At MIT. d.o.o. Ljubljana. – Joy For Kids brand (we also use “we”, “us” and “our” in this document), we take the protection of your personal data that we obtain when you use the https://joyforkids.eu website (the “Website”) seriously and responsibly. Our priority is to protect and process the personal data we collect in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

The purpose of this Notice of processing data is to inform you about what personal data we collect about you and for what purposes, what we do with it, how we keep it secure and what your rights are in relation to the processing of your personal data. We take the protection of your personal data extremely seriously and responsibly. We fully respect our obligations to process personal data lawfully, fairly and transparently. You are advised to read the contents carefully.

We reserve the right to make changes or amendments to this document to ensure that it complies with data protection regulations. We will notify you of changes in a timely manner by the most appropriate means, e.g. by email or by posting on the website.

1. WHO IS RESPONSIBLE FOR MANAGING YOUR PERSONAL DATA?

The controller of the personal data processed in accordance with this notice is MIT d.o.o. Ljubljana, registered number 26758709, with its registered office at Breznikova 13, 1230 Domžale, Slovenia.

You can contact us with any questions related to the processing of your personal data and the exercise of your rights under applicable data protection laws. Contact: hello@joyforkids.eu

2. THE MINOR’S CONSENT IN RELATION TO INFORMATION SOCIETY SERVICES

Minors under the age of 16 should not provide any personal information on the website or otherwise without the permission (consent or approval) of the person having parental responsibility for the child (parent or guardian). The Provider will never knowingly collect personal information from persons known to be minors (under the age of 16), or use it in any way, or disclose it to any unauthorised third party without the permission of the person having parental responsibility for the child. The above is without prejudice to the general contract law of the Member States, such as rules on the validity, formation or effect of a contract in relation to a child. In such cases, the provider shall make reasonable efforts, taking into account available technology, to verify whether the holder of parental responsibility for the child has given or authorised consent.

3. WHEN WE MAY PROCESS YOUR PERSONAL DATA

We only collect your personal data when it is strictly necessary or when you have consented to it. We will not process your personal data if the purpose or basis for processing is not duly justified by the applicable data protection regulations (Personal Data Protection Act, Official Journal of the Republic of Slovenia No. 94/07 – Official consolidated text (ZVOP-1) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR)), as well as by our internal policies.

We will process your personal data on the following legal grounds:

1. By visiting the website, you have accepted and agreed to the General Terms and Conditions of Use of this website and have entered into a contract with us and/or have entered into or are in the process of entering into a contract with us for the purchase of our products in accordance with the General Terms and Conditions of Sale, which is used as the legal basis for the processing of your personal data. The data is encrypted and transmitted to our server in a protected format. This system prevents anyone from intercepting your personal data.
2. We also process your personal data on the basis of a legal basis:

– on the basis of national legislation, including the Personal Data Protection Act (Official Journal of the Republic of Slovenia, No. 94/07 – official consolidated text; ZVOP-1), the Copyright and Related Rights Act (Official Journal of the Republic of Slovenia, No. 16/07 – official consolidated text, 68/08, 110/13, 56/15 and 63/16 – ZKUASP; ZASP), etc.

– under other international treaties and EU regulations, which oblige us, in certain cases, to disclose personal data of individuals to public authorities and other controllers for the performance of their or their respective legal obligations or responsibilities.

3. We may process personal data on the basis of legitimate interest in connection with the performance of the contracts referred to in point 1 of this section, e.g:

– for statistical purposes and for the collection of demographic data and visitor interests,

– for business analysis,
– to improve services for the individual,

– to further develop the offer,

– to diagnose server problems and edit web pages,

– to ensure the security of information systems,

– to measure the effectiveness of promotional activities and advertising,

– on the basis of other legitimate interests.

4. In certain cases, we may process your personal data on the basis of your personal consent (consent) for the purpose of carrying out marketing activities, such as sending you newsletters and general information about offers, news, benefits, events, and for informing you about the offer of services tailored to your personal interests, on the basis of profiling, which we use for these purposes. Personal consent is entirely voluntary and is not a condition for entering into a contract. In these cases, processing will continue within the scope of the purpose stated in the declaration and the agreed means of communication until the consent is withdrawn.
5. We also collect personal data when you visit our website through cookies to improve the functionality and user experience, security, the smooth operation of the website and to count the number of users on the website. Further information on the use of cookies is available at the following link.  

4. HOW WE COLLECT YOUR PERSONAL DATA AND WHAT TYPES OF PERSONAL DATA WE PROCESS 

We obtain personal information from a variety of sources. In most cases, you provide it to us directly by visiting our website, filling in an online form to purchase products on our website and/or signing up to receive our newsletter. In addition, we may also use other information and data that is available or has been provided to us from public sources (public registers, databases, internet applications, social media).

