Çlose basket summary Cart
Basket is empty!

United Kingdom

Unlock Black Friday early. Start here.

Privacy policy

The purpose of this Privacy Policy is to inform the users (hereinafter also referred to as: the individual or you) of the website https://ufpro.com/ ("Website") of the purposes and basis for the processing of personal data by UNI&FORMA d.o.o., Pod topoli 4, 1218 Komenda (hereinafter referred to as: UNI&FORMA, the company, we or the controller).

All personal data is processed, stored and protected in accordance with the applicable legislation governing the protection of personal data, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as "GDPR") and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter referred to as "PDPA-2"). Please read our Privacy Policy in detail to understand how we protect your privacy.

By providing us with your personal data, you declare that you have read our Privacy Policy and are aware of the processing methods and the legal basis for the processing of your personal data. If you do not agree to the processing methods, please do not provide us with your personal data.

Basic terms

The following describes the basic terms you will encounter when reading our Privacy Policy:

Personal data: personal data is information that identifies an individual as a specific or identifiable natural person. An individual is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.

Data subject: is an identified or identifiable natural person whose personal data are processed by the controller who is responsible for the processing.

Processing of personal data: means any operation or set of operations which is performed upon personal data, and in particular the collection, retrieval, recording, adaptation, storage, alteration, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, classification or association, blocking, anonymisation, erasure or destruction of personal data. Processing may be manual or automated.

Restriction of processing of personal data: is the marking of stored personal data in order to restrict its processing in the future.

Profiling: means any form of automated processing of personal data which involves the use of personal data for the purpose of evaluating certain personal aspects relating to an individual, in particular for the purpose of analysing or predicting aspects concerning the individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Automated decision-making: means a decision based solely on automated processing (including profiling) which has legal effects or may significantly affect an individual.

Anonymisation: means the processing of personal data in such a way that, without further information, the personal data can no longer be attributed to a specific data subject, provided that such further information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to a specific or identifiable individual.

Data controller: is the natural or legal person or other person in the public or private sector who, alone or jointly with others, determines the purposes and means of the processing of personal data, or the person designated by law who also determines the purposes and means of the processing.

Personal data processor: is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

User of personal data: is the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party. Public authorities which may obtain personal data in the context of their enquiries under EU or Member State law are not considered to be users and their processing of personal data must comply with the applicable rules on the processing of personal data in relation to the purposes of the processing.

Third party: a natural or legal person, public authority, agency or other person other than the data subject, controller, processor or persons authorised by the processor or controller to process personal data.

Consent of the data subject: consent of the data subject shall mean any voluntary, explicit, informed and unambiguous indication of the data subject's wishes, by which he or she signifies, by a statement or by a clear affirmative action, his or her agreement to the processing of personal data concerning him or her.

The controller and the data protection officer

The data controller is UNI&FORMA d.o.o., Pod topoli 4, 1218 Komenda, tax number: SI 22099727, registration number: 1197819000, e-mail: ufpro@ufpro.si.

We do not have a designated Data Protection Officer.

The purpose of the processing, the legal basis for the processing and the retention periods

1. VISIT THE WEBSITE

By visiting the Website, we store your IP address until the end of the session at the latest. If our system determines that you are not performing any activities that would compromise the operation of our Website, this information is automatically deleted.

In the event that our system determines that you are engaging in activities that are clearly illegal or clearly aimed at disabling the Website, your IP address will be permanently stored and blacklisted by our system, and you will be prevented from further use of the Website.

Legal basis: for the processing of personal data: on the basis of its own legitimate interest (Article 6(1)(f) of the GDPR), the controller also processes personal data for the purpose of the security of the Website and the prevention of unlawful activities on the Website (e.g. hacking, phishing, etc.).

User categories: Website hosting provider and security solutions provider. Users process personal data solely on the instructions and under the control of the controller.

Personal data is transferred to the USA on the basis of standard contractual clauses (approved by Commission Decision 2010/87/EU), which are included in the data processing contract we have concluded with the provider in accordance with Article 28 of the GDPR.

Retention period: depends on the cookies uploaded. For more information, visit here.

