Privacy Policy
PRIVACY NOTICE
MDM Ltd, Brnčičeva ulica 17, 1231 Ljubljana – Črnuče (MDM)
About us
MDM has been in the stainless steel business for over 40 years. The long tradition of maintaining flexibility, quality and high professionalism of services is imbued with countless references obtained in partnerships with companies from Slovenia and abroad. MDM is a reputable partner of companies from the metal, food, process, automotive, chemical and pharmaceutical industries. We would like to inform you that as a controller we handle your personal data responsibly, in accordance with domestic and EU legislation.
What personal data do we collect, how will we handle it, for what purposes do we process it and what is the legal basis for its processing
MDM processes personal data on the basis of:
a) Concluded contract or intentions to conclude a contract. In this case, the information is necessary for the conclusion of a contract with you or its implementation. The types of personal data processed on this legal basis are defined in the contracts or accession forms to the general terms and conditions, inquiry and bid preparation forms and other relevant documentation, and are limited to the minimum amount of data necessary to achieve the purpose of the contract. Personal data obtained for the purposes of performing the contract shall be kept by MDM for the period necessary for the comprehensive treatment of the performance of the contract (including any warranty claims and claims for material defects), but not more than five years.
b) Legal authority to collect data. If MDM processes your personal data on the basis of a power of attorney, consent is not required. The legal bases authorizing MDM to collect personal data are, at the time of writing, the Code of Obligations, the Consumer Protection Act, the Value Added Tax Act, the Tax Certification of Invoices Act, the Accounting Act, the Anti-Money Laundering Act and terrorist financing. For this purpose, we store personal data for as long as required by the relevant legislation or for a maximum of ten years from the last event related to the collection of personal data.
c) Legitimate interest. Based on its legitimate interest, MDM collects personal data for the purpose of ensuring information security, reducing the risks of unauthorized access to the important business information, personal data and the company's information system. The said data shall be kept for 10 years. On this legal basis, MDM also collects personal data about the visits to the online store and its activities.
d) Collection of data with cookies. Cookies are used for the purpose of providing a secure and improved shopping experience, smooth operation of pages and portal, and analysis of traffic and online sales. The data obtained in this way is stored in accordance with the "Cookie Policy" document.
The MDM website contains the cookies listed below:
- Necessary cookies: These cookies are necessary for the smooth operation of our website. They allow you to move around the page and use its features smoothly;
- Cookies that measure the effectiveness of the site: We use them to identify and record the number of visitors to the page. With these cookies we get an insight into the patterns of moving around the website, which allows us to further improve the user experience.
COOKIE |
NAME |
PURPOSE |
__utma, __utmb, __utmc, __utmz |
Google Analytics |
Records activities on the page through anonymous monitoring of users. |
e) You can read more about cookies at the "Cookie Policy" link.
f) Consents. If you decide to provide us with data for the purposes of direct marketing, we process it on the basis of your consent, which you can revoke at any time, as described later in this document. The data that will be collected based on your consent is: data on visits and purchased products. Information that you provide to us for the purposes of direct marketing (for example, informing about new services and products it markets, inquiries, preparing an offer or response and establishing contact or communication, where the company can use various communication channels - telephone, regular mail, e-mail), we will only use it to send you notifications about news for our sales programs, special promotions and events. The information obtained with the consent is kept until your cancellation, which you can send to the address provided later in this document. Revocation of consent to processing does not affect the lawfulness of the processing of data carried out on the basis of consent until revocation.
Information exchange
MDM will provide personal information to its contractual processors who provide technical support to MDM in the processing of personal data, such as manufacturers and maintainers of computer applications, websites and information services, developers and implementers of software solutions, and processors hired by MDM to provide services necessary for the performance of contracts, such as carriers. In this case, the contract processors receive only those personal data that are strictly necessary in order to be able to fulfill their obligations towards MDM. All such processors will, by an appropriate arrangements, require MDM to process and protect your personal data in accordance with applicable law.
Safeguards and data retention
The company implements various data protection measures, such as measures to control access to the premises (24-hour access control to business premises MDM, building access control system, locking and blocking doors), measures to electronically control documents login account, password system, access rights depending on profiles, encryption of administrator passwords) and measures to prevent data disclosure (protection of documents during transmission, encryption of data during transmission).
Transfer of personal data to third countries
We will not transfer your personal data to third countries, except to the extent necessary to enable us to provide you with our services (such as the delivery of ordered products or materials). In view of the above, we will ensure that the data will only be passed on to trusted third parties in countries outside the European Economic Area, whose laws may not guarantee the same level of protection of your personal data. Where necessary, MDM will ensure that all appropriate safeguards are in place to meet the requirements for the international transfer of personal data under applicable privacy laws. For the transfer of personal data outside the European Economic Area, MDM will use as safeguards mechanisms approved by the Commission, such as privacy shield validation and standard contractual clauses such as "(EU) controller to controller (outside EU/EEA)". Decision 2004/915/EC (see Article 46 of the General Data Protection Regulation).
Your rights with respect to your personal information
You have the following rights with respect to your personal information:
- the right of access – means that, you can ask us at any time if we processed any of your personal data and if so, you can access this data in the form of a copy and additional information related to it;
- the right to rectification – means that, you can ask us at any time to correct inaccurate or incomplete information;
- right to erasure – means that, in the cases provided for in Article 17 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR"), you can request that we delete your personal data;
- the right to restrict processing – means that, we may suspend the processing of your personal data for a certain period, for example in cases where the accuracy of your personal data is in dispute, but we need some time to check their (in)accuracy;
- the right to object to the processing – means that, if we process your personal data on the basis of our legitimate interests (this is defined in point 2 above), you may oppose to this processing and require us not to process it anymore; and
- the right to data portability – means that, you can require us to provide you with your personal data in a structured, frequently used and machine-readable format and to pass such data directly to another controller where technically feasible. Upon request and when technically feasible, we will pass on your personal data directly to another controller.
You may exercise these rights in accordance with the procedure and in the manner prescribed by the GDPR.
The right to lodge a complaint with the supervisory authority
You also have the right to lodge a complaint with the supervisory authority.
The contact details of the supervisory authority are:
Republic of Slovenia
Information Commissioner
Dunajska cesta 22
1000 Ljubljana
Phone number: 01 230 97 30
E-mail: gp.ip@ip-rs.si
Updates to this notice
This notification was last updated on 08.06.2021. and replaces all previous versions. We will update this notice from time to time and notify you of any material changes. We recommend that you re-read the notice from time to time to familiarize yourself with the current version.
Contact information
MDM, manufacturing, trading and engineering company d.o.o.,
Brnčičeva ulica 17, 1231 Ljubljana - Črnuče
Phone number: + 386 80 60 63,
E-mail: shop@mdm.si