1. contact details

This includes any personal information you provide to us when you fill in forms to purchase our products on the Website or communicate with us by telephone, email or any other means. They also include any information you provide to us when you subscribe to our newsletter or report any problem that occurs while visiting this website. In these cases, we collect and store information which may include your name, email address, telephone number, address and other information you provide.

2. server details

When you use this website, we collect a variety of information in a server log, including: dates and times of visits; subpages visited; your IP address; your time zone setting; the amount of time you spent on our website; the websites you visited just before or just after visiting our website; screenshots of clicks on this website; information you viewed or searched for; page response times; download errors; lengths of visits to individual pages; and information about how you interacted with the site.

3. details of the installations

We collect information about the computer or mobile device you use to access this website, including the model, operating system and hardware version, the web browser you use and other identifiers of your device.

4. information about buying our products

We use information about which of our products you have purchased to target our activities.

5. contact details

We keep a record of your contacts with us, in particular the date (and possibly time) of the contact and the reason for it. This applies to all types of contact (telephone, SMS, post, email, face-to-face).

6. social media data

We also use social media (e.g. Facebook, Instagram) in our marketing campaigns and, although we do not store the information that is posted on your profile, we use it to target our marketing activities, but only if you have consented to this in your use of these social media. We also use third-party cookies to provide you with a better user experience, to share content across different social media platforms and to tailor our offerings to your preferences and needs, which are evident from your previous web browsing. Despite our best efforts, we cannot guarantee the content of linked external websites or verify such content. You, therefore, click on external links at your own risk. We do not accept any liability for any damage or implications caused by visiting any external link. If you follow a link to another website, you are leaving our website and this Notice of Processing data does not apply to your use of or activities on other websites.

5. WHO CAN USE THE PERSONAL DATA YOU HAVE PROVIDED TO US

The users of your personal data are our employees who are authorised to process your personal data, contractual processors and public authorities, other state authorities and holders of public powers to whom personal data is disclosed where required by applicable law. We take your privacy very seriously. We will only disclose it to third parties if it is strictly necessary, if they are trustworthy and have signed a non-disclosure agreement with us, or if you have given us your explicit permission to do so.

In certain cases, contractual processing of personal data is necessary and agreed in order to carry out our activities, e.g. with companies that ensure the operation of our services (software suppliers and maintainers, IT administrators, technical support, contractual partners that provide us with usage analysis, direct marketing and data storage services, etc.). The contractual processors process personal data on our behalf and for our account. They may not delegate the contractual processing to sub-processors without a reasoned request and without our express written consent.

Your personal data is our business secret. Our employees process your personal data in accordance with their powers of attorney and our internal policies. Our contract processors are committed to protecting confidential information and respecting the rights of individuals in the same way as our employees, so your data is secure.

We therefore need to share some of your personal data with the following companies:

– Klaviyo – We work with this marketing automation company when we send you purchase-related emails or other gifts based on your request on the website. The basis for processing this information is the contract we entered into with you at the time of purchase, or on consent. 

You can find more information about how Klaviyo collects and processes your data at 

https://www.klaviyo.com/legal/privacy-policy

https://help.klaviyo.com/hc/en-us/articles/360003211651-Understanding-frequently-asked-questions-about-GDPR

– General Logistics Systems, Logistics Services Ltd – We work with this company to deliver the books you order on our website. The basis for processing this information is the contract we entered into with you at the time of purchase.

– Google Analytics with anonymised IP addresses (Google Inc.) – Google Analytics is an online visitor analysis service provided by Google Inc. (“Google”). Google uses the data collected to track and analyse the use of our website, to compile reports on the use of our website and to share it with other Google services.

Google may use the data collected to personalise and contextualise ads in its ad network.

The settings we use only transmit your IP address to Google in an anonymised form. This means that it truncates your IP address in an EU Member State. In exceptional cases, it may transmit your full IP address to a Google server in the United States and anonymise it there.

Personal data we collect: cookies and website usage data.

You can find more information about how Google collects and processes your data at http://www.google.com/analytics/terms or https://policies.google.com/?hl=en.

If you wish to exclude the collection and processing of data for web analytics purposes, please use an add-on for your browser that prevents the use of Google Analytics.

We have added a Google Display Network Remarketing add-on to the Google Analytics code we use on our website. This is a service from Google Inc. that analyses user behaviour across the Google Display Network. Cookies track your visits to other websites that are part of the Google Display Network and to our website. The ads we serve in Google Ads use this analytical data to serve more targeted and optimised advertising. By analysing third-party cookies, we can better tailor our ads to your needs and preferences. Google uses this information for services such as remarketing, the Google Impression Network Impression Count report and the Google Analytics Demographics and Interests reports.

