Privacy Policy

PRIVACY POLICY

This Privacy Policy governs the collection, storage and processing of personal information that Guitar God collects from you when you use the website www.guitar-god.com (hereinafter referred to as “website”). User is any legal or natural person who uses or visits the websites (hereinafter referred to as “user”). The data controller of personal data within the meaning of the European General Data Protection Regulation and applicable Slovenian legislation on the protection of personal data is Guitar God, spletna trgovina, Peter Rener s.p., Kot pri Prevaljah 25, 2391 Prevalje, Slovenia; identification number: 8354126000; VAT number: SI52944760 (hereinafter referred to as “provider” or “data controller” or “we”).

In addition to this Privacy Policy, please familiarize yourself also with the General Terms and Conditions governing the business relationship between the user and the provider, as well as with the Cookie Policy, disclosing which cookies we collect and for what type of purpose.

  1. 1. Personal data

Personal data is any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The data controller, according to the purposes defined in this Privacy Policy, collects the following personal data:

  • name and last name;
  • email;
  • phone number;
  • data about the user’s usage of the provider’s website (IP address, dates and times of visits, visited pages or URLs, time spend on individual pages, the number of visited pages, total time spent on the website, etc.);
  • data about all the user's purchases and issued invoices (purchase date and place, purchased products, purchased product price, total purchase value, manner of payment, delivery address, number and date of the invoice, etc.) and product reclamation record;
  • information on your operating system, including language settings;
  • your device type, screen resolution and browser version;
  • other data that the user voluntarily provides to the data controller when they are required for specific services.

We also obtain certain data through cookies. Cookies are small pieces of data that are temporarily stored on your hard drive allowing our website to recognize your computer the next time you visit the website. Cookies help us improve the website and your experience with the website. For details on cookies, please read our Cookie Policy.

  1. 2. Purposes and legal grounds for data processing

The data controller collects and processes your personal data on the basis of individual’s consent (order of products) or when there is legal basis for the collection of personal data, or the data controller has legitimate interest for such processing of personal data. All personal data you provide to us will be treated confidentially and will only be used for the purpose for which it was provided and collected.

By submitting a request or question on our website, you are deemed to consent to our response to your email address and to us providing you with the information regarding our products. You can always unsubscribe from our mailing list by sending an email at info@guitar-god.com.

In case we need to further process your personal data for any other purpose, we will contact you in advance and ask for your prior written consent.

2.1 Data processing based on law and contractual relations

Where ensuring personal data is a contractual obligation or an obligation required to conclude and perform a contract with the provider, or a legal obligation, you must provide personal data. If you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider perform services or deliver products under the contract, since the provider does not have the necessary data to execute the contract.

2.2 Data processing based on legitimate interest

The provider can process data on the basis of legitimate interest for which the provider is striving, provided that the interests or the fundamental rights and freedoms of the user are not overriding. Where using legitimate interest, the provider always makes a judgement in accordance with the General regulation on data processing.

2.3 Data processing based on your consent

The provider collects and processes your personal data for the following purposes, when you consent to it:

  • to send you commercial offers and other content through email when there are no other grounds for it, and you have consented to it;
  • to send you newsletter, if you have subscribed to it;
  • for any other purposes that you explicitly consent to when cooperating with the provider.

 

  1. 3. Contractual processing of personal data

The provider will not forward your personal data to unauthorized third parties.

As an individual, you are notified and agree that the provider may entrust some tasks related to your data to contractual processors. They may process entrusted personal data exclusively in the name of the provider, within the limits of the provider’s mandate, as specified in the written contract or other legal act, and according to the purposes as defined in this Privacy Policy. Contractual processors can only process personal data within the framework of the controller’s instructions and must not use it to pursue any interests of their own. Contractual processors can only process personal data within the framework of the provider’s (data controller's) instructions and must not use it to pursue any interests of their own.

The data controller may only share your personal data with third parties if it is strictly necessary to ensure compliance of the data controller's business with laws and other legally binding acts, or if required by a competent state authority.

  1. 4. Storing personal data

The provider will store your personal data only for the time necessary to realise the purpose for which the personal data was collected and further processed (e.g. for the provider’s fulfilment of your orders, checking your payment and fulfilment of other obligations of the provider and/or yours, etc.).

The personal data that are being processed on a legal basis are stored by the provider for the time period defined by law.

The personal data that are being processed based on a contract with the individual are stored by the provider for the duration of the contract and 5 years after its expiration, unless there has been a dispute about the contract between the user and the provider. In this case, the provider stores such data for 5 years after the finality of the court or arbitrary ruling or settlement or, if there was no judicial dispute, 5 years from the day of amicable settlement.

The provider stores the data that are processed based on personal consent or legitimate interest permanently, until the revocation of such consent or objection to data processing from the user. The provider deletes these data before objection only when the purpose of storing data had already been fulfilled or when defined by law.

