Vina Kobal

Privacy Policy

The purpose of this privacy policy is to inform customers, potential customers, and visitors of the Vina Kobal websites about us and the basis for the processing of personal data by Ivo Kobal – nosilec dopolnilne dejavnosti na kmetiji, Štanjel 55, 6222 Štanjel, Slovenia, email address info@vinakobal.com (from now on referred to as Vina Kobal or the Provider or the controller of personal data).

The staff at Vina Kobal values your privacy, which is why we always protect your data carefully.

This Privacy Policy may be amended or supplemented at any time without prior notice or notification. By using the Provider’s website following a change or amendment, the individual confirms that they agree to the changes and modifications.

All our activities comply with European legislation (Regulation (EU) 2016/697 on the protection of individuals regarding the processing of personal data and the movement of such data (General Data Protection Regulation or GDPR) and Council of Europe Conventions (ETS No.108, ETS No.181, ETS No.185, ETS No.189)) and national legislation of the Republic of Slovenia (Act on the Protection of Personal Data (ZVOP-1, Journal of Laws of the Republic of Slovenia, No.94/07), Act on Electronic Commerce on the Market (ZEPT, Journal of Laws of the Republic of Slovenia, No. 96/09 and No. 19/15), etc.).

This Privacy Policy deals with the treatment of information that the Provider receives from you when you visit and use the Vina Kobal Sites or otherwise provide it to it (in the course of purchase via email, telephone, etc.).

1. PERSONAL DATA CONTROLLER

The personal data controller is Ivo Kobal – nosilec dopolnilne dejavnosti na kmetiji, Štanjel 55, 6222 Štanjel, Slovenia.

1. PERSONAL DATA

Personal data is information that identifies you as a specific or identifiable individual. An individual is identifiable when they can be placed, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by relation to one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

The Provider collects the following personal data following the purposes set out below in this Privacy Policy:

• basic information about the user (name and surname, residential address, date of birth, location);

• contact details and details of your communication with the controller (email address, telephone number, date, time and content of postal or email communication, date, time and duration of telephone calls, recording of telephone calls);

• channel and campaign – the way we recruited the member or the source through which the user came into contact with the manager (website and advertising campaign, call center, physical advice center);

• information about the user’s purchases and invoices (date and place of purchase, items purchased, prices of items purchased, total amount of investment, method of payment, delivery address, invoice number and date, identification of the person who issued the invoice, etc.) and information about the resolution of product complaints;

• data on the user’s use of the website of the controller (dates and times of visits to the website, pages or URLs visited, time spent on each page, number of pages visited, total time spent on the website, settings made on the website) and data on the use of the messages received from the controller (email, SMS);

• data from forms voluntarily completed by the user, e.g., in the context of online quizzes, tasks, prize draws, or the use of feedback configurators to identify the user’s needs;

• other information that the user voluntarily provides to the Provider when requesting certain services that require this information.

The Provider does not collect or process your data except when you allow or consent to the Provider to do so, i.e., when you order products or services, subscribe to receive e-newsletters, participate in a prize draw, etc., or where there is a lawful basis for the collection of your data or the Provider has a legitimate interest in processing it.

The period during which the Provider retains the collected data is defined in more detail in this Policy’s Retention of Personal Data section.

III. PURPOSES OF PROCESSING AND GROUNDS FOR PROCESSING

The Provider collects and processes your data on the following legal bases:

• Law and contractual relations,

• the consent of the individual; and

• legitimate interest.

1. PROCESSING BASED ON LAW AND CONTRACTUAL RELATIONS

Purpose of processing: conclusion and performance of the contract

More detailed explanation: the conclusion and performance of the contract concluded with the Provider, including the Provider’s fulfillment of your orders (supply of online products and provision of services), communication with you, verification of your payments, and completion of the Provider’s other obligations and/or your obligations (legitimate interest of the Provider in the processing of your data, point (f) of Article 6 (1) GDPR).

Directly informing customers about special offers, discounts, and other content via email or SMS: According to the ZEKom-1 Act (the Electronic Communications Act of the Republic of Slovenia, implemented based on Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002), the Provider informs its customers about its products, services, and content. The Customer may request the termination of such communication and processing of personal data at any time. The Customer may terminate such communications at any time via the unsubscribe link in the communications received or by written request to the email address info@vinakobal.com.

