Privacy Policy
This Privacy Policy provides information on the processing of your personal data whenever you visit websites of Personal Best Ltd. (hereinafter referred to "Personal Best", "we","us" or "our"), interact with us (e.g. customer support conversations, warranty issues etc.) and when purchasing goods from said websites (collectively, the "Services"). This Policy also applies where we act as a Data Controller. For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy. In addition to the Privacy Policy, please review the Terms of use (hereinafter: "Terms"), which govern the business relationship between you and us.
We may change this Privacy Policy at any time by posting the revised terms on this page. Any revised terms will automatically be in force on the date specified in the Privacy Policy unless otherwise stated.
Please read this Privacy Policy carefully. By using and accessing any of the Services and/or providing your information, you confirm that you understand and accept the reason for the gathering of information and agree to the collection, processing, use, disclosure and transferring of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services. If you do not wish to provide us with the requested information, we cannot provide you with access to our Services.
We will only use personal information in accordance with this Privacy Policy. Below you will find information about how we use your personal information, for what purposes we use it, to whom we share it, and what rights you have.
Any data is protected under the applicable law regarding data control and processing. In order to protect your personal data, we have put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Adequate measures are also taken to prevent intrusion into our bases. In the event of an intrusion and theft of personal data, we will notify users within 72 hours.
The data we process and collect will only be disclosed if there is a statutory obligation or in good faith that this is necessary for proceedings before state authorities, courts and for the protection and realization of our legitimate interests.
The Controller for the processing of your personal data:
PERSONAL BEST, sales and distribution Ltd., Stegne 3, 1000 Ljubljana, Slovenia
Registry number: 9457216000
Registration authority: District Court of Ljubljana
Registration number: 1/22162/00
Contact:
tel +386 40 122921
Contact detail of the Data Protection Officer
Data Protection Officer
PERSONAL BEST, sales and distribution Ltd., Stegne 3, 1000 Ljubljana, Slovenia
Cross-border data transfer
Your personal data may be disclosed to third parties outside your country of residence, where other data protection standards may apply. Please note that we only share your email address with our business partners who need it to keep our website running smoothly so that you can use our services without any issues. These business partners are, among others, payment service providers (PayPal, Revolut Pay), platform providers (Shopify). Notwithstanding the above, we will endeavour to take reasonable steps to maintain an adequate level of data protection when transferring your personal information to these countries. For more information about the above security measures, please contact us via support@personalbest.si
Personal data*:
- first and last name - used to prepare the order, for delivery, for marketing purposes to address your personal promotion;
- date of birth - used to allow the user to buy products and services on our website, for marketing purposes to address you personal promotion;
- delivery address or invoice - used to prepare the order, for delivery, for marketing purposes to deliver the goods as promotion;
- email address - used for order notifications, for user account log in purposes, for marketing purposes to inform you about last news and active promotions of us;
- phone number - used to prepare the order, for delivery;
- company or name of the legal person (if the user of the website is a legal person) - used to prepare the order and for delivery;
- tax number of a legal person (if the user of the website is a legal person) - used to prepare the order and for delivery;
* Personal data of the users placed an order without to be registered on the website is used only to prepare, to deliver the order and to interact with regarding the order was placed.
The processing of your personal data is based on the necessity of a contract performance and/or for compliance with a legal obligation in accordance with Art. 6 para. 1 s. 1, lit. b GDPR.
We do not process this category of data if you visit our website for information purposes only.
Order details:
We process your order details if you purchase something from our website. Depending on the type of purchase and processing status, this may include the following information:
- Ordered goods/services;
- Order date;
- Order delivery address;
- Invoice number;
- Сommunications sent by you (for example, by email or through website contact forms);
The processing of your personal data is based on the necessity of a contract performance and/or for compliance with a legal obligation in accordance with Art. 6 para. 1 s. 1, lit. b GDPR .
We do not process this category of data if you visit our website for information purposes only.
Financial data:
Using the different payment methods may include the following information:
- IBAN/BIC;
- Name of a Credit Card Holder;
- Credit Card Number;
- Expiry date;
- CVV code.
We do not collect the information related to the payment instrument that you use, e.g. credit card information ourselves. This kind of information is processed solely by our payment service provider subject to strict information security assurances.
We do not collect or process this category of data if you visit our website for information purposes only.
Payment method PayPal, Revolut Pay Checkout (hereinafter “Payment Service Provider” and/or “PSP”)
We also offer you the option to pay for your order with the online payment service provider. The payment method PayPal is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The payment method Revolut Pay Checkout is a service of Revolut Bank UAB.
If you choose PSP as payment method, your contact details will be transmitted to PSP.
PSP’s services also include separate buyer protection in addition to the online payment service.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen at PSP as well as for the confirmation of your identity and the administration of your payment.
