Privacy Policy

PRIVACY POLICY

The purpose of this Privacy Policy and Cookie Policy is to inform users (hereinafter also referred to as: individual or you) of the website www.kiddo-world.si ("website") about the purposes and legal basis for the processing of personal data by the company ALMA TRADE D.O.O. Brodišče 9, 1236 Trzin, email: info@kiddo-world.com (hereinafter: ALMA TRADE, company, we, or controller).

All personal data is processed, stored, and protected in accordance with applicable legislation governing the protection of personal data, particularly in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter: ZVOP-2). Please read our Privacy Policy carefully to understand how we protect your privacy.

By providing your personal data, you declare that you have read our Privacy and Cookie Policy and are aware of the methods of processing and the legal bases for processing personal data. If you do not agree with the processing methods, please do not provide us with your personal data.

BASIC TERMS

The following are basic terms described that you encounter when reading our Privacy and Cookie Policy:

Personal data: Personal data is information that identifies an individual as a specific or identifiable person. An individual is identifiable when they can be directly or indirectly identified, especially by an identifier such as name, identification number, location data, online identifier, or one or more factors specific to the individual's physical, physiological, genetic, mental, economic, cultural, or social identity.

Data subject: A specific or identifiable natural person whose personal data is processed by the controller responsible for processing.

Processing of personal data: Processing means any operation or set of operations performed on personal data, particularly collection, acquisition, entry, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction of personal data. Processing can be manual or automated.

Limitation of processing of personal data: The marking of stored personal data with the aim of limiting their processing in the future.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, particularly to analyze or predict aspects concerning the individual's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Automated decision-making: Decision-making based solely on automated processing (including profiling) which produces legal effects concerning an individual or similarly significantly affects an individual.

Anonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable individual.

Controller of personal data: A natural or legal person or other body, public or private, which alone or jointly with others determines the purposes and means of the processing of data or, where specified by law, the person responsible for processing, also determining the purposes and means of processing.

Processor of personal data: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

User of personal data: A natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. Public authorities that may obtain personal data in the framework of a particular inquiry in accordance with EU or Member State law shall not be considered recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the individual: Consent of the individual to whom personal data relates means any freely given, specific, informed, and unambiguous indication of the individual's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

CONTROLLER AND DATA PROTECTION OFFICER

The controller of personal data is ALMA TRADE d.o.o., Brodišče 9, 1236 Trzin Slovenia, EU, Registration number: 8102279000, VAT number: SI 20992882.

We have appointed a Data Protection Officer in the company, their email address is: info@kiddo-world.com.

PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING DATA

a.) Processing based on consent

We process personal data based on the clear and unambiguous consent of the individuals concerned for the following purposes:

  • completing the contact form,
  • participation in promotional offers published on the website,
  • consent for the use of telephone numbers and email addresses for sending information and offers about products and services,
  • sending newsletters,
  • protecting our products and services.

b.) Processing based on contract

Processing based on a contract includes the following processing:

  • placing orders for our products and/or services,
  • conclusion and performance of the contract,
  • informing customers about successful orders,
  • providing services,
  • handling complaints.

c.) Processing based on legitimate interest:

If circumstances require it, we process personal data based on our legitimate interest for the following purposes:

  • responding to your inquiries about products and/or services,
  • measuring satisfaction with purchases via email or telephone communication,
  • email communication based on your initiation of the online purchasing process,
  • if you have added selected items to your shopping cart but have not completed the purchase, we occasionally send email messages related to your incomplete purchase, with the aim of attempting to complete the purchase or providing assistance and information in this regard,
  • informing about new products and services (direct marketing), based on point (f) of the first paragraph of Article 6 GDPR or Article 226 of the Electronic Communications Act (ZEKom-2),
  • website optimization,
  • ensuring the security of IT systems,
  • preventing abuse and/or fraud.

d.) Processing based on law

Based on the law and in accordance with relevant legislation, we process personal data for legal purposes (e.g., tax legislation) related to your order.

DATA WE COLLECT

We collect the following types of data: Voluntarily provided data

For the purpose of conducting business, responding to inquiries, participating in promotional offers, and processing your order for products/services, we collect the following personal data, obtained only if you explicitly provide them:

  • name and surname,
  • delivery address,
  • email address,
  • telephone number,
  • other data that you provide.

Providing personal data is a condition for using our services or ordering products, as we cannot process orders without the necessary personal data.

Automatically generated data

We automatically obtain data about the device or other log data when you use our website.

From each visitor, we collect anonymous data for traffic monitoring and error correction. This information helps us understand who uses our website, which serves to improve and market our website, especially our online products and services. We collect data such as IP address, web requests, data sent in response to such requests, browser type, browser language, request timestamp, and other anonymous statistical data related to the use of our website. This information alone cannot be used to identify or contact you. We may automatically combine personal data with collected and other non-personal data. In this case, we will treat the combined data as personal data in accordance with this Privacy Policy and use it for marketing purposes.

We are not responsible for the accuracy of the data you enter.

