Statement on privacy and data protection

We understand that when you use our website, you entrust us with your data and that the right to privacy is one of the most important human rights. That is why the protection of your personal data is important to us, which we treat responsibly and carefully and process in accordance with the applicable legal regulations on the protection of personal data, in particular in accordance with the EU Regulation on the Protection of Personal Data (EU GDPR) and secondary legal acts that apply to our association and/or company.

In the following, for the purpose of as much transparency as possible in our processing of personal data, we state and explain which of your personal data we collect on our website, what we use them for, which security measures are used to protect your data as much as possible, to whom we can forward it and when we delete it . In addition, we inform you of the respective legal basis that allows us to process the data appropriately and also of the legally defined rights in relation to the processing of this data.

General
Types of personal data and purposes of their processing
Personal data protection
Individual rights
Provision of personal data
Retention periods for personal data




General

The website is managed by Dart Federation of Slovenia, Grlava 19A, 9242 Križevsi pri Ljutomer, Slovenia in cooperation with the company Aforum d.o.o., Prešernova ulica 9, 2230 Lenart in Slovenske gorice, Slovenia (in hereafter also: provider or company or controller of personal data). Because we value the confidentiality of personal and other data (hereinafter also: data or information) and the privacy of the users of the wdf-slovenia.com website, we commit to responsible, careful and permanent protection and collection and processing of all acquired personal and other data of the user or consumer (hereinafter also: the individual) in accordance with the provisions of the applicable European and Slovenian legislation in the field of personal data protection and consumer protection, as well as the internal Rules on the protection of personal data. At the same time, we carefully protect their data from intrusion by third parties, which ensures users a worry-free and smooth transaction with the provider.

Access to personal and other data is permitted only to authorized full-time or part-time employees and contract processors, to the extent and for the purpose that is absolutely necessary for the smooth implementation of work processes, provision of services associations and/or companies and the fulfillment of rights and obligations from concluded contractual relationships with the user or consumer. The duty to protect personal and other data applies indefinitely, even after the termination of the relationship with the company.

The association and the company guarantee that all personal and other data obtained will be processed only for the purposes specified in this Privacy and Data Protection Statement. Consent to the provision of personal and other data is voluntary, and consent can be withdrawn at any time in the same way as it was given. In the event that personal and other data are not forwarded, or to the extent that consent is revoked, the data manager cannot fulfill the purpose for which the data is collected.




Types of personal data and purposes of their processing

The association and the company collect personal data in accordance with legal provisions and process them only for the purposes detailed below. The above is carried out as part of the mentioned, relevant legal regulations, or only with the consent of the user or consumer.

When the data is allowed to be processed is determined in particular by Article 6 of the EU Regulation according to which we collect and process personal data, if

we have the consent of the user or consumer;
the data is necessary for the fulfillment of the contract and/or measures prior to the conclusion of the contract;
the data is necessary to fulfill a legal obligation or
the data is necessary to maintain the legitimate interests of the company, except when such interests are overridden by the interests of the user or consumer, who require the protection of their personal data.

1. Personal data obtained when signing up for online news

When an individual signs up to receive free online news from wdf-slovenia.com and thus creates a device-independent user profile, we process and use the e-mail address, name and any non-binding information provided about birth to send information about products, promotions, prize games and news in the field of the latest trends, as well as for surveys on the general satisfaction of customers or subscribers. We store and process this data only for the purpose of sending information via online news tailored to the user's individual interests. Also, after placing an order on the wdf-slovenia.com website, the association and/or the company enables the buyer or client to provide an evaluation of the product and the purchase at an independent evaluation service provider, which they are also asked to provide by e-mail.

The processing of personal data takes place on the basis of the user's or consumer's consent in accordance with letter a of paragraph 1 of Article 6 of the GDPR and whereby the user or consumer can exercise their rights at any time as an individual. Consent to receive online news and thereby create a device-independent user profile can be revoked at any time by clicking on the unsubscribe link at the end of each online news. The user can also cancel the consent to receive online news and thus create a device-independent user profile by sending the cancellation of consent in writing to the email address info@wdf-slovenia.com. We will unconditionally consider the user's or consumer's wish not to receive advertising messages and notifications about monthly promotions.

