When you visit this website https://whitelabelcollagen.com/ (”Website”) we take your privacy seriously. This Privacy Policy and Cookie Policy (‘’Policy’’) explains who we are, how we collect, process, use and store your personal data in accordance with legislation of Republic of Slovenia and Regulation (EU) 2016/679 (General Data Protection Regulation-GDPR).

We process personal data only for the purposes for which it was collected and in accordance with this Policy. We take reasonable steps to ensure that the personal data we process is accurate, complete and current, but we depend on you to update or correct your personal data when necessary.

PERSONAL DATA CONTROLLER

Controller of personal data is TOSLA d.o.o., Tovarniška cesta 6e, 5270 Ajdovščina, Slovenia, VAT nr.:
12355992,  registration nr.: 6596886000 (‘’controller’’, ‘’we’’ or ‘’us’’). We do not have Data Protection Officer as we do not process personal data to such an extent that this obligation should be fulfilled, but you can always contact us by e-mail dataprotection@tosla.si.

When do we collect your personal data, what type of data we collect, on what lawful basis we process data

• We may collect your personal data when you use our Website.

This Website is designed for informative purpose and is not designed to collect any data from you without your knowledge, but we have to ensure that this Website is secured. We process non-personal data when you visit and use our Website. Some of that data is considered as personal data (such as IP address) but mostly that data alone, cannot be used to identify or contact you. We want to continuously improve our Website and your experience, so the information of your use of our Website is very important for us. For that purpose we use cookies and other tracking technologies to automatically collect and analyze data we collect.

When you visit and use our Website, your browser automatically sends data to our server and temporary saves it. The data we collect may include:

• operating system,
• browser type/version,
• IP address,
• Date and time of your use of Website.

Legal basis for personal data processing: personal consent which you can withdraw at any time (Article 6 (1) (a) of GDPR) and our legitimate interests (Article 6 (1) (f) of GDPR) for the purpose of securing, improving and optimizing our Website.

• We collect your personal data when you decide to contact us such as by contact form available at our Website, our e-mail indicated on our Website.

When you send us an e-mail you may provide us with your personal data. We will use your personal data that you provide to us for the purpose of answering your inquiry and to make further contact with you about your regard. The data we collect may include:

• your e-mail,
• your name and surname,
• country
• all other personal and non-personal data that you provide to us voluntary, such us in message.

Legal basis for personal data processing: your consent (Article 6 (1) (a) of GDPR), our legitimate interests (Article 6 (1) (f) of GDPR), or performance of contract or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1) (b) of GDPR).

We do not collect or process other personal data through this Website.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA WITH?

We are not in the business of selling your personal data.  We do share personal data with third parties, which may be processors of your personal data only as set forth in this  Policy. We share it with carefully selected business partners that we either control or are our external contractors and that are either subjects to this Policy or that follow practices that are at least as restrictive as those described in this  Policy or we have a data processing contract in accordance with GDPR requirements. We may share it with:

• Based on your consent, we may share your personal data with those third-parties for whom you have given your consent. Our service providers, Website maintenance staff and as we use some other third-party service providers to offer or facilitate services on our behalf. These services may include research and analyze the individuals who use our Webiste (such us Google Analytics).
• We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or safety of us or another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed.
• We may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.

THIRD COUNTRIES

We do not transmit your personal data to third countries, but we use Google Analytics who may forward the collected data to a different country. Please note that Google Analytics might transfer the data outside of the EU/EEA and to a country without the required data protection standards.

CHILDREN DATA

We are committed to protecting the online privacy of children and making the internet safe. Any communication we get that is identified as being from a child under 15 will not be kept by us. We encourage parents or guardians of children under 15 to regularly check and monitor their children’s use of email and other activities online.

AUTOMATED DECISION MAKING AND PROFILING

We do not process personal data for automated decision making and profiling.

HOW DO WE KEEP YOUR PERSONAL DATA SECURE?

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal data to our employees, service providers and agents who need to know such information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We use secure socket layer (“SSL”) technology to encrypt and protect the security of your personal data. Therefore, while we strive to protect your personal data, we cannot guarantee its absolute security. We are not responsible for the functionality, privacy or security measures of any other organization.

DATA RETENTION

We store your personal data for as long as is needed for its purpose. We may store anonymized information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law. Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration. When personal data is no longer needed, we shall delete it using reasonable measures to protect the personal data from unauthorized access or use.

YOUR RIGHTS AS THE DATA SUBJECT

In relation to your personal data that we process, you have the right:

• To withdraw consent to processing of your personal data at any time (The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).
• To obtain confirmation whether we process your personal data.
• To access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.
• To rectification: to request that we rectify or update any personal data that is inaccurate, incomplete or outdated.
• To erasure (Right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc.
• Of restriction of processing: to request that we restrict the use of your personal data in certain circumstances, such as when accuracy of the personal data is contested by you;
• To data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances.
• To object: at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing.
• To appeal, independent of the above stated rights, to a supervisory authority if you believe that processing of your personal data violates the data protection regulations. You may file a complaint to the competent state authority: Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.si, phone: 00386 1 230 97 30, website: ip-rs.si.

For all stated rights, you may, at any time, contact us

• at dataprotection@tosla.si.

We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.