SHARING PERSONAL DATA WITH THIRD PARTIES OR IN THIRD COUNTRIES

We do not engage in selling your personal data. We may share your personal data with third parties only as specified in this Privacy Policy. We share personal data with third parties:

  • Based on your consent, we may share your personal data with those third parties for which you have provided consent.

  • With our service providers, business partners, and contractors who provide services on our behalf or whom we use to support our operations, such as:

    • Payment processing platform via Mollie provider,
    • Our accounting service,
    • Providers for managing and generating invoices or quotes,
    • Marketing activities providers.
  • We may report to law enforcement authorities about any activities that we reasonably believe are unlawful or can assist in investigating and prosecuting unlawful activities. Additionally, we reserve the right to disclose your personal data to law enforcement authorities if, at our sole discretion, we determine that either you violate the rules of our Privacy and Cookie Policy, or that by disclosing your personal data, we can protect the rights, property, or safety of ourselves or another person. We will only disclose those personal data that law enforcement authorities lawfully or lawfully obtained require for each specific, concrete case.

  • We may disclose your personal data when required by law, regulations, or official orders, to protect the safety of any person from death or serious bodily harm, to prevent fraud or misuse of products and/or services or users, or to protect our property rights. We will disclose personal data to government officials or third parties based on court judgments or decisions of administrative authorities or other binding acts. We will disclose personal data that the aforementioned authorities lawfully or lawfully obtained require for each specific, concrete case.

We disclose your personal data if necessary to fulfill our obligations to you, and only to the minimum extent necessary. We do not transfer collected personal data to third countries. Your data is processed only within the European Union territory. In case your data will be transferred to third countries, you will be informed about it.

CONSENT OF MINORS

We are committed to protecting children's online privacy and safety. We do not offer products and services to children, nor do we knowingly collect or require personal data from children under 15 years of age. Any communications that we reasonably and reasonably believe come from a child under the age of 15 will not be retained. We encourage parents or guardians of children under 15 years of age to regularly check and monitor whether children are using email and other online activities. We use all available technology and strive to verify whether the holder of parental responsibility for the child has given or approved consent.

LINKS TO OTHER WEBSITES

Our websites may contain links to third-party websites. These websites have their own privacy policies, which you must read as we are not responsible for them.

AUTOMATED DECISION MAKING AND PROFILING

Individuals' personal data are not subject to automated decision-making or profiling.

HOW WE PROTECT DATA

We appreciate your trust in sharing your personal data with us. We are committed to protecting them, so we take appropriate technical and organizational measures to ensure a high level of data protection (some of the measures we implement include: using firewalls and data encryption, controlling physical access – securing premises and IT equipment, and controlling access authorizations with a password system for user authentication and identification). Access to personal data is limited to our employees, service providers, and representatives who need to know them in order to develop or improve our services. Please understand that our website provides links to other websites whose owners and/or operators are not us. Your use of these third-party services is entirely optional. We are not responsible for the content and/or practices of third parties.

MANAGEMENT OF PERSONAL DATA AND OPT-OUT

You can update, remove, or opt out of personal data at any time.

  • Updates: If you still wish to use our products and services and need to change your relevant personal data (name, email, mailing address, phone number, etc.), please inform us at info@kiddo-world.com.
  • Deletion of personal data: If you wish to completely remove your data from our databases, send us a deletion request to info@kiddo-world.com.
  • Opt-out: If you do not wish to receive emails or other marketing materials, you can unsubscribe at any time using the "unsubscribe" link in any marketing email you receive from us. We will be saddened if you unsubscribe, but we respect your privacy. Processing of requests sent to info@kiddo-world.com may take up to 10 days. After this time, the request will be processed and, if it meets the conditions, will be valid. Once we receive your withdrawal of consent, we will cease processing your personal data and delete it. We will inform you that your withdrawal has been noted.

INDIVIDUAL RIGHTS

In accordance with the provisions of the GDPR, an individual has the right to access personal data, the right to rectification, the right to erasure ("right to be forgotten"), the right to data portability, the right to request restriction of processing of personal data, the right to object, and the right to lodge a complaint with the supervisory authority. To exercise rights or obtain additional information, you can contact us at the email address: info@kiddo-world.com. A response will be provided to your request within 10 days and in accordance with the GDPR. If there is reasonable doubt about the identity of the individual submitting a request regarding any of their rights, we may request additional information necessary to confirm the identity of the individual to whom the personal data relate. If the requests of the individual to whom the personal data relate are manifestly unfounded or excessive, especially if they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

RIGHT TO ACCESS DATA

The individual to whom the personal data relate has the right to obtain confirmation from us as to whether personal data concerning them are being processed, and, where that is the case, access to the personal data and additional information concerning the processing of personal data, including:

  • purposes of processing;
  • types of personal data;
  • recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the individual to whom the personal data relate, or the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the individual, any available information as to their source;
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the individual. Upon request, we provide a copy of the personal data being processed by us to the individual. For additional copies of data requested by the individual to whom the personal data relate, we may charge a reasonable fee considering the administrative costs.

