Sign up for our e-news and receive a 20% discount on your next purchase!
Agrosloven Privacy Policy
The purpose of the Agrosloven Privacy Policy (hereinafter: the Policy) is to inform customers, potential customers, or visitors of Agrosloven websites about the purposes and legal basis for the processing of personal data.
Agrosloven z.o.o., Trstenik 1C, 4204 Golnik, Slovenia (hereinafter: Agrosloven or the provider or the controller of personal data) protects your personal data by ensuring their protection throughout its business operations.
At Agrosloven, we value your privacy, so we always carefully protect your data.
This Privacy Policy may be changed or amended at any time without prior notice or notification. By using the provider’s websites after a change or amendment, an individual confirms that they agree to the changes and amendments.
All our activities related to the processing of personal data comply with the applicable European legislation (in particular, Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and the Council of Europe conventions (ETS no. 108, ETS no. 181, ETS no. 185, ETS no. 189)) and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, no. 94/07), Electronic Commerce Market Act (ZEPT, Official Gazette of the Republic of Slovenia, no. 96/09 and 19/15), etc.).
The Privacy Policy deals with the handling of personal data that Agrosloven receives from you when you visit and use Agrosloven websites or provide them in any other way.
Controller and Data Protection Officer
The controller of personal data is Agrosloven z.o.o., Trstenik 1C, 4204 Golnik, Slovenia.
Agrosloven has appointed a data protection officer, who can be reached at info@agrosloven.com.
If you have any questions regarding the use of this policy or in connection with the enforcement of your rights arising from this policy, please contact the data protection officer through the contact provided in the next section of the policy.
Details of data protection officer details
Agrosloven z.o.o., Trstenik 1C, 4204 Golnik, Slovenia
Email: info@agrosloven.com in case of GDPR related issues, please send a message with the subject “GDPR”)
Key terms
Personal data means any information that can be used to identify an individual (including, for example, name, surname, e-mail address, telephone number, etc.).
Controller means a legal entity that determines the purposes and means of processing your personal data.
Processor means a legal or natural person who processes personal data on behalf of the controller.
Processing means collecting, storing, accessing, and all other forms of using personal data.
EEA means the European Economic Area, which includes all European Union member states, Iceland, Norway, and Liechtenstein.
Personal data
Personal data is information that identifies you as a certain or identifiable individual. An individual is identifiable when they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or by one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
The provider, in accordance with the purposes defined in this policy, collects the following personal data:
- Basic user information (name, address, date of birth, location)
- Contact information and information about your communication with the data controller (email address, phone number, date, time and content of postal or email communication)
- Information about the user’s purchases and issued invoices (date and place of purchase, purchased items, prices of purchased items, total purchase amount, method of payment, delivery address, invoice number and date of issue, identifier of the person who issued the invoice, etc.) and information about the resolution of product complaints
- Information about the user’s use of the data controller’s website (dates and times of visits to the website, visited pages or URLs, time spent on each page, number of pages visited, total time spent on the website, settings made on the website)
- Personal data voluntarily provided by the user by filling out forms, for example in the context of contests or the use of configurators or questionnaires to identify optimal products for the user’s needs
- Other data voluntarily provided by the user to the provider in response to a specific request for services, to the extent that such data is necessary for the provision of the service. The provider does not collect or process your personal data unless you enable or consent to it, for example through the use of the website, when ordering products or services, subscribing to the e-magazine, participating in a contest, etc. The provider also processes your data when there is a legal or contractual basis for collecting personal data, or when the provider has a legitimate interest in processing such data.
We also obtain your personal data through the use of cookies on our website. You can learn more about the use of cookies here.
The provider only collects those personal data that are appropriate and necessary to fulfill the purposes for which such data is processed.
The period of time during which the provider stores the collected data is further defined in the section on Personal Data Storage of this Policy.
Legal basis for data processing
The provider collects and processes your personal data on the following legal bases:
- Processing based on the law
- Processing based on a contract
- Processing based on the individual’s consent
- Processing based on a legitimate interest
- Processing based on a contract
We need your data when it is necessary to conclude, implement and fulfill contractual obligations. Providing personal data is voluntary in this case.
In case you do not provide personal data, you cannot enter into a contract with the provider, and the provider cannot provide services or deliver products to you.
Processing based on explicit consent
We process your data when you give us explicit consent to do so. When processing is based on consent, we will ensure that you have access to all the information you need to make a decision beforehand. You can withdraw your consent at any time. If you withdraw your consent, the provider may not be able to provide you with some services.
Processing based on legitimate interest
The provider may also process data based on its legitimate interest, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual whose personal data are involved and require the protection of personal data. In case of the use of legitimate interest, the provider always makes an assessment in accordance with the General Data Protection Regulation.
