Data Protection and Privacy Policy

Varteks respects the privacy and protects the personal data of its users, business partners or other persons with whom it establishes business cooperation, and whose personal data it collects and processes in its daily business.

The Data Protection and Privacy Policy is the fundamental document that describes the purpose and objectives of the collection, processing and management of personal data, as well as ensuring an adequate level of data protection (hereinafter: the ‘Policy’). In order to ensure fair and transparent processing, Varteks provides you with clear information on the processing and protection of personal data it collects and processes, and enables easy monitoring and management of personal data and consents.

The policy is compiled in accordance with the effective regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR and the Act on Implementation of General Data Protection Regulation (OG 42/18).

Varteks has appointed a data protection officer you can contact at dpo@varteks.com or by mail to the address Varteks d.d. (‘Data Protection Officer’), Zagrebačka 94, HR-42000 Varaždin.

DATA WE COLLECT

1.1. During your visit to our website and webshop

You can visit the Varteks website and webshop without providing information about yourself. In this case, we will collect technical access data that your browser will automatically transmit to our server when browsing our websites. Access data includes the following information:

– time and date of access
– the address of the website you accessed
– sthe content of the request (addresses and names of the requested files)
– information about the browser and operating system used (versions, language settings)
– online identification data (e.g. IP address, device identification, session IDs)
– error messages, where applicable (if the requested content cannot be displayed)
– the last visited page that redirected you to our page via a link

When you visit our website, your access data will be automatically stored in the log files of our server and subsequently anonymized by shortening or deleting your IP address. After this process, it will no longer be possible to draw conclusions about your identity based on the server log files.

Also, when you visit the Varteks webshop, we will collect the information you provide directly, using the available functions. For example, we will find out which products you are interested in when you use the search function.

1.2. Cookie policy (‘cookies’)

Varteks websites and webshop use cookies in order to improve your user experience. A cookie is a standardized text file that your web browser stores on your computer for a period of time specified by the cookie provider. Cookies allow you to store information locally, such as language settings, shopping cart content, and temporary identification features that can be invoked during subsequent visits to the website to reset the appropriate settings selected by the user during the previous visit. This information can only be saved if you as a user allow it. The websites and webshop cannot access information without your permission and cannot access other files on your computer.

When you first visit our website and webshop, you will select the level of cookies you want to store on your computer and thus fully manage the process of using cookies.

You can view and delete cookies used in your browser’s security settings. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or any cookies.

1.3. When you order from the webshop

We will collect information about the products you order, as well as information that is directly collected in connection with the execution of your orders. The order execution information is as follows:

– information about ordered products, such as item numbers and sizes
– name and surname
– delivery address
– e-mail address
– mobile phone number for contact regarding delivery
– payment details
– data on returns and complaints (e.g. reasons for return, notices of defects)
– order numbers
– package tracking numbers
– company and contact person, company address and OIB (if you request an R1 invoice)

Even if you place several orders as a guest and use identical main data, our systems will keep your data in a single log of user data to make it easier to maintain our customer database.

1.4. When you contact us

We will collect the communication information you fill in when you contact us via the contact form on our website, via email, telephone or otherwise. Depending on the channel you use, this may include, for example, contact information (e.g. e-mail address or telephone number) and the content of your message. Telephone conversations with Varteks customer service are not recorded, nor are any other conversations made to Varteks telephone numbers.

We will also use offers provided by social networks such as Facebook and Instagram to interact with our clients. Please note that Varteks has no influence on the terms of service of social networks or their data processing policies. Therefore, be sure to check the personal information you provide to us via social networks.

1.5. When you subscribe to the newsletter

If you have subscribed to the Varteks newsletter, we will store your data (e-mail address) that you have provided for this purpose to send the newsletter.

You can unsubscribe from the Varteks newsletter at any time. To unsubscribe, use the unsubscribe link at the bottom of each Varteks newsletter.

WAYS OF USING THE COLLECTED DATA

2.1. Visit to the Varteks website and webshop

When visiting and browsing the Varteks website and webshop, we will process access data, server log files and cookies collected in this context in order to make available to you our website, its contents and functionalities you use, and ensure the stability and security of our information system and databases.

The legal framework for the lawfulness of data processing when visiting Varteks websites and webshop is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6 (1) (f) – processing necessary for the purposes of legitimate interests – technical availability of the website.

2.2. Ordering products and performing sales contracts

We process your data in order to execute the contracts we have entered into with you and to provide you with the services and products you requested. The purpose of processing is based primarily on the specific content of the contract. Additional details on the purpose of data processing can be found in the General Terms and Conditions of the Varteks webshop (LINK).

The legal framework for the lawfulness of data processing when processing orders and performing sales contracts is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6 (1) (b) – processing necessary for the conclusion and performance of a contract.

