The purpose of this Privacy Policy is to inform the users and customers (hereinafter also referred to as “the individual”) of the toslanutricosmetics.com website (hereinafter also referred to as “the website”) that each time you visit the website, you may also provide us with certain information that may directly or indirectly identify you as an individual (personal data), and we would therefore like to explain to you how we will process, store and protect this information, as well as your rights in relation to your personal data.

We process, store and protect all personal data in accordance with the applicable legislation defining the protection of personal data, in particular in accordance with the applicable law governing the protection of personal data, the law governing electronic communications and the EU General Data Protection Regulation.

Please read our Privacy and Cookie Policy in detail to understand how we protect your privacy.

By submitting your personal data and visiting the website, you declare that you have read our Privacy and Cookie Policy and are aware of the processing methods and the legal basis for the processing of your personal data. If you do not agree to the processing methods, please do not provide us with your personal data and do not use our website.

Personal data controller:

Controller of personal data is TOSLA d.o.o., Tovarniška cesta 6E, 5270 Ajdovščina, Slovenia, VAT nr.:
12355992,  registration nr.: 6596886000, phone nr. +386 81 601 100, e-mail: info@tosla.si.

The controller does not have a designated data protection officer, as we do not process personal data to the extent that we would need to comply with this obligation. As your privacy is of the utmost importance to us, you can always contact us if you have any questions regarding the processing of your personal data by calling the telephone number or by sending us an e-mail as indicated above or by sending us an e-mail: dataprotection@tosla.si.

How we obtain your personal data We process and collect personal data if you provide it to us or we obtain it from your visit to the website:

• when you contact us through the website, contact our sales department, our purchasing department or our research and development department (by email or telephone),
• when you visit our website,
• you enter into a contract with us or we take pre-contractual steps.

Types of personal data, purposes of processing your personal data and legal basis:

Any personal data you provide to us will be treated confidentially and will only be used for the purposes for which we obtained it. In the event that there is a need to further process your data for another purpose, we will contact you in advance and ask for your consent.

How we obtain your personal data

When you visit our website:

• we collect the following information: this is technical information that we collect automatically when you use our website, including device data or other log data. We collect information such as web requests, data sent in response to such requests, browser type, browser language, IP address, timestamp for the request, and other anonymous statistics relating to the use of our website. This information cannot be used by itself to identify or contact you. We may automatically combine the personal information we collect with other, non-personal information. In this case, we will treat the combined information as personal information in accordance with this Privacy and Cookie Policy. We obtain this information through the use of cookies and other technologies (see below for more information about the cookies and other technologies we use),
• the legal basis for the processing of personal data referred to in the preceding paragraph is our legitimate interest (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR).

Until such time as you provide us with personal information (such as your name, e-mail address, etc.), any information we automatically collect when you use the Site is anonymous information and we cannot and do not ascertain the identity of the individual.

When you fill in the form to contact us via the website, to conclude and execute a contract or to carry out pre-contractual measures (preparation of a quotation), to contact our sales department, our purchasing department or our research and development department:

– For the purposes of conducting business, responding to enquiries, participating in promotional offers and processing and fulfilling your product/service order, newsletter subscription, we collect the following personal data:

• first and last name,
• address and place of residence,
• e-mail,
• username,
• phone number,
• any other information that you, as a user, voluntarily enter in a form on the website or provide to us by e-mail or telephone.

– We obtain the data if you explicitly provide it and there is a legal basis, which is your consent (point a of the first paragraph of Article 6 of the GDPR), if we have concluded a contract or if we carry out measures at your request prior to the conclusion of the contract (point c of the first paragraph of Article 6 of the GDPR), on the basis of the law, or if there is a legitimate interest on our part (point f of the first paragraph of Article 6 of the GDPR).

When applying for a job position:

– For the purposes of processing personal data, we collect personal data on the basis of a CV and a cover letter when you apply for a job position:

• Name and surname,
• address and place of residence,
• e-mail,
• telephone number,
• information about your education, training and work experience (information which can be seen on your CV and cover letter).

