NANDIKA Ltd., with the purposes and basis of the processing of personal data by NANDIKA Ltd., Inniscarra, Main Street, Rathcoole, D22 RP77 Co. Dublin, Ireland (‘Nandika / Provider’).
At Nandika, we value your privacy, so we always protect your information carefully.
Our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data) (General Data Protection Regulation or GDPR) and Council of Europe conventions (ETS No. 108, ETS no. 181, ETS No. 185, ETS No. 189)) and national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Ur. L. RS, No. 94/07), Electronic Commerce on the Market Act (ZEPT , Ur. L. RS, No. 96/09 and 19/15) etc.).
As we are aware that your privacy and familiarity with the processes of processing your personal data means a lot to you, we also invite you to read more about individual segments of personal data protection in the guidelines of the Information Commissioner, who acts as a competent state body for supervising legal personal data protection framework.
Personal data is information that identifies you as an individual: your name, surname, e-mail or ordinary address, etc.
For business purposes, Nandika collects the following user data:
Name and surname,
Address and place of residence,
Contact telephone number,
And other information you enter on the relevant forms on the website.
By registering and / or placing an order on the website, you expressly agree that Nandika may obtain personal data (name, address, e-mail address and any other data provided to the provider for the purposes of fulfilling the contract – orders are voluntarily provided by the buyer) , except for the purposes of negotiating a contract or for fulfilling a contract – an order (as specified in Article 10 of the current Personal Data Protection Act), also used for the purposes of direct marketing through all advertising channels used by the provider (notification by phone and SMS , print media, unaddressed and addressed direct mail, e-mail, etc.), and for the purposes of direct marketing-related statistical and market analysis, marketing profiling and segmentation. In this way, we will make sure that you are properly informed about our current offers at all times, and at the same time you will be informed only about the product offers that best suit your wishes.
As a customer, you must also explicitly give your consent for direct marketing via Nandik e-mail when registering and / or placing an order on the website marked “Subscribe to e-news”. Otherwise, the buyer will not receive direct marketing via e-mail, nor will he be duly informed about the provider’s online campaigns.
To revoke the consent for direct marketing via e-mail, arrange:
by sending a return e-mail in response to a specific e-mail received by the provider each time direct marketing is carried out, and / or;by filling in an online form, the link to which is stated in each e-mail received by the provider when performing direct marketing.
You will be duly notified of the possibility to revoke your consent to carry out direct marketing by e-mail.
The provider will take into account your request for cancellation and consistently arrange the cancellation of the consent for the purpose of direct marketing through the respective or all advertising channels within 15 days at the latest and will notify you in writing or in another agreed manner within the next five days. You do not suffer any costs in doing so. The provider also guarantees you all other rights in accordance with the applicable legislation, which is defined below.
The provider does not collect or process your personal data, except when you allow it or. agree to it, ie. when ordering products or services, when you subscribe to receive e-news, participate in a prize draw, etc., or when there is a legal basis for the collection of personal data or the provider has a legitimate interest in processing.
The provider collects and processes your personal data on the following legal bases:
Law and contractual relations,
The consent of the individual.
Processing Under Law & Contractual Relation
In the event that the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and performance of a contract with a provider, or a legal obligation, you must provide personal data; in the event that you do not provide personal data, you cannot conclude a contract with the provider, nor can the provider perform services or supply products under the contract, as it does not have the necessary data to perform the contract.
Purpose of processing – more detailed explanation
Conclusion and implementation of the contract concluded with the provider, including the provider’s fulfillment of your orders (supply of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations. Nandika informs its customers about its products, services and contents on the basis of the ZEKom-1 Act (Electronic Communications Act of the Republic of Slovenia, which is implemented on the basis of Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002). The customer may at any time request the termination of such communication and processing of personal data. The customer can terminate such communication at any time via the unsubscribe link in received messages, or by a written request to the e-mail address firstname.lastname@example.org
Processing On The Basis Of A Legal Interest
The provider may also process data on the basis of a legitimate interest pursued by the provider, except when such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the case of a legitimate interest, the provider always makes an assessment in accordance with the General Data Protection Regulation.
Purpose of processing – more detailed explanation
General statistical processing of data on customers and their orders and potential customers (contacts) for the purposes of internal sales analysis, repeat purchases, aggregate customer behavior, advertising optimization and business optimization. Customers (contacts), on the basis of which we perform internal sales analysis, repeat purchases and aggregate customer behavior and monitor and optimize our business efficiency and optimize our advertising,
we monitor sales through our sales channels (internet).
we monitor how many customers make repeat purchases, how quickly and in what value.
we monitor general sales statistics, such as the average value of the cart, the number of products on order and the like.
we monitor responses to e-mails, SMS messages, telephone calls and various advertising messages (online ads) and on this basis we optimize our advertising (we decide what, where, to whom and how to advertise).
This type of statistical monitoring enables us to optimize business and advertising in general, and on the basis of this also to offer users affordable products and services.