1. PROCESSING BASED ON LEGITIMATE INTEREST

The Provider may also process the data based on legitimate interests pursued by the Provider, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. Where legitimate interest applies, the Provider shall constantly assess by the General Data Protection Regulation.

Purpose of processing:

1.1 General statistical processing of customer data and their orders and potential customers (contacts) for internal sales analysis, repeat purchases, aggregate customer behavior, advertising optimization, and business optimization.

1.2 Detailed explanation At Vina Kobal, we carry out general statistical processing of data on customers and their orders and potential customers (contacts), based on which we carry out internal analyses of sales, repeat purchases, and aggregate customer behavior, and monitor and optimize our business performance and optimize our advertising, e.g.:

– We monitor sales through our sales channels (internet, call center)

– We monitor how many customers are repurchasing, how quickly and at what value

– We track general sales statistics such as average purchase value (over the entire period of first contact with the Customer), number of products on order, etc.

– We monitor responses to emails, SMS messages, phone calls, and various advertising messages (web ads) and optimize our advertising based on this (deciding what, where, to whom and how to advertise).

This statistical monitoring allows us to optimize our overall business and advertising and offer our customers affordable products and services.

2. Access to your past orders and other information from the staff at Vina Kobal.

2.1 Detailed explanation

When you call (or our outbound call to you) or visit Kobal Wine Shop (if and when you self- identify), our sales and support consultants have access to your recorded personal data and purchase history, which will enable them to provide you with better service and more personalized offers.

You may terminate such data processing if you do not wish by sending a written request to info@vinakobal.com.

3.1 Automatic email communication with the user based on their initiation of the online purchase process

 

You may terminate such data processing if you do not wish by sending a written request to info@vinakobal.com.

4.1 Personalized communication: (email, SMS, phone calls, mail, browser notifications, website information, social media) personalized discounts, offers, and content.

4.2 More detailed explanation

In the context of essential personalized communication (email, SMS, phone calls, mail, browser notifications, website information, social media), we try to present you with relevant offers, discounts, and other content that may be of interest to you based on your past interactions with us.

To do this, we use the following information about you:

• Demographic data (sex, date of birth/age, address)

• Your purchase history (products purchased, time of purchase, number of purchases)

• Simply addressing behavior on Vina Kobal websites (viewing individual courses, products, or content that may trigger the sending of personalized messages) without using this data to create user profiles

• Your responses (opening a message, clicking on a link, making a purchase) to the different messages we send you.

We do not use semi-automatic or automatic profiling but select the appropriate recipient sets for each message. We never focus on individual data but aggregate processing of larger groups.

This information can then determine which messages you receive from us:

• What products and the content will we present (e.g., on tax, how to become a successful accountant, the basics of accounting, etc.) to maximize your interest

• What offers will you receive (customers with a higher number or frequency of purchases from Vina Kobal get better offers)

• How often will we send you messages and through which communication channels

You may terminate such data processing if you do not wish by sending a written request to info@vinakobal.com.

5.1 Direct communication of special offers, discounts, and other content via telephone calls and ordinary mail

5.2 Detailed explanation

Based on our legitimate interest, the Provider periodically informs customers about its products, services, discounts, and content via telephone calls and emails. The Customer may request that such communication and processing of personal data be discontinued at any time.

You may terminate such data processing if you do not wish by sending a written request to info@vinakobal.com.

 

6.1 Using Facebook’s advertising tool Facebook Custom Audiences

6.2 Detailed explanation

We also use Facebook Custom Audiences for online advertising based on our legitimate interest, either in the context of essential personalized communication based on our legitimate interest or in the context of consent obtained for touch with customized offers and content found on the user’s profile.

This service works as follows:

• We upload your email address, which we have obtained from you during your purchase or your voluntary entry, to Facebook.

• Facebook compares your email address with its user database to determine whether you are a Facebook user.

• If you are not a Facebook user, then nothing happens to your email address, and Facebook does not perform any actions.

• However, if you are a Facebook user, Facebook will add you to a newly created list of tailored audiences that will only and explicitly allow us to serve tailored ads to this group of Facebook users.