2. REGISTERING FOR AN ACCOUNT ON THE WEBSITE

When using our Website, we allow you to become a registered user to facilitate the use of our website when purchasing our products.

Legal basis: performance of a contract (Article 6(1)b GDPR) and own legitimate interest (adapting the offer to customer demand - Article 6(1)f GDPR).

User categories:

  • processors: Website hosting provider, Website maintainers and developers, bulk email provider,
  • on the basis of the law, also by public authorities that demonstrate a legal basis for processing personal data.

Retention period:

  • in the case of performance of a contract: 5 years from the last notification,
  • in case of legitimate interest: up to 3 years.
3. PURCHASE OF PRODUCTS IN ONLINE SHOP

If you purchase a product from our online shop, we will need your name, address, telephone number and email address. We need this information so that we can sell the product to you, deliver it to you properly and deal with any complaints. You will receive an e-mail notification of the status of your order and, in accordance with General Terms and Conditions, a reminder if you do not complete your purchase (abandoned shopping basket). We need the telephone number so that we can quickly resolve any complications (e.g. in case you have ordered a product that is no longer in stock) and so that our delivery drivers can efficiently deliver the purchased products to you. We also need this information in case you default on your obligations. All of this information is therefore necessary to complete your purchase. In order to improve our service and product selection in the future, we may also ask you to provide us with your feedback on your purchase and the products you have purchased by email from time to time. If you do not wish to provide us with your information, we will not be able to allow you to make a purchase from our online shop.

Legal basis: performance of a contract (Article 6(1)b GDPR), in certain cases a legal obligation (e.g. for the performance of obligations arising from tax legislation), legitimate interest in the case of an abandoned shopping basket (legitimate interest is the verification of the customer's will to enter into a contract or complete a purchase).

User categories: delivery services, marketing agencies, the Website provider, government authorities (e.g. Financial Administration of Republic of Slovenia) - if they demonstrate a legal basis.

Retention period: we keep this data for 5 years from the completion of the purchase or settlement of all obligations, for tax purposes for 10 years.

4. NEWSLETTER SUBSCRIPTION

When you complete a purchase, you may have given us permission to use your purchase information to send you personalised newsletters or notifications. You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link in the newsletter you receive. We will also process your personal data for the purpose of sending you our newsletters and offers if you have purchased a product from us and you have not opted out of receiving communications (Article 226(2) of the ECom-2 Act).

Legal basis: personal consent pursuant to Article 6(1)a GDPR, in the case of a buyer, legitimate interest (Article 6(1)f GDPR, in conjunction with Article 226(2) ECom-2 Act).

User categories: website hosting provider, e-mail provider.

Retention period: until cancellation.

5. FILLING IN THE CONTACT FORM

Your personal data will be processed by the controller Uni&Forma d.o.o., Pod topoli 4, 1218 Komenda, for the purpose of communication with you. If you do not wish to provide us with your personal data on the form, we will not be able to answer your questions.

Legal basis: legitimate interest (communication with the general public) - 6(1)f GDPR.

User categories: the Website hosting provider with whom we have concluded the relevant contract in accordance with Article 28 of the GDPR.

Retention period: until the end of the communication, before which you can request the deletion of your personal data.

6. VIDEO SURVEILLANCE

Some of our sales, office and production premises and areas are equipped with a video surveillance system, which is indicated separately at each location. Video surveillance footage is used only in the event of a security incident (e.g. burglary, theft, vandalism) and may be provided to the competent state authorities (e.g. police, prosecutor's office) or used to oppose or pursue legal claims (provided to an authorised law firm and the court).

Legal basis: legitimate interest (Article 6(1)f GDPR - protection of persons and property).

User categories: the maintainer of the video surveillance system; in the case of security incidents, also the competent state authorities for the detection and prosecution of criminal offences (police, prosecutor's office, court); in the case of use to oppose or pursue claims for damages (authorised law firm and court), if they can demonstrate a legal basis for doing so.

Retention period: 6 months; in the event of a security incident or legal proceedings, until the final conclusion of the proceedings at the latest.