2. Personal data obtained during user account registration and/or purchase or order

2.1 Information that is collected

The user of the website wdf-slovenia.com expressly consents and allows the collection of manages, processes and stores the following personal data:

name and surname;
address and place of residence and address for delivery;
country of residence;
IP address from which the user accesses the website;
email address (username);
contact phone number;
other data that the user voluntarily enters into forms in the online store;
data about the content of the order;
communication archive;

and with previous or simultaneous user account registration

other data that the user voluntarily adds subsequently in his profile;
password in encrypted form and
time and date of registration.

When registering a user account and/or making a purchase on the website wdf-slovenia.com, each user by marking the empty field on familiarity with and agreement to the "General Terms and Conditions" of which it is an integral part this Statement on privacy and data protection gives express consent that the association and the company, as managers of personal data collections, can collect and process and above all protect the personal data provided to them, namely for the purposes of managing a user account, executing an order or purchase, delivery of goods or performance of services, advertising, statistical processing of data, telephone, personal and written surveys, conducting marketing research, sending advertising materials, informing about innovations in the company's offer and operations, building a CRM database, direct, segmented and targeted marketing. In doing so, the user gives explicit consent that the provider can process all data stored about the user and obtained during the registration of the user account, his purchases, conclusion of contracts or other forms of interaction with the customer or subscriber for the purposes of segmented and targeted marketing. The association and the company will protect the obtained data and prevent their violations and abuse, all in accordance with the applicable legislation.Personal data will thus be used only for the purposes for which the user has given his consent and for the provision of services offered by the association and the company. By marking an empty field, the user confirms that he is aware of all relevant rights, such as, for example: the right to view, copy, copy, correct, block and delete his personal data, in accordance with applicable legislation.

The processing of personal data on the one hand takes place based on the consent of the user or consumer in accordance with letters a and b of paragraph 1 of Article 6 GDPR and on the other hand based on the fulfillment of a legal obligation and also the legal interests of the company in accordance with letters c and f of paragraph 1 of Article 6 of the GDPR for the purpose of protecting the company's legal claims and internal records and monitoring the regular performance of the company's services, and whereby the user or consumer can exercise their rights at any time as an individual.

The registered user can correct any changes to personal data himself in his user account. Also, registered users can stop using the website at any time and can cancel their registration. The user can also cancel his registration from the website by notifying the cancellation of registration in writing to the email address info@wdf- slovenia.com. Before submitting a declaration of cancellation of registration, the user must pay the provider all outstanding obligations arising from purchases made in the online store. The association and the company will protect the confidentiality of personal data and the privacy of website users within the framework of this Privacy and Data Protection Statement even in the event of cancellation of registration.

The buyer or subscriber can communicate changes to the personal data provided or consent to processing by sending the changes or cancellation (of a certain part) of the consent in writing to the email address info@wdf-slovenia.com, whereby it is considered that the association and the company for the purpose of fulfilling certain statutory obligations, for the processing of certain personal data do not require the consent of the buyer or client, which is why they can only be canceled after the statutory deadline has expired.

2.2 Payment systems, fraud prevention and reduction of payment failures

On the website wdf-slovenia.com you can choose between different payment methods when placing an order. In order to reduce the risk of missed payments, a credit check can be carried out as part of the order process, which is the basis for choosing the displayed payment options available to the buyer or client and which depend on the result of the credit check. For this reason, payment-relevant data is obtained each time, so that the company can place and execute the order and payment of the buyer or client. Due to the technical requirements and for the legal security of the buyer or subscriber, his IP address is also processed.

The processing of personal data thus takes place on the basis of the fulfillment of the contract and/or measures prior to the conclusion of the contract and on the basis of the legitimate interests of the company in accordance with letters b and f of paragraph 1 of Article 6 of the GDPR and whereby the user or consumer can exercise their rights as an individual at any time. Certain personal data listed above, the company needs to fulfill the contract and without which the company is unfortunately forced to refuse the conclusion of the contract, because in such a case it cannot fulfill it. The company provides the data for making the payment accordingly to its payment service providers.

The payment systems used by the company use SSL encryption for secure data transfer.

Warning regarding payment by payment card

As is usual with payment card payments, it checks the payment card information for this authorized company and performs the authorization.In addition to the association and the company Aforum d.o.o., Stripe Payments Europe, Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Co. manages the data required to make a payment by payment card. Dublin, Ireland. If the client or buyer selects "payment card" as a payment option during the ordering process on the website, their data is automatically forwarded to Stripe. By choosing this payment option, the buyer or client agrees to the provision of personal data necessary to make the payment. As a rule, the personal data provided to Stripe is the name, surname, address, e-mail address, IP address, phone number or other data that is necessary to make the payment. Personal data related to each order is also required for the execution of the sales contract. Details of Stripe's data protection are available at here.

