This version is effective from: 26 Dec. 2022
- How to contact us
|Send us an email at: firstname.lastname@example.org|
|Post||Write to us at: Data Protection Officer, MabsutLife Ltd., Ljubljana, Knezovaulica 001, 1000 Ljubljana|
- What personal data we collect
In providing our Website and Services, we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Website and Services.
|Contact Data||Information enabling us to contact an individual, including name, address, email address, telephone number|
|Identity Data||Information concerning your identity, including, copy of passport, copy of ID card, proof of physical address|
|Employment Data||Information and documents related to profession and /or employment|
|Profile Data||Documents on financial status (e.g. non-bankruptcy certificate), professional certificates of an individual’s professional background, documents regarding educational background, documents related to origin of wealth|
|Technical Data||IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device.|
|Marketing and Communications Data||Marketing preferences; service communication preferences.|
|Payment and Financial information||Any information that We need in order to fulfill an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as PCI DSS|
- How we collect and receive personal data
We collect and receive personal data directly and non-directly using different methods.
|Personal data you provide to us||You may give us your personal data directly, for example, when you purchase Services, contact us with enquiries, complete forms on our Website, subscribe to receive our marketing communications or provide feedback to us.|
|Personal data we collect using cookies and other similar technologies||When you access and use our Website, we will collect certain Behavioural Data and Technical Data. We collect this personal data by using cookies and other similar technologies (see the “Insight, analysis and retargeting through Cookies” section below).|
|Personal data received from third parties||We may receive personal data about you from third parties. Such third parties may include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Website and our Services.|
|Publicly available personal data||From time to time, we may collect personal data about you (Identity Data, Contact Data or Profile Data) that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms).|
- How we use your personal data
We use your personal data for the purposes set out in this section.
Use of our Website.
|If you use our Website||When you browse our Website, we collect and process Behavioural Data and Technical Data to help us understand how you are using and navigating our Website. We do this so that we can better understand which parts of our Website are more or less popular and improve the structure and navigation of our Website. Our legal basis for processing It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to our Website in a secure and effective way and so that we can make improvements to our Website.|
Surveys and feedback.
|If you complete our surveys or provide feedback on your experience of our Website and/or our Services||From time to time, we will invite you to provide feedback about us, our Website and Services in the form of online surveys. We will collect and process your Identity Data, Contact Data and, if applicable, certain Profile Data as well as any other personal data you choose to volunteer in your survey response or other feedback. We use this information to help us to monitor and improve our Website and our Services, to assist with the selection of future service lines and to train our personnel. Our legal basis for processing It is in our legitimate interest to use the personal data provided by you so that we can improve our Website and Services and provide them in an effective way.|
Hosting and managing events.
|If you sign up for and/or attend one of our events||From time to time, we may organise and host events for the purpose of promoting our business. We may process your Identity Data and Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you. If you attend one of our events, we may use your Identity Data, Contact Data and certain Profile Data to record your attendance at the event. Our legal basis for processing It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.|
Insight, analysis and retargeting through Cookies.
Advertising and marketing activities. For more information, click here.
|If we send you marketing communications by email/||We use your Identity Data, Contact Data and Marketing and Communications Data to send you (or the organisation you represent) marketing communications by email. Our marketing will include press releases and information about us, our Website, and our Services, any events we may hold and the offers and promotions we offer from time to time. Our marketing communications will include personalised and non-personalised marketing. Personalised marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Non-personalised marketing is marketing that is not tailored to you. Where we are sending you personalised marketing, we may also use Profile Data, Transaction Data and Behavioural Data to help us decide what sort of personalised marketing to send you (please see the “Insight, analysis and retargeting through Cookies” section above for more details). Our legal basis for processing It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you. It is in our legitimate interest to use your personal data to send our marketing to you by post. However, we will only send marketing communications to you by email where you have consented to receive such content by email, or where we have another lawful right to send marketing to you using email. For example, in certain circumstances we may rely on our legitimate interest to send marketing by email to consumers who have purchased our Services. We may also rely on our legitimate interest to send marketing by email to certain business users of our Website and our Services.|
|If we advertise to you on social media and other platforms||We share your email address (usually in an encrypted or ‘hashed’ form) with third party providers of social media platforms and other services, such as Facebook, Snapchat, Sky and other similar platforms (“Platforms”), so that the third party providers can try to “match” your data with the data of their registered users of their Platforms. Where there is a successful match, we will display our advertising to you when you use the relevant Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customise” the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalised to you. The data that we use to personalise our advertising, such as your Profile Data and Behavioural Data, will not be provided to the third-party providers of the Platforms. Please see the “Insight, analysis and retargeting through Cookies” section above to learn more about how we personalise advertising to you. This activity is also subject to the privacy choices you have elected to make on such Platforms. Our legal basis for processing We will only share your personal data with the third-party providers of the Platforms, so that we can advertise our Services to you when you use those Platforms, where you have provided your consent.|
Business administration and legal compliance.
|If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business||We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; (iii) to protect the rights of third parties; and (iv) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets. Our legal basis for processing Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.|
- If you fail to provide your personal data
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application to register an account. In these circumstances, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
- Third-party links
- Sharing personal data
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
|Third-party suppliers||Service providers acting as processors, including communications and system administration services and entities that help provide, run and manage our Website and IT systems|
|Payment providers and banks||We share personal data with third parties who assist us with the processing of payments and refunds.|
|Event partners and suppliers||When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.|
|Auditors, lawyers, accountants and other professional advisers||We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.|
|Law enforcement or other government and regulatory agencies and bodies||We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.|
|Other third parties||Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.|
- international transfers
We may share your personal data with service providers and/or third parties (in accordance with section 8 above) that are located outside the UK. This will involve transferring your data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented in accordance with applicable law:
- Where the transfer is to countries that have been deemed to provide adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific transfer mechanisms used by us when transferring your personal data outside the UK.
- How long we keep your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data, see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for statistical purposes, in which case we may use this information indefinitely without further notice to you.
- Confidentiality and security of your personal data
We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Website and those who purchase our Services.
- Your rights as a data subject
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of the rights set out above, please contact us.
|Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Request restriction of processing of your personal data in certain circumstances. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.|
The data collected is read out from the cookie file by and retained on the website server / host in electronic form. The purpose for collecting this data is to identify a specific individual visitor after entering our corporate website. This data related to the individual visitor of our corporate website may be used by MabsutLife Limited for internal statistical and analytical purposes only.
You can deactivate the use of cookie files by effecting the modifications in the system settings of the browser application you use for entering our corporate website. Please refer to the help documents and / or technical support for the browser application used for the entering of our corporate website accordingly. By selecting to empty the cache folder of your browser application and by deleting the browser history, cookie files can be deleted completely or partly.
Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP Address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on Our Website or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalization.
We are not responsible for events beyond our direct control. We cannot guarantee nor do we represent that there will be error-free performance regarding the privacy of the Information, and we will not be liable for any direct, indirect, incidental, consequential or punitive damages relating to the use or release of the Information.
If you feel your personal data has been infringed by MabsutLife Ltd., please get in touch with our DPO at email@example.com