PURPOSE OF THIS PRIVACY STATEMENT / PRIVACY POLICY.

22 INSTITUTE, kozmetična dejavnost, d.o.o., Mirje 33, 1000 Ljubljana understands that privacy is important to you and wants your experience online to be as enjoyable and safe as possible. Our Privacy Statement describes how we handle your personal information generally and when you use the site.

Visitors to the website provide various kinds of information in several different ways. Some visitors choose to submit personal information through subscription and entry forms, and requests for more information, either through e-mails or phone calls or other methods. Depending on the service you are accessing, you could be asked at various times to provide information including, but not limited to, your name, phone number, e-mail address,…

CONTROLLER

22 INSTITUTE, KOZMETIČNA DEJAVNOST, d.o.o.

Mirje 33, 1000 Ljubljana

Davčna številka: SI 61028312

Legal representative: Tatjana Ćeranić Rozman, Director

Tel./Mob. Number: +386 40 513 315

Email: info@22-institute.com

THE DATA WE COLLECT ABOUT YOU

We use the personal information collected to provide you with our services and to assist in making your experience with us a satisfying one. Information is also collected to establish and maintain proper business records.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data:  This includes data relating specifically to your identity, such as your first name, last name, or similar identifier, date of birth, gender…
  • Contact Data: This includes data relating to how you may be contacted, such as your billing address, delivery address, email address and telephone numbers.
  • Financial Data: This includes data relating to your means and methods of payment, such as your bank account and payment card details.
  • Transaction Data: This includes data relating to the transactions you have carried out with us, such as details about payments from you and other details of products or services you have purchased from us.
  • Technical Data: This includes more technical data that we may obtain when you make use of our website, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data: This includes information about how you use our website, products and services.
  • Marketing and Communications Data: This includes your preferences in relation to whether or not you want to receive marketing from us and our third parties and also your communication preferences.

HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect data from and about you including through:

  • Direct interactions:

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: subscribe to our newsletter or other publications, register in our center for appointment, treatment, request marketing to be sent to you, enter a promotion or survey, give us some feedback.

  • Automated technologies or interactions:

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

  • Reservations: We use your personal data to complete and administer your online reservation for treatments/classes.
  • Services: We use your personal data to provide services.
  • Reviews: We may use your contact data to invite you by email to write a review about our product or a review after your treatment/class. If you submit a review, your review may be published on our website.
  • Marketing Activities: We also use your data for marketing activities, as permitted by law. Where we use your personal data for direct marketing purposes (e.g. commercial newsletters and marketing communications on new products and services or other offers we think may be of interest to you), we include an unsubscribe link that you can use if you do not want us to send messages in the future.
  • Other Communications: There may be other times when we contact you by email, mail, phone, or texting, depending on the contact data you share with us.
  • Analytics, Improvements, and Research: We use personal data to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research (including to third-parties) in anonymous, aggregated form. We use your personal data for analytical purposes to improve our services, enhance the user experience, and improve the functionality and quality of our online services.
  • Security, Fraud Detection, and Prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisers.
  • Legal and Compliance: In certain cases, we need to use the information provided, which may include personal data, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, or to enforce agreement(s), or to comply with lawful requests from law enforcement insofar as it is required by law.

THE LEGAL GROUND FOR PROCESSING

For every specific processing of personal data we collect from you we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

DISCLOSURE OF THE PERSONAL DATA

We may share your personal data with selected third parties including:

  • Third-party service providers: We use service providers to process your personal data strictly on our behalf. This processing would be for purposes as included in this Privacy Statement, such as facilitating payments, sending out marketing material, or for analytical support services. These service providers are bound by confidentiality clauses and are not allowed to use your personal data for their own purposes or any other purpose.
  • Competent authorities: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of and other agreements; or to protect the rights, property, or safety of 22 INSTITUTE, kozmetična dejavnost, d.o.o., our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

INTERNATIONAL DATA TRANSFERS

The transmission of personal data as described in this Privacy Statement may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. Where required by European law, we shall only transfer personal data to recipients offering an adequate level of data protection.

SECURITY

22 INSTITUTE, kozmetična dejavnost, d.o.o. observes reasonable procedures to prevent unauthorized access to, and the misuse of information, including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security procedures, technical, and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.

DATA RETENTION

We will retain your information, which may include personal data, for as long as we deem it necessary to provide services to you, comply with applicable laws, resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this Privacy Statement. If you have a question about a specific retention period for certain types of personal data we process about you, contact us using the contact details included below

YOUR RIGHTS

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 1) if you want us to establish the data’s accuracy; 2) where our use of the data is unlawful, but you do not want us to erase it; 3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or 4) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

If you wish to exercise any of the rights set out above, please contact us at info@22-institute.com.

RIGHT TO COMPLAIN WITH A SUPERVISORY AUTHORITY

If you consider 22 INSTITUTE, KOZMETIČNA DEJAVNOST, d.o.o. to process your personal data in a incorrect way you can contact us at info@22-institute.com.

You also have the right to turn in a complaint to a supervisory authority:

Information Commissioner of the Republic of Slovenia (more information: www.ip-rs.si).

CHANGES TO OUR PRIVACY STATEMENT

Any changes we may make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Statement.

Effective Date: 5.09.2023