3.Other

3.1 Contact form

A contact form is available on the website wdf-slovenia.com, which the user or consumer can use to establish contact electronically. The data obtained in this way is processed to establish contact and respond to questions and wishes. In doing so, the principle of saving data and preventing data is taken into account, so that the user or consumer must provide only the data that the company absolutely needs from him in order to establish contact. These are first and last name, e-mail address, topic selection and the field for the message itself. Due to technical requirements and for the legal security of the user or consumer, their IP address is also processed. All other information is voluntary and you can provide it if you wish.

Data processing takes place on the basis of the user's or consumer's consent in accordance with letter a of paragraph 1 of Article 6 of the GDPR and whereby the user or consumer can at any time exercise their rights as an individual. The user can revoke consent to data processing by sending a written revocation of consent to the email address info@wdf-slovenia.com.

3.2 Ensuring the security of systems/identifying disturbances

Due to technical security, especially for the purpose of protection against attempted attacks on the company's web server, data is stored that does not require establishing a connection with an individual user. In particular, the company collects data about the web server used and the operating system used, the name of the internet service provider, data about the website from which the user or consumer accesses the website, data about the web pages that the user or consumer visits on the wdf-slovenia website .com, the date and time of the visit, the name of the requested file, information on whether a certain file was downloaded, for example, the amount of data transferred, the IP address assigned to the user or consumer by their Internet service provider. Personal data collected in this way are treated confidentially.

This site uses SSL encryption for the security and protection of the transmission of confidential content, such as inquiries sent by the user to the company as the operator of the site. An encrypted link is identified by the change of "http://" to "https://" in the address bar of the browser and by the lock symbol in the browser bar. When SSL encryption is turned on, the data that the user provides to the company cannot be read by a third party at the same time. In order for the company to offer secure data transmission with SSL encryption on this website, to protect against attacks and to optimize loading times, the company uses the service of Let's Encrypt, 1 Letterman Drive, Suite D4700, San Francisco, CA 94129, which is a certified member of the agreement between the U.S. and the EU on data protection ("Privacy Shield"). Let's Encrypt is committed to treating all personal data it receives from European Union (EU) member states in accordance with the Privacy Shield Principles. Further information about the Privacy Shield is available on the US Department of Commerce's Privacy Shield List, available at here. Let's Encrypt collects statistical information about the visit to this website. Access data includes: name of the accessed website, file, date and time of access, amount of data transferred, message about successful access, browser type and its version, user's operating system, previously visited page (referrer URL), IP address and Internet provider , through which the query takes place. Let's Encrypt uses protocol data for statistical analysis for the purpose of administration, security and optimization of the offer. More information in this regard, as well as the privacy policy published by Let's Encrypt, is available at here.

In doing so, the company acts according to its legitimate interest in accordance with the letter f of paragraph 1 of Article 6 of the EU GDPR. To exercise rights, the user can for any complaints, always contact the authorized person for the protection of personal data in the operator's company at the email address info@wdf-slovenia.com, which is available to him at all times.

3.3 Tracking measures and use of cookies

The company, according to its legitimate interest in accordance with the letter f of paragraph 1 of article 6 of the EU GDPR, collects and processes personal data when visiting its websites, through cookies, for the purpose of ensuring better functionality and user experience, security, smooth operation of websites or portals and for analytical purposes. They are installed when the user submits a form, logs in or performs any other interaction with the website by clicking on simple links. In this case, every user of the website wdf-slovenia.com accepts necessary cookies, which cannot be specifically disabled on the website, as they are crucial and without which the individual website or web portal owned or managed by the company cannot will work as it should. The same applies to the acceptance of analytical cookies, which are crucial for ensuring and improving the functionality of the website and consequently the user experience, whereby the company processes personal data based on its legitimate interest in effective information and communication in accordance with the letter f of paragraph 1 of Article 6 EU GDPR or in accordance with letter a of sentence 1 of paragraph 1 of Article 6 and 7 of EU GDPR, in the event that the company obtains consent for data processing, i.e. by confirming the button or similar (Opt-In) on agreement to the processing, which the user can disable or cancel at any time by changing the cookie settings.

