Privacy policy

Privacy Policy

Ensuring Privacy.
At Spletna prodaja, Lea Špela Štrlekar s.p. (hereinafter: the provider), we value your privacy and strive for the highest level of protection for your personal data. When providing our services through the online store www.nekofit.si, we ensure that your data is processed in accordance with applicable European legislation (General Data Protection Regulation – GDPR) and the national legislation of the Republic of Slovenia (currently valid Personal Data Protection Act, Electronic Communications Act, and Electronic Commerce Act).

The privacy policy defines the purposes for which your personal data will be collected, how it will be used, what your rights are regarding the data we hold about you, and how to exercise those rights. The provider is committed to protecting your privacy. If we need any information that can identify you while using this website, we assure you that it will be used in accordance with this privacy policy. We are committed to not selling, lending, or otherwise transferring your personal data to third parties, except as required by law. The provider may occasionally change the content of this privacy policy. We encourage you to review it periodically to ensure you agree with any changes.

 

Data Controller

The data controller of your personal data is Spletna prodaja, Lea Špela Štrlekar s.p., Pločanska ulica 3, 1211 Ljubljana Šmartno, email: info@nekofit.si.

Types of Personal Data, Purpose of Processing, and Legal Basis.
Personal data is any information that identifies you as a specific or identifiable individual. An individual is identifiable when they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or by reference to one or more factors specific to the individual's physical, physiological, genetic, mental, economic, cultural, or social identity. Below, we specify which personal data is collected by the controller.

All personal data you provide to us will be treated confidentially and will only be used for the purposes for which it was provided. If there is a need for further processing of your data for a different purpose, we will contact you in advance and request your prior written consent.

 

Visiting the Website nekofit.si

The website operates by recording certain data about visits on the web server where it is hosted. This data includes the IP address, time of visit, content of the request (specific page), access status/HTTP status code, amount of data transferred, the website from which the request originates (referrer URL), browser, and similar information.

We collect the above-mentioned (personal) data using cookies, which you can accept or reject upon visiting the website.

The legal basis for processing the aforementioned data is our legitimate interest in ensuring network and information security, specifically to detect and prevent unauthorized access that may compromise the availability, integrity, and confidentiality of stored or transmitted personal data, as well as the security of related services accessible through these networks and systems.

The retention period is limited to achieving the purpose for which the aforementioned data is collected. The collected (personal) data is processed separately and is not linked with other personal data of users of our websites, nor do we carry out any profiling of your purchasing behavior.

Registration

On our website, you can register to create a user account, allowing you to make purchases as a registered user.

To activate your user account, we collect the following personal data from you, which you provide voluntarily:

• First and last name,
• Company name and job title (optional),
• Email address and password,
• Phone number,
• Address.

All the data you provide is collected for the purpose of registration on the website (to create a user account) and for potential communication related to your user account. If you make purchases through your user account, order details will also be stored.

The data is processed based on your consent, which is granted for a specific period of 5 years or as stipulated by relevant legislation. After the 5-year period, your user account will be deleted, unless consent is renewed. You can also revoke your consent or user account at any time free of charge by sending a cancellation of consent via email to info@nekofit.si for registration purposes.

Purchase of a Product

If you purchase specific products as a registered or unregistered user of our website, we collect the following information:

• First and last name,
• Address,
• Company name (optional),
• Email address and phone number,
• Order note (optional).

All data collected during the purchase of products is used to fulfill our contractual obligations and to enforce rights arising from the contractual relationship, including addressing any claims and delivering the purchased product. The legal basis for processing this data is our contractual relationship with you. Since processing this data is necessary for completing the purchase, it can be conducted based on the fact that you are entering into a contractual relationship with us. If you do not wish to provide this information, we cannot guarantee the purchase of our products.

According to the Electronic Communications Act, we may send notifications about our products and content to your email addresses if you do not indicate that you do not wish to receive such notifications at the time of purchase. We do not engage in any (automated) profiling; we only send you basic tailored messages that we believe may interest you based on your past interactions with us. We process this data for a period of 5 years or until revoked. You can object to the processing of your contact details for such direct marketing purposes at any time by sending an unsubscribe request via email to info@nekofit.si.

Subscription to Email Newsletters

On our website, you can subscribe to receive current notifications and information about our promotions, offers, and updates that are directly related to our activities. We send email newsletters occasionally and as needed.

