The company DPG, promocija dogodkov d.o.o., Ulica Jana Husa 58, 1000 Ljubljana, registration number: 6324690000, VAT ID: SI99411458 (hereinafter “the company”) protects your personal data by ensuring their protection throughout the business. In the company, we are aware of the importance of protecting personal data, mainly because we use it to provide more appropriate services and information to our visitors.
All our activities related to the processing of personal data are in accordance with applicable European legislation (mainly Regulation (EU) 2016/697 on the protection of individuals in the processing of personal data and on the flow of such data (General Data Protection Regulation or GDPR) and the conventions of the Council of Europe (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Act on Protection of Personal Data (ZVOP-1, Official Journal of the RS, No. 94/07 ), the Act on Electronic Business on the Market (ZEPT, Official Journal of the RS, No. 96/09 and 19/15) etc.).
Controller and authorized person for data protection
Official company name: DPG, promocija dogodkov d.o.o.
Company headquarters: Ulica Jana Husa 58, 1000 Ljubljana
Responsible person in the company (legal agent or representative): Miha Cvek
Authorized person for data protection in the company: Miha Cvek
Contact of the authorized person for data protection: firstname.lastname@example.org
If you have any questions regarding the use of this policy or in connection with the exercise of your rights arising from this policy, please contact the authorized person for the protection of personal data.
– Personal data means any information on the basis of which an individual can be determined (e.g. name, surname, e-mail address, telephone number, etc.).
– Controller means the legal entity that determines the purposes and means of processing your personal data.
– Processor means a legal or natural person that processes personal data on behalf of the controller.
– Processing means the collection, storage, access and all other forms of use of personal data.
– EEA means the European Economic Area, which refers to all the member states of the European Union, Iceland, Norway and Liechtenstein.
Personal data is information that identifies you as a specific or identifiable individual. An individual is identifiable when he can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more factors that characterize the individual’s physical, physiological, genetic , mental, economic, cultural or social identity.
The company, in accordance with the purposes defined below in this policy, collects the following personal data:
– basic information about the user (name and surname, address, date of birth, location);
– contact information (e-mail address, telephone number, date, time and content of postal or e-mail communication, date, time and duration of telephone calls);
– channel and campaign – the method of acquiring the user, or the source through which the user came into contact with the controller (website and advertising campaign or campaign);
– data on the user’s purchases and issued invoices (date and place of purchase, purchased products, prices of purchased products, total purchase amount, payment method, delivery address, invoice number and date of issue, identifier of the person who issued the invoice, etc.) and data on resolving product complaints;
– data on the user’s use of the operator’s website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, settings made on the website) and data on the use of received messages (e-mail, SMS) of the controller;
– personal data that the user provides voluntarily by filling out forms, e.g. in the context of prize games;
– other data that the user voluntarily provides to the provider when requesting specific services, insofar as this data is necessary for the performance of the service. The company does not collect or process your personal data, except when you allow it to do so or consent to it, e.g. through the use of the website, when ordering products or services, when you subscribe to receive e-news, participate in a prize game, etc. The company also processes your data when there is a legal basis for the collection of personal data, a contractual basis or when the company has a legitimate interest in the processing.
The company collects only those personal data that are relevant and necessary to fulfill the purposes for which this data is processed.
Legal basis for data processing
The company collects and processes your personal data on the following legal bases:
– Processing based on the law
– Processing on the basis of a contract
– Processing based on the individual’s consent
– Processing based on legitimate interest
Processing on the basis of a contract
We need your data when it is necessary for the conclusion, implementation and fulfillment of contractual obligations. The transmission of personal data is voluntary in this case.
If you do not provide personal data, you cannot enter into a contract with the company, nor can the company provide you with services or deliver products.
Processing on the basis of given consent
We process your data when you give us your express consent. When processing is based on consent, we will make sure in advance that all the information you need to make your decision is available to you. You can withdraw your consent at any time. If you revoke your consent, the provider will not be able to provide you with certain services.
Processing based on legitimate interest
The company may also process data on the basis of a legitimate interest for which the company strives, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relates, which require the protection of personal data. In case of use of legitimate interest, the company always conducts an assessment in accordance with the General Data Protection Regulation.
In case of processing based on legitimate interest, the user has the right to object.
Processing based on the law
We process your personal data when such processing is required by legislation that binds us (e.g. tax legislation mandates the retention of issued invoices). We process this personal data in accordance with the requirements of the law.
