At Trendills, we value your privacy so we always keep your information secure.
All our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (General Data Protection Regulation or GDPR) and Council of Europe Conventions (ETS No 108, ETS No .181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/07), the Electronic Commerce Market Act ( ZEPT, Official Gazette of the RS, Nos. 96/09 and 19/15), etc.).
Personal information is information that identifies you as a specific or identifiable individual. An individual is identifiable when it can be determined directly or indirectly, in particular by specifying an identifier such as name, identification number, location information, web identifier, or by specifying one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
– basic information about the user (name and surname, address, date of birth, location);
– contact information and information about your communication with the operator (email address, email, telephone number, – – – date, time and contents of postal or email communication, date, time and duration of phone calls, recording of phone calls);
– the method of acquiring a member of the source through which the user contacted the manager (website and advertising campaign or campaign, call center);
– information on the user’s purchases and invoices (date and place of purchase, items purchased, prices of items purchased, the total purchase amount, payment method, delivery address, invoice number and date, invoice label, etc.), and information on resolving product complaints;
– information about the user’s use of the manager’s website (dates and times of website visits, pages or URLs visited, retention time per page, number of pages visited, a total time of website visit, settings made on the website) and information about the use of received messages (email, SMS) manager;
– information from voluntarily completed forms by the user, e.g. in the context of sweepstakes or the use of configurators to identify optimal products for the user’s needs;
– other information voluntarily provided by the user to the provider upon request to certain services requesting that information.
The provider does not collect or process your personal information, except when you allow it or. consent to this, ie. when ordering products or services, when you subscribe to an e-journal, participate in sweepstakes, etc., or when there is a legal basis for collecting personal information or the processing provider has a legitimate interest.
The time period during which the Provider retains the collected information is further specified in the section Retention of Personal Data of this Policy.
The purposes of processing and the basis for data processing
The provider collects and processes your personal information on the following legal bases:
– law and contractual relations,
– consent of the individual and
– legitimate interest.
– Law and contractual processing
In the case where the provision of personal data is a contractual obligation, an obligation required to conclude and perform a contract with the provider, or a legal obligation, you must provide personal data; If you do not provide personal data, you cannot contract with the provider, nor can the provider perform the services or supply the products under the contract, since he does not have the necessary data to perform the contract.
Processing on the basis of legitimate interest
The provider may also process the data on the basis of a legitimate interest pursued by the provider, except where such interests outweigh the interests or fundamental rights and freedoms of the data subject requesting the protection of personal data. In the case of legitimate interest, the provider always carries out an assessment in accordance with the General Data Protection Regulation.
Processing based on your consent
The Provider collects and processes (uses) your personal information also for the following purposes when you consent to it:
– ensuring that you access and use your online account with the provider and the provider’s online store and for technical reasons of administration on the provider’s website,
– ensuring that you can access the specific information available to you on the provider’s website and your online account/profile provided by the provider,
– preparing and sending a personalized e-magazine if you have subscribed to it,
– sending commercial offers and other content via email, SMS, regular mail or telephone calls, unless otherwise agreed and agreed,
– any other purpose for which you specifically agree to cooperate with the provider.
– Consensus profiling of users
– Based on your consent, the provider also performs personalized communication, which is carried out through various communication channels (via email, SMS, phone calls, mail, browser notifications, website information, social networks).
In order to offer you the best possible offers and content tailored to your needs, with your consent, we design your profile as the basis for personalized communication.
We may use the following information for this purpose:
– Demographics (gender, date of birth, age, address)
– History of your purchases (products purchased, purchase time, number of purchases)
– Answers in various Trendills questionnaires on Trendills sites
– Behavior on Trendills Websites (view individual products or content, add products to your shopping cart, online transactions)
– Your responses (opening a message, clicking on a link, buying) to the various messages we send you
Based on this user profile, it may then depend on what content and offers you receive from us:
– What products and contents will we present to you (eg joints, detoxification, weight loss, general healthy eating, etc.) that will be of maximum interest to you
– What kind of offers you will receive (buyers with a higher number or frequency of purchases at Trendills get better deals)
– How often we will send you messages and through which channels of communication
– If you have given your consent to this processing and you no longer want it, you can terminate such processing at any time via the unsubscribe link in the inbox or by a written request to [email protected]
Retention of personal data
The provider will retain your personal information only for as long as it is necessary to accomplish the purpose for which the personal information was collected and further processed (eg to ensure that you access and use your online account with the provider and the provider’s online store, for the provider’s fulfilling your orders, verifying your payments and fulfilling other obligations of the provider and/or your obligations, to ensure that you can access the specific information available to you, to ensure that you can use the benefits of the Trendills, to send the provider newsletter, etc.).
