General conditions for the processing of personal data of individuals visiting/shopping on the websites of users of the Shopamine service - shoppers

1. Introduction.

This document states how we process the personal data of "customers of our customers", i.e. shoppers and other visitors to websites created using the Shopamine service. The document also covers on what basis, which data and how it is processed, with whom we share the data, how long we keep it, and what rights such individuals have.

This document also preliminarily explains the responsibility for personal data for which registered users of the Shopamine service (merchants) act as controllers.

Appoteka doo is a company that develops online applications and provides users with the use of its own online service in the cloud for online sales - Shopamine ( www.shopamine.com ) and associated hardware and software (hereinafter: Shopamine ).

For this purpose, Appoteka doo receives, collects and processes a certain amount of information, which also includes personal data , as defined by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in the processing of personal data and on free flow of such data and on the repeal of Directive 95/46/EC (hereinafter: General Data Protection Regulation ).

The specificity of the business model of Appoteka doo and its cooperation with Shopamine service clients ( registered users or merchants ) is that Appoteka doo acts as a processor of personal data with regard to certain data, as will be defined in more detail below, and with regard to certain data, acts as a manager of personal data.

This document describes the processing of personal data of shoppers and other website visitors that were created using the Shopamine service ( shoppers ), for which Appoteka doo acts as a processor .

The document that you can access at this link describes the processing of personal data of registered users of the Shopamine service ( traders ) or visitors to the website www.shopamine.com and our other business partners, for which Appoteka doo acts as the controller .

Unless otherwise stated, terms from the General Data Protection Regulation (e.g. personal data, processing, manager, processor, etc.) that appear in these General Terms of Personal Data Processing have the same meaning as the terms from the relevant regulation. These General Terms of Personal Data Processing may be updated from time to time in order for their content to better reflect changes in data protection, or for other operational and legal reasons.

If these General Terms of Personal Data Processing are to be significantly changed, we will publish news about it on our website, or we will inform registered users about it via email.

2. Who acts as a "buyer" and what rights does he have in relation to the Shopamine service provider - the company Appoteka doo?

Shoppers are individuals who have either visited a website or an online store created with the help of the Shopamine service by a registered user of the service (merchant), or have made a purchase on such a site.

In order for merchants to be able to use the Shopamine service, special agreements on the processing of personal data have been concluded with the company Appoteka doo , which precisely regulate how and under what conditions Appoteka doo and its subprocessors may process personal data in respect of which the merchants act as controllers (e.g. personal names, addresses, email addresses, IP addresses, and other data relating to shoppers).

The possibility of using the Shopamine service is only possible upon signing the above-mentioned contract, where the company Appoteka doo is also obliged to respect the appropriate technical and organizational measures prescribed by the manager, i.e. the merchant, for the protection of personal data.

The publication and content of general information on the protection of personal data, the privacy policy, information on the use of cookies, and other legal notices, as well as for all other aspects of the legal processing and business with the personal data of buyers, is fully responsible for each individual merchant.

2. 1. Appoteka doo and the rights of individuals - buyers whose data the company processes as a processor on the basis of a contract on the processing of personal data.

When individuals want or buyers , whose data is processed by the trader (or by Appoteka doo based on the contract on personal data processing ), to exercise their rights, which belong to them according to the General Data Protection Regulation , is primarily the responsibility of the individual trader.

(For a full description of the rights that buyers have under the General Data Protection Regulation , see point 3.8 of these General Terms of Personal Data Processing ).

If an individual buyer contacts Appoteka doo directly with a request (e.g. request for access to data, correction, deletion, right to be forgotten, etc.) , the company immediately forwards the request to the merchant to whom the request relates.

Appoteka d.o.o. thus corrects, deletes, blocks or otherwise fulfills the buyer 's request according to the merchant's instructions .

Appoteka doo is not responsible for any disputes, fines or costs related to procedures before the competent institutions or state authorities, as well as for other inconveniences caused to the merchant or buyer due to the merchant's non-compliance with the provisions of the General Data Protection Regulation , other legislation, or the respective contract on the processing of personal data , and the General Terms of Use of Shopamine .

3. General information on the protection of personal data, regarding which Appoteka doo acts as a personal data processor.

In principle, Appoteka doo does not collect or process the personal data of shoppers and only does so when the conditions and circumstances that are explicitly defined in the contract on the processing of personal data occur (e.g. when only they have expressly consented to the processing on the merchant's online store), or when, for example, there is a legal basis for the collection of personal data, or when Appoteka doo has a legal (legitimate) interest in the processing.

