At Red Pitaya d.o.o. we care about your privacy and we protect your personal data. In this Privacy Policy (hereinafter: Policy), we provide all relevant information regarding the collection, processing, and storage of your personal data by the controller.
This Privacy and Data Protection Policy applies to:
- our clients,
- website users, and
- newsletter recipients.
The controller of personal data is
Red Pitaya d.o.o.
Velika pot 21
5250 Solkan
(hereinafter: controller, Red Pitaya).
If you have any questions regarding the application of this Policy or the exercise of your rights arising from this Policy, please contact us at info@redpitaya.com.
What is the meaning of the terms used in the Policy?
Personal data is any information relating to an identified or identifiable individual (e.g. first name, last name, E-mail address, phone number, but also identifiers that are specific to an individual’s physical, physiological, genetic, economic, mental, cultural or social identity, etc.).
Controller means a legal person who determines the purposes for which and the means by which your personal data is processed.
Processor means a legal or natural person who processes personal data on behalf of the controller.
Processing means the collection, storage, access, and all other uses of personal data.
How do we obtain the data?
We obtain your personal data when you provide it to us yourself, e.g. when you order the products from our online store, claim a guarantee, enquire about our products, etc. Your personal data can also be acquired indirectly when you utilise our website and receive our personalised newsletters.
We use cookies and similar technologies to collect personal data. You can read more about the use of these technologies in our Cookie Policy.
On what legal basis do we process your personal data?
We process your personal data strictly on an appropriate legal basis. We have the following legal bases in accordance with the applicable legislation governing personal data:
- Data processing based on a contract. We process your data when it is necessary for the conclusion, and the performance of a contract.
- Data processing based on consent. We process your data where you have given us your explicit consent. Where data processing is based on consent, we will ensure that you are provided in advance with all the information you need to make your decision. You may withdraw your consent at any time.
- Data processing based on legitimate interest. We may process your data on the basis of legitimate interest. Information on circumstances where we process your personal data on the basis of legitimate interest is available to you in this Policy. You have the right to object to data processing based on legitimate interest.
- Data processing based on law. We process your personal data when we are required to do so by the law that applies to us (tax legislation mandates the retention of invoices). We process this personal data in accordance with the law requirements.
Is it obligatory to provide personal data?
The provision of personal data is voluntary, except where the processing of personal data is required by law, in which case the provision of data is mandatory.
If you do not wish to share certain data with us, there is a possibility that we may not be able to provide you with certain services (e.g. we cannot conclude a contract with you if you do not provide us with the information we need to conclude the contract).
For what purposes do we use your data?
We will only use the collected personal data for purposes that are predefined, specified, and lawful. The purposes are set out in detail in the table below, and we may use your personal data for one or more of the specified purposes.
Purpose |
Categories of personal data |
Legal basis |
Placing an order for products in online store |
E-mail, first and last name, company details (if the client is a legal person), phone number, home address, payment details |
Contractual relationship |
Ordering products online |
E-mail, first and last name, company details (if the client is a legal person), phone number, home address, payment details |
Contractual relationship |
Sending newsletters to existing customers |
E-mail, first and last name |
Law |
Sending newsletters to registered individuals |
E-mail, first and last name |
Consent |
Performing a mild segmentation according to the area of interest of the recipients of our newsletters |
Data on areas of interest, E-mail, first and last name |
Legitimate interest in providing relevant information on the company’s business |
Direct marketing with digital marketing |
First and last name, E-mail, data on area of interest, individual activity (clicks, link and E-mail openings, adding products to shopping cart), and its behaviour on the website |
Legitimate interest in making a relevant offer to the E-mail recipients |
Register a user account |
First and last name, username, E-mail, home address |
Consent |
Using a robot to provide information on a website |
Name, E-mail, data provided by the individual |
Consent |
Publication of user projects on the website |
First and last name, E-mail, project description, uploaded file |
Consent |
Keeping records of warranty periods, and processing warranty claims |
First and last name, E-mail, phone number, warranty details |
Contractual relationship |
Keeping records of guarantee periods, and processing guarantee claims |
First and last name, E-mail, phone number, guarantee details, MAC address, receipt |
Contractual relationship |
Communication with you regarding the provision of our services, and responding to your enquiries |
Name, E-mail, message |
Legitimate interest in ensuring effective communication with potential customers |
Communication with customers who bought our products regarding maintenance, and product updates |
First and last name, E-mail, guarantee details |
Legitimate interest in ensuring a good user experience, and reducing the risks of errors and misuse of products |
Pursuing legal claims, protecting our rights, and resolving disputes |
Data set depends on the proceedings |
Law |
Carrying out statistical analyses |
We carry out statistical analyses on the basis of aggregated and anonymised data in cases where identification of an individual is not possible |
Legitimate interest in providing an efficient and optimised website |
How long do we store your personal data?
We collect, process, and store your personal data in accordance with applicable data protection legislation, and only for as long as is absolutely necessary to fulfil the purposes for which it was collected.