At Nandika, on the basis of our legitimate interest, we process data on business and non-accepted distance orders, which determines whether and which customers disproportionately order products with payment on delivery and then do not accept these products, which causes us business damage that we want to prevent it.
Once we identify such customers, we prevent them from ordering products in the online store with payment upon receipt, but they are still allowed to order products with other payment methods.
At Nandika, based on its legitimate interest, we occasionally send emails to potential customers who have added selected products to the shopping cart but have not completed their purchase, with the aim of trying to complete the purchase or providing assistance and information in this regard.
As part of basic personalized communication (via email, SMS, phone calls, mail, browser notifications, website information, social networks) we try to present you with relevant offers, discounts and other content that may be of interest to you based on your past interactions. with us.
We use the following information for this:
Demographic data (gender, age, address),
History of your purchases (purchased products, time of purchase, number of purchases),
Easily address behavior on Mynandika websites (viewing individual products or content that may trigger the sending of customized messages), without using this information to create user profiles,
Your responses (opening a message, clicking on a link, purchasing) to the various messages we send you.
We do not use any semi-automatic or automatic profiling, but only select the appropriate sets of recipients for individual messages. In doing so, we never focus on individual data, but perform aggregate processing of larger groups.
Based on this information, it may then depend on which messages you receive from us:
which products and contents we will present to you so that they will be of maximum interest to you,
what offers you will receive (customers with a larger number or frequency of purchases at Mynandika get better offers),
how often we will send you messages and through which communication channels.
Using the Facebook advertising tool Facebook Custom Audiences
At Nandika, based on its legitimate interest in online advertising, we also use the Facebook Custom Audiences service, either as part of the implementation of basic personalized communication based on our legitimate interest or as part of the obtained consent to communicate with personalized offers. and content based on the user profile.
This service works as follows:
We upload your email address, which we obtained from you during your purchase or your voluntary entry, to Facebook.
Facebook compares your email address with your user base and finds out if you are a Facebook user
If you are not a Facebook user, then nothing happens to your email address and Facebook does not perform any activities with it,
However, if you are a Facebook user, Facebook will add you to the newly created list of personalized audiences, which will only and explicitly allow us to show personalized ads to this group of users on Facebook,
Based on this, we can show you more targeted and personalized ads on Facebook and, above all, additional discounts.
Processing On The Basis Of Your Contest
The provider collects and processes (uses) your personal data also for the following purposes, when you give your consent:
Ensuring that you access and use your online account with the provider and the provider’s online store and for technical reasons of administration on the provider’s website,
Ensuring that you can access the specific information available to you on the provider’s website and on your online account / profile provided by the provider,
Prepare and send personalized e-newsletters, if you have subscribed to it,
Sending commercial offers and other content via e-mail, SMS messages, regular mail or telephone calls and social networks (Facebook, Instagram) when there is no other basis for this and you have agreed to it,
Any other purposes for which you specifically agree to cooperate with the provider.
Contractual Processing Of Personal Data
The contractual processors with which the provider cooperates are:
Accounting Service; law firms and other legal advice providers,
Data processing and analytics providers,
IT system maintainers,
Payment system providers,
providers of customer relationship management systems,
Online advertising solution providers.
The provider will not pass on your personal data to unauthorized third parties.
Contractual processors may only process personal data in accordance with the controller’s instructions and may not use personal data to pursue any self-interest.
The controller and users do not export personal data to third countries.
Personal Data Storage
The provider will keep your personal data only as long as it is necessary to achieve the purpose for which the personal data was collected and further processed. Those personal data that the provider processes on the basis of the law are kept by the provider for the period prescribed by law. The personal data processed by the provider for the purpose of concluding a contractual relationship with an individual shall be kept by the provider for the period necessary for the performance of the contract and for 5 years after its termination, except in cases where there is a dispute between you and the provider. ; in such a case, the provider shall keep the data for 5 years after the court or arbitration decision or settlement has become final or, if there has been no litigation, for 5 years from the date of the amicable settlement of the dispute.
Those personal data that the provider processes on the basis of the personal consent of the individual or a legitimate interest, the provider keeps permanently, until the revocation of this consent by the individual or. requests to interrupt processing. The provider deletes such data before cancellation only when the purpose of personal data processing has already been achieved or if so provided by law.
After the retention period, the controller deletes the personal data efficiently and permanently, so that it can no longer be linked to a specific individual.
Freedom Of Choice
The information you provide about yourself is controlled by you. If you choose not to provide your information to the provider, then you will not be able to access certain sites or functions on the website. Individuals who wish to unsubscribe from the e-newsletter should notify us at the e-mail address email@example.com. If your personal data changes (postal code, e-mail address, physical address, telephone number), please notify us of the changes at the e-mail address firstname.lastname@example.org.
The provider strongly recommends all parents and guardians to teach their children and caregivers the safe and responsible handling of personal information online. Minors should not transfer any personal information to the websites without the permission of their parents or guardians. The provider will never knowingly collect personal data from persons who would be aware that they are minors.