When Appoteka doo processes personal data regarding which it itself acts as a processor (e.g. shoppers, etc.), the following applies:

(Regarding the processing of personal data, where Appoteka doo acts as an administrator , see the General Terms of Processing of Merchants' Personal Data ).

3.1. Information about the processor of personal data – Appoteka doo

APOTEKA, web application development, doo ,

Kamniška ulica 41, 1000 Ljubljana, MŠ: 3497623000, ID no. for VAT: SI38913739,

represented by Peter Brenko, director (hereinafter: the company )

Contact information for all questions and requests related to personal data:

  • e-mail address: podpora@appoteka.com

  • postal address: APPOTEKA doo, Kamniška ulica 41, 1000 Ljubljana.

We protect your personal data in accordance with the Personal Data Protection Act (ZVOP-1, Official Journal of the RS, No. 94/2007 and amendments), Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation), the Electronic Communications Act (ZEKom-1, Official Journal of the RS, No. 109/12 and amendment) and other Slovenian and European legislation governing individual areas.

3.2. What personal data do we collect, what legal basis do we have and what is the purpose of the processing?

In accordance with the provisions of the General Regulation on the Protection of Personal Data , personal data is any information that identifies an individual, or makes him specific or identifiable. An individual is identifiable in particular when it can be directly or indirectly identified, in particular by specifying an identifier such as name, identification number, location data, online identifier, or by specifying one or more factors that characterize the individual's physical, physiological , genetic, mental, economic, cultural or social identity.

The company processes the following personal data in accordance with the purposes defined in the individual agreement on the processing of personal data and described below:

Personal data of visitors / shoppers - merchant's website / shop :

Types of relevant personal data processed:

  • buyer 's contact information ,

  • data on the buyer's purchases and issued invoices ,

  • data on the use of the merchant's online store by the visitor / shopper ,

  • data from voluntarily completed forms and submitted consents by the buyer ,

  • data linked to the online identifiers of the visitor / shopper of the merchant's online store ( cookies ) (see the Cookies section of these General Terms of Personal Data Processing , under point 3.5)

Types of processing:

  • storage (only exceptionally on test servers),

  • deletion,

  • insight (for the purpose of providing a support service),

  • modification (for the purpose of providing support),

  • copying (only exceptionally during upgrades or for the purpose of support services),

  • forwarding via the API interface (the forwarding is approved by the merchant, who must ensure GDPR compliance of the data at the forwarding destination)

Legal basis and purpose:

The contract on the processing of personal data concluded with the trader in question:

  • provision of Shopamine service / provision of supply and support services and upgrading.

  • enabling hosting of data with a subcontractor ( contract on subprocessing ), and exceptionally on one's own server (e.g. for the purposes of testing or securing data)

Law:

  • e.g. editing on the basis of a request and for the purposes of exercising individual rights, etc.

Legal (legitimate) interest :

  • the company's legitimate interests include, among other things, measures to prevent, detect and investigate fraud and other harmful practices, etc.

Consent :

  • installation of cookies that are not necessary from the point of view of the normal operation of the merchant's website (e.g. Google Analytics, Facebook, etc.) (see the Cookies section of these General Terms of Personal Data Processing , under point 3.5.)

3.3. Automated consent-based processing and profiling

does not use automatic profiling for processing .

3. 4. Who can process personal data on behalf of the processor's company

3.4.1. Certain employees of the processor's company

Your personal data is processed by individual employees of the company. The employees of the company only process the personal data they need for their work, but they can also pass it on to each other, as far as the work assignments and the company's internal rules allow it. All employees are bound to confidentiality and respect for the protection of personal data.

3.4.2. State authorities

In certain cases prescribed by applicable legislation, the company must forward your personal data or report them to the competent state authorities and authorities responsible for financial, tax or other control (e.g. the Financial Administration of the Republic of Slovenia, courts, Office of the Information Commissioner of the Republic of Slovenia, Market Inspectorate of the Republic of Slovenia, etc.). They must also be forwarded to third parties, if such an obligation to forward or disclose is imposed on the company by law.

3.4.3. Contractual processing of personal data

Users of personal data are, in addition to employees of the company, also employees of the company's contractual processors, who can process confidential data exclusively on behalf of the company and within the limits of the contract on external processing of personal data , which the company has concluded with each such processor. Contractual processors may only process personal data within the framework of the instructions of the company, as a controller , they may not use personal data to pursue any personal interests.