Providing personal data is not a condition for using our services, but without providing at least some personal data, we are unable to provide many services and, among others, to dispatch the goods you have ordered. If you believe that someone has provided us with your personal data and you do not want us to process it, please let us know at dataprotection@tosla.si. All your personal data will be kept only for as long as is necessary to fulfil the purpose for which it was collected or will be kept only for the period required by law in certain cases.

Legal bases and purposes for processing personal data:

We process personal data on the basis of the consent of the individuals concerned, such as for the following purposes:

• to complete a contact form,
• participation in promotional campaigns published on the website,
• signing up for the newsletter,
• processing applications for a job position.

We may process your personal data on the basis of a contract, such as for the following processing purposes:

• order our products or services,
• entering into and performing a contract,
• informing customers of the successful order and other relevant information relating to the order,
• for the performance of the services,
• to resolve complaints.

Where circumstances require us to do so, we may process your personal data on the basis of a legitimate interest pursued by us, except where such interests of ours are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, for example for the following purposes:

• optimising your website,
• ensuring the security of IT systems
• for service/goods improvements, contacting you to determine your satisfaction with our services/goods,
• to prevent abuse and/or fraud.

We process personal data on the basis of the law and in accordance with the relevant legislation:

• in connection with your order for lawful purposes (e.g. tax legislation, accounting regulations).

Transfers of personal data to third parties (users of personal data) and to third countries

• We may share your personal data with third parties only as set out in this Privacy and Cookie Policy, and certain personal data is transferred to the United States on the basis of standard contractual clauses included in the personal data processing agreements we enter into with providers.

We share personal data with third parties:

• With our service providers, business partners and contractors who provide services on our behalf or who we use to support our business. All of these third parties comply with the requirements set out in our Privacy and Cookie Policy and we have entered into appropriate personal data processing agreements with them. We will disclose your personal data if necessary to fulfil our obligations to you and to the minimum extent necessary (e.g. email notification provider, security solutions provider).
• We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or safety of us or another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed.
• We may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.

We do not transfer the personal data we collect to other third parties or to third countries without an adequate level of protection. Your personal data may be transferred to the USA (within the framework of a web analytics and email notification service provider), and we use standard contractual clauses approved by the European Commission (Commission Decision No 2010/87/EU) with all contract processors in the USA.  

Children data

We are committed to protecting children’s online privacy and internet safety. We do not offer goods and services to children, or we do not knowingly collect or request personal data from children under the age of 15.

We will not retain any communication that we reasonably and reasonably believe is coming from a child under the age of 15. Parents or guardians of children under the age of 15 are encouraged to regularly check and monitor their children’s use of e-mail and other online activities.

We use all available technology and endeavor to verify whether the holder of parental responsibility for the child has given or approved consent.

Automated decision-making and profiling

Individuals’ personal data are not subject to automated decision-making, nor are they subject to profiling.

How do we keep your personal data secure

We appreciate your trust in us and sharing your personal data with us. We are committed to protecting it, and we take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices – both security measures and physical measures. We restrict access to personal information to our employees, service providers and agents who need to know it in order to develop or improve our services.

Please understand that our website provides links to other websites that are not owned and/or operated by us. Your use of these third-party services is completely optional. We are not responsible for the content and/or practices of third parties.

Information about the rights of the data subject whose data we process

 In relation to your personal data that we process, you have the right:

• to withdraw consent to processing of your personal data at any time (The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal). If you just want to update your personal data, you can do so, for example, in your account on the website,
• to be informed: to obtain confirmation as to whether we are processing your personal data,
• to access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.,
• to correct, without undue delay, inaccurate personal data relating to you and the right to have the personal data completed,
• to erasure (right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc.,
• restrictions on processing in certain cases, such as when you contest the accuracy of the data, etc.,
• to data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances.
• to object: at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing,
• to declare that a decision based solely on automated processing of personal data, including profiling, has legal effects concerning you or substantially affects you in a similar way, or does not apply to you. If the decision is (1) necessary for entering into or performance of a contract between you and us, or (2) based on your explicit consent, we will take appropriate measures to protect your rights and freedoms and legitimate interests and ensure at least the right to communicate personally with the controller, to express your point of view and contest the decision,
• to appeal, independent of the above stated rights, to a supervisory authority if you believe that processing of your personal data violates the data protection regulations. You may file a complaint to the competent state authority: Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: ip@ip-rs.si, phone: 00386 1 230 97 30, website: www.ip-rs.si.