Individual Rights Regarding Data Processing
You have a number of rights in connection with your personal information. These include the right of access, review, deletion and restrictions on processing, transfer, objection and appeal.
Right to revoke consent: if, as an individual, you have consented to the processing of your personal data (for one or more specific purposes), you have the right to revoke that consent at any time, without prejudice to the lawfulness of the data processing carried out prior to its revocation. Consent may be revoked by a written declaration sent to email@example.com. Withdrawal of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, after revoking the consent to the processing of personal data, the controller may no longer be able to provide an individual with one or more of its services in the case of services that cannot be provided without personal data.
Right of access to personal data: As an individual, you have the right to obtain confirmation from the provider (personal data controller) whether personal data are processed in relation to you and, where applicable, access to personal data and certain information (about the purposes of processing, types of personal data, users). , on retention periods or criteria for determining periods, on the existence of the right to rectify or delete data, the right to limit and object to processing and the right to appeal to the supervisory authority, the source of data if data have not been collected from you, the existence of automated reception decision, including profiling, the reasons for it and the meaning and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR).
Right to rectification of personal data: As an individual, you have the right to have the provider correct inaccurate personal information about you without undue delay. As an individual, you have the right to supplement incomplete data, including the submission of a supplementary statement, taking into account the purposes of the processing.
Right to delete personal data: As an individual, you have the right to have the provider delete personal data concerning you without undue delay, and the provider must delete the data without undue delay when there is one of the following reasons: the data is no longer needed for the purposes for which it was collected or. otherwise processed; if you revoke the consent and there is no other legal basis for the processing; if you object to the processing and there are no overriding legitimate reasons for the processing; the data were processed illegally; the data must be deleted in order to fulfill legal obligations under EU law or the law of the Member State applicable to the provider; data were collected in relation to information society service offers.
However, as an individual, in certain cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete data.
Right to limit processing: As an individual, you have the right to have the provider restrict processing when one of the cases exists: if you dispute the accuracy of the data for a period that allows the provider to verify the accuracy of the data; processing is illegal and you oppose the deletion of the data and instead request a restriction on their use; the data provider no longer needs it for processing purposes, but you do need it to enforce, enforce and defend legal claims; you have lodged an objection to the processing until it is verified that the legitimate reasons of the provider outweigh your reasons.
Right to data portability: As an individual, you have the right to receive personal information about you that you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to provide this information to another controller without the provider providing it to you. personal data have been provided, hindering this, namely when: the processing is based on consent or a contract and the processing is carried out by automated means. As an individual, in exercising this right of transferability, you have the right to transfer personal data directly from one controller (provider) to another, where technically feasible.
Right to object to processing: As an individual, on grounds relating to your specific situation, you have the right to object at any time to the processing of personal data necessary for the performance of tasks in the public interest or in the exercise of public authority conferred on the provider (Article 6 (1) GDPR) ) or is necessary for legitimate interests pursued by the tenderer or a third party (point (f) of Article 6 (1) of the GDPR), including profiling based on those treatments; the provider ceases to process personal data unless it proves compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or for asserting, enforcing or defending legal claims. Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles in so far as it relates to such direct marketing; where an individual objects to processing for direct marketing purposes, the data shall no longer be processed for those purposes. Where data are processed for scientific, historical or statistical purposes, the individual has the right to object to the processing of data relating to him or her for reasons related to his or her particular situation, unless the processing is necessary for the performance of the task carried out. for reasons of public interest.
Right to lodge a complaint with the supervisory authority:
without prejudice to any other (administrative or other) remedy, you, as an individual, have the right to lodge a complaint with the supervisory authority, in particular in the country where you have your habitual residence, your place of work or the alleged infringement Slovenia is the Information Commissioner) if you believe that the processing of personal data in connection with you violates the regulations on the protection of personal data.
Without prejudice to any other (administrative or extrajudicial) remedy, you as an individual have the right to an effective remedy against a legally binding decision of the supervisory authority in relation to it, as well as in the event that the supervisory authority does not consider your complaint or does not inform the situation or the decision on the appeal within three months. Proceedings against the supervisory authority shall be subject to the jurisdiction of the courts of the Member State in which the supervisory authority is established.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, the controller may request additional data from the individual, and may refuse to act only if he proves that he cannot reliably identify the individual. The controller must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receiving the request.
In the event of a breach of personal data protection, the provider is obliged to inform the competent supervisory authority, except when it is probable that the breach did not endanger the rights and freedoms of individuals. When there is a suspicion that a criminal offense has been committed in the event of a violation, the provider is obliged to inform the police and / or the competent prosecutor’s office about the violation. In the event of a violation that may cause a great risk to the rights and freedoms of individuals, the provider is obliged to immediately or where this is not possible, without undue delay, inform the data subject. The notice to the individual must be made in understandable and clear language.
Announcement Of Changes