Contract processors with whom the company cooperates are:

  • Accounting Service

  • hosting provider

  • maintainers of IT systems

  • email providers

  • payment system providers

  • online advertising solution providers

The company will not pass on your personal data to unauthorized third parties.

3.4.3. Transfer of personal data to third countries and international organizations

The company and users do not export personal data to third countries (outside the member states of the European Economic Area - EU members and Iceland, Norway and Liechtenstein) and to international organizations, except in the USA - all contractual processors in the USA are included in the Privacy Shield program .

You can obtain more detailed information about user categories, contractual partners and contractual processors of the company upon request sent to the email or physical address:

  • at the e-mail address: podpora@shopamine.com

  • by mail to the address: APOTEKA, development of online applications, doo, Kamniška ulica 41, 1000 Ljubljana.

3.5. Cookies

For a list of cookies and to manage cookie settings, visit http://www.shopamine.com .

Cookies are small text files that most modern websites store on users' devices, i.e. people who use their devices to access certain websites on the Internet. Their storage is under the full control of the user , as the user can restrict or disable the storage of cookies in the browser used by the user .

Even when you visit the website of an individual merchant and its subpages, and when performing operations on the page, certain cookies are installed on your computer, phone or tablet, automatically or with your express consent , through which various data can be recorded.

We can also determine the duration of your online session on the page, which activities you performed on the page, and e.g. which data you entered in the forms, and all this is done from the point of view of offering the basic functionality of the website and for security reasons. Information about your operating system and its version, as well as technical data about the devices you use, helps us to ensure that our websites and subpages will be displayed correctly on your devices, as this is the only way we can constantly improve them and adapt them to your technical needs.

3.6. Personal data retention period

The retention period of personal data depends on the basis and purpose of processing each category of personal data.

The company will keep your personal data only for as long as it is necessary to fulfill the purpose for which the personal data was collected and further processed (e.g. to ensure that you access and use your user account and online store, to fulfill your package orders , verifying your payments and fulfilling other obligations of the company and/or you, to ensure that you can access specific information available to you, to ensure that you can use various benefits, etc.).

Those personal data that the company processes on the basis of the law , the company will keep for the period prescribed by the law .

Those personal data that the company processes for the purpose of carrying out a contractual relationship with an individual, the company keeps for the period necessary for the execution of the contract and for 5 years after its termination , except in cases where there is a dispute between you and the company regarding the contract ; in such a case, the company keeps the data for 5 years after the finality of the court or arbitration decision or settlement or, if there was no legal dispute, 5 years from the date of the peaceful resolution of the dispute .

Those personal data that the company processes on the basis of the personal consent of the individual ( consent ) or legitimate interest , the company keeps permanently, until the cancellation of this consent by the individual or until receiving a request to stop processing . The company deletes such data before cancellation only when the purpose of personal data processing has already been achieved or if the law stipulates so.

After the retention period has expired, the company effectively and permanently deletes or anonymizes personal data so that they can no longer be linked to a specific individual.

3.7. Protection of your personal data

In the company, we carefully store and protect personal data with organizational, technical and logical-technical procedures and measures, which protect the data against accidental or intentional unauthorized access, destruction, alteration or loss, as well as unauthorized disclosure or other form of processing to which you have not expressly consented .

We achieve this through a combination of physical protection of the premises, equipment and system software of the processor, through adjustments and security updates of the application software with which personal data is processed, and through the prevention of unauthorized access to personal data during its transmission, including transmission by means of telecommunications and networks.

For this purpose, the company has also adopted appropriate internal processes and established various measures (e.g. assigning, using and changing passwords, locking rooms, offices and locations of servers and workstations, regularly updating support software and upgrading security-defying components, physical protection of material containing personal data in specially designated places, training of employees, etc.).

The company also demands the same security commitments from its contractual processors .

3.8. What are your rights regarding the protection of personal data?

In relation to these General Terms of Personal Data Processing or the processing of your personal data by our company and our contractual processors, you can contact us without hesitation at our e-mail address: support@shopamine.com.

You can also send your requests and exercise your rights to the address provided.

Requests can be made in a way that allows you to be identified, namely by filling in the form provided for the exercise of each individual right and published on the website https://www.ip-rs.com/obrazci/varstvo-osebnih-podatkov / , or in another documented way (e.g. oral request for a record over the phone, written request via e-mail or physical mail).

3.8.1. Right to withdraw consent

If you, as an individual, have consented to the processing of your personal data for one or more specified purposes (see chapter 3.2. What personal data do we collect, what legal basis do we have and what is the purpose of the processing? of these General Terms of Personal Data Processing ), you have the right to consent ( consent ) can be revoked at any time , without this affecting the legality of data processing, which was carried out on the basis of consent until it was revoked.

