Personal data protection policy - conditions after the entry into force of the GDPR

In our institution, we comply with all articles of the General Regulation on Personal Data Protection (GDPR). We process all personal data exclusively on the basis of legal bases and consent statements of individuals and in accordance with modern concepts of protection and protection of personal data.

We are aware of the high responsibilities regarding the handling of personal data, so we protect, safeguard and process all personal data in accordance with current regulations and standards.

The Personal Data Protection Policy ("Policy") informs you for what purposes we obtain personal data, what their use will be, what the rights of individuals are and how you can exercise these rights.

1. Personal data controller

Personal data controller:

Moja lekarna doo (tax number SI: 93709277; registration number: 8205817000)

Grajski trg 41

8360 Žužemberk

www.moja-lekarna.com

info@moja-lekarna.com

2. Purpose of personal data processing and types of personal data

We treat all personal data confidentially and use it only for the purposes for which it was obtained. If there is a need to process the data for any other purpose, we will notify you in advance and ask for your consent.

Purposes for which personal data are collected: notification of the status of the order, informing about the status of any complaint, the answer to your question you asked, notification of benefits and discounts and special benefits, about new products, of possible events, notification of the progress of a possible sales campaign (optional)

2.1. Visit and use the website

Every time you visit the site https://www.moja-lekarna.com a log file is automatically saved on the web server (e.g. IP number - a number that identifies an individual computer or other device connected to the Internet; browser version, time of visit, etc.). We process this data for the purpose of keeping our website traffic statistics. It processes the data collected in this way separately and does not link them to other data.

You can also fill out several questionnaires on our website, which are intended for self-testing and informative assessment of the situation. All questionnaires are designed to require you to provide only certain anonymous information that does not allow you to be identified. When completing these questionnaires, the website does not record your online identifiers and other identifiable information. The anonymised data you provide to us by completing online questionnaires may be used for scientific research or educational purposes.

If there are links on the website to other websites that are not in any way connected with us, we do not assume any responsibility for the protection of data on these websites.

2.2. Subscribe to e-news and notifications

On our website or by filling out paper forms, you can subscribe to receive news and information and notifications by providing us with your name and surname and e-mail address. In the case of registration, we can inform you via this e-mail address about news from our service offer, provide you with information and articles, or inform you about current events.

The personal data provided is processed solely on the basis of your consent, which you can revoke at any time. Further information on your direct marketing rights can be found under "Your rights".

2.3. Processing of personal data

The information we collect from you is as follows:

Name and surname, E-mail, Address, Telephone

Optionally: Company address and company tax number

The data we collect is also necessary for the later implementation of the order.

Warning: We inform you that the provision of personal data completely voluntary . If you do not want us to store your data and further process it for the purposes of order execution, you can also use the options: login as a guest.

As part of the registration and agreement to the terms set out in this document, you will enter all the necessary information at the following link: https://www.moja-lekarna.com/register you will enter the following: Name, Surname, e-mail address, and then the address and your telephone number.

Processing of personal data means any operation or series of actions carried out in relation to personal data which are automatically processed or which, in the case of manual processing, are part of a personal data file or intended to be included in a personal data file, in particular collection, acquisition, , store, adapt or modify, retrieve, view, use, disclose by transmission, communication, dissemination or other making available, sorting or linking, blocking, anonymising, deleting or destroying; processing can be manual or automated.

By checking the box in front of the button Continue, I agree with the GDPR * I voluntarily agree to be included in the notification list that allows me regular purchases at lower prices and selection of discounts and all other purposes referred to in point 2.

The information you provide to us for the purposes of therapeutic treatments is provided to us voluntarily and solely on the basis of personal consent. We will process this data only for the purposes of conducting an individual hearing. In these cases, you are solely responsible for the correctness and accuracy of the information provided. If you do not wish to disclose to us in the process of performing the therapeutic treatment the individual data necessary for the success of the treatment, we reserve the right to refuse such treatment.

3. Data users

All data collected on the basis of the legal bases listed above will be used in accordance with the purpose for which they were collected and will not be passed on to third parties without the consent of individuals. Due to the confidential relationship between the pharmacist and the patient, personal data is not disclosed to any third parties.

By law, personal data may be disclosed to the following data processors:

• postal service providers (Pošta Slovenije), dispatch service providers, providers of file destruction services and data carriers;
• information technology service providers within servicing (Birocom, Rok Kolar sp) and software maintenance (Pharmaco doo);
• administrator and administrator of applications (Stroka Produkt doo).
• accounting (Fors doo)

We undertake not to transfer or transfer personal data to a third country or other international organizations.

4. Retention period

We guarantee that we will only keep personal data for as long as is necessary to fulfill the purpose for which they were collected and used, namely:

• log files are kept for a maximum of 3 (three) months;
• your contact details for direct information and marketing purposes are processed until revoked or 750 months;

If there is a different legal retention period (eg accounting or tax data) for individual data processed for the realization of contracts, the retention period is 10 (ten) years. During this (extended) time, data processing is limited.