The Provider keeps the personal data processed by the Provider on the basis of the law for the period prescribed by the law.
The Provider shall retain the personal data processed by the Bidder for the purpose of performing the contractual relationship with the individual for the period necessary to execute the contract and for 5 years after its termination, except in cases when a dispute arises between you and the Bidder regarding the contract; in such case, the Provider shall keep the data for 5 years after the court or arbitration award or settlement has become final or, in the absence of a court dispute, for 5 years from the date of the peaceful settlement of the dispute.
Any personal data which the Provider processes based on the personal consent of an individual or a legitimate interest shall be permanently stored by the Provider until the withdrawal of this consent by the individual or. requests to interrupt processing. The Provider deletes such information before cancellation only when the purpose of the processing of personal data has already been achieved (for example, if the Provider ceases to operate his Benefit Club, the Provider would delete all personal data collected for this purpose even if the individual who consented to the processing of personal data for the purpose of being a member of a benefit club, he has not given such cancellation) or if required by law.
After the retention period has elapsed, the controller effectively and permanently deletes or anonymizes personal data so that it can no longer be linked to a specific individual.
Contractual processing of personal data
The contractors with which the bidder cooperates are:
Accounting Service; law firms and other legal counseling providers;
data processing and analytics providers;
IT systems maintainers;
email providers (e.g., Mailchimp and others);
payment system providers such as Adyen, PayPal, PayU, Klarna, Sofort, Multibanco, dotPay, and others);
providers of customer relationship management systems (eg Microsoft);
web advertising solution providers (e.g., Google, Facebook).
The Provider will not share your personal information with third parties.
Contractors may process personal data solely within the instructions of the controller and may not use personal data to pursue any self-interest.
The controller and users of personal data are not exported to third countries (outside the European Economic Area – EU Member States and Iceland, Norway and Liechtenstein) and to international organizations except the USA – all contractors in the USA are included in the Privacy Shield program.
Freedom of choice
The information you provide about yourself is controlled by you. If you choose not to provide your information to the provider, you will not be able to access certain sites or features on the website.
Automatic recording of information (non-personal data)
Whenever you access a website, general, non-personal information (number of visits, an average time of website visit, pages visited) is automatically recorded (not as part of the application). We use this information to measure the attractiveness of our site and to improve content and usability. Your information is not subject to further review and is not disclosed to a third party.
The provider makes every effort to ensure the security of personal data. Your information is protected against loss, destruction, forgery, manipulation and unauthorized access or unauthorized disclosure at all times.
Consent of a minor in relation to information society services
Minors under 16 years of age should not share any personal information on the website or otherwise without the permission (consent or approval) of the parental responsibility for the child (one of the parents or guardian). The provider will never knowingly collect personally identifiable information from persons it would be aware of are minors (under 16 years of age), or otherwise use it or disclose it to any third party unauthorized without the permission of the parent of the child.
This does not affect the general contract law of the Member States, such as the rules governing the validity, formation or effect of a contract in relation to a child.
In such cases, the provider shall make reasonable efforts in such cases to verify that the parental responsibility for the child has given or approved the consent.
Data processing rights of the individual
In order to ensure fair and transparent processing, you, as an individual, have the following rights under the regulations:
Right of Revocation: If you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to revoke this consent at any time without prejudice to the lawfulness of the processing of the consent-based data exercised until its revocation.
Consent can be withdrawn by a written statement sent to the manager at one of the contacts listed on https://www.starshop-eu.com/.
Withdrawal of consent to the processing of personal data for an individual has no negative consequences or sanctions. However, it may be that the controller may no longer be able to offer one or more of his services after the withdrawal of consent to the processing of personal data, in the case of services which cannot be provided without personal data (eg. benefits club or personalized information).