For the purpose of enabling a smooth and pleasant user experience and individual customization of ads, the company also cooperates with a number of service providers, using cookies and tracking methods and, as far as possible, acts according to the legitimate interest of data processing in accordance with the letter f of paragraph 1 of Article 6 of the EU GDPR. In most cases, in accordance with letter a of paragraph 1 of Article 6 of the EU GDPR, the company obtains the user's consent in advance, which the user can revoke at any time by changing the cookie settings.

More detailed information and settings for these cookies can be found in the "Cookie Policy" section.

In the case of the above, it is generally the case that the user can always allow, limit, control and change the cookie settings themselves using the selected web browser settings.

3.3.1 Browsers

So that the user can easily find the website in the future by entering relevant queries in standard browsers, the company uses the tracking measures of browser providers to display the company's location, analytics of visits to the online store and to display and ad optimization. The data obtained in this way is forwarded to browser providers under a pseudonym.

In its business, the company cooperates with and uses services provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter also "Google"), which is subject to the US-EU Data Protection Agreement ("Privacy Shield"), which ensures compliance with the level of data protection applicable in the EU.

3.3.1.1 Use of location-related services

The company can also process the user's location data: GPS coordinates (longitude, latitude), IP settings ( location of the user's browser or application) obtained by the user's mobile or stationary device. The company processes location data in such a way that it cannot be linked to a specific or identifiable user, or on the basis of the prior consent of the user or consumer in accordance with letter a of paragraph 1 of Article 6 of the GDPR and whereby the user or consumer can at any time assert their the rights he has as an individual. When requesting consent, the company informs users of the options for refusing consent, the type of data that will be processed, the purpose and duration of such processing, and the possibility of forwarding this location data to a third party, for the purpose of providing a value-added service. The user can edit his consent or withdrawal of consent regarding the use of location data at each connection to the network or for each transmission of communication, either in the application itself or in the "location services" settings of the mobile or stationary device. This may disable functionality that uses such data, but other application options unrelated to location data may still be available.

For this purpose, the company uses Google Maps (API) from Google LLC on its website, which is an online service for displaying interactive maps that visually display geographic information. When using this service, the location of the company is displayed to the user. As soon as those subpages that include Google Maps are called up, information about the user's use of the company's website (such as IP address) is transmitted to Google's servers in the USA and stored there. This happens regardless of whether there is a Google user account that the user is signed in to or no user account exists. If the user is logged in to Google, his data is attributed directly to his account. If the user does not want this, he must log out before activating the button. Google stores the data (even for unregistered users) as user profiles and analyzes them. Such an analysis is carried out in particular in accordance with the letter f of paragraph 1 of Article 6 of the EU GDPR on the basis of Google's legitimate interests in displaying individualized advertisements, market research and/or the need-based design of the Google website. The user has the right to object to the creation of these user profiles, and to exercise this right he must contact Google.

If the user does not agree that his data will be forwarded to Google in the future as part of the use of Google Maps, he also has the option of turning off the Google Maps online service completely, by disable JavaScript in your browser. The Google Maps service and thus also the display of maps on this website cannot be used after this. More information in this regard, as well as the data protection provisions for the Google Maps service, can be found at here.

3.3.1.2 Use of services related to analytics

In order for the company to design and optimize its website according to the user, for these purposes it uses Google Analytics from Google LLC., which is an online service for analyzing the use of the website and on the basis of which the company obtains and processes anonymized information:

in relation to the device used (e.g. operating system, browser, screen resolution, set language);
in relation to pages viewed while visiting the website (eg category or product detail pages);
within the ordering process (e.g. order number, gender, date of birth, method of delivery and payment, address field) and
about access data (e.g. setting via online newsletters sent via e-mail, other websites or online advertising measures).

The scope of stored and processed data is limited to statistical evaluation using the Google Analytics tool. For this purpose, the company uses cookies that enable re-recognition of the web browser. Immediately upon receipt, the company changes the user's IP address beyond recognition, so that no IP addresses can be assigned to user profiles.

