Data Protection and Privacy
1. Data we collect
We collect data from users and every third person who visits our website https://chip-top.com and uses the services we provide through the website, exclusively in the manner described in this privacy policy. When collecting data, there is the possibility of collecting the user’s “Personal Data”, as defined by the General Data Protection Regulation of the European Parliament and the Council of April 27, 2016, number 2016/679 (GDPR Regulation). When we use the term “Data” in this policy, we also describe “Personal data” as well as any other data that we collect from users or third parties on our pages. We collect data in the following ways:
Registration information: a user is any person who creates a user account in accordance with our General Terms and Conditions (further: General Terms). During registration, the user enters the data specified in our General Terms and Conditions. When this is possible, the user is informed that certain information is not required to be entered. However, if the information is mandatory, the user cannot create a user account without entering this information.
User data: In order to create a user account, the user enters his email address, phone number, password, Internet domain and/or similar user data. In addition, the user who buys a product or starts the purchase process, provides us with information for creating an account, such as credit card, bank information, postal address and possibly a Personal Identification Number if it is an R1 business account.
E-mail for delivery of our special offers. The e-mail is stored in our “newsletter” database and automatically delivered to all contacts from the database. The e-mail is always accompanied by instructions on how you can request the deletion of your data from the database and stop further e-mails being sent.
Login data: our servers automatically collect data when a user or a third party accesses our site and our services and store them in so-called “log files”. This “log file” may contain the “Internet Protocol (IP)” address, the address of the Internet party that referred to our site, the Internet browser and its settings, the date and time when the service was used, browser settings, language preferences and cookies. We collect information about the location of users and third parties who visit our site.
Cookies. We use cookies and similar technologies to collect data on our website. For more information, see our Cookies Policy.
Third party services. On our website, we may have third-party software implemented on our site. Such software are social networks, advertising, content browsers, payment service providers and the like.
Additional information. We collect any information that you send us by email. We keep e-mail data if we need it to provide services or to respond to your inquiry. We try to confirm the data we receive in this way by verifying the identity of the person, all in order to ensure the application of the principle of transparency. We can also collect and process any other data that you submit to us in writing, through social networks, job applications, etc.
2. Legal basis for processing personal data
We collect and process personal data always in accordance with the legal norms of the Republic of Croatia and the European Union. Every user who creates a user account must accept our Privacy Policy.
Personal information is always collected in accordance with this Privacy Policy and General Terms and Conditions. The most common legal basis is user consent. The user gives consent before creating a user account. Users and third parties are always asked when accessing our pages to accept the use of cookies, when their consent is required. In a limited amount, it is sometimes unavoidable to collect a smaller amount of cookies, the so-called. “technical cookies” even when the user or a third party has not accepted the cookies. The data collected in this way do not contain personal data that is processed.
3. Electronic mail for data processing
Any of our users or third parties who access our site can contact us via email at info@chip-top.com for information on the processing of their personal data.
We will respond within 30 days to any inquiry we can respond to and provide the information we are required to provide. Such information is: information about which data we collect and process, which data we can delete, information about consent and how to withdraw consent, etc.
4. How we process personal data
We always process personal data legally, with efforts to ensure transparent information. We always process data in accordance with the Privacy Policy and General Terms and Conditions, and especially in accordance with the GDPR Regulation. The most common legal basis is consent. However, sometimes the legal basis is a legitimate interest in providing our services. More specifically, we process:
– to provide, improve, maintain or protect our service, website and business. This includes the processing of data to perform our service in accordance with the General Terms, prevent defects, errors, security breaches and technical difficulties,
– in order to analyze and monitor usage, trends and other user activities, as prescribed by law or other legally binding act,
– in order to communicate with users, respond to their requests, comments and questions,
in order to develop and provide new services and products and new opportunities for our users,
– in order to offer the user new services, to inform him about new services, benefits, promotions, via e-mail, other mail or telephone communication,
for issuing invoices, processing invoices and for other administrative purposes, when prescribed by law,
– to investigate and prevent security issues and abuse.
5. Disclosure of Information
It may happen that we disclose or share the data of our Users with third parties in the case of:
– express consent of the User, where we share data only to the extent that the User has given his consent,
– when we have prize games or contests and the User wins a prize, in accordance with the General Terms and Conditions, the User is obliged to provide us with personal data, name, surname, address, passport or identity card number, allow us to view the photo, passport or identity card, forward us a photo with a prize won or similar. We will only share and disclose information about the name, surname and city or country of the user who won the prize, and the photo of the user only when he agrees to it,
– in case we use a third party to fulfill our obligations or as a business partner of the executor of personal data. Third parties can, for example, provide us with delivery services, IT services, data storage, etc. We always sign agreements on the protection of personal data with such third parties.
– if a state authority invites us to submit certain data about our users in accordance with legal provisions, if we have no justified reason to suspect that such publication is not in accordance with the law or other regulation,
– in order to exercise our rights, prevent fraud and for security, including the exercise of contractual rights.
6. User rights
a) Right of access: you have the right to receive confirmation as to whether we process personal data relating to you and, if such personal data are processed, access to personal data and the following information: purpose of processing, categories of personal data in question, recipients to whom personal data are discovered and storage period.
b) Right to rectification: you have the right to obtain the correction of inaccurate personal data relating to you without undue delay.
c) The right to deletion: you have the right to request the deletion of personal data relating to you, which will be deleted if the legal conditions are met, or if the conditions are not met, you will receive a notification as to why the data cannot be deleted.
d) The right to restriction of processing: you have the right to obtain restriction of processing if the prerequisites defined by the GDPR Regulation in Article 18 are met.
e) The right to data portability: You have the right to receive personal data relating to you in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller if it is data on which the processing is based on consent or on contract and if the processing is carried out by automated means.
f) The right to object: You have the right, based on your particular situation, to object to the processing of personal data relating to you at any time. The objection is submitted by email to info@chip-top.com, with the indication “Objection to the processing of personal data”.
g) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that relate to you or similarly significantly affect you.
7. How we protect your data
We have taken appropriate technical and organizational security measures to protect all personal data contained in our databases from loss and unauthorized access. All our business partners are contractually obligated to protect the personal data of our users. Also, each of our employees undertakes to keep all personal data as a business secret.
8. What are the retention periods for your personal data?
We store the data that we store on the basis of consent permanently, that is, until you withdraw such consent. At any time, you have the right to inform us that you withdraw your consent to the processing of personal data that you have given us. With the withdrawal of consent, you can also request the deletion of your personal data and other rights according to the General Regulation on the Protection of Personal Data. We are obliged to keep some personal data according to positive regulations. So, for example, we are obliged to keep personal data related to issuing invoices for a period of 11 years. At any time, you have the right to be notified why we cannot delete certain data. At the end of the storage period, we delete personal data permanently or anonymize them so that they can no longer be linked to you.