log) of our server (server) and subsequently anonymized by shortening or deleting your IP address. After this process, it will no longer be possible to draw conclusions about your person based on the server log files.
Also, when you visit our web store, we will collect those data that you provide directly using the available features. For example, we’ll find out which products interest you when you use the search function.
1.2. Cookies policy
When you first visit our website and web store, you will independently choose the level of cookies you want to store on your computer and thus fully manage the process of using cookies.
You can view and delete cookies used in your browser’s security settings. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or any cookies.
1.3. During the delivery of the order in the web store
We will collect information about the products you order, as well as information that is directly collected in connection with the execution of your orders. The order execution data is as follows:
– information on ordered products, such as item numbers and sizes
– name and surname
– address for delivery of goods
– e-mail address
– contact mobile number for delivery
– payment details
– data on returns and complaints (eg reasons for return, notices of deficiencies)
– order numbers
– shipment tracking numbers
– company name and contact person, company address and OIB (if you requested an R1 invoice)
Even if you place several orders as a guest and use identical master data, our systems will keep your data in a single record of user data to make it easier to maintain our customer database.
1.4. When you contact us
We will collect the communication information you fill in when you contact us via the contact form on our website, via e-mail, telephone or otherway. Depending on the channel you are using, this may include, for example, contact information (eg e-mail address or telephone number) and the content of your message. Telephone conversations with the Light Start service for users are not recorded, nor are any other conversations made to the Light Start telephone numbers.
We will also use offers provided by social networks such as Facebook and Instagram to interact with our clients. Please note that Bright Start does not affect the terms of service of the social networks or their data processing policies. So be sure to check the personal information you provide to us via social media.
1.5. When you sign up to receive the newsletter
If you have subscribed to the Rendes newsletter, we will store your information (e-mail address) that you have provided for this purpose to send the newsletter.
You can unsubscribe from our newsletter at any time. To unsubscribe, use the unsubscribe link at the bottom of each newsletter.
WAYS OF USING THE COLLECTED DATA
2.1. Visit the website and the store
When visiting and browsing the website and store, we will process access data, server log files and cookies collected in this context in order to make available to us our website, its contents and functionalities you use, and ensure the stability and security of our information system and database data.
The legal framework for the lawfulness of data processing when visiting websites and trade is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent f – processing necessary for legitimate interests – technical availability of the website.
2.2. Ordering products and executing sales contracts
We process your data in order to execute the contracts we have entered into with you and to provide you with the services and products you have requested. The purpose of processing is based primarily on the specific content of the contract. Further details on the purpose of data processing can be found in the General Terms and Conditions of Use of the Web Store.
The legal framework for the lawfulness of data processing in order processing and execution of sales contracts is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and execution of the contract.
2.3. Customer support and communication within relationships with existing customers
We process your data in order to provide customer support in the use of websites and web stores. This may include the following, e.g .:
– processing of your requests that you have sent to our customer service
– non-commercial service communication (eg safety information and technical support)
The legal framework for the lawfulness of data processing in order processing and execution of sales contracts is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and contract execution.
2.4. Payment processing
Depending on the payment method chosen, the information required for payment will be forwarded to the contractual partner making the payment. The billing provider collects data within its own application, in which case the privacy information of the service provider applies. Bright Start does not have access to the data required for payment, nor does it store it.
The transfer of your data to external payment service providers is based on Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and execution of contracts.
2.5. Internal marketing research, optimization and supply improvement
We will use the data you enter (eg data on ordered products, returns) for internal statistical purposes and for market research purposes. Prior to use, we will make the data anonymous by removing all personal information, eg by substituting your name and other data suitable for identification with random data.
In this way, we can measure which pages of our web store and products are popular, which devices our users generally use and from which regions our website is accessed. The collected data helps us to continuously optimize the existing offer and develop new functionalities and services.
The legal framework for the lawfulness of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent f – processing necessary for legitimate interests – improving website functionality and quality of supply.
3.1. Google Analytics
You can opt out of Google web analytics at any time using one of the following options:
– You can set your browser to block Google Analytics cookies
– You can customize your Google ads settings in Google
– You can install the opt-out plugin at the following link: turn off Google Analytics
The legal framework for the lawfulness of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent f – processing necessary for legitimate interests – analysis of how users use the website.
For marketing purposes, our websites use the so-called conversion and retargeting tags (Facebook pixels) of the social network Facebook, Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (‘Facebook’). We use Facebook pixels to analyze the overall usage of our websites and the effectiveness of Facebook ads (‘conversions’). We also use Facebook pixels to show you customized ads based on your interest in our products (‘re-targeting’). To this end, Facebook processes the data collected on our websites through cookies and similar technologies.
Facebook may send data collected in this context for analysis to a server located in the United States where the data is stored. Facebook uses privacy protection for the EU-US area in case personal data is sent to the US, the so-called Privacy Shield (LINK: https://www.privacyshield.gov/)
If you have registered on Facebook and set the privacy settings of your Facebook account, Facebook may additionally link the information collected about your visit to our website to your Facebook account and use it to place targeted Facebook ads. You can review and change the privacy settings of your Facebook profile at any time.