In case of processing based on legitimate interest, the user has the right to object. More information about your rights can be found in the policy below.
Processing based on law
We process your personal data when such processing is required by the legislation that binds us (e.g. tax legislation requires us to keep issued invoices). We process such personal data in compliance with the requirements of the law.
Purposes of personal data processing
The provider collects and processes your personal data for the following purposes:
Communicating with you regarding the provision of our services and responding to your inquiries
This includes notifications and responses to inquiries, handling complaints, conducting satisfaction surveys, and similar activities. We carry out this processing based on our legitimate interest in ensuring effective communication and successful business operations with our users.
Conclusion and fulfillment of obligations arising from the concluded contract
Conclusion and performance of the contract concluded with the provider, including the provider’s fulfillment of your orders (delivery of products and provision of services), communication with you, verification of your payments, and fulfillment of other obligations of the provider and/or your obligations. We process personal data based on the contract and prior to the contractual relationship.
In case you do not provide us with all the necessary data for concluding the contract, we reserve the right to postpone or cancel the order.
Direct notification of customers about special offers, discounts, and other content via email or SMS
At Agrosloven z.o.o., based on the ZEKom-1 law (Electronic Communications Act of the Republic of Slovenia, which is implemented on the basis of Directive 2002/58/EC of the European Parliament and Council of July 12, 2002), we inform our customers about our products, services, and content. The customer can demand at any time the termination of this type of communication and processing of personal data (right to object). The customer can terminate this communication at any time by clicking on the unsubscribe link in the received messages or by submitting a written request to the email address info@agrosloven.com. In this case, we process your data based on the law.
Direct notification of special offers and other content via email
At Agrosloven z.o.o., we will notify you of our products, services, discounts, and content via email based on your given consent. The customer can demand at any time the termination of this type of communication and processing of personal data by revoking their consent. The given consent can be revoked at any time through the contacts listed on the website https://agrosloven.com/contact.
Direct notification of customers about special offers and other content via phone calls and regular mail
At Agrosloven z.o.o., based on the given consent, we occasionally inform our customers about our products, services, discounts, and content via phone calls and regular mail. The customer can demand at any time the termination of this type of communication and processing of personal data by revoking their consent. The given consent can be revoked at any time through the contacts listed on the website https://agrosloven.com/contact.
General statistical processing of customer data and their orders, as well as potential customers (contacts) for the purposes of internal sales analysis, repeat purchases, aggregate customer behavior, advertising optimization, and business optimization.
At Agrosloven z.o.o., we carry out general statistical processing of customer data and their orders, as well as potential customers (contacts), based on which we conduct internal sales analyses, repeat purchases, and aggregate customer behavior, monitor and optimize our business efficiency, and optimize our advertising, for example:
We monitor sales through our sales channels We monitor how many customers make repeat purchases, how quickly, and in what value We monitor general statistical sales data, such as the average value of the shopping cart, the number of products in the order, and similar We monitor responses to email, SMS messages, phone calls, and various advertising messages, and based on that, we optimize our advertising (deciding what, where, to whom, and how to advertise)
“Such statistical monitoring enables us to optimize business and advertising in general, and to offer users affordable products and services based on that. This processing of personal data is based on the legitimate interest of the provider in successful business operations and providing quality services to users.
Processing of data on uncollected remote orders to prevent fraud
At Agrosloven z.o.o., we process data on sent and uncollected remote orders based on our legitimate interest to determine whether and which customers disproportionately order products with payment upon receipt remotely and then do not collect those products, causing us financial losses that we want to prevent.
When we identify such customers, we disable them from ordering products with payment upon receipt in the online store, but they can still order products with immediate prepayment using credit cards.
Automatic email communication with the user based on their initiation of the online purchasing process
At Agrosloven z.o.o., based on our legitimate interest, we occasionally send email messages to potential customers who have added selected products to their shopping cart but have not completed their purchase, with the aim of trying to complete the purchase or providing assistance and information on this matter.
If you do not want this, you can terminate this type of data processing at any time by sending a written request to our email address info@agrosloven.com.
Use of Google Remarketing service
The use of the Google Remarketing service enables Google to display Google ads for our products on other websites and applications (including YouTube) based on the products you have viewed (the pages you have visited) on Agrosloven websites.
With cookies, Google “remembers” your device and your visit to the Agrosloven website, and the product(s) you viewed. When you visit a website or use an application that is part of the Google Display Network, Google may show you an ad for the viewed product.
For the use of the Google Remarketing service, your name, email, and telephone number are processed and sent to Google, but in anonymous form. Despite using the Google Remarketing service, Agrosloven cannot determine that you made a purchase on the Agrosloven website by clicking on a specific Google ad.