Purposes of personal data processing
The company collects and processes your personal data for the following purposes:
– Communicating with you regarding the provision of our services and answering your questions: This includes, in particular, notifications and answering questions, resolving complaints, filling out satisfaction surveys, etc. We carry out the aforementioned processing on the basis of the legitimate interest of ensuring effective communication and successful business operations of the company in relation to users.
– Conclusion and fulfillment of obligations arising from the concluded contract: Conclusion and implementation of the contract concluded with the company, including the fulfillment of your orders (delivery of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations of the provider and/or your Obligations. We process personal data on the basis of a contract and a pre-contractual relationship. If you do not provide us with all the information necessary to conclude the contract, we reserve the right to postpone or cancel the order.
– Direct notification of users about special offers, discounts and other content via e-mail: In the company DPG, promocija dogodkov d.o.o. on the basis of Act ZEKom-1 (Act on Electronic Communications of the Republic of Slovenia, which is implemented on the basis of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002), we inform our users about products, services, content and discounts on the website portal, online store and reservation platform EnjoyLocal. The buyer can request the termination of this type of communication and processing of personal data at any time (right to object). The buyer can terminate this type of communication at any time via the unsubscribe link in the received messages, or by sending a written request to the email address email@example.com. In this case, we process your data on the basis of the law.
– Direct notification of users about special offers and other content via phone calls and regular mail: In the company DPG, promocija dogodkov d.o.o. based on the given consent, we periodically inform users about products, services, content and discounts also via phone calls and regular mail. The customer can at any time request the termination of this type of communication and processing of personal data in such a way as to revoke the consent. The given consent can be revoked at any time via the contacts listed on the web portal www.enjoylocal.eu/contact
– General statistical processing of data about users and their orders, reservations and potential users (contacts) for the purposes of internal analysis of sales, repeat purchases, aggregate customer behavior, advertising optimization and business optimization: In the company DPG, promocija dogodkov d.o.o. we carry out general statistical processing of data about users and their orders and potential users (contacts), on the basis of which we carry out internal analyzes of sales, repeat purchases and aggregate customer behavior and monitor and optimize our business efficiency and optimize our advertising, e.g.: we monitor sales according to our sales channels (internet, call center), we monitor how many users make repeat purchases and reservations, how quickly and for what value, we monitor general statistical sales data, such as the average value of the basket, the number of products on the order, etc., we monitor responses to e-mails, phone calls and various advertising messages (radio ads, online ads) and based on this we optimize our advertising (we decide what, where, to whom and how to advertise). This type of statistical monitoring allows us to generally optimize business and advertising and, on the basis of this, also offer affordable products and services to users. The said processing of personal data is based on the legitimate interest of the successful business of the provider and the provision of quality services to users.
– Processing of data on undelivered remote orders for the purpose of fraud prevention: In the company DPG, promocija dogodkov d.o.o. on the basis of our legitimate interest, we process data on sent and uncollected remote orders, thereby determining whether and which customers disproportionately order products remotely with payment upon collection and then do not collect these products, which causes us business damage that we want to prevent .
When we identify such customers, we disable them from ordering products with payment on delivery in the online store, but they are still enabled to order products with immediate prepayment by payment cards or PayPal.
– Automatic e-mail communication with the user based on his or of the start of the online purchase process: In the company DPG, promocija dogodkov d.o.o. on the basis of our legitimate interest, we occasionally send e-mail messages related to their unfinished purchase to potential users who have added selected products to the shopping basket but have not completed the purchase, with the aim of attempting to complete the purchase or offering help and information in this regard. If you do not want this, you can stop this type of data processing at any time or by sending a written request to firstname.lastname@example.org.
– Basic personalized communication (via email, phone calls, mail, browser notifications, information on the website, social networks) with discounts, offers and content: Within the framework of basic personalized communication (via email, phone calls, mail, browser notifications, information on the website, social networks) we try to present you with relevant offers, discounts and other content that may be of interest to you based on your past interactions with us.
For this we use the following information about you: demographic information (gender, age), purchase history (purchased products, number of purchases), easy handling of behavior on EnjoyLocal websites (viewing individual products or content that may trigger the sending of personalized messages), without using these data for creating user profiles.
We do not use any semi-automatic or automatic profiling, but simply select appropriate sets of recipients for individual messages. In doing so, we never focus on individual data, but perform aggregate processing of larger groups. Based on this data, it can then depend on which messages you will receive from us.
