- Personal data controller: the Controller of personal data is a company the Institute of Metagenomics and Microbial Technologies Ltd., which manages the online store Sanotest and defines the purposes and means of processing Data subjects’ personal data.
- Data subject: A Data subject is a customer, a buyer, a user or a visitor of the Sanotest online store.
The Controller takes appropriate measures and ensures that all personal data collected from Data subjects are:
- processed according to the law, fairly and transparently,
- collected for specific, explicit and legitimate purposes and is not further processed in a manner incompatible with the original purposes for which data is collected,
- only data that is needed for the purpose for which is being processed,
- stored in a form that enables identification of a Data subject for as long as it is necessary for the purpose for which the personal data is processed,
- takes appropriate technical and organizational measures to protect the rights and freedoms of Data subjects,
- processes personal data by using technical or organizational measures that ensure the security of personal data, including protection against unauthorized or unlawful processing and to prevent accidental loss, destruction or damage.
Information about the Controller
Legal name and address:
Institute of Metagenomics and Microbial Technologies Ltd.
Address of the business unit Sanotest: Stegne 7, 1117 Ljubljana
VAT No.: SI50478141
Registration number: 6554784000
Phone number: +386 30 414 180
E-mail address: email@example.com
What personal data does the Controller collect?
The Controller collects the following personal data of Data subjects via the Sanotest online store, by telephone or e-mail:
- name and surname,
- address (street and house number),
- city and postcode,
- e-mail address,
- phone number,
- IP address,
- location of access to the Sanotest online store,
- other information that is voluntarily given to the Controller by Data subjects.
The type and the extent of personal data depend on the purpose for which the Controller collects and processes personal data (please read more in the chapter the Purpose of collecting and processing personal data).
When does the Controller collect personal data?
The Controller collects personal data when a Data subject:
- places an order in the Sanotest online store, by phone or email,
- subscribes to the newsletter,
- register as a user at the Sanotest online store,
- contacts the Controller via the contact form on the Sanotest online store, via e-mail firstname.lastname@example.org or by telephone at +386 30 414 180,
The purpose of collecting and processing personal data
Collection and processing of personal data to complete the order
The Controller collects and processes personal data of Data subjects when it is necessary to do so to implement the contract* (processing the order and related activities) in which a Data subject is a contracting party or for the implementation of measures at the request of such Data subject prior the contract.
*The contract is a business relationship between the provider and the buyer of products from the Sanotest online store (for more information, please see the Terms and Conditions).
The purpose of collecting and processing personal data of a Data subject for the implementation of the contract includes:
- completing the order,
- notifying a buyer about a delivery,
- verification of the information stated in the order form,
- preparing proforma invoices, invoices, delivery notes,
- offering customer support,
- resolving complaints,
- other purposes required by applicable law.
Processing customers’ data for direct marketing purposes
The Controller processes personal data of customers for direct marketing purposes. Personal data processed for this purpose are name and surname, address, telephone number, e-mail address.
A customer may at any time request that the Controller stops using his personal data for direct marketing purposes. To do this, the customer has an option to click at the “unsubscribe” link in the e-mail, send the request (a word “unsubscribe”) as a reply to the received e-mail, or send the request at any time by e-mail to email@example.com or by telephone at +386 30 414 180.
Collection and processing of personal data with the consent of a Data subject
A Data subject has an option to consent to the collection and processing of personal data for:
- Receiving newsletters, special offers and discounts, useful health-related information, advice, recommendations and other promotional and educational content,
- direct marketing, promotion or advertising via e-mail, phone or with the use of advertising tools provided by third parties such as Google, Facebook, Instagram, Twitter, Mailerlite,
- analytical purposes on the use of the Sanotest online store (Google Analytics, Facebook Analytics) for internal marketing research, technical improvements, improvements of user experience and quality of service,
- communication with the Controller through the contact form on the Sanotest online store, by email at firstname.lastname@example.org or by telephone at +386 30 414 180.
The Controller must obtain the consent of a Data subject to process his or her personal data for the purposes listed above. A Data subject must give consent voluntarily and can do so by ticking the consent box on the Sanotest online store at the event where the Controller collects personal data (see the section above When does the Controller collect personal data?).
A right to cancel the consent to the collection and processing of personal data
A Data subject may at any time cancel the consent to collection and processing of personal data by clicking the unsubscribe link in the email received or by sending the request (unsubscribe) in writing to email@example.com
Transmission of personal data to third parties or contractors
The Controller will never pass on personal data to unauthorized third parties. The Controller will pass personal data to third parties only to fulfil the order or for the purpose for which a Data subject entrusted the Controller with personal data and gave consent for their use.
The Controller cooperates with contractors who process personal data on behalf of the Controller.
- accounting service providers,
- delivery service providers,
- legal service provider,
- maintainers of information systems,
- providers of electronic payment solutions,
- e-mail solution providers,
- online advertising solutions providers.
To fulfil the order (fulfilment of the contract), the Controller can submit personal data to delivery service providers. The Controller or delivery service provider shall include on the package the name and surname, address, postal code, city and a phone number which a Data subject has communicated to the Controller at the time of placing the order.
The rights of a Data subject
A Data subject has the right to:
- obtain information about the processing of his/her data,
- get access to personal data held about him/her,
- require that incorrect, inaccurate or incomplete personal data is corrected,
- request that personal data is deleted when it is no longer needed or when its processing is unlawful,
- restrict the processing of personal data for marketing purposes or for reasons related to his/her personal situation,
- request restriction of the processing of his/her personal data in other specific cases,
- obtain personal data held by the Controller in a machine-readable format so that a Data subject can send it to another Controller (data portability),
- require that decisions based on, or related to, automated processing of a Data subject’s personal data or when such processing significantly influences a Data subject, are made by individuals, not just computers. In such cases, a Data subject also has the right to express his or her opinion and challenge decisions made.
To exercise the rights, a Data subject may contact the Controller at any time by email at firstname.lastname@example.org or by telephone at the number +386 30 414 180.
How is personal data secured?
The Controller will use personal data only for the purpose for which the Data subject has given a consent and according to the law..
The Controller uses appropriate technological and organizational means to protect the transfer and storage of personal data, orders and payments.
On the Sanotest online store, the Controller uses SSL certificate by Let’s encrypt to encrypt information a Data subject inputs. The Controller does not store any of the Data subjects’ credit card or other payment information. Transactions made with PayPal are processed and secured directly by PayPal. Purchases with credit cards are processed and secured by Stripe and Wire transfers by Data subject’s payment processor that transfers money directly to the Controller bank account.
The protection of personal data is also a responsibility of a Data subject itself. A Data subject should not disclose personal data to unauthorised parties. A Data subject should keep username and password safe, and use appropriate security software on all devices from which a Data subject accesses the Sanotest online store.
Data retention time
By a given consent, a Data subject agrees that the Controller may store and process Data subject’s data for as long as:
- required for further processing of personal data,
- needed to fulfil the purpose for which personal data is collected,
- until a Data subject cancels the consent,
- required by law (based on the VAT Act, the Controller must keep invoices for ten years).
We are at your disposal for any question you might have via e-mail at email@example.com or by phone +386 30 414 180.