Consent can be revoked with a written statement sent to the e-mail address: dopora@shopamine.com

Revocation of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, it is possible that the controller may no longer be able to provide one or more of its services to an individual after revocation of consent to the processing of personal data, if these are services that cannot be provided without personal data (e.g. marketing communication with the individual).

3.8.2. The right of access to personal data

As an individual, you have the right to receive confirmation from the company ( personal data controller ) as to whether personal data is being processed in relation to you , and, when this is the case, to obtain access to personal data and certain information: on the purposes of processing, on the types of personal data, on users, about retention periods or criteria for determining periods, about the existence of the right to correct or delete data, the right to limit and object to processing and the right to appeal to a supervisory authority, about the source of the data, if the data was not collected from you, about the existence of automated decision-making, including the creation of profiles , the reasons for it and the meaning and consequences of such processing for you, as well as other information in accordance with Article 15 of the General Regulation on the Protection of Personal Data .

3.8.3. The right to correct personal data

3.8.4. Right to erasure of personal data ("right to be forgotten")

As an individual, you have the right to have the company delete personal data about you without undue delay, and the company must delete the data without undue delay regardless of your request , when one of the following reasons exists:

  1. the data are no longer needed for the purposes for which they were collected or otherwise processed,

  2. if you revoke your consent and there is no other legal basis for the processing,

  3. if you object to the processing and there are no overriding legal grounds for the processing,

  4. the data was processed illegally,

  5. the data must be deleted to comply with legal obligations in accordance with EU law or the law of the Member State applicable to the provider,

  6. the data was collected in connection with the offer of information society services.

However, as an individual, in certain cases described in paragraph 3 of Article 17 of the General Regulation on the Protection of Personal Data , you do not have the right to delete data.

3.8.5. The right to restriction of processing

As an individual, you have the right to have the company restrict its processing of your personal data when one of the following cases exists:

  1. if you dispute the accuracy of the data for a period that allows the company to verify the accuracy of the data,

  2. the processing is illegal and you object to the deletion of the data and instead request the limitation of their use,

  3. the company no longer needs the data for processing purposes, but you need it to assert, implement and defend legal claims,

  4. you have filed an objection regarding the processing. The restriction applies until it is determined that the company's legitimate reasons override your reasons.

3.8.6. The right to data portability

As an individual, you have the right to receive the personal data relating to you that you have provided to the company in a structured, generally usable and machine-readable format, and you have the right to transmit this data to another controller without the company to whom it is provided personal data, an obstacle, namely when:

  1. the processing is based on consent or on a contract and

  2. the processing is carried out by automated means.

As an individual, when exercising the aforementioned right to portability, you have the right to have personal data directly transferred from one controller (e.g. a company) to another, when this is technically feasible.

3.8.7. The right to object to processing

As an individual, based on reasons related to your special situation, you have the right to object at any time to the processing of personal data, which is necessary for the performance of tasks in the public interest or in the exercise of public authority assigned to the company (item (e) of paragraph 1 of Article 6 General Regulations on the Protection of Personal Data ) or is necessary due to the legitimate interests pursued by the company or a third party, including the creation of profiles based on the said processing; the company stops processing personal data, unless it demonstrates imperative legitimate reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

When personal data is processed for marketing purposes , the individual has the right to object at any time to the processing of data related to him for the purposes of such marketing, including profiling , as far as it is related to such direct marketing; when an individual objects to processing for direct marketing purposes, the data is no longer processed for these purposes .

When data is processed for scientific or historical research purposes or statistical purposes, the individual has the right to object to the processing of data concerning him for reasons related to his special situation, unless the processing is necessary for the performance of the task being carried out for reasons of public interest;

3.8.8. The right to file a complaint with a supervisory authority

Without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to lodge a complaint with a supervisory authority, in particular in the country in which you have your habitual residence, your place of work or in which the infringement allegedly occurred (in In Slovenia, this is the Information Commissioner), if you believe that the processing of personal data concerning you violates regulations on the protection of personal data:

  • Information Commissioner , Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.com, telephone: 012309730, website: www.ip-rs.com .

4. Final provisions

The company reserves the right to amend or supplement these General Terms of Personal Data Processing for the purposes of ensuring compliance with regulations in the field of personal data protection.

For everything that is not specifically determined by these General Terms of Personal Data Processing or by the contract concluded by the company and the individual, the provisions of the applicable legislation apply.