The collection of data and the use of the tool is necessary from a technical point of view for the continuous optimization of the functions and display of the company's website on different devices, operating systems and browsers, and so that the company can design its offer in such a way , to make it interesting for the user. In doing so, the company collects and processes data according to its legitimate interest in accordance with letter f of paragraph 1 of Article 6 of the EU GDPR or in accordance with letter a of sentence 1 of paragraph 1 of Article 6 and 7 of the EU GDPR, in the event that the company acquires consent to data processing, i.e. by confirming the button or similar (Opt-In) on agreement to the processing, which the user can disable or cancel at any time by changing the cookie settings. The user can additionally generally enable the use of cookies for analytical purposes here.

3.3.1.3 Use of services related to advertising

The company's website uses the Google AdWords online advertising program of Google LLC., with which the company advertises the online store in search results on Google and third-party websites and tracks the resulting conversions. Here, the company uses Google Adwords to draw attention to its attractive offers through advertising on external websites. Based on the data on advertising campaigns, the company can determine how successful individual advertising measures are, thereby tracking the interest in displaying ads that are interesting to the user, designing the company's website in such a way that it is more interesting for the user, and allowing fair calculation of advertising costs.In order to determine the validity of the ad, for example, it is recorded which categories the user is interested in in the online store and whether the order has been executed.For this purpose, Google installs a cookie in the browser of the user's device, which, with the cookie ID under a pseudonym and based on the pages visited by the user, enables advertising in accordance with the user's interests. The processing takes place on the basis of the user's consent in accordance with the letter a of paragraph 1 of Article 6 of the EU GDPR, whereby the user can disable or cancel the given processing consent at any time by changing the cookie settings.

Additional data processing is only carried out if the user has given consent to Google for Google to associate the user's online and in-app browser history with his Google account and information from his Google account they use to personalize the ads you see online. In this case, if the user is logged in to a Google account while visiting a page within the company's online store, Google uses the user's data together with Google Analytics data to compile and define device-independent remarketing target group lists. For this purpose, Google temporarily connects the user's personal data with Google Analytics data to form target groups.

A conversion tracking cookie is placed when a user clicks on an AdWords ad published by Google.As a rule, these cookies are no longer valid after 30 days and are not intended for personal identification. If the user visits certain pages on the user's website and the cookie has not yet expired, Google and the company can determine that the user has clicked on an ad and has been redirected to the company's website as a result. The information obtained from conversion cookies is used for statistical reporting of conversions for AdWords customers who choose to track conversions. Based on this, the company learns the total number of users who clicked on its ad and were redirected to the advertised website equipped with a conversion tracking tag. The data obtained in this way does not contain information that could be used to personally identify the user.

Additional information and data protection provisions regarding advertising and Google are available here.The user can edit or permanently deactivate the storage of cookies for Google ads here or here.

If desired, the user can also inquire about the installation of cookies from the Digital Advertising Alliance at the web address www.aboutads.info, where he can also make such settings. Last but not least, the user can set his browser so that he is always informed about the installation of cookies and can decide on the fly whether to accept them or whether to accept cookies for certain cases or to exclude them entirely. If cookies are not accepted, the functionality of the company's website may be limited.

3.3.2 Social networks

The company is present in various social networks, whereby it ensures compliance with applicable provisions on data protection only if it has control over the processing of the user's or consumer's personal data. For the presence of the company in the sense of the EU Regulation as well as other provisions concerning data protection, in addition to the company Aforum d.o.o. also responsible for:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland);
Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland);
Pinterest (Pinterest Europe Ltd., 2ND Floor Palmerston House, Fenian Street, Dublin 2, Ireland) and
YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland).

The user or consumer uses these platforms and their functions at their own risk. The latter applies especially to the use of interactive features (eg commenting, sharing, rating). It should be noted that data may be processed outside the territory of the European Union, and providers from the USA who are certified under the umbrella of the "Privacy Shield" are obliged to comply with the EU Data Protection Regulation.< /p>

The company maintains fan pages only so that visitors to these pages can be informed about offers in addition to communication in this way. In doing so, it collects data for statistical purposes, which helps the company in the further development and optimization of content, which makes the offer even more attractive. The necessary data for this, such as the total number of page views, activities on the website and files made available by visitors, are prepared and made available to the company by social networks. The company has no influence on the creation and display of these pages.

