Your Cart

Privacy Notice

SOPI respects and protects your privacy. This SOPI Privacy Notice (“Privacy Notice”) is meant to help you understand why we collect personal data about you, the types of personal data we collect, how we collect it and for how long we keep it, with whom we share it, as well as your rights. We also explain how we keep your data secure.

This SOPI Privacy Notice complies with the EU General Data Protection Regulation 2016/679 (“GDPR”).

We, SOPI d. o. o. (hereinafter “SOPI”), with its registered office at Pod hrasti 1, 1218 Komenda, Slovenia, under registration number 2182483000, is the data controller for your personal data.

Why do we process personal data and the lawful bases for collection

The main reason we collect, use, and store your data is to allow us to provide our services to you. “Service”, “our service” and similar descriptions mean conducting business with you/your organisation and assisting you with inquiries, sales processes, and claims.

We also process information about your use of the services for business development purposes, to inform you of our business operations, products, and services through marketing, and to improve our services through any feedback you give us. We may also process your personal data for contractual and recruitment purposes and to comply with legal obligations.

We process personal data based on different legal bases as listed below.

Performance of a contract, including a purchase – GDPR article 6(1)(b):

  • When we process personal data in relation to a contract, our legal basis is “performance of a contract”, including a purchase.
  • Consent – GDPR article 6(1)(a):

  • When we send out a newsletter about our products, we do this based on your consent. When the lawful basis for processing is consent, you have the right to withdraw your consent at any time.
  • Legal obligation – GDPR Article 6(1)(c):

  • If we share your personal data with law enforcement agencies or other governmental bodies, we share this because we have a legal obligation to do so.
  • Legitimate interest - GDPR Article 6(1)(f):

  • We have a legitimate business interest in processing your data, for example, when we assist you with enquires.
  • Special categories – GDPR Article 9(2)(a) and GDPR Article 9(2)(f):

  • When we process special categories of data, we do so to comply with regulatory requirements related to compliance matters.
  • The types of personal data we process

    The following are the main types of personal data collected by SOPI, along with the main purpose and legal basis for collecting the personal data:

    <
    ActivityTypes of personal data we collect (for illustration purposes)Purpose(s)Legal basis
    General business operationsName, contact details and other information necessary for conducting business with you or your organisation.As part of general SOPI business operations, we collect personal data about individuals, customers, suppliers (including third-party service providers) and other stakeholders. We may also use your data for testing systems.GDPR – Article 6(1)(b) GDPR – Article 6(1)(f)
    Assisting with enquiriesName, email address, phone numbers, conversations, other contact details, photos, plans, designs when you provide this to SOPI.You may choose to provide us with personal data, such as contact details, when you contact us by phone, email, post, or by using our digital platforms available. This personal data enables us to respond to requests for information on such matters as SOPI products, or to respond to your enqueries. We may also ask you to provide your feedback through surveys after the interaction.GDPR – Article 6(1)a GDPR – Article 6(1)(b) GDPR – Article 6(1)(f)
    Sales (including web sales) and order fulfilmentName, contact details, payment and credit card details etc.We may collect personal data of customers and prospective customers in order to conduct business with you or your organisation. We use your data to analyse shopping trends through your web shop activity and purchase history to provide you a personalised browsing experience. Furthermore, we use the data for processing and fulfilling web shop orders by facilitating the delivery of product orders and providing relevant customer service, including processing your returns.GDPR – Article 6(1)(b) GDPR – Article 6(1)(a) GDPR – Article 6(1)(f)
    CampaignsName, contact details, etc.Execution of various campaigns. Acceptance of terms and conditions is collected before entry to the activity.GDPR – Article 6(1)a GDPR – Article 6(1)b
    Business developmentPersonal data, which is collected at our digital platforms.The personal data you provide to us, and personal data collected at our digital platforms will be used to enhance our consumer insights and drive relevant communication and offers across all touch points you may have with SOPI. Personal data will also be used for product and service development.GDPR - Article 6(1)(a)
    MarketingContact information, browsing history, sales and subscription service information, such as name, address, email, phone number, purchase history, unique identifiers such as cookie IDs or device IDs, tracked browsing history based on these IDs, etc.Based on your consent or legitimate interest, when applicable, we process your personal data for the purpose of informing you of SOPI business operations, products, and services. For the above purposes, we create marketing, tailored to your preferences and profile, e.g.:
    • To optimise and tailor the content and delivery of our marketing communications when you want to receive them.
    • To give you tailored marketing based on your preferences and profile, both when engaging with us on our own channels as well as via third party channels (e.g., social media, search sites, marketplaces).

    If you do not wish to receive any further information, you can easily and free of charge unsubscribe from our marketing communication anytime. You will find ways to unsubscribe in connection with subscribing to or receiving marketing communication from us. You can also contact us by email or post to unsubscribe.