These General Terms of Personal Data Processing are valid and applicable from March 2020 onwards.

Apoteka doo

Early Bird Offer

worth 5.000 € 
in onboarding and integration services 

+ special Early Bird Plan 
get Advanced features for the price of Pro plan


In addition to mandatory cookies, we also use analytical and advertising cookies, as well as social network cookies on the Shopamine website.

If you agree with this, please click on the I ACCEPT button. For a detailed description and in order to set the use of individual cookies, click on the COOKIE SETTINGS link.

×
Managing cookies on the Shopamine website
Mandatory cookies

are cookies that are essential for the proper functioning of the website, whereby the transmission of information in the communication network would not be possible without them. These cookies are also necessary in order for us to offer you the services, which are available on our website. They allow you to log in to the user profile, select the language, agree to the terms and conditions and identify the session of the user. We are not obliged to obtain consent for their use.

Analytical cookies

These cookies help us understand how our visitors use our website. They help us improve the user experience and identify user requirements and trends. We only use these cookies if you have explicitly consented to their use.

Advertising cookies

Third-party plug-ins and tools used as cookies enable various functionalities to work, help us analyse the frequency of visits and how the website is used. If an individual does not agree to the use of these cookies, they will not be installed, while it may however happen, that some interesting features of the website will not be available. We only use these cookies if you have explicitly consented to their use.

Social network cookies

These cookies make it possible for us to provide content for posts on social media and record your actions so that we may provide a more personal and enhanced user experience. We use these cookies only if you are logged into a Twitter, Facebook or Google user account when using the website.

1. General information about cookies 1.1. What are cookies?

Cookies are small text files that most modern websites store on the devices of their visitors, i.e. people who access certain websites on the Internet with their devices. The storing of cookies is under the complete control of the user, since users can easily configure their browser to restrict or disable the storage of cookies.

While visiting the website and its subpages and performing operations on the website, your computer, phone or tablet, automatically or after gaining your explicit consent, stores certain cookies through which various data can be recorded.

1.2. How do they work and why we use them?

Each visitor or shopper is assigned a cookie in order to identify him and ensure traceability at the beginning of each use of the online store. The servers provided to the company by the subcontractor automatically collect data on how visitors, shop owners or shoppers use the online store and store this data in the form of an activity log.

The servers store information about the use of the online store, statistics and IP numbers. Data on the use of the online store by shoppers can be used by the company for compiling anonymous statistics that help us improve the user experience as well as market products and / or services through an online store.

Indirectly and upon obtaining consent, the online store may also store external service cookies on the visitor's or shopper's device (e.g. Google Analytics) which are used to collect data on website visits. Regarding external services, the rules and general conditions on the processing of personal data, which are available at the links below, apply.

2. Permission to use cookies

If the settings of the browser with which you visit the website are such, that they accept all cookies, it means that you agree to their use. In case you do not want to use cookies on this website or you want to remove them, you may follow the procedure below. Removing or blocking cookies may result in suboptimal performance of this website.

3. Mandatory and optional cookies and your consent 3.1. We are not required to gain your consent for the use of mandatory cookies:

Mandatory cookies are cookies, that are essential for the proper functioning of the website, whereby the transmission of information in the communication network would not be possible without them. These cookies are also necessary in order for us to offer you the services, which are available on our website. They enable login into the user profile, language selection, agreeing to the terms and conditions and user session identification.

3.2. Cookies that are not necessary for the normal operation of the website, and for which we are obliged to obtain your consent (optional cookies):

Analytical cookies

These cookies help us understand how our visitors use our website. They help us improve the user experience and identify user requirements and trends. We only use these cookies if you have explicitly consented to their use.

Advertising cookies

Third-party plug-ins and tools used as cookies enable various functionalities to work, help us analyse the frequency of visits and how the website is used. If an individual does not agree to the use of these cookies, they will not be installed, while it may however happen, that some interesting features of the website will not be available. We only use these cookies if you have explicitly consented to their use.

Social network cookies

These cookies make it possible for us to provide content for posts on social media and record your actions so that we may provide a more personal and enhanced user experience. We use these cookies only if you are logged into a Twitter, Facebook or Google user account when using the website.

4. How to manage cookies?

You can manage cookies by clicking on the "Cookie settings" link in the footer of the website.

You can also control and change cookie settings in your own web browser.

In case you want to delete cookies from your device, we advise you to follow the described procedures, by doing so, you will most likely limit the functionality of not only our website but also most other websites, as the majority of modern websites use cookies.