Privacy Policy
Privacy Policy on WWW.Q-BRICKS.COM
Privacy Statement
Q-BRICKS d.o.o.
Opekarska cesta 16
1360 Vrhnika, Slovenia
(Data Controller)
Q-BRICKS d.o.o. respects and protects your privacy, striving for the highest level of protection and adhering to the principles of transparency and careful handling of personal data. This privacy statement describes the handling of data provided to or collected by our digital platforms, which allow visitors to access our website and use our services. Q-BRICKS d.o.o. processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), the applicable Slovenian Personal Data Protection Act (ZVOP-2), and other regulations in the field of personal data protection.
Data Controller:
Q-BRICKS d.o.o.
Opekarska cesta 16
1360 Vrhnika, Slovenia
Phone: +386 31 249 097
Email: info@q-bricks.com
Contact for Data Protection Officer (DPO):
Phone: +386 418 93012
Email: alja@aljafakin.si
Please note that despite all measures taken by the Controller to ensure the maximum possible protection of your data, absolute protection of your privacy is not provided when sending to email addresses. Therefore, if you wish for the highest level of security, you may send your personal data by mail to the Controller's address, marked "For DPO".
Purpose of Personal Data Processing
The Controller will process your personal data to the extent necessary to fulfill the purposes for which they were collected. Each specific purpose of data processing is always evident on the website at the point where data is collected (e.g., customer registration). General information provided by the Controller is as follows:
- Your personal data will be received through your inquiries or communications sent to the email address listed as a contact on the website www.q-bricks.com. The Controller will receive: your name, email address, content of the email, and other contact information you provide. This data allows us to respond to your information requests, prepare appropriate steps and offers for purchasing products, and respond to warranty or other claims.
- As part of Q-BRICKS d.o.o.'s general business processes, we collect personal data from website visitors and customers who are consumers, as well as contact persons of our suppliers and business partners. Data may include individual's name, contact information, and other necessary information for doing business with you or your organization.
Legal Basis for Data Processing
Personal data collected in the online store via forms filled out by individuals, or otherwise communicated to the Controller - Q-BRICKS d.o.o. (name, email, phone, street and house number, postal code, city, country, region, shopping cart content, IP) is collected for the purpose of performing the basic activity of Q-BRICKS d.o.o. i.e., the online store. This includes responding to inquiries, preparing and concluding contracts, and fulfilling the contract. Since this processing is necessary to perform the service itself, the processing of this data is based on the fact that the customer enters into a contractual relationship with the provider (processing based on a contract or activities to conclude a contract). The legal basis for the lawful processing of personal data is the performance of a contract to which the data subject is a party or taking steps at the request of such a data subject prior to entering into a contract (Article 6(1)(b) GDPR).
If the legal basis for data processing is your consent, you have the right to withdraw your consent at any time. However, this does not affect the lawfulness of the processing carried out by Q-BRICKS d.o.o. prior to the withdrawal (Article 6(1)(a) GDPR). To withdraw your consent, write to our contact email. In case of withdrawal of consent for data processing, we will stop processing the collected personal data for that purpose. Withdrawal of consent does not affect the processing of personal data until withdrawal.
If we provide personal data to law enforcement or other government authorities, we share your personal data because we are legally obliged to do so. Our legal obligations also include the retention of documentation or other processing of your personal data resulting from accounting and tax regulations (Article 6(1)(c) GDPR).
The Controller may also collect your data based on legitimate interests pursued by the Controller. Such data processing is not allowed if your interests or your rights override the Controller's legitimate interests (Article 6(1)(f) GDPR).
In case of processing personal data based on a contract or law, we warn you that if you do not provide the required data in these cases, we will not be able to provide you with the desired services.
Categories of Users
We will not disclose your personal data to others except in the following cases:
- To our contractual processors who perform services on our behalf, such as responding to your requests, delivering packages, and customer service. These companies are prohibited from using your personal data for other purposes than those we have requested or as required by law. We have concluded data processing agreements with them as required by applicable legislation.