    GDPR - Article 6(1)(a) GDPR – Article 6(1)(f)
    Your participation in photos, video, testimonial and campaignsIf you have agreed to it and sent a photo to us or if your photo is taken by a photographer hired by us.We will use the photo, testimonials etc. as described in the contract signed by you.GDPR – Article 6(1)(b) when the photo and testimonial is based on a contract with compensation, please note that you cannot exercise the right to have the photo corrected, erased/deleted. GDPR – Article 6(1)(a) If the photo and testimonial is processed based on consent where you can exercise all rights specified under section 6 below. GDPR – article 6(1)(f) if a photo or video is taken at an internal SOPI event or the like, and we only share the photos or video internally.
    Website visitors, customer surveys and market researchPersonal data from digital platforms or customers as part of surveys.To improve the products and services we offer, we may collect personal data from digital platform visitors or customers as part of surveys. We will contact you with a survey and process personal data as part of surveys through either consent or legitimate interests. Surveys processing personal data for marketing purposes will be used only with your consent.GDPR – Article 6(1)(a) GDPR – Article 6(1)(f)
    Recruitment and employment contractsName, contact details, working history, educational diplomas, relevant record checks, information about professional interests, etc.When a person applies for a job or enters into an employment contract with us, we may collect certain information such as name, contact details, information about working history, educational diplomas, relevant record checks and information about professional interests. This may be collected from the person directly, from a recruitment consultant including references and publicly available sources. This information is used to inform or assist us in the decision as to make the person an offer of employment or engage the person under a contract.GDPR – Article 6(1)(b) GDPR – Article 6(1)(f)
    Compliance including anti-corruption, Whistleblower hotline and sanctions checkAll types of personal information.We may collect personal data to comply with the law, a court or authority’s decision and/or to disclose information to relevant public authorities as required or permitted by law.GDPR – Article 6(1)(c) GDPR – Article 6(1)(f) GDPR – Article 9(2)(a) GDPR – Article 9(2)(f)

    How do we collect your personal data

    Directly from you

    In most cases, personal data is collected directly from you or generated as part of the use of our services, products, and channels. We collect personal data you provide to us, when you request products, services, or information from us, register with us, participate in public forums, or use other activities on our digital platforms, respond to customer surveys, or otherwise interact with us. We collect information through various technologies, e.g., cookies. For cookies, we refer to our Cookie Policiy.

    From our business partners

    In some cases, we can collect your personal data from our business partners, when they need our assistance to provide you with the best possible service.

    From your public website

    In some cases, we collect your personal data on your company websites, when we want to offer you our services.

    Links to other websites

    This website contains links to other websites (such as Facebook, YouTube) to which this Privacy Notice does not apply. Please note that we do not endorse other websites and their content. We encourage you to read the privacy policies of each website you visit.

    How long do we keep your personal data

    We will only keep your personal information for as long as it is necessary for the purposes described in this Privacy Notice. This means that the retention periods will vary according to the type of the information and the reason that we have the information.

    Examples of retention time:

    • Until you opt out of a marketing campaign, which you can do at any point in time.
    • We will store the photo and testimonials for as long is necessary and as described in a contract.
    • Personal data are kept until the end of a recruitment process or withdrawal of the consent (if given for future recruitments).
    • For compliance with, e.g., anti-corruption regulations, we will keep the data accordingly to laws which we are obliged to comply with.

    Who do we share your personal data with

    We may share your personal data with selected third parties, including but not limited to:

    • Business partners, suppliers, and sub-contractors that we cooperate with to deliver you the best services during the support and sales process, including, for example, logistic providers.
    • Technology providers, for example, analytics, tracking technologies, targeting and re-targeting technologies, and search engine providers that assist us in the improvement and optimisation of our platforms, as well as companies who provide us with website support and hosting.
    • Advertisers and advertising networks that use data to select and serve relevant adverts to you and others if you have given your consent.
    • Social networking sites such as Facebook, Instagram, and Google, if required, when processing for marketing purposes and based on your consent.
    • With other parties to ensure the safety and security of our customers, to protect our rights and property, to comply with legal processes, or in other cases if we believe in good faith that disclosure is required by law.

    Transfer to third countries

    In some cases, we may also transfer personal data to companies in so-called “third countries”, which are countries outside of the European Economic Area. If we do so, we make sure we safeguard data, and only transfer if one of the following conditions apply:

    • there is an adequate level of protection in the country in question, as determined by the European Commission,
    • the company is certified under the EU - U.S. Data Privacy Framework, or
    • we use standard contractual clauses (EU model-clauses) approved by the European Commission and additional supplementary measures to regulate the data transfer.

    Data security

    The security, integrity, and confidentiality of your personal data is important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate recent technologies and methods. Please be aware that despite our best efforts, no security measures are perfect or impenetrable.

    Your privacy rights

    The GDPR provides you, as the data subject, with the following rights in respect of the personal data we store about you:

    Your rightsLegal basisElaboration
    Access to your dataGDPR article 15You have the right to request information about whether SOPI processes personal data relating to you, and if so, you have the right to request a copy of the personal data we have processed.
    Request rectificationGDPR article 16At any time, you have the right to request correction of any incorrect or incomplete personal data we may process on you.
    Request erasureGDPR article 17You have the right to request deletion of your personal data depending on the processing activity, and under certain circumstances, before we would normally be obligated to cease processing.
    Request restriction of processingGDPR article 18You have the right to request the restriction of processing which means that you can request that SOPI restricts the use of your personal data in certain circumstances.
    Data portabilityGDPR article 20Under certain conditions, you have the right to receive the personal data you provided to us in a machine-readable format.
    Right to objectGDPR – article 21If you are not satisfied with how we process personal data in SOPI, you can send your objections to info@sopi-dispensing.com

    If you have any questions regarding the specific personal data we process or retain about you, or if you want to exercise your rights, please contact info@sopi-dispensing.com

    We will respond to your request to exercise any of your rights within one month, but we have the right to extend this period by two months. If we extend the response period, we will inform you within one month of your request. If you consider that we have failed to resolve the complaint satisfactorily, you may file a complaint to your local Data Protection Agency.

    You can find the contact details of your national Data Protection Agency on the European Data Protection Board website: www.edpb.europa.eu.

    Changes to this SOPI Privacy Notice

    From time to time, we may change this Privacy Notice to accommodate the latest technologies, industry practices, regulatory requirements, or for other purposes. At all times, we will post the most recent version on our digital platforms. We advise you to read the Privacy Notice regularly.

    This Privacy Notice was last updated: 07-05-2024.