Personal data protection policy

Personal data controller and contact information

This policy applies to the processing (use) of any personal data carried out by KGS Krajnc d.o.o. (the controller).

The controller information: KGS Krajnc d.o.o.
Vinička vas 4
2230 Lenart v Slovenskih goricah
Reg. No.: 2337126000
Telephone: +386 41 269 710
E-mail: info@lenabox.com

The personal data that we process

  • Basic contact information (name, email address);
  • Information on the use of our websites (clicks on links, the time spent);
  • The information we need to fulfill the contract and deliver the purchased goods (subject of purchase, price, delivery address, delivery time, payment method, payment date, information on claims and invoice issued, etc.).

Legal bases for processing the personal data

We may process your personal data on the following legal bases:

  • When necessary to fulfill our legal obligations (e.g. invoicing for goods purchased);
  • When the processing of your personal data is necessary to conclude and fulfill the contract you have concluded with us or because you have requested an offer from us;
  • Where you have consented to the processing of your personal data for a specific processing purpose, and you always have the right to withdraw that consent.

Purposes for personal data processing

We may use your personal data for one or more of the following purposes:

  • Communicating with you regarding the provision of our services and responding to your requests;
  • Conclusion of the contract and fulfillment of obligations arising from the concluded contract;
  • To enforce any legal claim and to resolve disputes;
  • For statistical analysis of the sale of our goods and the use of our websites.

How long we keep your personal data and what happens to it afterwards

We store your basic personal data for as long as you have the status of the registered user on our site.

We store personal data that we process based on your consent or permanently or until your consent is revoked.

Information on the invoices are kept for 10 years from the date of the issue.

We retain the data required to conclude and fulfill the contract between you and us for 5 years from the completion of the contract (delivery of goods).

Upon expiration of the retention period, personal data are effectively deleted or anonymised, which means that we process them in such a way that they can no longer be linked to or attributed to you.

Data provided on a voluntary basis

Provision of personal data is voluntary. You are not obliged to provide personal data to us, but if you do not provide it, you cannot conclude a contract with us (since we need it to deliver the order).

Who has access to your personal data

We do not share your personal data and do not make it available to third parties (outside KGS Krajnc d.o.o., except to those who have concluded a contract with us, on the basis of which they perform certain data processing tasks and are obliged to comply with the legislation regarding the processing and protection of personal data (contractual data processors)). The contractual data processors to whom we provide personal information are:

  • Software solution providers;
  • Delivery service.

The contractual data processors may process personal data only within our instructions and may not process personal data for their own purposes. They and their employees are committed to protecting the confidentiality of your personal data.

What are your rights regarding personal data, how you can revoke your consent to the processing and what are the consequences of revocation

You have the following rights regarding your personal data:

- To request from us at any time:

  • To confirm that we process your personal data;
  • To give you access to personal data and the following information: purposes of processing; types of personal data; users or categories of users to whom personal data have been or will be disclosed, in particular the users in third countries or international organisations; the anticipated period of retention of personal data or, where this is not possible, the criteria used to determine that period; the existence of automated decision-making, including the profile designing and the reasons for it, as well as how the importance and the anticipated consequences of such processing can affect you;
  • To provide you with one (free of charge) copy of the personal data in a format you specify (if the request is made by electronic means of communication and you do not request otherwise, a copy is provided electronically); we may charge a reasonable fee for the additional copies you request, considering the cost;
  • To correct any inaccurate personal data;
  • To limit the processing when:
    • You deny the accuracy of personal data for a period that allows us to verify the accuracy of personal data;
    • The processing is unlawful and you oppose the deletion of personal data, and instead request a restriction on their use;
    • We no longer need personal data for processing purposes, but you need it to enforce, execute or defend legal claims;
  • To erase all personal data (right to be forgotten) if the conditions laid down in Article 17 of the General Data Protection Regulation are met, and in particular when you withdraw your consent to the processing of your personal data;
  • To print out personal data in a structured, commonly used and machine-readable form, with the right to pass this information on to another controller without us obstructing you;
  • To stop using your personal data for direct marketing purposes, including creating profiles;
  • That you are not subject to a decision based solely on automated processing, including the profile creating, if the requirements of Article 22 of the General Data Protection Regulation are fulfilled;

- The right to file a complaint against us with the Information Commissioner if you believe that the processing of your personal data violates the General Data Protection Regulation.

Procedure for exercising your rights

You can address your request regarding the exercise of your rights regarding personal data in writing to any of the contacts listed at the top of this document under Personal Data Controller and Contact Information.

For the purposes of reliable identification in the event of the exercise of personal data rights, we may require additional information from you, and we can only refuse to take action if we can prove that we cannot reliably identify you.

We must respond to your request to exercise your rights regarding personal data without undue delay and within one month of receiving your request.

Any changes to our Personal Data Protection Policy will be posted on this website.