- When we share personal data within the company or with third parties to ensure the safety and protection of our customers, protect our legal and other legitimate interests, or in other cases when disclosure is required by law.
Your Control and Decisions
We enable you to exercise certain controls and decisions regarding our collection, use, and sharing of your data. In accordance with applicable legislation, your control and decisions may include:
- Changing your decision regarding receiving newsletters and notifications.
- Requesting access to your personal data that we hold or correction of inaccurate or incomplete data.
- Requesting that we delete data we hold about you.
- Objecting to data processing or requesting data portability.
You can exercise your control and decisions or request access to your personal data by calling or writing to us and following the provided instructions. Please note that we may not be able to provide certain products and services if you do not allow us to collect your personal data, and some of our services may not take into account your interests and preferences.
Transfer of Your Personal Data
We do not transfer your personal data outside the EU.
Security, Integrity, and Data Retention
The security, integrity, and confidentiality of your data are extremely important to us. Our team implements technical, administrative, and physical security measures designed to protect data from unauthorized access, disclosure, use, and modification. We periodically review our security procedures to consider appropriate new technologies and methods.
The transfer of sensitive personal and transactional data on the website is conducted in a secure manner using the SSL (Secure Sockets Layer) protocol. Data is encrypted and transmitted to the provider's server in a protected form. The system thus prevents anyone from intercepting personal and transactional data sent by customers to the online store.
For secure authorizations and payment card transactions, the STRIPE payment platform takes care of and performs the service. Card authorizations are performed in real-time with immediate verification of data in the banking system.
Please note that despite our best efforts, no security measures are perfect.
Retention Period for Personal Data
We will retain your personal data for as long as necessary to fulfill the purpose for which the personal data was collected and further processed. Personal data processed by the Controller based on law is retained as long as prescribed by the law, or if the law does not prescribe a retention period, until the purpose for which the data was collected is fulfilled.
Personal data processed by the Controller based on a contractual relationship with an individual is retained for the period necessary to perform the contract and for 5 years after its termination, except in cases where a dispute arises between you and the Controller regarding the contract. In such cases, the Controller retains the data for 5 years after the final decision of a court or arbitration tribunal or settlement, or if there was no legal dispute, 5 years from the date of the peaceful resolution of the dispute.
Personal data processed by the Controller based on the individual's consent is retained permanently until the consent is withdrawn by the individual or a request for termination of processing is made. The Controller deletes such data even before withdrawal if the purpose of the personal data processing has already been achieved or if so required by law.
After the retention period expires, the Controller effectively and permanently deletes or anonymizes the personal data so that it can no longer be associated with a specific individual.
Changes to This Privacy Statement
We may occasionally amend this statement to adapt it to the latest technologies, industry practices, legislative requirements, or for other purposes. The current version of the privacy statement will be published on our digital platforms. We advise you to regularly monitor the Privacy Statement, and if required by applicable law, we will obtain your consent for changes.
Comments and Questions
If you have a comment or question regarding privacy, please contact Q-BRICKS d.o.o. in writing or via info@q-bricks.com or address your question to the Data Protection Officer with a letter sent to the Controller's address: Opekarska cesta 16, 1360 Vrhnika, marked "For DPO".
If you are not satisfied with the way your personal data is handled, you can file a complaint to the Controller's contact email address, providing information that allows us to contact you. We will process your complaint and respond within 30 days.
If you believe the Controller has not adequately resolved your complaint and is violating the General Data Protection Regulation and other applicable legislation, you can file a complaint with the Information Commissioner:
Information Commissioner
Dunajska cesta 22
1000 Ljubljana
Email: gp.ip@ip-rs.si
Phone: 01 230 97 30
https://www.ip-rs.si/
For further assistance, please call us at +386 31 249 097 or send us an email at info@q-bricks.com.
MAY 2023