This data is processed based on your explicit consent, which is given for a specific period of 5 years. After this 5-year period, we will cease sending advertising messages unless consent is renewed. You can also revoke your consent at any time free of charge by sending an unsubscribe request via email to info@nekofit.si.

Communication with the Provider

All data collected through our websites or otherwise communicated (e.g., via telecommunications) is collected for the purpose of providing services for our online store, as well as for our internal administration and management of our business.

Contests

The personal data you provide us during a contest is processed for the purposes of conducting the contest. The collected data will be deleted after the contest is concluded, unless you explicitly consent to receive advertising messages about our offers at the contact details provided when entering the contest.

You can unsubscribe from such advertising at any time free of charge by sending an email to info@nekofit.si to request the cancellation of your newsletter subscription.

Facebook and Instagram Plugins

On our social media accounts, such as Facebook and Instagram, you can contact us directly through commenting, messaging, and chatting features. The information you send us this way will be processed solely for the purpose of addressing your comment, request, or question.

Based on our legitimate interests, we have the right to manage our social media accounts, the content we share on them, engage with visitors, and respond to your requests.

Additionally, our website uses Facebook and Instagram plugins. When you visit our site, a direct connection is established between your browser and the servers of Facebook and Instagram via the plugin. When using a service that employs these plugins, data may be directly transferred from your device to the social network provider (Facebook and Instagram). We have no control over the data collected by the plugin. If you are logged into these social networks, your use of the service may be linked to your account on those networks. If you interact with the plugins, such as liking, following, sharing with others, or leaving a comment, this data may be automatically displayed on your profile on the social network. Even if you are not logged into a social media account, the plugins may still send your IP address to the social network providers. Please take this into account when using our services.

We explicitly emphasize that we have no influence over the scope, nature, and purpose of the processing of your personal data carried out by the service providers of social networks, and we direct you to the privacy policies of those service providers.

Data Retention Period

We assure you that we will retain your data only as long as necessary to fulfill the purpose for which the individual data was collected and subsequently used. After the retention period has expired, we will effectively and permanently delete or anonymize your personal data so that identification is no longer possible.

Data processed based on legal obligations will be kept for the period prescribed by law. Data processed for the execution of a contractual relationship with you will be stored for the duration necessary to fulfill the contract and throughout the statutory limitation period for claims arising from that contract, except in the case of a dispute regarding the contractual relationship.

Contractual documentation (invoices, credit notes, confirmed offers, and orders, etc.) will be retained for up to 11 years. If there is a different legal retention period for certain data processed for the execution of sales contracts (e.g., accounting or tax data), the retention period is up to 10 years. During this time, data processing will be limited.

Personal data processed based on your consent, such as for sending newsletters, will be kept for up to 5 years or until you withdraw your consent (whichever comes first). We commit to regularly verifying the existence of the purpose for processing personal data at regular intervals. We will delete the data before the end of the 5-year period or before withdrawal only if the purpose of processing has already been achieved (e.g., if we stop sending advertising emails) or if required by law.

Data Users

We respect the privacy of users of the website nekofit.si and are committed to carefully safeguarding the personal data we collect. We will not disclose this data to third parties without your consent, except in cases where it is requested by a competent state authority with a legal basis, or if there is a suspicion of misuse in the operations of the user of this website.

Please be informed that we may entrust certain tasks related to your data to our business partners (contracted processors). Contracted processors may process the entrusted data exclusively on our behalf and within the scope of our authorization (as outlined in a written contract or other legal document) and in accordance with the purposes defined in this privacy policy. These partners will carefully protect the data provided and will not retain it unnecessarily or use it for their own purposes.

In accordance with legal obligations, your personal data may be disclosed to:

• postal service providers, shipping service providers, and logistics/delivery services for the purpose of fulfilling your order (delivery data such as name, address, phone number, and email will be provided to the delivery service, e.g., Pošta Slovenije);
• distributors and suppliers of goods;
• accounting services, law firms, and other legal and business consulting providers;
• document and data carrier destruction service providers;
• information technology service providers for software servicing and maintenance;
• website administrators and maintainers;
• cloud computing service providers and email dispatch service providers;
• customer relationship management system providers.

We commit that neither we nor other users of your personal data will transfer or disclose it to a third country outside the European Union and/or the European Economic Area or to an international organization without an appropriate level of protection.

