At Red Pitaya d.o.o. we care about your privacy and we protect your personal data. In this Privacy Policy (hereinafter: Policy), we provide all relevant information regarding the collection, processing, and storage of your personal data by the controller. 

This Privacy and Data Protection Policy applies to:

  • our clients,
  • website users, and
  • newsletter recipients.

The controller of personal data is

Red Pitaya d.o.o.
Velika pot 21
5250 Solkan
(hereinafter: controller, Red Pitaya).

If you have any questions regarding the application of this Policy or the exercise of your rights arising from this Policy, please contact us at info@redpitaya.com.

What is the meaning of the terms used in the Policy?

Personal data is any information relating to an identified or identifiable individual (e.g. first name, last name, E-mail address, phone number, but also identifiers that are specific to an individual’s physical, physiological, genetic, economic, mental, cultural or social identity, etc.).

Controller means a legal person who determines the purposes for which and the means by which your personal data is processed.

Processor means a legal or natural person who processes personal data on behalf of the controller.

Processing means the collection, storage, access, and all other uses of personal data.

How do we obtain the data?

We obtain your personal data when you provide it to us yourself, e.g. when you order the products from our online store, claim a guarantee, enquire about our products, etc. Your personal data can also be acquired indirectly when you utilise our website and receive our personalised newsletters.

We use cookies and similar technologies to collect personal data. You can read more about the use of these technologies in our Cookie Policy.

On what legal basis do we process your personal data?

We process your personal data strictly on an appropriate legal basis. We have the following legal bases in accordance with the applicable legislation governing personal data:

  • Data processing based on a contract. We process your data when it is necessary for the conclusion, and the performance of a contract.
  • Data processing based on consent. We process your data where you have given us your explicit consent. Where data processing is based on consent, we will ensure that you are provided in advance with all the information you need to make your decision. You may withdraw your consent at any time.
  • Data processing based on legitimate interest. We may process your data on the basis of legitimate interest. Information on circumstances where we process your personal data on the basis of legitimate interest is available to you in this Policy. You have the right to object to data processing based on legitimate interest.
  • Data processing based on law. We process your personal data when we are required to do so by the law that applies to us (tax legislation mandates the retention of invoices). We process this personal data in accordance with the law requirements.

Is it obligatory to provide personal data?

The provision of personal data is voluntary, except where the processing of personal data is required by law, in which case the provision of data is mandatory.

If you do not wish to share certain data with us, there is a possibility that we may not be able to provide you with certain services (e.g. we cannot conclude a contract with you if you do not provide us with the information we need to conclude the contract).

For what purposes do we use your data?

We will only use the collected personal data for purposes that are predefined, specified, and lawful. The purposes are set out in detail in the table below, and we may use your personal data for one or more of the specified purposes.

Purpose

Categories of personal data

Legal basis

Placing an order for products in online store

E-mail, first and last name, company details (if the client is a legal person), phone number, home address, payment details

Contractual relationship

Ordering products online

E-mail, first and last name, company details (if the client is a legal person), phone number, home address, payment details

Contractual relationship

Sending newsletters to existing customers

E-mail, first and last name

Law

Sending newsletters to registered individuals

E-mail, first and last name

Consent

Performing a mild segmentation according to the area of interest of the recipients of our newsletters

Data on areas of interest, E-mail, first and last name

Legitimate interest in providing relevant information on the company’s business

Direct marketing with digital marketing

First and last name, E-mail, data on area of interest, individual activity (clicks, link and E-mail openings, adding products to shopping cart), and its behaviour on the website

Legitimate interest in making a relevant offer to the E-mail recipients

Register a user account

First and last name, username, E-mail, home address

Consent

Using a robot to provide information on a website

Name, E-mail, data provided by the individual

Consent

Publication of user projects on the website

First and last name, E-mail, project description, uploaded file

Consent

Keeping records of warranty periods, and processing warranty claims

First and last name, E-mail, phone number, warranty details

Contractual relationship

Keeping records of guarantee periods, and processing guarantee claims

First and last name, E-mail, phone number, guarantee details, MAC address, receipt

Contractual relationship

Communication with you regarding the provision of our services, and responding to your enquiries

Name, E-mail, message

Legitimate interest in ensuring effective communication with potential customers

Communication with customers who bought our products regarding maintenance, and product updates

First and last name, E-mail, guarantee details

Legitimate interest in ensuring a good user experience, and reducing the risks of errors and misuse of products

Pursuing legal claims, protecting our rights, and resolving disputes

Data set depends on the proceedings

Law

Carrying out statistical analyses

We carry out statistical analyses on the basis of aggregated and anonymised data in cases where identification of an individual is not possible

Legitimate interest in providing an efficient and optimised website

 How long do we store your personal data?

We collect, process, and store your personal data in accordance with applicable data protection legislation, and only for as long as is absolutely necessary to fulfil the purposes for which it was collected.