In addition, social network providers, as well as the company Aforum d.o.o., process visitors' personal data for market research, communication and advertising purposes. This makes it possible, for example, to create user profiles based on the visitor's user behavior and consequently his interests. Among other things, advertisements that supposedly correspond to the visitor's interests can be published both inside and outside the platform. In principle, cookies are stored on the visitor's device for these purposes. Regardless, data that was not directly collected and stored on the visitor's end device may also be collected and stored in the visitor's user profile. The storage and analysis can also be device-independent, this applies in particular, but not exclusively, if the visitor is registered and logged in to the respective platform. In addition, the company does not collect and process personal data.

The company processes personal data based on its legitimate interest in effective information and communication in accordance with letter f of paragraph 1 of Article 6 of the EU GDPR or in accordance with letter a of sentence 1 of 1 .Articles 6 and 7 of the EU GDPR, in the event that the company obtains consent for data processing, i.e. by confirming a button or similar (Opt-In) on consent to processing, which the user can disable or cancel at any time by changing cookie settings.

In the event that the user or consumer is also a member of the social network and does not want the network with the presence of the company to collect data about him and to interact with his associated with the relevant network with the stored membership data, before visiting the company's fan page, he must log out of the relevant network, delete the cookies stored on his device and close and reopen the browser. After re-login, the network is recognized again as a specific user.

Since the company does not have full access to the user's or consumer's personal data when using social networks, it advises that the user or consumer contact the social network providers directly when claiming, as they have access to personal data of its users and can take appropriate measures and provide information. For this purpose, the company provides links to extensive information on data protection provisions, settings and opt-in options for each portal individually.

Facebook

Facebook is a social network whose plug-in is contained on at least one company website.When a user calls up a web service containing a Facebook plug-in, the user's browser establishes a direct connection to the Facebook servers. In doing so, information is sent to Facebook that the user's browser has visited the corresponding page of the company's web services, even if the user does not have a Facebook account or is not logged into his account. This information is transmitted directly by the user's browser to the Facebook server and stored there.In case the user is simultaneously logged in to his Facebook account, the call-up of the page can also be attributed to his Facebook account, thereby enabling Facebook to directly attribute the user's browsing behavior to his personal profile.

If the user wants to prevent the social network Facebook from transmitting and storing his data and habits on the company's website, before visiting the company's website, he must log out of Facebook and delete any cookies that he has installed by Facebook.

Further information on the acquisition, use and settings of user data by Facebook:

When collecting this type of data, the company relies on the user's consent regarding the appropriate processing of data in accordance with letter a of paragraph 1 of article 6 of the GDPR, which can be done at any time by changing the cookie settings cancels.

Instagram

Instagram is a social network whose plugin is contained on at least one company website.When a user calls up a web service containing an Instagram plug-in, the user's browser establishes a direct connection to Instagram's servers. In doing so, information is sent to Instagram that the user's browser has visited the corresponding page of the company's web services, even if the user does not have an Instagram account or is not logged into his account. This information is transmitted directly by the user's browser to the Instagram server and stored there.In case the user is simultaneously logged in to his Instagram account, the page call-up can also be attributed to his Instagram account, thereby allowing Instagram to directly attribute the user's browsing behavior to his personal profile.

If the user wants to prevent the social network Instagram from transmitting and storing his data and habits on the company's website, before visiting the company's website, he must log out of Instagram and delete any cookies that he has installed by Instagram.

Further information on the acquisition, use and settings of user data by Instagram:

Pinterest

Pinterest is a social network whose plugin is contained on at least one company website. When a user calls up a web service that contains the Pinterest plugin, the user's browser establishes a direct connection to Pinterest's servers. In doing so, information is sent to Pinterest that the user's browser has visited the corresponding page of the company's web services, even if the user does not have a Pinterest account or is not logged into his account. The user's browser transmits this information directly to the Pinterest server and stores it there. In case the user is logged into their Pinterest account at the same time, the page call may also be attributed to their Pinterest account, thereby allowing Pinterest to directly attribute the user's browsing behavior to their personal profile.

If the user wants to prevent the social network Pinterest from transmitting and storing his data and habits on the company's website, he must log out of Pinterest and delete any cookies he has set before visiting the company's website installed by Pinterest.

Further information on Pinterest's collection, use and settings of user data:

Youtube

YouTube is a video portal whose plugin is contained on at least one company website.When a user calls up a web service containing a YouTube plug-in, the user's browser establishes a direct connection to the YouTube servers. In doing so, information is sent to YouTube that the user's browser has visited the corresponding page of the company's web services, even if the user does not have a YouTube account or is not logged into his account. This information is transmitted directly by the user's browser to the YouTube server and stored there.In case the user is simultaneously logged into his YouTube account, the page call can also be attributed to his YouTube account, thereby enabling YouTube to directly attribute the user's browsing behavior to his personal profile.