We use the following Google Ads services on our website:

– Remarketing,

– categorisation by interest categories and demographic characteristics (e.g. age, gender)

– Facebook Messenger live chat with website visitors (Facebook, Inc.) – The Facebook Messenger Customer Chat web service is part of the Facebook Messenger live chat platform offered by Facebook, Inc.

The basis for processing this information is the contract we entered into with you at the time of purchase or on consent. Personal data we collect: cookies and website usage data and other information you enter.

We have signed a contract with all the companies we work with and provide personal data to, which ensures that they protect your personal data and store and process it in accordance with the law. We only provide them with information that is strictly necessary and only allow them to process it for specific purposes in accordance with the agreement.

– Instagram: There are links to Instagram features on our website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Once you are logged into your Instagram account, you can link the content of our websites to your Instagram profile by clicking the Instagram button. In this way, Instagram can assign your visit to our website to your user account. Please note that we, as the website provider, do not receive any information about the content of the data transmitted and its use by Instagram.

Further information on this can be found in the Instagram data protection statement:https://help.instagram.com/519522125107875

6. WILL WE DISCLOSE YOUR PERSONAL DATA TO THIRD PARTIES OR TRANSFER IT OUTSIDE THE EU ?

If we transfer your personal data outside the European Economic Area, we will do so in accordance with data protection law. We may do this in a number of ways, including:

– the country to which we send your personal data has been certified as appropriate by the European Commission;

– a contract has been concluded with the recipient of your personal data which contains the Standard Contractual Clauses adopted by the European Commission and which commits the recipient to the protection of personal data; or

– where the recipient of your personal data is based in the US, it is a member of the EU-US Privacy Shield certification mechanism.

In all other cases, we are permitted by law to transfer your personal data outside the European Economic Area by other means. In all cases, however, any transfer of your personal data will be in accordance with the relevant data protection legislation.

7. HOW WE WILL PROTECT YOUR PERSONAL DATA

MIT D.O.O. will use all organisational, technical and other appropriate procedures and measures to protect your personal data in order to prevent unauthorised destruction, alteration or loss of data and any unauthorised processing. Measures may include, but are not limited to, internal policies on the protection of personal data, additional training of employees, internal audits of processing activities, etc. Other possible measures may include minimising the collection of personal data, pseudonymisation, transparency, allowing individuals to monitor processing, and continuous upgrading of security measures.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

The period of retention of personal data depends on the basis and purpose of the processing of each category of personal data. Personal data shall be kept only for as long as is required or permitted and necessary to achieve the purpose for which they were collected or further processed. After the purpose has been fulfilled, we will only retain personal data that we are required to retain by law or that we may need for evidentiary or defence purposes, if there is a possibility of asserting legal claims. Other data will be erased, destroyed, blocked or anonymised, unless otherwise provided by law for specific types of personal data.

We will keep your personal data processed for the purpose of newsletter communications until your withdrawal or, in any event, for a maximum of ten years from the date of consent. After this period, we will ask for your consent again.

9. WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA

You may at any time request access to, rectification or erasure of your personal data, restrict or object to the processing of your personal data. We will inform you if this request will affect the ability to continue to operate this website or our business relationship. In certain cases, you also have the right to the portability of your personal data to another controller. The latter depends on the technical capabilities and internal policies of each controller.

You may withdraw your consent to the processing of your personal data for the purpose of sending offers and newsletters at any time, without prejudice to the lawfulness of the processing of your personal data on the basis of that consent for the period prior to the withdrawal.

We do not accept any responsibility for the authenticity, accuracy or timeliness of the personal data you provide. It is the user’s responsibility to ensure that all information provided is accurate and up-to-date.

In the event of a personal data breach, we will notify you under the conditions set out in applicable law.

We will comply with your request without undue delay and in any event within two months of the request, unless otherwise provided by applicable law. This time limit may be extended by up to three months, taking into account the complexity and number of requests. We will inform you of any such extension within two months of receiving the request, together with the reasons for the delay.

If you believe that we are not processing your personal data in accordance with the applicable legislation, you may lodge a complaint with the Information Commissioner by e-mail to gp.ip@ip-rs.si or by regular mail to the Information Commissioner, Dunajska cesta 22, 1000 Ljubljana.

10. FINAL PROVISIONS

This Notice of processing data is published on https://joyforkids.eu and will enter into force on 25.11.2022.

In addition to this Notice of processing data, you are advised to read the General Terms and Conditions of Use, which are published on the Website and together with this Notice of processing data and any Product Purchase Agreement or other agreement form a binding contract between you and us.

MIT d.o.o. Ljubljana