2.3. Customer support and communication with existing customers

We process your data in order to provide customer support in the use of the Varteks website and webshop. This may include the following, e.g.:

– processing of your requests to our customer service
– non-commercial service communication (e.g. security information and technical support)

2.4. Payment processing

Depending on the selected payment method (credit or debit card), the data required for payment will be transmitted to the contractual partner Hrvatski Telekom HT PayWay, which executes the payment process. The payment service provider collects data within its own card payment application, in which case the service provider’s privacy policy applies. Varteks does not have access to the data required for payment, nor does it store it.

The transfer of your data to external payment service providers is based on Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6 (1) (b) – processing necessary for the conclusion and performance of a contract.

2.5. Internal marketing research, optimization and product range improvement

We will use the data you enter (e.g. data on ordered products, returns) for internal statistical purposes and for market research purposes. Prior to use, we will make the data anonymous by removing all personal information, e.g. by substituting your name and other data suitable for identification with random data.

In this way, we can measure which pages of our webshop and products are popular, which devices our users generally use and from which regions our website is accessed. The collected data helps us to continuously optimize the existing product range and develop new functionalities and services.

The legal framework for the lawfulness of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6 (1) (f) – processing necessary for the purposes of legitimate interests – improving website functionality and quality of product range.

WEB ANALYSIS

3.1. Google Analytics

Our website uses the “Google Analytics” web analytics feature provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). Google Analytics uses cookies valid for 14 months to collect your access data when you visit our website. Google combines access data for this purpose into pseudonymous user profiles and transfers it to a Google server located in the United States after the first anonymization of your IP address. Therefore, we cannot determine which user profiles are associated with a particular user. This means that we can neither determine how you use our website based on data collected by Google. In addition, Google uses the privacy policy of the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) in the event that personal data is sent to the United States in exceptional cases. Google therefore guarantees European data privacy principles when processing data in the United States.

Google will use the information collected by the cookies on our behalf so that we can analyse the use of our website and webshop and generate reports on the activities and use of our website. See the Google Analytics Privacy Policy for more information. (LINK: https://support.google.com/analytics/answer/6004245?hl=en)

You can opt out of Google web analytics at any time using one of the following options:
– you can set your browser to block Google Analytics cookies
– you can customize your Google ads settings in Google
– you can install the opt-out plugin at the following link: turn off Google Analytics
(LINK: https://tools.google.com/dlpage/gaoptout/)

3.2. Facebook

For marketing purposes, our websites use the so-called conversion and retargeting tags (Facebook pixels) of the social network Facebook, Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (‘Facebook’). We use Facebook pixels to analyse the overall use of our websites and the effectiveness of Facebook ads (‘conversions’). We also use Facebook pixels to show you customized ads based on your interest in our products (‘re-targeting’). To this end, Facebook processes the data collected on our websites through cookies and similar technologies.

Facebook may send data collected in this context for analysis to a server located in the United States where the data is stored. Facebook uses privacy protection for the EU-US area in case personal data is sent to the USA, the so-called Privacy Shield. (LINK: https://www.privacyshield.gov/)

If you have registered on Facebook and set the privacy settings of your Facebook account, Facebook may additionally link the information collected about your visit to our website to your Facebook account and use it to place targeted Facebook ads. You can review and change the privacy settings of your Facebook profile at any time.

If you opt out of processing data via Facebook, Facebook will only show general Facebook ads that are not selected based on the data collected about you.

For more information on Facebook’s processing, see Facebook’s privacy policy (LINK: https://www.facebook.com/about/privacy/)

3.3. Google AdWords i AdWords remarketing

Our website uses Google’s ‘AdWords Conversion Tracking’ and ‘AdWords remarketing’ services. User actions defined by Varteks (such as ad clicks, page views, file downloads) are recorded and analysed using ‘AdWords Conversion Tracking’. We use ‘AdWords remarketing’ to present you with customized ads for our products on Google’s partner sites. Both of these services use cookies and similar technologies for this purpose. Google may send data collected in this context for analysis on a server located in the United States where the data is then stored. Google uses the privacy policy of the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) in the event that personal data is sent to the United States and guarantees European data privacy principles in the United States.

If you have a Google Account, Google may, depending on your Google Account settings, link your web browser and app history to your Google Account and use your Google Account information to personalize your ads. If you do not want this link to your Google Account, you must sign out of your Google Account before accessing our website.

You can opt out of processing personal information for custom online ads on the Google advertising network at any time using one of the following options:
– Google ad customization settings (LINK: https://www.support.google.com/ads/answer/7029158)
– you can install Google’s free opt-out plugin (LINK: http://www.google.com/settings/ads/plugin) for Firefox, Internet Explorer, or Chrome (does not work for mobile browsers)
– you can opt out of customized Google ads and ads provided by a number of other service providers participating in the ‘Your Online Choices’ initiative at http://www.youronlinechoices.eu (LINK)

Please note that if you turn off custom advertising, Google will only show general ads that are not selected based on your collected access data.