Freedom of Choice

You control the information you provide to us. If you choose not to share certain data, you may not be able to access certain areas or features of our websites. In such cases, we may also be unable to respond to your inquiries or enter into a contractual relationship with you, which means we cannot sell or deliver the desired products.

If you no longer wish to receive news notifications via email, you can unsubscribe from receiving newsletters free of charge by sending us an email at info@nekofit.si. If your personal data changes (postal code, email address, address, phone number, etc.), please inform us of these changes at info@nekofit.si.

Consent of Children

Children under the age of 15 may only provide personal data to us through our website (or otherwise) with the permission (consent or approval) of the holder of parental responsibility for the child (one of the parents or guardians).

We commit to never knowingly collect personal data from individuals we are aware are under 15 years old. We will not use or disclose such data to any unauthorized third party without the consent of the holder of parental responsibility for the child. This does not affect the rules of Slovenian contractual law regarding the validity, formation, or effects of contracts involving a child.

The data controller will, considering available technology, make reasonable efforts to verify whether the holder of parental responsibility for the child has given or approved consent in such cases.

Your Rights

The provider informs you that as an individual you have the following rights:

1. Right to Withdraw Consent
   If you have consented to the processing of your personal data (for one or more specific purposes), you have the right to withdraw that consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.
   Withdrawal of consent for the processing of personal data does not have any negative consequences or sanctions for the individual. However, it may be that the controller can no longer provide certain services to the individual after the withdrawal of consent if those services cannot be provided without personal data.

2. Right of Access to Personal Data
   As an individual, you have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed, and where that is the case, access to personal data and certain information (about the purposes of processing, the types of personal data, the users, the retention periods or criteria for determining retention periods, the existence of the right to rectification or erasure of data, the right to restrict processing and to object to processing, and the right to lodge a complaint with a supervisory authority, the source of data if it was not collected from you, the existence of automated decision-making, including profiling, the reasons for it, and the significance and consequences of such processing for you, as well as other information in accordance with Article 15 of the GDPR).

3. Right to Rectification of Personal Data
   As an individual, you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. You also have the right, considering the purposes of processing, to have incomplete data completed, including by providing a supplementary statement.

4. Right to Erasure of Personal Data ("Right to be Forgotten")
   As an individual, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay. The controller must erase the data without undue delay when one of the following grounds applies:
   (a) the data are no longer necessary for the purposes for which they were collected or otherwise processed,
   (b) if you withdraw consent and there is no other legal ground for the processing,
   (c) if you object to the processing and there are no overriding legitimate grounds for the processing,
   (d) the data have been unlawfully processed,
   (e) the data must be erased for compliance with a legal obligation under EU law or the law of a Member State applicable to the provider.

5. Right to Restrict Processing
   As an individual, you have the right to obtain from the controller restriction of processing when one of the following applies:
   (a) if you contest the accuracy of the data for a period enabling the controller to verify the accuracy of the data,
   (b) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
   (c) if the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims,
   (d) if you have objected to processing, pending the verification of whether your legitimate grounds override those of the controller.

6. Right to Data Portability
   As an individual, you have the right to receive personal data concerning you that you have provided to the controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, when:
   (a) the processing is based on consent or on a contract and
   (b) the processing is carried out by automated means.
   You have the right, in exercising the right to data portability, to have your personal data transmitted directly from one controller to another, where technically feasible.

7. Right to Object to Processing
   If the processing is based on our legitimate interests, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. In such a case, we will continue to process your personal data only if we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

8. Right to Lodge a Complaint with a Supervisory Authority
   If you suspect that there is a breach of data protection legislation in relation to the processing of your data, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, at Dunajska cesta 22, 1000 Ljubljana, Slovenia, telephone: +386 (0)1 230 97 30, email: gp.ip@ip-rs.si.
   Individuals can address any requests related to the exercise of rights concerning personal data in writing to: Spletna prodaja, Lea Špela Štrlekar s.p., Pločanska ulica 3, 1211 Ljubljana Šmartno.
   To ensure reliable identification in the event of exercising rights concerning personal data, the controller may request additional information, and may only refuse to act if it can demonstrate that it cannot reliably identify the individual.
   The controller must respond to the individual's request exercising their rights concerning personal data without undue delay and at the latest within one month of receipt of the request.

Publication of Changes

Any changes to our privacy policy will be published on this website. By using the website, the individual confirms that they accept and agree to the entirety of this privacy policy.