Personal Data Protection/Privacy Policy

At On-Line d.o.o., we understand that the protection of your personal data is of utmost importance, which is why we have always treated it as a priority.

Below, you can find out more about how On_Line , d.o.o. manages your personal data, i.e. what kind of personal data we collect about you, as well as the criteria for data collection and its purpose.

The Privacy Policy as used by On-Line d.o.o., is in line with the laws of the Republic of Slovenia and the GDPR regulation.

It encompasses:

  • contact information of On-Line, d.o.o., and the Data Protection Officer,
  • legal basis and the purpose of personal data processing,
  • types of personal data that are being collected,
  • use of cookies and related tracking technologies,
  • privacy settings management,
  • transmission of personal data,
  • periods of retention of personal data,
  • personal data protection,
  • the rights of individuals regarding personal data, including the right to lodge a complaint,
  • changes to privacy policy.

Purpose and use of collected personal data

On-Line d.o.o. collects, records, manages, stores, transmits and otherwise processes your personal data that is collected for various purposes:

  • identification of individuals
  • providing user support
  • completion of the purchasing process (shipping, delivery of goods, issuing invoices, resolving customer claims and warranty management)
  • purchase history management
  • recovery procedures and own accounting and tax purposes
  • direct marketing – a free e-mail newsletter to keep you informed about the news at On-Line d.o.o., general information and offers made available by On-Line d.o.o. at its stores and at extremevital.com
  • market analysis
  • sweepstakes participation
  • purposes of collecting mobile numbers: sending news via text messages, sending text messages with special offers, information about new arrivals, campaigns and reduced prices, distribution of promotional material.

Your personal data can be processed for legitimate interests pursued by On-Line d.o.o.., except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

What types of personal data are collected?

BASIC DATA:

  • Basic personal data: name and surname, date of birth, email address, home address, shipping address, telephone number, and password for secure use of our services,
  • online store user account data,
  • information about the purchase and payment method.

TECHNICAL DATA:

  • IP address of the device connected to the internet,
  • date and time of access,
  • name and URL of the retrieved file,
  • website/application sending the visitors to our website (referrer URL),
  • browser and device operating system, name of the access provider.

Technical data is transmitted to the server, where it is temporarily stored in the so-called log file for the following purposes:

  • ensuring a well-functioning connection,
  • ensuring user-friendliness of our website/application,
  • assessing system security and stability.

The legal basis for processing the IP address is laid out in Article 6(1)(f) of the GDPR regulation. The company’s legitimate interest arises from the purposes of data processing listed above.

What are cookies and why are they required?

Cookies are short text files that the website sends to your browser upon your visit. They enable the website to recognize visitors, remember the information about the visits and therefore ensure user-friendly and simpler online services. Cookies make it possible for us to customize our website content, remember your preferences and track visits to our online store. Cookies make browsing through our online store faster and more pleasant and effective.

Cookies are not malicious code and do not collect any data from your computer! 🙂

The amended Electronic Communications Act of the Republic of Slovenia, which entered into force at the beginning of 2013, introduced new rules regarding the use of cookies and similar technologies for storing data or accessing the data stored on a user’s computer or mobile device.

Data subjects have a constitutional and legal right to the protection of their data and the right to individually decide on their information privacy. In this sense, cookies intrude upon the individual’s privacy. The new legislation thus restricts the use of cookies.

The new legislation does not prohibit the use of cookies but enforces stricter rules as to under which conditions and how cookies and similar technologies can be used. It is of key importance that website visitors are informed about the use of cookies and given a choice as to whether they agree to have their online activities tracked by the website in this manner.

Our list of cookies

PROCESS COOKIES

These cookies are necessary for the proper functioning of the website and are mandatory. They enable the operation of web services and a better user experience. No user consent is required for these cookies.

Cookie name

Purpose

Cookie duration

cookie_gdpr

indicates the user agreed to use of cookies

10 years

cookie_test

checks cookie performance

does not expire

osCsid

establishes user session

duration of the session

PAGING_ITEMS_PER_PAGE, SORT_ORDER

enhancing viewing functionality

duration of the session

ANALYTICS COOKIES

Used to analyze the traffic on a particular website to improve the user experience.

