Reserve the right to information
Reserve the right to be informed and to privacy protection
Dear BadassBarley lovers, with the coming into force of the General Data Protection Regulation (EU) 2016/679, customers have been given more rights concerning their personal data protection and privacy. Any personal information provided or collected via the www.badassbarley.com website, or via our store is controlled by Slavonija slad d.o.o., Bedem 18, 35400 Nova Gradiška, the Controller.
Slavonija slad d.o.o. is a company committed to ensuring compliance with the relevant regulatory framework in all its operation segments, and particularly those which directly refer to the interests and satisfaction of our customers.
It is precisely for this purpose that we want to renew your consent to the use of personal data in accordance with the new Regulation, thus allowing you to fully express your wishes and interests.
Slavonija slad d.o.o. Personal Data Protection Rules
What type of information will be collected?
- basic personal data (e.g. first and last name) and contact data (e.g. address, e-mail, mobile phone)
- profiling data (e.g. age, sex, city, country)
- information concerning the communication with Badass Barley, including marketing communication (newsletter, Viber, SMS, or other appropriate electronic communication options, e.g. push notifications in the Application, etc.)
What are the lawful bases for the processing of your personal data that we rely on?
Pursuant to the valid data personal protection regulations, we will process your person data:
- if you give us your consent to the processing of your personal data (which can be withdrawn at any time)
- if processing of your personal data is necessary in order to sign and/or execute a contract with you
- if processing of your personal data is required based on the legal interests of Slavonija slad d.o.o. or a third party
- if processing of your personal data is required by the law (for example, with regard to the data on issued invoices).
For which purposes will we process your data?
We will process your data only for specific, explicit and legitimate purposes, and we will not process them in any manner which is contrary to such purposes. More precisely, your data may be processed for example for the purpose of answering questions, executing a placed order, customer experience improvement when visiting our web pages or portals, general product and service improvement, offering services or applications, conducting a marketing campaign etc.
How long will we keep your personal data?
We will keep your personal data in accordance with the valid Personal Data Protection Act. We will store them for as long as they are needed in order to achieve the purposes for which they are processed, or to comply with the law. The personal data which are processed based on your consent will be stored and retained until you withdraw your consent. The personal data processed in order to comply with legal obligations or on the basis of a contractual relationship will be retained for the period prescribed by the law (e.g. 10 years from the date of issue in the case of issued invoices), or for the duration of the contract plus 5 years after termination thereof (which is the general statute of limitations).
After the expiry of the retention period, the personal data will be erased effectively and permanently, or will be anonymized so that they may no longer be connected to an identifiable person.
How will we protect your personal data?
We implement technical and organizational security measures to protect your data from unlawful or unauthorized access or use, as well as from accidental or partial loss. We have designed these measures taking into consideration our IT infrastructure, the potential impact on your privacy and the associated costs, and in accordance with the current industrial standard and practice.
Our contractual partners who process data will be allowed to process your personal data only if they agree to ensure and implement the said technical and organizational security measures.
Maintenance of the security of data means protection of confidentiality, completeness and availability of personal data:
- confidentiality and completeness: your personal data are protected from unauthorized or unlawful processing as well as from accidental loss, destruction or damage,
- availability: we will ensure that the persons authorized to process data have access to your personal data when necessary.
Our security procedures include: access security, back-up copies, monitoring, review and maintenance, security incident management, etc.
What are your options and rights with regard to the provided personal data?
We wish to be as transparent as possible, and we therefore allow you to choose the manner in which you want us to use your personal data.
- You choose how you want us to contact you – e.g. through which channels (for example, e-mail, mobile phone etc.). Keep in mind that not all marketing communication may be performed via all channels.
- Your personal data – you can always contact our data protection contact person (check the section: Whom can I contact if I have questions with regard to the processing of my personal data?) in order to find out which personal data we have in our database and from which source we have obtained the same. You will be able to view the personal data that you have provided to us at any time, in the commonly used, structured, machine-readable format, and you have the right to transmit your personal data to any third party of your choice,
- Your corrections – if you find any inaccuracies with regard to your personal data or if you think that your data may be incomplete or inaccurate, you can request that they be rectified or supplemented,
- Your restrictions – you have the right to restrict the processing of your personal data (for example, during the time the accuracy of your data is being verified)
- Your complaints – you can also object to the use of your personal data for the purpose of direct marketing or solely automated processing, including profiling.
You may withdraw your consent to the processing of personal data at any time by contacting our data protection contact person (check the section: Whom can I contact if I have questions with regard to the processing of my personal data?). You may request from us to erase any data which concern you (except in certain particular cases, e.g. is such data are required for the purpose of providing a proof of transaction or by law). You also have the right to file a complaint with the supervisory authority.
Whom can I contact if I have any questions regarding my personal data?
We have appointed a contact person responsible for answering your questions or requests with regard to your personal data (and the processing of the same), and with regard to your request to exercise the associated rights. Write to us at firstname.lastname@example.org.
In order to ensure reliable identification in the event you submit a request to exercise a right associated with your personal data, we may request from you to provide certain additional data, and we can refuse to act upon your request only if it is proven that you cannot be reliably identified.
How can I withdraw my consent?
Refusal to provide consent to the processing of personal data does not entail any negative consequences or sanctions. However, it is possible that, once consent to the processing of personal data is withdrawn, Badass Barley will no longer be able to provide a particular or more of its services, which cannot be provided without the use of personal data (individualized communication, benefit notifications, and similar), to such user.
Why is profiling useful for individualized communication and informing?
Certain data are used for evaluation or assessment of content which you could find most interesting and most useful. In this manner, we want to ensure that we are able to inform you of the most relevant products, or services. For this purpose, individuals may be classified into various groups (profiles) with which we communicate differently, i.e. in a customized (individualized) manner. This means that different profiles receive marketing messages with different contents, including terms and conditions of purchase (e.g. in terms of discounts or methods of payment). For the purpose of classifying individuals into different profiles, we may follow, record and use their responses to marketing messages, i.e. opening of e-mail messages or links, the time spent by the individual in a particular web location, and so on.