After the cessation of the need for data management, ie. after fulfilling the purpose for which they were collected, the data shall be deleted irrevocably and permanently immediately.

5. Your rights

We guarantee the protection and exercise of all rights that belong to you in connection with the processing of personal data.

You can request from us at any time:

• confirmation of whether or not data relating to you is being processed;
• access to personal data (access to and transcription of them, if the conditions are met)
• information regarding the processing of this data, such as information on the purpose of the processing, the type of personal data, the users to whom the personal data have been / will be disclosed, the envisaged data retention period, the existence of any automated decision-making, including profiling, and the existence of a possible transfer of data to a third country or international organization;
• one copy of personal data in a form you specify. If you submit the request by electronic means of communication and do not request otherwise, we will also provide you with a copy of the data in electronic form. We may charge a fee for any additional copies;
• correction of inaccurate personal data and supplementation of incomplete personal data;
• the right to delete all personal data ("right to be forgotten") if the preconditions of Article 17 of the GDPR are met, and in particular in the event of revocation of consent;
• the right to restrict processing if (i) you dispute the accuracy of the data for a period that allows the controller to verify the accuracy of the personal data, (ii) the processing is illegal and you request a restriction on the use of the data instead of deletion, (iii) the data controller no longer needs processing, which you need to assert, enforce or defend legal claims, (iv) object to the processing of your data on the basis of the legitimate interests of the controller until the lawfulness of their processing has been verified.
• the right to data portability or receiving data in a commonly used and machine-readable form or transmitting data to another controller;
• the right to revoke consent where personal data are processed on the basis of your consent, where the revocation of consent does not affect the lawfulness of the processing that took place before its revocation;
• termination of the use of your personal data for the purpose of direct marketing;
• that you are not subject to a decision based solely on automated processing, including profiling, that has legal effects on you or otherwise significantly affects you.

Procedures for ensuring the rights of the individual

I am aware that:

• I can request access to my personal data (write to: info@moja-lekarna.com)

• I can request correction of personal data (write to: info@moja-lekarna.com)

• I can request the blocking of personal data (write to: info@moja-lekarna.com)

• I can request deletion of personal data (write to: info@moja-lekarna.com)

• I can request a restriction on the use of personal data (write to: info@moja-lekarna.com)

• I can request the transfer of personal data (write to: info@moja-lekarna.com)

Upon request and in accordance with applicable law, we will also provide individuals with other information regarding the personal data we process.

If you believe that the processing of your personal data violates the legislation in the field of personal data protection, you have the right to file a complaint against us as a controller with the Information Commissioner.

6. Contact and enforcement process

Questions about the confidentiality of your data and how it is collected and processed, or your requests for exercising rights in relation to your data, will be answered by our responsible person.

All your requests concerning the exercise of personal data rights (eg revocation of consent) should be addressed in writing to: info@moja-lekarna.com

In order to establish your identification in the case of exercising rights in relation to personal data, we may also request additional data from you. We can only refuse to take action if we can prove that we cannot identify you reliably.

We will respond to your written request as soon as possible and without undue delay, and at the latest within the legally prescribed deadlines.

All topics and content that will be covered in connection with the protection of your personal data are subject to strict confidentiality.

7. Changes

We reserve the right to adjust this Policy from time to time, if necessary, to the actual situation and legislation in the field of personal data protection. Therefore, we ask you to check the current version before each transfer of personal data to be informed of any changes and additions.

Conditions before the entry into force of the GDPR (GDPR enters into force on 25 May 2018)

For an online pharmacy www.moja-lekarna.com All received personal data of users and customers of the online pharmacy are private and confidential, and we also make sure that every purchase in our online pharmacy is safe. The personal data you provide to us at the time of registration are stored by e-mail or telephone in a secure place on the server, protected by a password and with limited access. We undertake that any personal data will be obtained through the website www.moja-lekarna.com protected in accordance with the Personal Data Protection Act.

We need your information to ensure a smooth process of execution and delivery of your order. The data will not be used for any other purpose than sending information material, offers, invoices and other necessary communication. The data are mainly processed by Lekarna Žužemberk, but are also processed by the Post of Slovenia and our accounting service Fors doo. Under no circumstances will we use your data without your consent, provide it in any way or make it available to third parties or institutions not listed here. Warning: We would just like to point out that for the purposes of good information and in general the ability to deliver your data (delivery address and contact number ) is written on the parcel shipment itself. Data is collected until your cancellation or for a maximum of 25 years.

At CALL 2, the Post of Slovenia informs you by phone after the initially undelivered shipment that your package is available for collection. If you do not want us to write your telephone contact (for any reason) on the shipment, let us know in time and we will take into account your wishes. If you have any questions about the above statements and conditions, the way our online store operates, please contact us by e-mail trgovina@moja-lekarna.com .