Personal data processing notification

Pursuant to Article 23 of the Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018, hereinafter: “Law”) and in accordance with the General Data Protection Regulation No. 2016/679, hereinafter: (“GDPR”), the Controller, A BOTANICAL PHILOSOPHY d.o.o. Beograd, Stanoja Glavaša 26/43, registration number: 21646920, whose legal representative is Ela Knežević, director (hereinafter: “Controller”), issues the following:

PERSONAL DATA PROCESSING NOTIFICATION (“Notification”)

The purpose of this Notification is for the Controller to ensure the realization and protection of the right to privacy of those who visit the website www.abotanicalphilosophy.com, as well as to inform them about their rights in connection with the processing of personal data.

Personal data that are processed

Name, surname, e-mail address, password, phone number, address, city, municipality, zip code, country, account number.

Purpose of intended data processing and legal basis for data processing

The purpose of the processing is: use of the website www.abotanicalphilosophy.com, conclusion of contracts for the sale of goods and delivery of products to users/customers.

The legal basis of the processing

The data subject has consented to the processing of his/her personal data.

Data recipient

For the purpose of delivery, the following data are submitted to the courier service: name, surname, telephone, address, city, municipality, zip code, country.

Transfer of personal data to another country or international organization

Data will not be transferred outside the RS.

Data retention period and criteria for its determination

Data is stored until the user/customer deletes his/her user account. The data of users who have not registered are deleted immediately after the product has been delivered.

Rights of data subjects

The data subject has the right of access, the right to rectification, erasure, restriction and portability of data, as well as the right to object and automated individual decision-making.

The processing is necessary for the execution of the contract concluded with the data subject or for undertaking actions, at the request of the data subject, before the conclusion of the contract.

The data subject has the right to revoke the consent at any time, whereby the revocation does not affect the admissibility of the processing prior to it. In the event that the data subject revokes the consent, the Controller shall not process his/her data, unless the Controller has legal authorization for processing. Data subjects can submit the above requests by sending an e-mail to [email protected]. The Controller shall respond to each request as soon as possible, no later than within 30 days of receiving the request in accordance with Article 21 of the Law and Article 12 of the GDPR. The user/customer can file a complaint regarding the processing of his/her personal data before the Commissioner for Information of Public Importance and Personal Data Protection.

Providing personal data as a contractual obligation and a necessary condition for concluding a contract

The processing is necessary for the execution of the contract concluded with the data subject or for undertaking actions, at the request of the data subject, before the conclusion of the contract.

Measures to protect personal data

Technical measures:

The collection of data stored in the computer system is secured by a password system for authorization and identification of program and data users. Paper data carriers, which are used to enter data into the computer-controlled data collection, and all other carriers are locked outside of working hours. All rooms are locked. The processor undertakes all other measures in accordance with the Law on Personal Data Protection that are necessary in the given situation.

Organizational measures:

A general act regulating the field of personal data protection was adopted and a person in charge of the protection of personal data was appointed.

Personnel measures:

An employee who is authorized to process personal data, that is, who has access to personal data, is obliged to maintain the confidentiality of the data, which is defined in the Employment Agreement.

Controller

ABP DOO