For all stated rights, you may, at any time, contact us:

• at dataprotection@tosla.si.

We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.

Retention period of personal data

We will keep the personal data of the data subject for as long as necessary to fulfil the purpose for which the personal data were collected and further processed.

We will retain the personal data of jobseekers who have given their consent to processing after the selection procedure has been completed for a maximum period of 2 (two) years after the final selection of the candidate for the advertised position or until your withdrawal, to the extent that you withdraw your withdrawal before the expiry of the 2-year retention period.  

In some cases, we will keep anonymized data for longer, but always in a manner and form from which the data cannot be traced back to you and, consequently, you cannot be identified or profiled.

The retention period for personal data may vary depending on the applicable sectoral legislation (e.g. tax legislation, accounting regulations). Where the applicable sectoral legislation provides for mandatory retention periods for personal data, we delete personal data after the expiry of the period prescribed by law.

Cookies

Cookies are small text files placed on your hard drive. We use cookies or similar technologies (Google Analytics etc.) to personalize your online experience and improve our website to you. For example, cookies will remember and process the items in your shopping cart on our website. You can modify your browser settings to control whether your computer accepts or declines cookies. If you choose to decline cookies, you may not be able to use certain interactive features of our website. Note that you can always go back and delete cookies from your browser; however, that means that any settings or preferences controlled by those cookies will also be deleted and you may need to recreate them. The law states that we can store cookies on your device if they are strictly necessary for the operation of the website. For all other types of cookies (unnecessary cookies; e.g. analytics cookies), we need your prior informed consent.

Below is a list of cookies that we use. We have listed them so that you can choose if you want to opt-out of cookies or not.

NECESSAY COOKIES

ANALYTICS COOKIES

GOOGLE ANALYTICS

On our website, we have the component of Google Analytics. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising. The data processing is based on a data processing agreement with Google. You can read more about Google Analytics privacy policy here.

More about Google Analytics: The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

How can you manage the cookies that our website uploads?

If you wish to change the way cookies are used in your browser, including blocking or deleting them, you can do so by changing your browser settings accordingly. To manage cookies, most browsers allow you to accept or reject all cookies, accept only a certain type of cookie, or warn the individual that the website wishes to store a cookie. You can easily delete cookies that have been stored by your browser.

If you modify or delete your browser’s cookie file, or modify or reward your browser or device, you may need to disable cookies again. The process for managing and deleting cookies varies from browser to browser.

More information about cookies, including instructions on how to manage cookies in the browser you are using, is available at the following links:

• Chrome (Computer, Android, Ipad & Iphone)
• Mozilla Firefox
• Internet Explorer
• Microsoft Edge
• Safari
• Opera

If you do not accept our cookies completely, there is a possibility that some parts of our website will not work properly, or you may need to manually adjust your desired settings each time you visit our website.

Security

We are committed to ensuring the security of personal data. Your personal data is protected at all times against loss, destruction, falsification, manipulation and unauthorized access or unauthorized disclosure. We apply an appropriate level of security and have in place reasonable physical, electronic and administrative measures to protect the information we collect.

Despite our efforts to ensure security, our systems may be hacked. In the event that an individual’s personal data is altered, disclosed or destroyed, we will notify the individual by email.

Links to other websites

Our website may contain links to third websites. These websites have their own privacy policies, which you should familiarize yourself with, as we do not assume any responsibility for them.

Updates to this Privacy and Cookie policy

We reserve the right, at our sole discretion, to update, modify or replace any part of the Privacy  and Cookie Policy by posting the update or modification on the website without prior notice. Any change shall be effective as of the date of public posting of the revised Privacy and Cookie Policy on our website.

This Privacy and Cookie Policy was last updated on 22.11.2022.