We store your personal data in accordance with processing purposes for the following periods of time:

Purpose for which the personal data are collected

Storage period

Placing an order for products in online store

5 years since transaction completion (6 years since transaction completion for US clients)

Ordering products online

5 years since transaction completion (6 years since transaction completion for US clients)

Sending newsletters to existing customers

Until revoked

Sending newsletters to registered individuals

Until revoked

Performing a mild segmentation according to the area of interest of the recipients of our newsletters

Until revoked

Direct marketing with digital marketing

1 year since communication termination

Register a user account

Until revoked

Using a robot to provide information on a website

Until revoked

Keeping records of warranty periods, and processing warranty claims

5 years since legal transaction completion

Keeping records of guarantee periods, and processing guarantee claims

5 years since legal transaction completion

Communication with you regarding the provision of our services, and responding to your enquiries

3 months since communication termination

Communication with customers who bought our products regarding maintenance, and product updates

3 months since communication termination

Pursuing legal claims, protecting our rights, and resolving disputes

10 years since receipt of final decision in proceedings

Carrying out statistical analyses

Data we process for analysis is anonymised

Publication of projects on the website

Until revoked

Personal data for which the storage period has expired (e.g. the purpose for which it was collected has been fulfilled, the statutory deadline has expired, etc.) will be erased, destroyed or anonymised in such a way that recovery of the personal data is no longer possible.

To whom do we disclose your personal data?

We may disclose your personal data to our contractual processors where this is absolutely necessary to fulfil the purpose for which the data was collected. The contractual processors to whom we disclose your personal data are carefully selected, and we have concluded personal data processing contracts with them. Those contracts specify the scope of processing they are allowed to carry out, and the level of security they are obliged to ensure.

We cooperate with the following contractual processors:

  • A bulk E-mail service provider.
  • An external accounting service provider.
  • An IT provider that manages our website.
  • A marketing agency.

Do we transfer data outside the EEA?

Your data is transferred and processed outside the European Economic Area (EEA).

For any transfer outside the EEA, we will adopt appropriate additional measures to ensure the security of your personal data. Such measures include, in particular, agreements with third parties to establish binding data protection rules, verifying that the third party has a data protection mechanism in place, and concluding appropriate contractual obligations governing the personal data protection.

How do we protect your personal data?

In order to ensure the highest possible level of security of your personal data, we have taken various organisational and technical measures to protect your personal data:

  • training our employees on the lawful processing, and protection of personal data;
  • supervision of employees, and regular performance reviews of individual employees;
  • careful supervision of contractual processors;
  • restricted access to personal data (access passwords, limited number of employees with authorisations, etc.);
  • back-up of electronically stored personal data;
  • control and appropriate action in the event of any security incidents, and active prevention of damage to personal data and individuals;
  • adoption of appropriate internal policies and protocols with guidelines on the protection of personal data;
  • regular maintenance and updates of computer equipment.

In the event of a personal data breach, we will immediately notify the Information Commissioner, the competent supervisory authority for the protection of personal data in Slovenia.

In the event that a personal data breach occurs which could result in a significant risk to the rights and freedoms of individuals, we will immediately notify those individuals about the breach.

What rights do you have?

You have the following rights with regard to the processing of personal data in accordance with applicable law:

  • Access to personal data: You may request Red Pitaya to disclose to you whether it processes your personal data, and if it does, you may request access to the personal data, and information about its processing (what data is processed, and where the data originates from).
  • Correction of personal data: You may request Red Pitaya to correct or complete incomplete or inaccurate data that we process about you.
  • Restriction of personal data processing: You may request Red Pitaya to restrict the processing of your personal data (e.g. when your personal data is being checked for accuracy or completeness).
  • Deletion of personal data: You may request Red Pitaya to delete your personal data (we cannot delete personal data that we hold as a result of a legal requirement or a contractual relationship).
  • Provision of personal data: You may request Red Pitaya to send you the personal data you have provided to us in a structured, commonly used, and machine-readable format.
  • Withdrawal of consent: At any time, you have the right to withdraw your consent regarding the use of your personal data which we collected and processed on the basis of consent. Consent may be withdrawn in any of the ways set out in this Policy. Withdrawal of consent does not have any negative consequences, however, it is possible that Red Pitaya may no longer be able to provide you with certain services as a result of the withdrawal.
  • Objection to the processing of personal data: You have the right to object to the processing of your personal data when the processing is for direct marketing purposes or for the transfer of your personal data to third parties for direct marketing purposes.
  • Right to data portability: You have the right to request an extract of the personal data you have provided to us. We will provide you with the data in a structured, commonly used, and machine-readable format. You are entitled to transfer this data to another controller of your choice.  Where technically feasible, you may request for your personal data to be transferred directly to another controller.

You can exercise all your rights by sending an E-mail to info@redpitaya.com.

You have the right to file a complaint with the Information Commissioner, the competent supervisory authority for the protection of personal data.

Please notify us as soon as possible of any change to your personal data at info@redpitaya.comWe will make sure that your personal data is corrected or completed as soon as possible.

In the event that you exercise any of your rights under this section, Red Pitaya reserves the right to request from you certain personal information (such as first name, last name, E-mail address) for the purposes of personal identification. If you do not provide us with additional identification information, we will promptly reject your request. To avoid security incidents, we only deal with requests where it is possible to reliably identify the individual claiming rights.

Use of social networks

On our website www.redpitaya.com we use plug-ins for the following social networks: Facebook, LinkedIn, and Twitter.

Please note that these social networks operate according to their own privacy policies, over which we have no control. Before using any plug-in, please read the privacy policy of each social network.

Final provisions

The controller may change this Policy at any time. In the event of changes, we will notify you in advance. The latest version of this Policy will always be published on the website.

This Policy has been adopted on 11 May 2023.