According to our information, the personal data transmitted to PSP is usually your contact information (e.g. first and last name, date of birth, telephone number, email and postal address, customer account), data for processing the purchase contract (e.g. bank details, account and card number, billing and shipping address, purchased items, price paid, order status and chargeback information). Please note that PSP may also share your personal data with other subcontractors and other affiliated companies, for example, if this is necessary to fulfil the contractual obligations of your purchase.
Depending on which payment methods PSP makes available to you, it may be necessary for your personal data to be transmitted by PSP to credit rating agencies in order to carry out an identity and credit check. This serves to check your identity and creditworthiness with regard to the order you have placed. For this purpose, PSP processes personal data on its own responsibility.
You can find more detailed information on the processing of your personal data by PayPal at: https://www.paypal.com/webapps/mpp/ua/privacy-full and by Revolut Pay Checkout at:
https://www.revolut.com/legal/pay-with-revolut-checkout-privacy/
Payment method Bank Transfer (available for legal persons only)
If you pay by bank transfer, we will keep your data for as long as required by law. When you make a payment by bank transfer, we will see on your bank statement the name and number of the bank account from which the money was transferred. This information can be used to identify an order that has been paid for to process that order.
The processing of your personal data is based on the necessity of a contract performance in accordance with Art. 6 para. 1 s. 1, lit. b GDPR.
User account data:
We offer you the opportunity to create an account with http://personalbest.si. When registering for a customer account and/or using the account for future purchases, user account data may include the following:
- Account identifier;
- Account password;
- Activation date;
The processing of your personal data is based on the necessity of a contract performance (provision of a customer account) in accordance with Art. 6 para. 1 s. 1, lit. b GDPR.
We do not process this category of data if you visit our website for information purposes only.
Data referred to the provision of our website:
- ip address;
- browser type and version;
- operating system
These personal data will be stored for security purposes in server log files, which will automatically be deleted after 7 days.
This data processing is necessary for the purpose of enabling you to use our websites (e.g. to customise our website to suit your device) (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purposes of our legitimate interest to guarantee IT security (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Browsing data:
- referral source;
- length of visit;
- page views and website navigation paths;
- cookies and other information about the timing, frequency and pattern of using our website.
The source of the usage data is our service provider’s software and its analytics tracking system. Used for marketing purposes: to provide you with specific offers based on your website usage.
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
Google Analytics:
We use Google Analytics on our websites, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google Analytics uses cookies that allow an analysis to be made on the usage of our websites.
In connection with the use of Google Analytics and Google Ads, including tags and cookies, your personal data may be transferred to the USA.
On behalf of us, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, analysing the effectiveness of our digital advertising and improving its customization, and providing other services relating to website activity and internet usage of our website. You can find more information on terms of use and data protection at https://policies.google.com/terms, https://policies.google.com/privacy.
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
Cookies
Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimise the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.
Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.
This data processing is necessary for the purpose of enabling you to use our websites (e.g. to customise our website to suit your device) (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purposes of our legitimate interest to guarantee IT security (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Retention period for personal data
We only keep your personal data for the time necessary to fulfil the purpose of collection.
Data related to the account is kept for as long as your consent is in force and/or you have an active assignment in one of our Services or until you personally delete your account, or request the deletion by us. In any case, the data will be stored for a maximum of 10 years from the date of consent
Log files are kept for 6 months.
Since we are using a provider solution for our website, you can find out the types and storage periods of different cookies here: https://www.shopify.com/legal/cookies.
To whom the data are disclosed and/or transferred
Shopify International Limited acts as a processor or service provider, with respect to your personal data.
Find more:
https://www.shopify.com/legal/terms
https://www.shopify.com/legal/privacy
Your rights:
Right of access (Article 15 GDPR (LINK))
You have the right to request access to and obtain a copy of your personal data, together with prescribed information about how the data have been used by us.
Right to rectify (Article 16 GDPR)
You may require inaccurate or incomplete personal data to be corrected or completed without undue delay.
Right to erasure ('right to be forgotten') (Article 17 GDPR)
You may request erasure of your personal data, notably where we no longer need the data for the purposes for which they were collected or otherwise lawfully processed, or as a corollary of the successful exercise of the objection right, or of the withdrawal of consent.
Right to restriction of processing (Article 18 GDPR)
You have a right to restrict processing of your personal data in certain circumstances. These include when the accuracy of the data is disputed; when the processing is unlawful; when the data is no longer necessary for the purpose other than to fulfil your legitimate requirements, or when the legitimate grounds for processing by us are contested.
Right to data portability (Article 20 GDPR)
If the processing of personal data is justified either on the basis of the your consent or if the processing is necessary for the performance of a contract, you the right to obtain or transmit to another controller all personal data concerning you in a structured, commonly used and machine-readable format (e.g. commonly used file formats recognisable by major software applications, such as .xsl).
Right to object (Article 21 GDPR)
You have the right to object to processing on the legal basis of our legitimate interests. In this case, we will have to suspend the data processing until we can demonstrate compelling legitimate grounds for the processing that override your rights. In addition, you have an unconditional right to object to the processing of personal data for direct marketing purposes at any time.