Cookie name

Purpose

Cookie duration

cookie_track_allow

indicates the user agreed to use of analytics cookies

10 years

Google Analytics – utma

enables website view statistics

2 years

Google Analytics- utmb

enables statistics related to when the user arrived at the website

30 min

Google Analytics – utmc

enables statistics related to when the user left the website

until the browser is closed

Google Analytics – utmz

enables statistics regarding website visits and sales across various channels

6 months

Google Analytics – utmv

enables website user segmentation

2 years

Google Analytics – ga

Web page traffic statistics and channel sales analysis.

6 months

Google Analytics – cid

website traffic statistics and analysis of sales across various channels

6 months

ADVERTISING COOKIES

Used to analyze the traffic on a particular website to improve the user experience.

Cookie name

Purpose

Cookie duration

cookie_ads_allow

indicates the user agreed to use of advertising cookies

10 years

AdForm – TPC, GCM, uid

Enables analysis of channel sales and repeated targeting of users.

Does not expire

AdWords – A, AdsUserLocale, I, SAG, aptenv, mid

enables sales analysis, web page view statistics and repeated targeting of users.

90 days

Facebook – locale, datr, reg_fb_ref, reg_fb_gate

to improve our customers’ social media engagement and for sales analysis and repeated targeting of users

does not expire

Google Analytics – utma

enables website view statistics

2 years

Google Analytics- utmb

enables statistics related to when the user arrived at the website

30 min

Google Analytics – utmc

enables statistics related to when the user left the website

until the browser is closed

Google Analytics – utmz

enables statistics regarding website visits and sales across various channels

6 months

Google Analytics – utmv

enables website user segmentation

2 years

Google Analytics – ga

Web page traffic statistics and channel sales analysis.

6 months

Google Analytics – cid

website traffic statistics and analysis of sales across various channels

6 months

SOCIAL NETWORK COOKIES

UsedSocial network cookies, which enable the sharing of website content on certain social networks, as well as certain functionalities, help to analyze visit frequency and how the websites are used.

Cookie name

Purpose

Cookie duration

cookie_mat_allow

indicates the user agreed to use of social network cookies

10 years

Twitter – pid

to improve our customers’ social media engagement

2 year

Use of Google Analytics

This website uses Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Analytics also uses cookies, i.e. text files which are stored on your computer and enable analysis of your use of the website. The information extracted by the cookie regarding your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated on our website, meaning that your IP address is shortened in advance by Google within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases. In these exceptional cases, in accordance with Article 6(1) GDPR, this processing is based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes.

Google will use this information on our account to evaluate your use of the website, compile reports on website activities and provide additional services associated with website use and Internet use to us as the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

You can prevent the storage of cookies using the relevant setting in your browser software; however, please note that in this case, you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of the data extracted by the cookie concerning your use of the website (including your IP address) at Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Google browser plugin.

Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU.
For more information on how user data is used in Google Analytics, please see
Google Analytics Data.
You can find Google’s Privacy Policy at:
Google Privacy Policy

Use of retargeting (remarketing) tools

On our website, we also use remarketing technology. Retargeting is used to categorize website users into user groups. Depending on the user group, we then address website visitors on other websites or in apps with personalized advertising regarding our products and services.

To do so, we use the following products, which are supplied to us by service providers:
‘Facebook Custom Audience’/’Facebook Pixel’/’Google AdWords User Lists’/’Google Dynamic Remarketing’

Facebook Customer Audience and Facebook Pixel

‘Facebook Custom Audience’ and ‘Facebook Pixel’ are products of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (‘Facebook’). Our website uses ‘Facebook Pixel’ from Facebook, which creates a direct connection to Facebook servers. If you have visited our website, this information is transmitted to a Facebook server. Facebook assigns this information to your personal Facebook user account, if you have such an account and are logged into it. If you visit other websites that use ‘Facebook Custom Audience’/’Facebook Pixel’, this information is also linked to your user account, however, we cannot see which other websites you visit. If you are not a Facebook user or you are not logged in to Facebook when you visit our website, your visit to our website is not assigned to a Facebook user account.

For more information on the protection of your privacy at Facebook, please see Facebook’s privacy information at www.facebook.com/about/privacy.