CHILDREN'S PRIVACY

We are committed to protecting children's online privacy and internet safety. We do not offer products and services to children or knowingly collect or solicit personal information from children under the age of 15.

We will not keep any communications that we reasonably and reasonably believe to be from a child under the age of 15. We encourage parents or guardians of children under the age of 15 to regularly check and monitor their children's use of email and other online activities.

We use all available technology and make every effort to verify that the person with parental responsibility for the child has given or approved consent.

AUTOMATED DECISION-MAKING AND PROFILING

Individuals' personal data are not subject to automated decision-making, nor are they subject to profiling.

SECURITY OF YOUR PERSONAL DATA

We appreciate your trust in us and sharing your personal data with us. We are committed to protecting it and we take appropriate technical and organisational measures to ensure a high level of data protection (some of the measures we take include: the use of firewalls and data encryption, physical access control - securing IT premises and equipment, and control of information access authorisations through a system of passwords to authorise and identify users).

We restrict access to personal data to our employees, service providers and agents who need to know it in order to develop or improve our services.

You understand that our Website provides links to other Websites which are not owned and/or operated by us. Your use of these third party services is completely optional. We are not responsible for the content and/or practices of third parties.

PERSONAL DATA MANAGEMENT AND OPT-OUT

You can update or remove your personal data or opt out at any time.

  • Updates: if you still wish to use our products and services and change your relevant personal data (name, surname, address, email, telephone number), please let us know at ufpro@ufpro.si.
  • Deletion of personal data: if you wish to have your data removed from our collections in its entirety, please send us a request for deletion to ufpro@ufpro.si.
  • Opt-out: If you do not like receiving emails or other marketing materials, you can unsubscribe at any time by following the "unsubscribe" link in any marketing email you receive from us.

It can take up to 10 days to process a request sent to ufpro@ufpro.si. After this time, the request will be processed and, if it meets the conditions, will be valid.

INDIVIDUAL RIGHTS

Once we receive your withdrawal of consent, we will stop processing your personal data and delete it. We will notify you that your withdrawal has been taken into account.

Under the GDPR, the individual has the right to access personal data, the right to rectification, the right to erasure ("oblivion"), the right to data portability, the right to request restriction of processing of personal data, the right to object and the right to lodge a complaint with a supervisory authority.

To exercise your rights or obtain further information, please contact ufpro@ufpro.si. Your application will be responded to within 10 days and in accordance with the GDPR.

Where there is reasonable doubt as to the identity of the data subject making a request in relation to any of his or her rights, we may require the provision of additional information necessary to confirm the identity of the data subject.

If the data subject's requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action, or refuse to act on the request.

RIGHT OF ACCESS TO DATA

The data subject has the right to obtain our confirmation as to whether personal data concerning him or her are being processed and, where this is the case, to have access to the personal data and to additional information relating to the processing of the personal data, including:

  • the purposes of the processing;
  • types of personal data;
  • the users or categories of user to whom personal data have been or will be disclosed, in particular users in third countries or international organisations;
  • where possible, the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period;
  • the existence of a right to obtain from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject, or the existence of a right to object to such processing;
  • the right to lodge a complaint with the supervisory authority;
  • where the personal data are not collected from the individual, any available information concerning their source;
  • the existence of automated decision-making, including profiling, and meaningful information on the reasons for it, as well as the significance and foreseeable consequences of such processing for him.

Upon request, we will provide a copy of the personal data we process to the data subject. We may charge a reasonable fee, taking into account administrative costs, for additional copies of the data requested by the data subject.

RIGHT OF RECTIFICATION

The data subject shall have the right to have inaccurate personal data concerning him or her rectified without undue delay. The data subject shall have the right, having regard to the purposes of the processing, to have incomplete personal data completed, including by submitting a supplementary declaration.

RIGHT TO DELETION ("oblivion")

The data subject has the right to obtain the erasure of personal data concerning him or her without undue delay:

  • where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • where the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • where the data subject objects to processing on the basis of a legitimate interest of the controller and there are no overriding legitimate grounds for processing;
  • where the data subject objects to processing for direct marketing purposes;
  • where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law; where the data is incorrectly collected from a child who, in accordance with applicable law, is not able to provide such data in connection with the provision of information society services.