If the user wants to prevent the YouTube portal from transmitting and storing his data and habits on the company's website, he must log out of YouTube and delete any cookies he has installed before visiting the company's website YouTube.

Further information on the collection, use and settings of user data by YouTube:

When collecting this type of data, in accordance with letter a of paragraph 1 of Article 6 of the GDPR, the company relies on the user's consent regarding the appropriate processing of data, which can be done at any time by changing the cookie settings cancels.

4.Special childcare

In accordance with good faith and honesty, the company undertakes not to process any personal data or authorize the purchase or placing of orders for the provision of services to a person without the express consent of the parents or guardian of the child. which he suspects has not reached the age of 14.




Personal data protection

For the best possible protection of stored data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we implement appropriate technical and organizational security measures. We constantly check security levels in cooperation with security experts and adapt them to new security standards.

The company ensures the safety of the purchase by taking into account all applicable legal obligations and recommendations of the Slovenian and international consumer association. Entering personal and payment information is done via a secure online form protected by the same or similar encryption mechanisms used by banks and other trusted institutions.

The website provides all the necessary technological and organizational solutions for complete purchase security. The transfer of sensitive personal and transactional data on the website is carried out in secure mode using the SSL (SecureSocketsLayer) protocol. The data is encrypted and transmitted to the company server in a protected form. The system thus prevents anyone from intercepting the personal and transactional data of online store users.

The website may also contain links to the websites of other companies, which is also clearly visible. If there are links to other providers on the website, the company has no influence on their content. Therefore, it cannot assume any guarantee or responsibility for these contents. The respective provider or operator of the site is always responsible for the contents of these pages. At the time the link was created, the linked pages were checked for possible violations of laws and visible illegalities, and at the time the link was created, there were no visible illegal contents. The permanent implementation of content verification of linked pages without concrete indications of a violation of the law is not acceptable. If found to be in violation of the law, such links will be removed immediately.




Rights of individuals

The individual can permanently or temporarily, in whole or in part, cancel the given consent for the processing of personal data in any way by written request sent to the address: Aforum d.o.o., Prešernova ulica 9, 2230 Lenart in Slovenske gorice, with the note "za GDPR", or to the email address info@wdf-slovenia.com. Revocation of consent does not affect the legality of the processing that was carried out on the basis of consent until its revocation.

Each user or consumer has the following rights with their personal data:

1. Right of access to data

The individual to whom the personal data relates has the right to obtain confirmation from the company as to whether personal data is being processed in relation to him and, when this is the case, access to the personal data and additional information regarding the processing of personal data, including:

purposes of processing;
types of personal data;
users or user categories to whom personal data has been or will be disclosed, especially users in third countries or international organizations;
when possible, the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period;
the existence of the right to request from the controller the correction or deletion of personal data or the restriction of the processing of personal data in relation to the individual to whom the personal data relate, or the existence of the right to object to such processing;
the right to file a complaint with the supervisory authority;
when personal data is not collected from an individual, all available information regarding its source;
the existence of automated decision-making, including the creation of profiles, and meaningful information about the reasons for it, as well as the meaning and intended consequences of such processing for the individual.

Based on the individual's request, the company provides a copy of his personal data that is being processed. For additional copies of data requested by the data subject, the company may charge a reasonable fee subject to administrative costs.

2. Right to rectification

The individual to whom the personal data relates has the right to have the company correct inaccurate personal data relating to him without undue delay. Taking into account the purposes of the processing, the individual to whom the personal data relates has the right to supplement incomplete personal data, including the submission of a supplementary statement.

3. Right to erasure ("right to be forgotten")

The individual to whom the personal data relates has the right to have the company delete the personal data concerning him without undue delay, and the company has the obligation to delete the personal data without undue delay:

when personal data are no longer needed for the purposes for which they were collected or otherwise processed;
when an individual withdraws consent, which is the basis for data processing, there is no other legal basis for processing;
when an individual objects to the processing based on the company's legitimate interest, and there are no overriding legal reasons for their processing;
when an individual objects to processing for direct marketing purposes;
when personal data must be deleted to fulfill a legal obligation in accordance with EU law or the Slovenian legal order; when it comes to data relating to the provision of information society services improperly collected from a child who cannot provide such data in accordance with applicable legislation.