We store your personal data in accordance with processing purposes for the following periods of time:
Purpose for which the personal data are collected |
Storage period |
Placing an order for products in online store |
5 years since transaction completion (6 years since transaction completion for US clients) |
Ordering products online |
5 years since transaction completion (6 years since transaction completion for US clients) |
Sending newsletters to existing customers |
Until revoked |
Sending newsletters to registered individuals |
Until revoked |
Performing a mild segmentation according to the area of interest of the recipients of our newsletters |
Until revoked |
Direct marketing with digital marketing |
1 year since communication termination |
Register a user account |
Until revoked |
Using a robot to provide information on a website |
Until revoked |
Keeping records of warranty periods, and processing warranty claims |
5 years since legal transaction completion |
Keeping records of guarantee periods, and processing guarantee claims |
5 years since legal transaction completion |
Communication with you regarding the provision of our services, and responding to your enquiries |
3 months since communication termination |
Communication with customers who bought our products regarding maintenance, and product updates |
3 months since communication termination |
Pursuing legal claims, protecting our rights, and resolving disputes |
10 years since receipt of final decision in proceedings |
Carrying out statistical analyses |
Data we process for analysis is anonymised |
Publication of projects on the website |
Until revoked |
Personal data for which the storage period has expired (e.g. the purpose for which it was collected has been fulfilled, the statutory deadline has expired, etc.) will be erased, destroyed or anonymised in such a way that recovery of the personal data is no longer possible.
To whom do we disclose your personal data?
We may disclose your personal data to our contractual processors where this is absolutely necessary to fulfil the purpose for which the data was collected. The contractual processors to whom we disclose your personal data are carefully selected, and we have concluded personal data processing contracts with them. Those contracts specify the scope of processing they are allowed to carry out, and the level of security they are obliged to ensure.
We cooperate with the following contractual processors:
- A bulk E-mail service provider.
- An external accounting service provider.
- An IT provider that manages our website.
- A marketing agency.
Do we transfer data outside the EEA?
Your data is transferred and processed outside the European Economic Area (EEA).
For any transfer outside the EEA, we will adopt appropriate additional measures to ensure the security of your personal data. Such measures include, in particular, agreements with third parties to establish binding data protection rules, verifying that the third party has a data protection mechanism in place, and concluding appropriate contractual obligations governing the personal data protection.
How do we protect your personal data?
In order to ensure the highest possible level of security of your personal data, we have taken various organisational and technical measures to protect your personal data:
- training our employees on the lawful processing, and protection of personal data;
- supervision of employees, and regular performance reviews of individual employees;
- careful supervision of contractual processors;
- restricted access to personal data (access passwords, limited number of employees with authorisations, etc.);
- back-up of electronically stored personal data;
- control and appropriate action in the event of any security incidents, and active prevention of damage to personal data and individuals;
- adoption of appropriate internal policies and protocols with guidelines on the protection of personal data;
- regular maintenance and updates of computer equipment.
In the event of a personal data breach, we will immediately notify the Information Commissioner, the competent supervisory authority for the protection of personal data in Slovenia.
In the event that a personal data breach occurs which could result in a significant risk to the rights and freedoms of individuals, we will immediately notify those individuals about the breach.
What rights do you have?
You have the following rights with regard to the processing of personal data in accordance with applicable law:
- Access to personal data: You may request Red Pitaya to disclose to you whether it processes your personal data, and if it does, you may request access to the personal data, and information about its processing (what data is processed, and where the data originates from).
- Correction of personal data: You may request Red Pitaya to correct or complete incomplete or inaccurate data that we process about you.
- Restriction of personal data processing: You may request Red Pitaya to restrict the processing of your personal data (e.g. when your personal data is being checked for accuracy or completeness).
- Deletion of personal data: You may request Red Pitaya to delete your personal data (we cannot delete personal data that we hold as a result of a legal requirement or a contractual relationship).
- Provision of personal data: You may request Red Pitaya to send you the personal data you have provided to us in a structured, commonly used, and machine-readable format.
- Withdrawal of consent: At any time, you have the right to withdraw your consent regarding the use of your personal data which we collected and processed on the basis of consent. Consent may be withdrawn in any of the ways set out in this Policy. Withdrawal of consent does not have any negative consequences, however, it is possible that Red Pitaya may no longer be able to provide you with certain services as a result of the withdrawal.
- Objection to the processing of personal data: You have the right to object to the processing of your personal data when the processing is for direct marketing purposes or for the transfer of your personal data to third parties for direct marketing purposes.
- Right to data portability: You have the right to request an extract of the personal data you have provided to us. We will provide you with the data in a structured, commonly used, and machine-readable format. You are entitled to transfer this data to another controller of your choice. Where technically feasible, you may request for your personal data to be transferred directly to another controller.
You can exercise all your rights by sending an E-mail to info@redpitaya.com.
You have the right to file a complaint with the Information Commissioner, the competent supervisory authority for the protection of personal data.
Please notify us as soon as possible of any change to your personal data at info@redpitaya.com. We will make sure that your personal data is corrected or completed as soon as possible.
In the event that you exercise any of your rights under this section, Red Pitaya reserves the right to request from you certain personal information (such as first name, last name, E-mail address) for the purposes of personal identification. If you do not provide us with additional identification information, we will promptly reject your request. To avoid security incidents, we only deal with requests where it is possible to reliably identify the individual claiming rights.
Use of social networks
On our website www.redpitaya.com we use plug-ins for the following social networks: Facebook, LinkedIn, and Twitter.
Please note that these social networks operate according to their own privacy policies, over which we have no control. Before using any plug-in, please read the privacy policy of each social network.
Final provisions
The controller may change this Policy at any time. In the event of changes, we will notify you in advance. The latest version of this Policy will always be published on the website.
This Policy has been adopted on 11 May 2023.