The buyer can terminate this type of communication at any time via the unsubscribe link in the received messages, or by sending a written request to the email address email@example.com.
– Use of Facebook Login (“Facebook login”) to log in to the EnjoyLocal web portal: To register and log in to the user account, you also have the option of confirming your identity with an existing Facebook profile and with the final registration or login.
– Use of the Facebook advertising tool Facebook Custom Audiences: In the company DPG, promocija dogodkov d.o.o. for online advertising, we also use the Facebook Custom Audiences service, as part of the obtained consent for communication with customized offers and content based on the user’s profile.
This service works in the following way: Your e-mail address, which we obtained from you during your purchase or your voluntary input, is uploaded to Facebook. Facebook performs a comparison between your e-mail address and its user base and determines whether you are a Facebook user. If you are not a Facebook user, then nothing happens with your e-mail address and Facebook does not perform any activities with it. However, if you are a Facebook user, Facebook will add you to a newly created list of personalized audiences that will only and specifically allow us to serve personalized ads to this group of users on Facebook. Based on this, we can show you more targeted and personalized ads on Facebook, as well as additional discounts. You can stop doing this from our site at any time or by sending a written request to the e-mail address firstname.lastname@example.org.
– Use of an online account and access to information within the scope of the GDPR: We process your personal data to ensure access and use of your user account with the provider, which allows you to access the personal data that we process about you and edit the consents given. You can also access information about past orders placed with you within this profile. We process personal data based on our legitimate interest.
– Communication with personalized offers and content based on your profile: Based on your consent, the provider also carries out personalized communication, which is carried out through various communication channels (via e-mail, phone calls, mail, notifications via the browser, information on the website, social networks). Because we want to offer you the best possible offers and content tailored exactly to your needs, with your consent we create your profile, which is the basis for personalized communication.
We can use the following information about you for this: demographic data (gender, date of birth or age, address), your purchase history (purchased products, time of purchase, number of purchases), answers in various questionnaires on EnjoyLocal websites, behavior on EnjoyLocal websites (viewing individual products or content, adding products to the shopping cart, internet transactions), your responses (opening a message, clicking on a link, purchasing) to the various messages we send you.
Based on this user profile, it can then depend on what kind of content and offers you will receive from us: Which products and content will be presented to you that will be most interesting for you and how often we will send you messages and through which communication channels
If you have given your consent for this type of processing and now you no longer want it, you can stop this type of data processing at any time via the unsubscribe link in the received messages or by sending a written request to the e-mail address email@example.com.
– Enforcement of legal claims, protection of our rights and resolution of disputes: we collect in accordance with the law.
– Legal obligations: We collect your data to fulfill legal obligations, e.g. storing invoices for the purposes of tax legislation. We process your data only to the extent necessary to fulfill legal requirements.
Storage of personal data
The company will keep your personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected.
Those personal data that the company processes on the basis of the law, the company keeps for the period prescribed by law.
Those personal data that the company processes for the purpose of carrying out a contractual relationship with an individual, the company keeps for the period necessary for the execution of the contract and five (5) years after its termination, except in cases where there is a dispute between you and the company in in relation to the contract; in such a case, the company keeps the data for five (5) years after the finality of the court or arbitration decision or settlement or, if there was no legal dispute, five (5) years from the date of the peaceful resolution of the dispute.
Those personal data that the company processes on the basis of the individual’s personal consent are kept by the company permanently, until this consent is revoked by the individual. The company deletes such data before cancellation only when the purpose of personal data processing has already been achieved.
After the retention period has expired, the controller effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.