In the case of directory or otherwise published data, the company takes reasonable steps, including technical ones, to inform the controllers processing the personal data that the data subject , requires them to delete any links to, or copies of, this personal data.

4.Right to restriction of processing

The data subject has the right to have the company restrict processing when:

the individual disputes the accuracy of the data, namely for the period that allows the controller to check the accuracy of the personal data;
the processing is illegal and the individual opposes the deletion of personal data and instead requests a restriction of their use;
the company no longer needs the personal data for the purposes of processing, but the individual to whom the personal data relates needs them to assert, implement or defend legal claims;
the individual has lodged an objection regarding the processing until it is verified whether the legitimate reasons of the controller prevail over the reasons of the individual to whom the personal data refer.

5. The right to object

The individual to whom personal data refer has the right, based on reasons related to his special situation, to object to the processing of personal data at any time, if this is based on legitimate interests, sought by the company or a third party. the company stops processing personal data, unless it proves imperative reasons for processing that override the interests, rights and freedoms of the individual to whom personal data refer, or for the assertion, exercise or defense of legal claims. Where personal data is processed for the purposes of direct marketing, the individual has the right to object at any time to the processing of personal data relating to him for the purposes of such marketing, including profiling in so far as it is related to such direct marketing. Insofar as direct marketing is based on consent, the right to object can be exercised by withdrawing the given personal consent.

6.The right to data portability

The data subject has the right to receive personal data relating to him held by the company in a structured, commonly used and machine-readable format, and the right to forward this data to another controller, without being hindered by the company to which the personal data was provided, when:

the processing is based on the consent of the individual or the contract and the processing is carried out by automated means.

To exercise the above-mentioned rights or for any complaints, you can contact the authorized person for the protection of personal data in the operator's company at the email address info@wdf-slovenia.com, which is always at your disposal.

However, if you believe that the processing of personal data violates the provisions in the field of personal data protection, you have the right to file a complaint with the Information Commissioner.




Transmission of personal data

The association and the company respect the privacy of the users of the website wdf-slovenia.com and undertake to carefully protect the obtained personal data and will not pass it on to a third party without their consent. used other than exclusively for the above-mentioned purposes, except in cases where this data would be requested by the competent state authority, which would have a legal basis for this, and in the event that there is a suspicion of abuse in business by the website user. Data may only be forwarded to a contractual data processor.

In certain cases, the association and/or the company are forced to pass on the processed personal data to third parties as part of the data processing, while complying with the regulations. In addition to the authorized persons of the association and the company, personal data are also processed on behalf and on behalf of the association and/or company by external service providers such as

companies that provide technical support in the processing of personal data, such as manufacturers and maintainers of computer applications, websites and information services;
companies that develop and introduce software solutions;
call center and processors engaged by the company to provide services necessary for the execution of contracts, such as printers, insurance companies, delivery services, point of sale operators, external marketers, transporters of goods to consumer addresses;
accounting service;
marketing, research and analytical companies, external marketing agencies and event organizers;
representatives of the company in concluding and executing contracts, including collection and possible legal proceedings and
state bodies and institutions, if this is requested or necessary.

Some organizations or companies to which personal data may be disclosed are based outside the European Union, i.e. in countries that do not have adopted laws to protect the right to the protection of personal data in the same way as in the European Union or in Slovenia. In the event that personal data is transferred to third countries (outside the EU and EEA), the company will take care to ensure and implement appropriate measures to ensure the security of personal data and the fundamental rights and freedoms of individuals, in accordance with applicable national and European regulations and this Statement on privacy and data protection by using the intended mechanisms such as binding business rules, standard contractual clauses and more.




Personal data retention periods

The association and the company will process personal data only for the time and to the extent necessary to realize the processing purposes and as long as it is necessary to achieve the pursued goal, in the case of personal data obtained on based on consent, until cancellation, except in cases where the retention period of personal data is determined by law. In the latter cases, the company stores the data in accordance with the legal obligation.

After the retention period has expired, upon cancellation or upon reaching the pursued goal, the collected personal data are deleted, destroyed, blocked or anonymize.

In Lenart, on 10. November 2024