After the end of the period of personal data being stored, the data controller effectively and permanently erases or anonymises the personal data so that they cannot be linked to an individual.

  1. 5. Third-party websites

Our website may contain links to third-party websites. These websites have their own privacy policies for which the operator does not assume any liability.

  1. 6. Rights of the individual regarding data processing

If you have any questions about our Privacy Policy or processing in regards to your personal data, you can contact us by email info@guitar-god.com. Based on your request, we will notify you in writing and in accordance with applicable legislation.

As an individual, you have the following rights regarding data processing, based on the General Data Protection Regulation (hereinafter referred to as "GDPR"):

The right to withdraw consent: If you have, as an individual, consented to the processing of personal data (for one or more purposes), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Consent can be withdrawn through a written statement that is sent to the provider to one of the contacts at the provider’s website www.guitar-god.com. Withdrawal of consent for personal data processing has no negative consequences or sanctions for the individual. However, it is possible that the data controller may not be able to offer one or more of its services after the withdrawal of consent if those services cannot be performed without personal data.

The right to access personal data: As an individual, you have the right to obtain confirmation from the provider (processor of personal data) as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, its users, the period for which the personal data will be stored, or the criteria used to determine that period, the right to request rectification or erasure of personal data or restriction of or objection to processing of personal data, the right to lodge a complaint with a supervisory authority, the source of the data if the data were not collected from you, the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, in accordance with Article 15 of the GDPR.

The right to rectify personal data: As an individual, you have the right to obtain from the provider without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The right to deletion of personal data (“the right to be forgotten”): You have the right to obtain from the provider without undue delay the deletion of your personal data when one of the below reasons exists:

(i) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

(ii) you have withdrawn your consent, and there is no legal basis for further processing,

(ii) you have objected to the processing of your personal data, and there are no overriding legitimate grounds for the processing,

(iv) your personal data have been unlawfully processed,

(v) the personal data have to be erased for compliance with legal obligation in European Union or Member State law to which the provider is subject,

(vi) the personal data have been collected in relation to the offer of information society.

As an individual under certain circumstances, as defined in Article 17, paragraph 3 of the GDPR, you do not have the right to data deletion.

The right to restriction of processing: As an individual, you have the right to obtain from the provider the restriction of processing where one of the following applies:

(i) You contest the accuracy of the personal data for a period enabling the provider to verify the accuracy of the personal data,

(ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,

(iii) the provider no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,

(iv) you have objected to processing pending the verification whether the legitimate grounds of the provider override yours.

The right to data portability: You have the right to receive the personal data concerning you, which you have provided to the provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the provider to which the personal data have been provided, where:

(i) the processing is based on consent or on a contract; and

(ii) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have your personal data transmitted directly from one data controller (provider) to another, where technically feasible.

The right to object to data processing: As an individual, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (Article 6 (1), point (e) of the GDPR), or when the processing is necessary for the purposes of the legitimate interests pursued by the provider or by a third party (Article 6 (1) point (f) of  the GDPR), including profiling based on the data. The provider shall no longer process your personal data unless the provider demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing; where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. Where data are processed for scientific or historical research purposes or statistical purposes, you have the right, on grounds relating to your particular situation, to object to processing of your data, unless it is necessary for the performance of a task carried out in the public interest.

The right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes data protection regulations.

Without prejudice to any other administrative or non-judicial remedy, you have the right to an effective judicial remedy, against a legally binding decision of a supervisory authority concerning it, as well as where the supervisory authority which is competent does not handle a complaint or does not inform you within three months on the progress or outcome of the complaint lodged. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

The individual may address all her or his requests regarding personal data in written form to the provider, through one of the contacts at the website www.guitar-god.com.

In order to ensure reliable identification in case of a user exercising his or her rights regarding personal data, the provider may request additional data from the user and shall not refuse to act on the request of the individual, unless the provider demonstrates that it is not in a position to identify the user.

The provider must, by user’s request to exercise his or her rights in regards to data processing, provide information without undue delay and in any event within one month of receipt of the request.

  1. 7. Cross-border data transfers

Within the scope of our information sharing activities, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.

In the case of a transfer outside of the EEA, this transfer is safeguarded by either Privacy Shield or EU Model Clauses. You can find further information about the aforementioned safeguards by contacting us via email to info@guitar-god.com.

  1. 8. Contacting us

Please submit any questions, concerns or comments you have about this Privacy Policy or any requests concerning your personal data by email to info@guitar-god.com.

The information you provide when contacting us will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

  1. 9. Amendments to this Privacy Policy

We reserve the right to change this Privacy Policy from time to time as necessary to the actual situation and legislation in the field of personal data protection. Please visit our website regularly and check our respective current privacy policy before any personal data is provided so that you are aware of any changes and additions. We will also notify you in advance of any changes that significantly affect the processing of your personal data (e.g. by notification on our website, by email).

 

Guitar God, spletna trgovina, Peter Rener, s.p.

In Prevalje, February 2020

 

TOP