CASES IN WHICH WE WILL SHARE PERSONAL DATA

In general, we will only share your data if:
– you have expressly given consent to this in accordance with Article 6 (1) (a), Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR
– sharing is necessary under Article 6 (1) (f), in order to establish, enforce or defend legal claims, and there is no reason to assume that you have a predominant legitimate interest in not sharing your information
– sharing is necessary to comply with the legal obligation under Article 6 (1) (c) or (e) of the General Data Protection Regulation GDPR, especially if we are required to provide information to a public authority
– sharing is permitted by law and is necessary under Article 6 (1) (b) of the General Data Protection Regulation, GDPR, to perform the contract with you or to take action on your request prior to concluding the contract.

Some of the data processing described here may be performed by external service providers acting on our behalf. The service providers listed in this document may include computer centres that store and maintain our websites and databases, IT service providers that maintain our business systems, as well as consulting firms.

If and to the extent that we share data with our service providers, that data may only be used for the purpose of performing their services. The processing of your data by contracted service providers will take place as part of the processing and execution of your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR. Contractual service providers are carefully selected business partners. They are contractually bound by our instructions, they implement appropriate technical and organizational measures to protect the rights of data subjects and are subject to regular inspections that we carry out.

HOW LONG YOUR DATA WILL BE STORED

Unless otherwise stated herein, your data will only be stored for as long as it is necessary to fulfil our contractual or legal obligations or the purposes for which the data was originally collected or as long as we have a legitimate interest in storing such data.

In all other cases, your personal data will be deleted, except for the data that we must keep in accordance with the legal retention periods. However, in such cases, we will limit the processing of the data, i.e. your data will only be used in accordance with legal obligations.

In general, your orders and payment information and other data, if applicable, are subject to legal retention obligations, therefore we are required to retain such information for up to ten years.

Even if the data is not subject to legal retention obligations, we may refrain from deleting your data in cases permitted by law and limit its processing instead. This may apply particularly in cases where such data may be requested for the further processing of the contract or for the exercise of rights or for the purpose of legal defence. The duration of the processing limitation will depend on the legal limitation periods.

YOUR RIGHT TO DATA PROTECTION

You can contact our Data Protection Officer at any time to exercise your legal right to data protection described below (contacts above in the introductory section).

You always have the right to receive information about our processing of your personal data. In providing such information, we will explain the data processing mechanism and provide you with an overview of your personal data that we store.

If any of the data we have stored is inaccurate or no longer up to date, you have the right to request a correction of the data.

You can also request the deletion of data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that they are available only for the stated legal purpose.

You can also restrict the processing of data, for example, if you consider that the data we store is inaccurate.

You have the right to the data transfer, i.e. at your request we will provide you with a digital copy of the personal data you have provided to us.

You also have the right to file a complaint with the data protection supervisory authority. The competent supervisory body is the Personal Data Protection Agency, Martićeva 14, 10000 Zagreb, e-mail: azop@azop.hr.

THE RIGHT TO WITHDRAW CONSENT AND THE RIGHT TO OBJECT

If you wish to exercise your right of withdrawal or objection below, send a notice to the Data Protection Officer at the contact details provided in the introductory section.

7.1. Withdrawal of consent

Article 7 (3) of the General Data Protection Regulation GDPR (EU) 2016/679 gives you the right to withdraw any consent you have previously given. This means that in the future we will no longer continue the data processing that was based on your consent. The withdrawal of your consent will not affect the lawfulness of processing based on your consent prior to its withdrawal.

7.2. Objection to the processing of your data

If we process your data on the basis of legitimate interests in accordance with Article 6 (1) (f) of the General Data Protection Regulation GDPR (EU) 2016/679, you have the right to object to the processing of your data under Article 21 if there are reasons that arise from your particular situation or if the objection is directed against direct marketing.

DATA SECURITY

We use all appropriate technical measures to ensure data security, and in particular to protect your data from risks during data transfer, as well as from unauthorized access by third parties. These measures will be adapted from time to time in line with the latest developments. To secure the personal data you enter on our website, we use a secure transport protocol (SSL) that encrypts your data during transmission.

AMENDMENTS TO DATA PROTECTION AND PRIVACY POLICY (GDPR)

We will update the Data Protection and Privacy Policy from time to time, when adapting to new versions of the website and the webshop or in case of amendments to legal regulations. Material changes will be documented in this document, and we will, if necessary, ensure the consent of our users.

Last revised: 13.07.2018.

Data Protection and Privacy Policy

Title