Personal data is processed for this purpose only based on your consent, which you can revoke at any time by sending a written request to our email address info@agrosloven.com.
Enforcement of legal claims, protection of our rights, and dispute resolution
We collect personal data for the specified purpose in accordance with the law.
Legal obligations
We collect your data to fulfill legal obligations, such as storing invoices for tax purposes. We process your data only to the extent necessary to fulfill legal requirements.
Storage of personal data
The Provider will keep your personal data only for as long as necessary to fulfill the purpose for which the personal data was collected.
Personal data processed by the Provider on the basis of the law will be stored for the period prescribed by law.
Personal data processed by the Provider for the performance of a contractual relationship with an individual will be stored for the period necessary for the execution of the contract and for an additional 5 years after its termination, unless there is a dispute between you and the Provider regarding the contract; in such a case, the Provider will store the data for an additional 5 years from the date of the court or arbitration decision or settlement, or if there was no legal dispute, for 5 years from the date of the peaceful resolution of the dispute.
Personal data processed by the Provider on the basis of an individual’s personal consent will be stored permanently, until revoked by the individual. The Provider will delete such data before revocation only if the purpose of the processing of personal data has already been achieved.
After the storage period has expired, the personal data controller effectively and permanently deletes or anonymizes the data so that it can no longer be linked to a specific individual.
The data controller specifies the following in more detail:
Communication with you regarding the provision of our services and responding to your inquiries
12 months from the end of communication.
Conclusion and fulfillment of obligations arising from the concluded contract
5 years from the execution of the contract.
Direct informing of customers about special offers, discounts, and other content via email or SMS
Until revoked.
Processing of data on unclaimed remote orders for the purpose of preventing fraud
5 years from the start of processing.
Automatic email communication with the user based on their initiation of the online purchase process
Until revoked.
Google Remarketing
Until revoked.
Contractual processing of personal data
Here is the translation of the text you provided from Slovenian to English:
“The provider may entrust individual tasks related to the processing of your data to other persons (contracted processors). Contracted processors may process entrusted data solely on behalf of the provider, within the scope of the provider’s authorization (in a written contract or other legal act) and in accordance with the purposes defined in this privacy policy.
The contracted processors with whom the provider cooperates are:
- Accounting services; law firms and other providers of legal advice;
- Providers of data processing and analytics;
- IT system maintainers;
- Providers of email sending services (such as Mailerlite and others);
- Payment system providers, such as Bankart, PayPal, PayU, and others;
- Providers of online advertising solutions (such as Google, Facebook).
The provider will not disclose your personal data to any unauthorized third parties.
Contracted processors may process personal data only within the controller’s instructions and may not use personal data to pursue any of their own interests.
The controller and users of personal data do not transfer them to third countries (outside the European Economic Area – EU Member States and Iceland, Norway, and Liechtenstein) and international organizations, except to the United States – all contracted processors in the US are included in the Privacy Shield program.
Freedom of choice
You control the information you provide about yourself. If you decide not to provide your data to the provider, then we will not be able to provide certain services to you.
Individuals who wish to unsubscribe from Agrosloven e-newsletters can notify us at info@agrosloven.com. If your personal data changes (postal code, email address, physical address, phone number), please notify us of the changes at info@agrosloven.com.
Automatic recording of information (non-personal data)
Whenever you access the website, general, non-personal data (number of visits, average time spent on the website, pages visited) is automatically recorded (not as part of the login process). We use this information to measure the attractiveness of our website and to improve its content and usability. Your data is not subject to further processing and is not disclosed to third parties.
Cookies
Cookies are invisible files that are temporarily stored on your hard drive and allow the provider to recognize your computer the next time you visit the website. The provider uses cookies only to collect information related to the use of the website and to optimize their internet advertising activities.
Advertising cookies track an individual’s use of the provider’s website, unless the individual does not agree to the use of cookies on the website.
You can read more about cookies and their use here.
Security
The provider strives to ensure the security of personal data. Your data is constantly protected against loss, destruction, forgery, manipulation, unauthorized access or unauthorized disclosure.
We take organizational and technical measures to protect personal data, such as:
- employee training;
- careful selection and supervision of contractors;
- backup of electronically stored data;
- regular maintenance and updating of computer equipment.
Consent of a minor regarding information society services
Minors under 16 years of age should not provide any personal data on the website or otherwise without the permission (consent or approval) of the person holding parental responsibility for the child (one of the parents or guardians). The provider will never knowingly collect personal data from persons known to be minors (under 16 years of age), or use or disclose them to third unauthorized parties without the consent of the person holding parental responsibility for the child.
This does not affect the general contract law of the Member States, such as rules on the validity, formation, or effect of a contract with regard to a child.
The provider, taking into account available technology, makes reasonable efforts to verify whether the person holding parental responsibility for the child has given or approved the consent in such cases.