• This enables us to show you more targeted and personalized ads on Facebook and, in particular, additional discounts.

1. PROCESSING BASED ON YOUR CONSENT

The Provider also collects and processes (uses) your personal data for the following purposes where you have given your consent:

• ensuring that you access and use your online account with the Provider and the Provider’s online shop and for technical reasons of administration on the Provider’s website,

• ensuring that you can access the specific information available to you on the Provider’s website and in your online account/profile provided by the Provider,

• preparing and sending a personalized e-magazine if you have subscribed to it,

• sending commercial offers and other content by email, SMS, regular mail, or telephone calls, where there is no other basis for doing so, and you have consented to it,

• any other purposes for which you expressly agree to cooperate with the Provider.

Consent-based profiling of users

Based on your consent, the Provider also carries out personalized communication, which is carried out through different communication channels (email, SMS, phone calls, mail, browser notifications, website information, and social networks).

Because we want to offer you the best possible offers and content tailored to your needs, we create your profile with your consent, which is the basis for our personalized communications.

We may use the following information about you to do this:

 

• Demographic data (sex, date of birth/age, address)

• Your purchase history (products purchased, time of purchase, number of purchases)

• Answers in various Vina Kobal questionnaires on Vina Kobal websites

• Behaviour on Vina Kobalwebsites (viewing individual products or content, adding products to the shopping basket, internet transactions)

• Your responses (opening a message, clicking on a link, making a purchase) to the different messages we send you

This user profile can then determine what content and offers you receive from us:

• Which products and the content will be presented (e.g., on joints, detoxification, weight loss, general healthy eating, etc.) to maximize your interest

• What offers will you receive (buyers with a higher number or frequency of purchases from the supplier get better offers)

• How often will we send you messages and through which communication channels

If you have given your consent to such processing and now no longer wish to do so, you may podpora@vinakobal.com.

VII. RETENTION OF PERSONAL DATA

The Provider will only keep your data for as long as necessary to fulfill the purpose for which the personal data was collected and further processed (e.g., to ensure that you access and use your account with the Provider and the Provider’s online shop, to ensure that the Provider fulfills your orders, verifies your payments and fulfills the Provider’s and/or your other obligations, to ensure that you can access specific information available to you, to ensure that you can use the benefits of the Vina Kobal, to ensure that the Provider’s newsletter is sent to you, etc.).

Those personal data that the Provider shall keep the provider processes based on the law for the period prescribed by law.

The Provider shall keep the personal data processed by the Provider for the performance of the contractual relationship with the individual for the period necessary for the performance of the contract and five years after its termination, except in cases where there is a dispute between you and the Provider about the contract, in which case the Provider shall keep the data for five years after the final decision of a court or arbitration award or a settlement or, if there has been no court dispute, for five years from the date of amicable settlement of the conflict.

The Provider shall keep the personal data processed by the Provider based on the individual’s consent or legitimate interest permanently until the withdrawal of such consent by the individual or a request to discontinue the processing. The Provider shall delete such data before revocation only if the purpose of the processing of the personal data has already been achieved (e.g., if the Provider ceases to operate its benefits club, the Provider would delete all personal data collected for this purpose even if the individual who consented to the processing of the personal data for membership in the benefits club did not provide such revocation) or if provided for by law.

 

After the retention period has expired, the controller shall erase or anonymize the personal data effectively and permanently so they can no longer be associated with a specific individual.

VIII. CONTRACTUAL PROCESSING OF PERSONAL DATA

As an individual, you agree that the Provider may entrust specific tasks related to your data to other persons (contract processors). The contract processors may process the authorized data exclusively on behalf of the Provider, within the limits of the Provider’s authorization (in a written contract or other legal act) and by the purposes defined in this Privacy Policy.

The contractual processors with which the Provider cooperates are:

• accounting services; law firms and other providers of legal advice;

• data processing and analytics providers;

• IT systems maintainers;

• email providers (e.g., ActiveCampaign and others);

• payment system providers such as PayPal, Stripe, and others);

• providers of customer relationship management systems (e.g., Inisightly);

• online advertising solution providers (e.g., Google, Facebook).