Purpose of processing and retention periods of personal data
Communicating with you regarding the provision of our services and responding to your inquiries: Six (6) months from the end of the communication
Conclusion and fulfillment of obligations arising from the concluded contract: Five (5) years from the execution of the contract
Direct notification of users about special offers, contents and discounts via e-mail address: Until cancellation
Directly informing users about special offers, content and discounts via phone calls and regular mail: Until cancellation
Processing of data on unclaimed remote orders for the purpose of fraud prevention: Five (5) years from the start of processing
Automatic e-mail communication with the user based on his or of her start of the online purchase process: Until cancellation
Basic personalized communication (via email, phone calls, mail, browser notifications, website information, social networks) with personalized discounts, offers and content: Until cancellation
Use of Facebook Login (“Facebook login”) to log in to the EnjoyLocal web portal: Until cancellation
Use of the Facebook advertising tool Facebook Custom Audiences: Until cancellation
Use of online account: Until cancellation
Access to special information on the website: Until cancellation
Personalized e-news: Until cancelled
Marketing communications using user profiling: Until cancellation
Contractual processing of personal data
Contract processors with whom the provider cooperates are:
– accounting Service; law firms and other providers of legal advice;
– providers of data processing and analytics;
– maintainers of IT systems;
– email providers (eg Mailchimp and others);
– providers of payment systems such as PayPal and others);
– providers of customer relationship management systems (eg Microsoft);
– providers of online advertising solutions (e.g. Google, Facebook).
The provider will not forward your personal data to unauthorized third parties.
Contractual processors may only process personal data within the framework of the controller’s instructions and may not use personal data to pursue any personal interests.
The administrator and users do not export personal data to third countries (outside the member states of the European Economic Area – EU members and Iceland, Norway and Liechtenstein) and to international organizations, except in the USA – all contractual processors in the USA are included in the Privacy Shield program.
Freedom of choice
You control the information you provide about yourself. If you decide not to provide your data to the provider, then we will not be able to provide you with certain services.
Individuals who wish to unsubscribe from the EnjoyLocal e-newsletter should notify us at the e-mail address firstname.lastname@example.org. If your personal data changes (e-mail address, address, telephone number), please notify us of the changes at the e-mail address email@example.com.
Automatic recording of information (non-personal data)
Whenever you access the EnjoyLocal web portal, general, non-personal data (number of visits, average time spent on the website, pages visited) is automatically recorded (not as part of the registration). We use this information to measure the attractiveness of our website and to improve its content and usability. Your data is not subject to further processing and is not forwarded to a third party.
You can read more about cookies and their use here.
The provider makes great efforts to ensure the security of personal data. Your information is protected against loss, destruction, falsification, manipulation and unauthorized access or disclosure at all times.
To protect personal data, we implement organizational and technical measures such as:
– backup of electronically stored data;
– regular maintenance and updating of computer equipment;
– training of employees;
– supervision of employees and regular reviews of the performance of individual employees;
– careful selection and control of contract processors.
Consent of a minor in relation to information society services
Minors under the age of 16 should not submit any personal information to websites or otherwise without the permission (consent or approval) of the holder of parental care for the child (one of the parents or guardians). The Company will never knowingly collect personal information from persons known to be minors (under 16 years of age) or use it in any way or disclose it to an unauthorized third party without the permission of the child’s guardian.
This does not affect the general contract law of the Member States, such as the rules on the validity, formation or effect of a contract in relation to a child.
In such cases, taking into account available technology, the Company makes reasonable efforts to verify whether the holder of parental care for the child has given or approved consent.
Individual rights regarding data processing
If you have any questions regarding our personal data protection policy or the processing of your personal data, you can contact us at any time. Write to us at firstname.lastname@example.org. Based on your request, we will provide you with the required data or (in accordance with the law) ensure the realization of your rights.
You have the following rights in relation to processing:
– The right to withdraw consent: if you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw this consent at any time, without affecting the lawfulness of data processing based on consent. performed until its cancellation.
Consent can be revoked by a written statement sent to the manager at one of the contacts listed on the website www.enjoylocal.eu/contact.
Revocation of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, it is possible that the controller may no longer be able to provide one or more of its services to an individual after the withdrawal of consent to the processing of personal data, if they are services that cannot be provided without personal data (e.g. benefit club or personalized notification).
– The right of access to personal data: as an individual, you have the right to receive confirmation from the company (personal data controller) as to whether personal data is being processed in relation to you and, when this is the case, access to personal data and certain information (about the purposes of the processing, types of personal data, about users, about retention periods or criteria for determining periods, about the existence of the right to correct or delete data, the right to limit and object to processing and the right to appeal to a supervisory authority, about the source of data, if the data was not collected by you, about the existence of automated decision-making, including the creation of profiles, the reasons for it and the meaning and consequences of such processing for you, and other information in accordance with Article 15 GDPR);
– Right to rectification of personal data: as an individual, you have the right to have the company correct inaccurate personal data relating to you without undue delay. As an individual, taking into account the purposes of the processing, you have the right to complete incomplete data, including submitting a supplementary statement;
– Right to erasure of personal data (“right to be forgotten”): As an individual, you have the right to have the company delete personal data relating to you without undue delay, and the company must delete the data without undue delay when one of the following reasons exists:
(a) the data are no longer necessary for the purposes for which they were collected or otherwise processed,
(b) if you withdraw your consent and there is no other legal basis for the processing,
(c) if you object to the processing and there are no overriding legitimate grounds for the processing,
(d) the data has been processed illegally,
(e) data must be deleted to comply with legal obligations under EU law or the law of a Member State applicable to the provider,
(f) data was collected in connection with information society service offerings.