RIGHT TO RECTIFICATION

The individual to whom the personal data relate has the right to have inaccurate personal data concerning them rectified without undue delay. Taking into account the purposes of the processing, the individual to whom the personal data

RIGHT TO DATA PORTABILITY

The individual to whom the personal data relates has the right to receive the personal data concerning them, which we possess, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from us, where:

  • the processing is based on consent or on a contract, and the processing is carried out by automated means.

RIGHT TO OBJECT

The individual to whom the personal data relates has the right to object at any time to processing of personal data concerning them which is based on legitimate interests pursued by us or by a third party. We shall cease processing the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, the individual has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the direct marketing is based on consent, the right to object may be exercised by withdrawing the given personal consent.

AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, if the decision is not necessary for entering into, or the performance of, a contract between you and us, or is not authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or is not based on your explicit consent.

RIGHT TO LODGE A COMPLAINT CONCERNING THE PROCESSING OF PERSONAL DATA

The individual may lodge a complaint regarding the processing of personal data by emailing: info@kiddo-world.com or by mail to ALMA TRADE D.O.O., BRODIŠČE 9, 1236, TRZIN, SLOVENIA. In the event of a personal data breach, we will notify the competent supervisory authority, unless it is unlikely that the breach would result in a risk to the rights and freedoms of individuals. Where a breach is suspected to have resulted from a criminal offense, we will notify the police and/or the competent prosecutor's office. If the individual has exercised the right to access data with the controller and, following the decision, believes that the personal data received are not the personal data requested, or that not all the requested personal data have been received, they may submit a reasoned complaint to the controller (ALMA TRADE) within 15 days. We will decide on the complaint as a new request within five working days. If the individual believes that their rights or regulations on personal data protection have been violated, they may lodge a complaint with the competent state authority: Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, email: gp.ip@ip-rs.si).

DATA RETENTION PERIOD

We will retain the individual's personal data for as long as necessary to fulfill the purposes for which the personal data were collected and further processed. Some data are obtained through the use of cookies and other similar technologies by analyzing your behavior on our website and responses to email messages, as well as from third parties whose cookies are loaded onto your device with your consent (social media providers, etc.). Data processed on the basis of legitimate interest or for the purpose of taking measures at your request prior to entering into a contract will be kept for a maximum of five years from the date when the purpose of our communication is fulfilled or until the expiry of the limitation periods for any claims. In the event that applicable sectoral legislation (e.g., tax legislation) establishes mandatory deadlines for the retention of personal data, we will delete personal data after the expiry of the deadline prescribed by law.

COOKIES

Cookies are small text files that websites store on individuals' devices when they access the internet. Their storage is under the complete control of the individual, as they can limit or disable cookie storage in the browser they use. Cookies perform various functions – they enable tracking of website visits, facilitate various campaigns and discounts, and store information on whether an individual is entitled to certain discounts or benefits, for example. Cookies provide a convenient way to maintain fresh and relevant content that aligns with the interests and preferences of website visitors. Based on statistical data on website visits, which cookies also enable, we can evaluate the effectiveness of the design of our websites, as well as the suitability of the type and number of ads we offer on the website. Consent to the installation of cookies is not required for essential cookies. These enable the normal operation of the website. Basic website usage is enabled through these cookies. Without these cookies, the website does not function properly or may not function at all, so they are also installed when an individual rejects cookie installation.

HOW DO I CHANGE MY COOKIE SETTINGS?

You can change your cookie settings at any time by clicking on the "________" icon. Then you can adjust the available sliders to "On" or "Off" and then click "Save and close."

WHAT COOKIES DO WE USE?

Cookie Duration Purpose keep_alive 30 minutes Other secure_customer_sig 1 year Essential localization 1 year Functionality _cmp_a 1 day Other _tracking_consent 1 year Other _shopify_y 1 year Analytics _shopify_s 1 hour Analytics _orig_referrer 14 days Essential _landing_page 14 days Analytics _shopify_sa_t 1 hour Analytics _shopify_sa_p 1 hour Analytics X-AB 1 day Functionality _ga 1 year 1 month 4 days Analytics _gat 1 minute Performance _ttp 1 year 24 days Advertising _scid 1 year 1 month Functionality _scid_r 1 year 1 month Other _tt_enable_cookie 1 year 24 days Advertising _ttp 1 year 24 days Advertising _fbp 3 months Analytics cart session duration Essential key session duration Other

MANAGING AND DELETING COOKIES

If you want to change the way cookies are used in your browser, including blocking or deleting them, you can do so by appropriately changing your browser settings. Most browsers allow you to accept or reject all cookies, accept only certain types of cookies, or warn you when a website wants to store a cookie. You can easily delete cookies stored by the browser. If you change or delete the browser's cookie file, change or upgrade the browser, or device, you may need to disable cookies again. The process of managing and deleting cookies varies from browser to browser.

CHANGES TO THE PRIVACY AND COOKIE POLICY

We reserve the right, at our discretion, to update, change, or replace any part of the Privacy and Cookie Policy by posting an update or change on the website without prior notice. Any change will be effective from the date of public posting of the amended Privacy and Cookie Policy on our website.

Published on: 17/04/2024