The Provider will not pass on your data to unauthorized third parties.

Contract processors may only process personal data under the controller’s instructions and may not use personal data to pursue their interests.

The controller and users do not export personal data to third countries (outside the European Economic Area – EU member states plus Iceland, Norway, and Liechtenstein) and international organizations, except to the USA – all contract processors in the USA are included in the Privacy Shield program.

1. FREEDOM OF CHOICE

You control the information you provide about yourself. If you choose not to provide your information to the Provider, you will not be able to access certain areas or features of the website.

Individuals who wish to unsubscribe from the Vina Kobal e-newsletter, please let us know at

podpora@vinakobal.com.

If your data (postcode, email address, physical address, telephone number) changes, please inform us of the changes at podpora@vinakobal.com.

1. AUTOMATIC INFORMATION READING (non-personal data)

Whenever you access the website, general, non-personal information (number of visits, average time on site, pages visited) is automatically recorded (not as part of the login). We use this information to measure the attractiveness of our website and to improve content and

 

Usability. Your data is not subject to further processing and is not passed on to any third party.

1. SHOWCARDS

Cookies are invisible files temporarily stored on your hard drive and allow the Provider to recognize your computer the next time you visit a website. The Provider only uses cookies to collect information about the website’s use and optimize its internet advertising activities.

Advertising cookies track an individual’s use of the Provider’s website unless the individual does not consent to use cookies on the site.

XII. SECURITY

The Provider is committed to ensuring the security of personal data. Your data is always protected against loss, destruction, falsification, tampering, manipulation, unauthorized access, or disclosure.

XIII. CONSENT OF A MINOR ABOUT INFORMATION SOCIETY SERVICES

Minors under the age of 16 should not provide personal information on the website or otherwise without the permission (consent or approval) of the person responsible for the child’s (parent or guardian) ‘s permission (consent or authorization). The Provider will never knowingly collect personal information from persons known to be minors (under the age of 16), use it in any way, or disclose it to any unauthorized third party without the permission of the person having parental responsibility for the child. This does not affect the general contract law of the Member States, such as rules on the validity, formation, or effect of a contract relating to a child.

In such cases, the Provider shall make reasonable efforts, taking into account the technology available, to verify whether the person having parental responsibility for the child has given or authorized consent.

XIV. THE DATA SUBJECT’S RIGHTS CONCERNING DATA PROCESSING

If you have any questions about our privacy policy or the processing of your data, please do not hesitate to contact us. Please email us at info@vinakobal.com or call us on 068 125 944. We will inform you in writing and by the regulations upon your request.

To ensure fair and transparent processing, you have the following rights as an individual under the rules:

Right to withdraw consent: if you, as an individual, have consented to the processing of your data (for one or more specified purposes), you have the right to withdraw your consent at any time without affecting the lawfulness of the processing of the data carried out based on your consent up to the time of withdrawal.

 

Consent may be withdrawn by written declaration sent to the controller at one of the contacts indicated on the website info@vinakobal.com.

Withdrawal of consent to processing personal data does not have any negative consequences or sanctions for the data subject. However, the controller may no longer be able to provide one or more of its services to the data subject after the withdrawal of the consent to the processing of personal data, in the case of services that we cannot provide without the personal data (e.g., a benefits club or personalized information).

Right of access to personal data: as an individual, you have the right to obtain confirmation from the Provider (the personal data controller) as to whether personal data relating to you are being processed and, where this is the case, access to personal data and specific information (on the purposes of the processing, on the types of personal data, on the users, on the retention periods, or. The existence of the right to rectification or erasure, the right to restrict and object to processing and the right to complain with a supervisory authority, the source of the data if we did not collect the data from you, the existence of automated decision-making, including profiling, the reasons for it and the meaning and effects of such processing for you, and other information by Article 15 of the GDPR);

Right to rectify personal data: as an individual, you have the right to have your inaccurate personal data fixed by the Provider without delay. As an individual, you have the right, taking into account the purposes of the processing, to have incomplete data completed, including by submitting a supplementary declaration;

Right to erasure of personal data (“right to be forgotten”): as an individual, you have the right to have personal data relating to you erased by the Provider without undue delay, and the Provider must erase the data without undue delay where one of the following reasons applies:

a) the data are no longer necessary for the purposes for which we collected them) the data are no longer necessary for the purposes for which we collected them.

b) you withdraw your consent, and there is no other legal basis for the processing, 

c) you object to the processing, and there are no overriding legitimate grounds for the processing,

(d) the data has been unlawfully processed,

(e) we must erase the data to comply with a legal obligation under EU law or the law of a Member State to which the Provider is subject, or

(f) the data has been collected in connection with the provision of an information society service.