Right of access to personal data: As an individual, you have the right from the provider (controller of the personal data) to confirm that personal data are being processed in relation to you and, where applicable, to access personal data and certain information (about the purposes of the processing, o types of personal data, users, retention periods or criteria for determining periods, the existence of the right to rectify or delete data, the right to restrict and object to processing and the right to complain to the supervisory authority, on the source of the data, if the data were not collected at you, on the existence of automated decision-making, including the creation of profiles, the reasons for them and the importance and consequences of such processing for you, and other information in accordance with Article 15 GDPR);
Right to Correct Personal Information: As an individual, you have the right to have the provider correct the inaccurate personal information concerning you without undue delay. As an individual, you have the right to complete incomplete information, including the submission of a supplementary statement, having regard to the purposes of the processing;
Right to erasure of personal data (the “right to be forgotten”): As an individual, you have the right to have the provider delete personal data about you without undue delay, and the provider must delete the data without undue delay when there are one of the following reasons:
(a) the data are no longer needed for the purposes for which they were collected or otherwise treated,
(b) if you withdraw the consent and there is no other legal basis for processing,
(c) if you object to the processing and there are no overriding legitimate reasons for the processing,
(d) the data were processed illegally,
(e) the data must be deleted in order to fulfill legal obligations under EU or Member State law applicable to the provider;
(f) the information has been collected in relation to the information society service offerings.
However, as an individual, in the specific cases described in paragraph 3 of Article 17 of the GDPR, you are not entitled to delete the data;
Right to Restrict Processing: As an individual, you have the right to have a provider restrict processing where there is one of the following situations:
(a) if you dispute the accuracy of the data for a period allowing the provider to verify the accuracy of the data,
(b) the processing is unlawful and you oppose the deletion of the data and instead request a restriction on its use,
(c) you no longer need the data provider for processing purposes, but you do need them to enforce, enforce and defend legal claims,
(d) you have lodged an objection to the processing until it is verified that the legitimate reasons of the provider outweigh your reasons;
Right to data portability: As an individual, you have the right to receive personal information regarding you that you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to pass that information to another controller without you the provider who provided the personal data with this obstacle, when:
the processing is based on consent or on a contract; and
(b) the processing is carried out by automated means.
As an individual, you have the right to transfer personally identifiable information directly from one controller (provider) to another, where technically feasible;
Right of objection to processing: as an individual, you have the right, at any time, to object to the processing of personal data necessary for the performance of tasks in the public interest or in the exercise of public authority conferred on the provider, on grounds relating to your particular situation (point (e) of Article 6 (1) GDPR) or is necessary for the legitimate interests pursued by the provider or third party (point (f) of Article 6 (1) GDPR), including the creation of profiles based on those treatments; the provider ceases to process personal data unless it demonstrates compelling legitimate reasons for processing that outweighs your interests, rights, and freedoms, or for the enforcement, enforcement or defense of legal claims.
Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles insofar as such direct marketing is concerned; when individual objects to processing for direct marketing purposes, the data are no longer processed for that purpose.
When the data are processed for scientific, historical, research or statistical purposes, the individual has the right to object to the processing of data relating to him/her for reasons related to his / her particular situation, unless the processing is necessary for the performance of the task being performed. for reasons of public interest;
Right to lodge a complaint with a supervisory authority: Without prejudice to any other (administrative or other) remedy, you have the right, as an individual, to file a complaint with the supervisory authority, especially in the country where you have your habitual residence or in which allegedly infringed (in Slovenia, this is the Information Commissioner) if you believe that the processing of personal data concerning you violates the rules on personal data protection.
Without prejudice to any other (administrative or extrajudicial) remedy, as an individual, you have the right to an effective remedy against a legally binding decision of the supervisory authority in relation to it, as well as in cases where your supervisor does not hear or appeal you. it shall not inform the State of the matter or the decision on the appeal for three months. The courts of the Member State where the supervisory authority is domiciled shall have jurisdiction over the proceedings against the supervisory authority.
An individual may make all requests concerning the exercise of personal data rights, addresses, in writing, to the controller to one of the contacts listed on https://www.starshop-eu.com/.
For the purposes of reliable identification in the event of the exercise of rights regarding personal data, the controller may request additional information from the individual and may refuse to act only if it proves that it cannot reliably identify the individual.
At the request of the data subject, the controller must reply without undue delay and at the latest within one month of receiving the request.
Notification to the supervisory authority of a breach of personal data protection
In case of breach of personal data protection, the Bidder is obliged to inform the competent supervisory authority thereof, unless it is likely that the breach did not endanger the rights and freedoms of individuals. Where a violation is suspected of having committed a crime, the Bidder is obliged to inform the police and/or the competent prosecutor’s office of the breach.
In the case of a breach which may cause a great risk to the rights and freedoms of individuals, the Bidder is obliged to immediately or in breach of the breach. where this is not possible, inform the data subjects without undue delay. The notice to the individual must be made in a clear and clear language.
Updated: February 14, 2020