Google AdWords and Google Remarketing user lists

Google AdWords User Lists and Google Dynamic Remarketing are products of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). This website uses Google Pixel to create a direct connection to Google servers. If you have visited our website, this information is transmitted to a Google server. Google assigns this data to a single ID stored on your end device as a cookie or provided by your end device (‘Advertising ID’ on smartphones). If you visit other websites that use Google AdWords and Google Dynamic Remarketing user lists, this information is also linked to your ID. We DO NOT see which websites you visited.

Use of Google Maps

On this website, we also use Google Maps (API), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Maps is a web service which displays interactive maps in order to display visual representations of geographical information. This service is used to show you our location and make it easier to get to us. When you access the subpages featuring integrated Google Maps, information on your use of our website (such as your IP address) is sent to Google servers in the USA and stored there. This occurs irrespective of whether you are logged into a user account provided by Google or you do not have a user account. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates these. Any such evaluation occurs, in accordance with Article 6(1)(f) GDPR, based on Google’s legitimate interest in placing personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these usage profiles. To exercise this right, you must approach Google. Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU. If you do not agree to your data being transmitted to Google in future in conjunction with the use of Google Maps, you can also fully deactivate the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and the map display on this website can then no longer be used.You can view Google’s terms of use at www.google.de/intl/en/policies/terms/regional.

Managing user account settings

  • User account updates. Users are obliged to provide accurate and complete data. Personal data in the online store user account can be updated or changed by a registered user in the user account settings.
  • Closing the user account. You can close your online store account at any time by submitting an account closure request to On-Line d.o.o.. The account will be closed no later than in 7 working days. We are obliged to archive certain contract related items of personal data. This keeps us in line with tax law regulations regarding order fulfillment, resolving customer complaints and product returns.

Personal data and their transmission

We guarantee the user data will not be transmitted to any third party.

  • Contract-based processors. Your personal data can be transmitted to parties with whom we have concluded contracts for processing of your personal data.Purpose of transmission: user support, order delivery or payment processing. Contract-based processors can only access personal data that is necessary for the provision of contracted services. They are obliged to protect your personal data.
  • Public information. Some of your information about you is also publicly available, e.g. posted comments under a product in the online store or comments on social networks.

Personal data protection

To ensure maximum protection of your personal data, several technical and organizational tools and measures are used. We strive to ensure the highest level of security for your personal data, however, we cannot guarantee complete security of transmitted personal data and are not responsible for theft, destruction, loss, or deliberate or unintentional disclosure of your personal data or information.

During data transmission when completing the ordering process, all data is protected against unauthorized access using the online SSL security protocol (http://en.wikipedia.org/wiki/Secure_Sockets_Layer), as the server www.extremevital.com uses the GeoTrust certificate.

When making a payment using a credit card or via PayPal, data is entered on the SIX payment services and PayPal websites. After you enter the data and it is verified by these companies, you will be redirected back and the order will be completed.

The On-Line d.o.o.  online store does NOT store any credit card information on its servers.

How long is personal data stored?

Basic personal data: name and surname, date of birth, email address, home address, delivery address, telephone number and password: permanently or until consent withdrawal by the data subject.

Technical data: data will be deleted as soon as it is no longer needed to achieve the purpose for which it was obtained or no later than within 36 months.

Fundamental rights of an individual

At On-Line d.o.o. we always ensure the exercise of the rights of the individual.

  • Right to be informed. Data subjects have the right to be informed as to which data are collected, for what purpose, how long the personal data is kept, where it is obtained from and who else processes it.
  • Right to erasure. At any given time, a data subject can request that PR, šport in trgovina, d.o.o. erases its personal data.
  • Right to data correction. If a data subject notices that its personal data is incomplete or false, it has the right to request data correction or completion.
  • Right to restriction of processing. Data subject can require that its personal data is marked and excluded from any processing. Restriction of processing is time limited and not permanent like erasure.
  • Right to data portability. At any given time, a data subject can request to receive personal data provided to the controller or to transmit those data to another controller as chosen by the data subject.
  • Right to object.
  • Right to withdraw consent. The data subject may at any time withdraw its consent for the processing of personal data.

At On-Line d.o.o., we reserve the right to change our privacy policy. Any changes will be posted on this webpage.

Personal data controller and contact

The personal data controller is On-Line d.o.o.

Any questions regarding this Privacy Policy, confidentiality of your personal data, processing methods or your requests regarding the exercise of rights in relation to personal data can be addressed to the person responsible and/or the data protection officer at On-Line d.o.o.

Thank you and enjoy our website!