However, as an individual, you do not have the right to erasure in certain cases described in Article 17(3) of the GDPR;

Right to restriction of processing: as an individual, you have the right to have the Provider restrict processing where one of the following applies:

(a) you contest the accuracy of the data for a period that allows the Provider to verify the accuracy of the data;

(b) the processing is unlawful, and you object to the erasure of the data but instead request the restriction of its use;

 

(c) the Provider no longer needs the data for the processing, but you need the data for the establishment, exercise, and defense of legal claims; or

(d) you have objected to the processing, pending the verification of whether the legitimate grounds of the Provider override your feet;

Right to data portability: as an individual, you have the right to receive personal data relating to you that you have provided to a provider in a structured, commonly used, and machine-readable format and you have the right to have that data transferred to another controller without being hindered by the Provider to whom the personal data have been provided, where: a

) the processing is based on consent or a contract; and

b) the processing is carried out by automated means.

In exercising that right to data portability, you as an individual have the right to have your data directly transferred from one controller (Provider) to another, where this is technically feasible;

Right to object to processing: As an individual, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data which is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the Provider (point (e) of Article 6(1) of the GDPR) or is necessary for the pursuit of legitimate interests pursued by the Provider or by a third party (point (f) of Article 6(1) of the GDPR), including profiling based on the said processing; the Provider ceases to process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data are processed for marketing purposes, the data subject shall have the right to object at any time to the processing of data concerning them for such marketing, including profiling insofar as it is related to such direct marketing; where the data subject objects to processing for direct marketing purposes, we shall no longer process the data for those purposes.

Where data are processed for scientific or historical research purposes or statistical purposes, the data subject shall have the right to object, on grounds relating to their particular situation, to processing concerning them unless the processing is necessary for the performance of a task carried out for reasons of public interest;

Right to complain with a supervisory authority: without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to complain with a supervisory authority, in particular in the country where you are habitually resident, where you work or where the breach is alleged to have taken place (in Slovenia, the Information Commissioner) if you consider that the processing of your data breaches the rules on the protection of personal data.

Without prejudice to any other (administrative or extra-judicial) remedy, you have the right to an effective remedy as an individual against a legally binding decision of the supervisory authority concerning your complaint, including if the supervisory authority does not consider your complaint or does not inform you within three months of the state of the case or the

decision on your complaint. The courts of the Member State where the supervisory authority is established have jurisdiction over proceedings against the supervisory authority.

The data subject may address any request concerning the exercise of the rights relating to personal data in writing to the controller, using one of the contact details provided on the website podpora@vinakobal.com.

For reliable identification in the event of the exercise of rights relating to personal data, the controller may request additional data from the data subject but may refuse to act only if it demonstrates that we cannot reliably identify the data subject.

The controller shall respond to a request by an individual to exercise their rights concerning personal data without undue delay and, at the latest, within one month of receipt of the request.

1. NOTIFICATION OF A PERSONAL DATA BREACH TO A SUPERVISORY AUTHORITY

In the event of a personal data breach, the Provider is obliged to notify the competent supervisory authority, except where the breach is unlikely to have jeopardized the rights and freedoms of individuals. Where, in the event of a violation, there is a suspicion that a criminal offense has been committed, the Provider is obliged to notify the police and/or the competent prosecutor’s office of the breach.

In the event of a breach that may result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to inform the data subjects of the breach without undue delay or, where this is not possible, without undue delay. The notification to the data subject must be made in plain and intelligible language.

XVI. PUBLICATION OF AMENDMENTS

We will post any changes to our privacy policy on this website.

By using the website, the individual acknowledges that they accept and agree to the entire content of th