1. Introductory provision
1. 1. With this privacy protection policy, we want to communicate that we value your privacy and we always take care of the protection of your personal data and follow the principles of secure processing of personal data.
1. 2. This personal data protection policy describes how we collect your personal data, process it, what is the purpose of the processing and also what are your rights in relation to data processing when you shop on the website www. goastarlife.com (hereinafter: website).
1. 3 This Personal Data Protection Policy also applies to other data that you provide to us through other communication channels, for example: by e-mail, by post, by phone or other communication channels and also in person when physically present.
2.1. The controller of personal data processed in accordance with this policy is:
Garex Adria d.o.o., Cesta k Tamu 12, 2000 Maribor, Slovenia,
(hereinafter: Garex Adria).
3. Purposes and bases for processing personal data
3.1. Access to the website
3.1.2. If you do not want us to collect and process your Device Information, please leave the website.
3.2. Purchase in the online store
3.2.1. The controller collects your personal data upon registration, namely: first and last name, address, email address and, optionally, date of birth. This data is processed on the basis of a contractual relationship, namely for the purpose of: execution of online purchases, notification of order status, delivery, execution of payment, allocation of benefits, implementation of complaint procedures, detection of abuses. Entry of non mandatory personal data, the date of birth, is not absolutely necessary to make a purchase in the online store, but it allows us to prepare a surprise, congratulation or gift for you on your birthday.
3.2.2. We pass the address information on to the delivery company.
3.2.3. On the basis of your consent, we process your data: first and last name, address, e-mail address, namely for direct marketing, analysis of purchase transactions in a pseudonymized form for making strategic and tactical decisions.
3.2.4. We keep the data for as long as is necessary to complete the purchase and for as long as is required by law to protect our rights and obligations.
3.3.1. Garex Adria d.o.o. uses online cookies ("Cookies") on its website. Cookies are text files that are stored on the user's device with which the user accessed the website when visiting the website. When visiting the website again, the provider can access the data on the user's device that has been collected with the help of cookies.
3.3.2. By using cookies, the user experience of the website user is more pleasant, friendlier, faster and easier. We do this in order to improve your user experience for users by analyzing users and recording visits, and to make web browsing more user-friendly.
3.3.3. None of the cookies we use on our websites collect any information that could be used to identify you personally. The user can also set permissions for the installation of cookies at any time in his web browser, which he uses to access our website.
3.3.4. Because we want to be sincere, we have prepared a list of all the cookies we use, about the controller of the data that are obtained with the cookies, the purpose of processing the collected data and the duration of the cookies, which are listed in the table below. Please note that by using this website you agree to our use of the described cookies. We use the following cookies on our website: strictly necessary cookies, advertising cookies, functional cookies and statistical cookies.
3.3.5. Necessary cookies are cookies that enable basic functions such as website navigation and access to specific parts of the website. The website does not provide the user with full functionality without these cookies.
3.3.6. Advertising cookies are marketing cookies that anonymously collect information about your website visits. They are used by advertisers (advertising or social networks) to show you ads that are more relevant and interesting to you, limit the repetition of ads and measure the effectiveness of advertising campaigns.
3.3.7. Functional cookies allow the website to remember some of your settings and choices (eg. username, language, region) and provide advanced, personalized features. These types of cookies can enable tracking of your actions on the website.
3.3.8. Statistics cookies anonymously collect and report information to website owners. This helps them understand how visitors use the website and improve the user experience based on this information.
4. Transfer of data to third parties
4.1. In order to carry out the activity, in accordance with the purposes stated above, we share your data with our partners who provide certain services for us, such as:
for the purpose of hosting our website on the Wix.com platform. Wix.com provides an online platform that allows us to sell products and services. Your personal information may be stored through the Wix.com database and other general Wix.com applications. They store your data on firewall servers: more information can be found on the website: https://www.wix.com/about/privacy and https://support.wix.com/en/article/cookies-and-your-wix-site;
In order to understand the use of the website by our users - Google Anaylitics - more on the website https://www.google/intl/en/policies/privacy/;
for the purpose of paying on our website (e.g.: Pay Pal, which you can read at: https://www.paypal.com/myaccount/privacy/privacyhub and SumUp - you can read their policy on the website: https://sumup.si/zasnobe/;
for the purpose of service and product feedback and service improvement - Trustpilot (more information can be found on: https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms)
social networks (e.g. Facebook);
Contractual data processors (e.g. accounting service, etc.).