If you opt out of processing data via Facebook, Facebook will only show general Facebook ads that are not selected based on data collected about you.
3.3. Google AdWords and AdWords remarketing
If you have a Google Account, Google may, depending on your Google Account settings, link your web browser and app history to your Google Account and use your Google Account information to personalize your ads. If you do not want this link to your Google Account, you must sign out of your Google Account before accessing our website.
You can opt out of processing personal information for custom online ads on the Google advertising network at any time using one of the following options:
– Google Ad Customization Settings (LINK: https://www.support.google.com/ads/answer/7029158)
you can install Google’s free opt-out plugin (LINK: http://www.google.com/settings/ads/plugin) for Firefox, Internet Explorer, or Chromefor browsers on mobile devices)
– You can opt out of customized Google ads and ads provided by a number of other service providers participating in the ‘Your Online Choices’ initiative at http://www.youronlinechoices.eu
Please note that if you turn off custom advertising, Google will only show general ads that aren’t selected based on your collected access data.
CASES IN WHICH WE WILL SHARE PERSONAL DATA
Basically, we will only share your information if:
– you have expressly agreed to it in accordance with Article 6 (1) (a), Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR
– sharing is necessary under Article 6 (1) (f) in order to establish, enforce or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest that your information is not shared
– sharing is necessary to comply with the legal obligation under Article 6 (1) (c) or (e) of the General Data Protection Regulation GDPR, especially if we are required to provide information to a public body
– sharing is permitted by law and is necessary under Article 6 (1), indent b of the General Data Protection Regulation, GDPR for the purpose of executing a contract with you or taking action on your request before concluding the contract.
Some of the data processing described here may be performed by external service providers acting on our behalf. The service providers listed in this document may include, computer centers that store and maintain our websites and databases, IT service providers that maintain our business systems, as well as consulting firms.
If and to the extent that we share information with our service providers, that information may only be used for the purpose of performing their services. The processing of your data by contracted service providers will take place as part of the processing and execution of your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR. Contractual service providers are carefully selected business partners. They are contractually bound by our instructions, implement appropriate technical and organizational measures to protect the rights of data subjects and are subject to regular inspections that we carry out.
HOW LONG WILL YOUR DATA BE STORED
Unless otherwise stated herein, your data will only be stored for as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data was originally collected or as long as we have a legitimate interest in storing such data.
In all other cases, your personal data will be deleted, except for data that we must retain in accordance with legal retention periods. However, in such cases, we will limit the processing of the data, ie your data will only be used in accordance with legal obligations.
Normally, your orders and payment information and other information, if applicable, are subject to legal retention obligations, so we are required to retain such information for up to ten years.
Even if the data is not subject to legal retention obligations, we may refrain from deleting your data in cases permitted by law and limit its processing instead. This may apply in particular in those cases where such information may be requested for further processing of the contract or for the exercise of rights or for the purpose of legal defense. The duration of the processing restriction will depend on the legal limitation periods.
YOUR RIGHT TO DATA PROTECTION
You can contact our Data Protection Officer at any time to exercise your legal right to data protection described below (contacts above).
You always have the right to receive information about our processing of your personal data. In providing such information, we will explain the data processing process and provide you with an overview of your personal information that we store.
If any of the data we have stored is inaccurate or no longer up to date, you have the right to request a correction of the data.
You can also request the deletion of data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that they are available only for the stated legal purpose.
You can also restrict the processing of data, for example if you feel that the data we store is inaccurate.
You have the right to transfer data, ie at your request we will provide you with a digital copy of the personal data you have given us.
You also have the right to file a complaint with the Data Protection Supervisor. The competent supervisory body is the Agency for Personal Data Protection, Martićeva 14, 10000 Zagreb, e-mail: firstname.lastname@example.org.
RIGHT OF WITHDRAWAL OF CONSENT AND RIGHT OF OBJECTION
If you wish to exercise your right of withdrawal or objection below, send a notice to the Data Protection Officer at the contact details provided in the introductory part of the text.
7.1. Withdrawal of consent
Article 7 (3) of the General Data Protection Regulation GDPR (EU) 2016/679 gives youthe right to withdraw any consent you have previously given. This means that in the future we will no longer continue to process data based on your consent. Withdrawal of your consent will not affect the lawfulness of processing based on consent prior to its withdrawal.
7.2. Objection to the processing of your data
If we process your data on the basis of legitimate interests in accordance with Article 6 (1), indent f of the General Data Protection Regulation GDPR (EU) 2016/679, you have the right to object to the processing of your data under Article 21 if there are reasons to do so. arise from the specifics of your situation or if the complaint is directed against direct advertising.
We use all appropriate technical measures to ensure data security, and in particular to protect your data from risks during data transfer, as well as from unauthorized access by third parties. These measures will be adapted from time to time in line with the latest developments. To secure the personal information you enter on our website, we use a secure transport protocol (SSL) that encrypts your information during transmission.
CHANGES TO THE DATA PROTECTION AND PRIVACY RULES (GDPR)
We will update the data protection and privacy rules from time to time, when adapting to new versions of the website and the web store, or when making changes in legislation. Material changes will be documented in this document, and we will, if necessary, ensure the consent of our users.
Date of last modification: 30.10.2020.