Where directory or other published data are involved, we shall take reasonable steps, including technical measures, to inform other controllers processing personal data that the data subject has requested them to erase any links to, or copies of, that personal data.

RIGHT TO RESTRICTION OF PROCESSING

The data subject has the right to restrict processing where:

  • the data subject contests the accuracy of the data for a period for which we can verify the accuracy of the personal data;
  • the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that its use be restricted;
  • we no longer need the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing, pending verification that our legitimate grounds override those of the data subject.
THE RIGHT TO DATA PORTABILITY

The data subject has the right to receive personal data concerning him or her that we hold in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller without hindrance, where:

  • the processing is based on the individual's consent or on a contract or where the processing is carried out by automated means.
RIGHT TO OBJECT

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data which is based on legitimate interests pursued by us or by a third party. We shall no longer process the personal data unless we can demonstrate compelling reasons for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling insofar as it is related to such direct marketing. To the extent that the direct marketing is based on consent, the right to object may be exercised by withdrawing the personal consent given.

THE RIGHT TO LODGE A COMPLAINT CONCERNING THE PROCESSING OF PERSONAL DATA

The data subject may communicate any complaints regarding the processing of personal data to the following e-mail address: ufpro@ufpro.si or by post to UNI&FORMA d.o.o., Pod topoli 4, 1218 Komenda.

In the event of a personal data breach, we will notify the competent supervisory authority, except where the breach is unlikely to have compromised the rights and freedoms of individuals. Where we suspect that a criminal offence has been committed at the time of the breach, we will notify the police and/or the competent prosecutor's office.

In the event of a breach which may result in a high risk to the rights and freedoms of natural persons, we will immediately or, where this is not possible, without undue delay, inform the data subject of the breach.

If the data subject has exercised the right of access to data with the controller and, after receiving the decision, considers that the personal data he or she has received are not the personal data he or she requested or that he or she has not received all the personal data requested, he or she may, before lodging a complaint with the Information Commissioner, lodge a reasoned complaint with the controller (UNI&FORMA) within 15 days. We will decide on the complaint as a new request within five working days.

If the data subject considers that his/her rights or the regulations on the protection of personal data have been violated, he/she may lodge a complaint with the competent state authority: the Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, e-mail: gp.ip@ip-rs.si).

RETENTION PERIOD OF PERSONAL DATA

We will keep the personal data of the data subject for as long as necessary to fulfil the purpose for which the personal data were collected and further processed.

We obtain some information through the use of cookies and other similar technologies by analysing your behaviour on our Website and your response to emails, and from third parties whose cookies are placed on your device with your consent (social media providers, etc.).

We will retain the data processed on the basis of legitimate interest or for the purpose of carrying out pre-contractual measures at your request for a maximum period of five years from the time when the purpose of our communication with each other has been fulfilled or until the expiry of the limitation periods for any claims.

Where the applicable sectoral legislation (e.g. tax legislation) provides for mandatory retention periods for personal data, we delete personal data after the expiry of the statutory period.

LINKS TO OTHER WEBSITES

The Website may contain links to third party websites which are not owned and/or operated by us. These websites have their own Privacy Policies, which you should familiarise yourself with as the operator accepts no responsibility for them.

LINKS TO SOCIAL NETWORKS

Our Website contains links to social networks (social plugins), with integrated links to Facebook, Instagram, LinkedIn, Pinterest, which redirect you to these social networks when you click on the icon. The processing of personal data obtained by the social networks when you click on a social network plugin and are redirected to a social network is carried out by the aforementioned social networks and in accordance with their privacy policies.

List of all social networks:

CHANGES TO THE PRIVACY POLICY

We reserve the right, at our sole discretion, to update, modify or replace any part of the Privacy Policy by posting the update or modification on the Website without prior notice. Any change shall be effective from the date of public posting of the amended Privacy Policy on our Website.

Published on: 15.05.2024


UP