4.2. We provide personal data to third parties when it is necessary and prescribed to fulfill legal and other obligations. In doing so, we undertake to provide only as much data as is necessary for the purpose of fulfilling these obligations.
5. Your rights in the area of personal data protection
5.1. Right to withdraw consent
5.1.1. Where your personal data is processed based on your consent for one or more processing purposes, you have the right to withdraw your consent at any time. Cancellation of consent can be sent to the controller's email address firstname.lastname@example.org.
5.1.2. Upon receipt of the revocation of your consent for one or more processing purposes, the controller will immediately stop processing your personal data for this purpose.
5.1.3. The cancellation of consent to the processing of personal data does not affect the legality of the processing of personal data in relation to you until your cancellation and the use of this personal data for legally or contractually determined purposes.
5.2. The right to access personal data processed in relation to you
5.2.1. You can request information from the controller as to whether personal data is processed in relation to you and access to personal data that the controller processes in relation to you and the following information: purpose of processing, type of your personal data being processed, users of your personal data, when possible, the retention period of your personal data and the source of personal data (Article 15 of the GDPR Regulation).
5.2.2. The administrator will respond to your submitted request for access to personal data that is being processed in connection with you within one month of receiving the request at the latest.
5.3. The right to correct inaccurate personal data relating to you
5.3.1. At any time, you can request the controller to correct or supplement inaccurate or incomplete personal data concerning you (Article 16 of the GDPR Regulation).
5.3.2. The controller will correct your personal data in accordance with your request and will notify you of the correction of your personal data without delay.
5.4. The right to limit the processing of personal data (Article 18 of the GDPR Regulation)
5.4.1. You have the right to request from the controller that the controller restricts the processing of your personal data when:
- you dispute their accuracy, for a period that allows the administrator to check the accuracy of the data and correct it;
- the processing is illegal and you object to the deletion of personal data and request their processing restriction,
- the controller no longer needs the personal data for processing purposes, but you need them to enforce, implement or defend legal claims,
- you have filed an objection regarding the processing of personal data for a period of time until the validity of the legitimate interest is verified.
5.5. The right to delete personal data ("right to be forgotten" - Article 17 of the GDPR Regulation)
5.5.1. When the basis for the processing of your personal data is consent and there is no other legal basis for their processing, or the personal data has been processed illegally, you have the right to request the controller to delete the personal data it processes in relation to you without undue delay.
5.5.2. In case of deletion of personal data based on your request, the controller will notify you of the deletion.
5.5.3. Please note that it will not be possible to delete certain personal data that we process based on the provisions of laws or contractual legal purpose. The administrator will inform you about the impossibility of deleting data.
5.6. Right to object (Article 21 GDPR)
5.6.1. You have the right to object to the processing of your personal data for the purposes of notification or direct marketing by requesting in writing at any time to stop processing your data for this purpose. In case of objection to processing for marketing purposes, the controller will immediately stop processing personal data for marketing and information purposes.
5.6.2. In addition, you have the right to object to the processing of your personal data even in the event that the controller processes your personal data for the performance of tasks in the public interest or for legitimate interests pursued by the controller or a third party. In this case, the controller stops processing your personal data, unless there are urgent legitimate reasons for their processing.
5.7. The right to data portability (Article 20 of the GDPR Regulation)
5.7.1. You have the right to transmit the personal data that the controller processes in relation to you directly to another controller, when this is technically feasible, if you have given your consent to the processing of such data and the processing is carried out by automated means.
6. Exercising rights
7. Right to appeal
7.1. In the event of a violation of the protection of personal data against the controller, file a complaint with the competent supervisory authority at the controller's registered office at the address: Information Commissioner, Dunajska cesta 22, 1000 Ljubljana or at: email@example.com, telephone: 012309730, website: www.ip-rs.si.
8. Processing of children's personal data
8.1. Only people over 18 years of age can work with us, so we do not process personal data of children or people under 18 years of age.
9. Validity and modification of this policy
Version: 1.0 of 24. 8. 2022