Individual rights regarding data processing
If you have any questions regarding our privacy policy or the processing of your personal data, you can contact us at any time. Write to us at info@agrosloven.com. Based on your request, we will provide you with the requested information or (in accordance with the legal regulation) ensure the realization of your rights.
You have the following rights regarding data processing:
Right to withdraw consent: If you have consented as an individual to the processing of your personal data (for one or more specific purposes), you have the right to withdraw this consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
Consent can be revoked by written statement, which is sent to the controller at one of the contacts listed on the website https://www.agrosloven.com/contact.
Revoking consent for the processing of personal data for an individual has no negative consequences or sanctions. However, it is possible that the controller will no longer be able to provide individual or several of its services to the individual after the withdrawal of the consent for the processing of personal data.
Revocation of consent for the processing of personal data for an individual has no negative consequences or sanctions. However, it is possible that the controller may no longer be able to provide individual or several of its services to the individual after revocation of consent for the processing of personal data, if they are services that cannot be provided without personal data (e.g. a loyalty club or personalized notifications).
Right to access personal data: As an individual, you have the right to obtain confirmation from the provider (controller of personal data) as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and certain information (about the purposes of the processing, the types of personal data, the recipients, the periods of retention or criteria for determining the retention period, the existence of the right to rectification or erasure of data, the right to restriction of processing and the right to object to processing, the right to lodge a complaint with a supervisory authority, the source of data if the data was not collected from you, the existence of automated decision-making, including profiling, the reasons behind it and the significance and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR).
Right to rectification of personal data: As an individual, you have the right to obtain from the provider, without undue delay, the rectification of inaccurate personal data concerning you. As an individual, taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure of personal data (“right to be forgotten”): As an individual, you have the right to obtain from the provider the erasure of personal data concerning you without undue delay and the provider must erase the data without undue delay where one of the following grounds applies:
- the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent, and there is no other legal ground for the processing; you object to the processing and there are no overriding legitimate grounds for the processing; the data has been unlawfully processed;
- the data must be erased for compliance with a legal obligation under EU or Member State law to which the provider is subject;
- the data has been collected in relation to the offer of information society services.
However, as an individual, in certain cases described in Article 17(3) of the GDPR, you do not have the right to erasure of data.
Right to restriction of processing: As an individual, you have the right to obtain from the provider restriction of processing where one of the following applies:
- you contest the accuracy of the personal data for a period enabling the provider to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the provider no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
- you have objected to processing pending the verification of whether the legitimate grounds of the provider override your grounds.
Right to data portability: As an individual, you have the right to receive the personal data concerning you, which you have provided to a provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another provider without hindrance from the provider to which the personal data have been provided, by impeding, specifically when:
- the processing is based on consent or contract
- the processing is carried out by automated means.
As an individual, you have the right to data portability in order to have your personal data transferred directly from one controller (provider) to another, where technically feasible, when exercising this right;
Right to object to processing: as an individual, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (point (e) of Article 6(1) GDPR) or for the purposes of the legitimate interests pursued by the provider or by a third party (point (f) of Article 6(1) GDPR), including profiling based on those processing; the provider shall no longer process the personal data unless the provider demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the individual shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing; where the individual objects to processing for direct marketing purposes, the data shall no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes, the individual shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest;
Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, as an individual, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (in Slovenia this is the Information Commissioner), if you consider that the processing of personal data relating to you infringes the data protection regulations.
Without prejudice to any other administrative or non-judicial remedy, as an individual, you have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning you, and also the right to an effective judicial remedy where the supervisory authority does not handle your complaint or inform you within three months on the progress or outcome of the complaint. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
Individuals may address all requests concerning the exercise of their rights relating to personal data in writing to the controller, at one of the contacts listed on the website https://www.agrosloven.com/contact.
For the purpose of reliable identification in the event of asserting rights related to personal data, the controller may require additional information from the individual, and can only reject such measures if it proves that the individual cannot be reliably identified.
The controller must respond to a request from an individual asserting their rights regarding personal data without undue delay and at the latest within one month of receiving the request.
Notification to the supervisory authority of a breach of personal data protection
In the event of a breach of personal data protection, the provider must inform the competent supervisory authority, unless it is likely that the rights and freedoms of individuals have not been compromised. In cases where there is suspicion of a criminal offense, the provider must inform the police and/or the competent prosecutor’s office about the breach.
If a breach occurs that could pose significant risk to the rights and freedoms of individuals, the provider must immediately or without undue delay notify the individuals to whom the personal data relates. The notification to the individual must be in a clear and understandable language.
Publication of changes
Any changes to our privacy policy will be published on this website.
Published on February 22, 2023.