However, as an individual, in certain cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete data;
– Right to restriction of processing: As an individual, you have the right to have the company restrict processing when one of the following cases exists:
(a) if you dispute the accuracy of the data for a period that allows the company to verify the accuracy of the data,
(b) the processing is unlawful and you object to the deletion of the data and instead request the limitation of its use,
(c) the company no longer needs the data for processing purposes, but you need them to assert, implement and defend legal claims,
(d) you have objected to the processing until it is verified that the company’s legitimate reasons prevail over your reasons;
– Right to data portability: As an individual, you have the right to receive the personal data relating to you that you have provided to the Company in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without being obstructed the company to which personal data was provided, namely when:
(a) the processing is based on consent or on a contract and
(b) the processing is carried out by automated means.
As an individual, when exercising the aforementioned right to portability, you have the right to have personal data directly transferred from one controller (company) to another, when this is technically feasible;
– The right to object to processing: as an individual, based on reasons related to your particular situation, you have the right to object at any time to the processing of personal data, which is necessary for the performance of tasks in the public interest or in the exercise of public authority assigned to the provider (point (e) of the article 6 (1) GDPR) or is necessary due to the legitimate interests pursued by the company or a third party (point (f) of Article 6 (1) GDPR), including the creation of profiles based on said processing; the provider ceases to process personal data, unless it demonstrates imperative legitimate reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where personal data is processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including profiling, insofar as it is related to such direct marketing; when an individual objects to processing for direct marketing purposes, the data is no longer processed for these purposes.
When data is processed for scientific or historical research purposes or statistical purposes, the individual has the right to object to the processing of data concerning him for reasons related to his special situation, unless the processing is necessary for the performance of the task being carried out for reasons of public interest;
– The right to lodge a complaint with a supervisory authority: without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to lodge a complaint with a supervisory authority, in particular in the country of your habitual residence, your place of work or in where the violation allegedly occurred (in Slovenia, this is the Information Commissioner), if you believe that the processing of personal data concerning you violates regulations on the protection of personal data.
Without prejudice to any other (administrative or extrajudicial) means, you as an individual have the right to an effective legal remedy, namely against the legally binding decision of the supervisory authority in relation to it, as well as in the case when the supervisory authority does not consider your complaint or you are does not inform about the status of the case or about the decision on the appeal within three months. Courts of the Member State in which the supervisory authority has its seat are competent for proceedings against the supervisory authority.
The individual can address all requests regarding the exercise of rights in relation to personal data, in writing, to the controller, namely to one of the contacts listed on the website www.enjoylocal.eu/contact.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, the controller may request additional data from the individual, and may refuse to take action only if it proves that it cannot reliably identify the individual.
The controller must respond to the individual’s request, with which he/she is exercising his/her rights in relation to personal data, without undue delay and no later than one month after receiving the request.
Notification to the supervisory authority about a breach of personal data protection
In the event of a violation of the protection of personal data, the company is obliged to notify the competent supervisory authority, except when it is likely that the rights and freedoms of individuals were not threatened by the violation. When there is a suspicion that a crime has been committed at the time of the violation, the company is obliged to inform the police and/or the competent prosecutor’s office about the violation.
In the event that it is a violation that may cause a great risk to the rights and freedoms of individuals, the company is obliged to report the violation immediately or when it is not possible, without undue delay, to inform the individuals to whom the personal data refer. The notification to the individual must be made in understandable and clear language.
Access to social networks
Through our website, you can access the web plugins defined below, which the provider uses in its operation: Facebook, Instagram, Youtube
The privacy policies are available at the links below:
– Instagram https://help.instagram.com/519522125107875
– Facebook: https://www.facebook.com/about/privacy/
– Youtube: https://policies.google.com/privacy?hl=en
Announcement of changes
Published: September 1, 2022