Data processing controller
HISHKA d.o.o. (hereafter “we” or “hishka”)
Bolgarska 1, 2000 Maribor Slovenia EU
+386 40 505 097
The protection of your personal data is very important to us. We would therefore like to inform you in the following pages about the data collected during your visit and the purposes it is used for. Should you still have any queries about the handling of your personal data, please contact our data protection officer.
The ongoing further development of technology, changes in our services or the legal situation as well as other reasons can require adjustments of our data protection notice. We therefore reserve the right to change this data protection declaration at any time and ask you to regularly inform yourself about the current status.
Data Protection Officer
1. Basic Information on Data Handling
What is the legal basis for and purpose of the processing of personal data?
The legalbasis for processing personal data isthe legitimate interest of the company based on a customer relationship and/or the performance of a contract and/or consent.We will process your data because we have a contract with you through either
- delivering your purchases from HISHKA webstore or
- by picking up & processing your secondhand items for sale, or
- providing you with some other service you have requested.
We will also use your personal data to send you sales and marketing communications that we believe may be of interest to you if we have your explicit consent for this activity, or if you are an existing customer where we have a legitimate interest in communicating with you. You can opt out of sales and marketing communications from us at any time.
We use your personal data:
- To provide an enjoyable webstore experience that makes buying effortless and helps you to find those products you like best
- To deliver your purchases to you and to process related payments, returns and customer service
- To pick up and proess your secondhand items for sale
- To pay out sales earnings either on partner gift cards or directly to your bank account
- To send you service messages by text or e-mail, such as order updates
- To personalize your digital experience and to allow us to deliver the type of content about our products and services most relevant to you
- To collect payments from you and make payments to you
- To show you hishka.com adverts when you browse the Internet and social media
- To allow us to better service you in responding to your customer service requests
- To send you newsletters when you subscribe
We use automated decision-making (inc. profiling) to identify yourprofile, online behavior, age, consumer habits and topersonalize your visit to the website and ensure that content from our site is presented in the most effective manner for you. We want to find out what you and other customers like andto develop our services.
2. Data that we process on our website?
We collect the following personal data:
- Basic information*: your given name and surname Contact information*:email address, phone number and shipping and billing addresses
- Payment details* for processing your purchase orders and possible returns
- Bank account* (IBAN) if you have sent items for sale and have chosen to obtain remittances directly to your bank account
- Possible direct marketing prohibitions and consents
- Information regarding the customer relationship and contract: information of past and existing orders and sales, items sent by you for sale at hishka and any details & transactions thereof, call recordings, correspondence with you and other contacts, cookies and information associated with them, as well as any other information you voluntarily provide
- Data on your shopping habits and the pages and products you view and interact with upon visiting our website
Providing the information marked with a star is a prerequisite for our contractual relationship and/or customer relationship. We cannot deliver the product and/or service without the necessary information.
If you register for an hishka account, we collect your name, email address, password, country, day and month of birth and additional information regarding your favourite designers and your marketing preferences.
If you provide us with someone else’s data – for example, if you purchase a product to be delivered to a friend or as a gift – we will collect and process the personal data required to enable the transaction such as the name, delivery address and other contact details that you have given to us and we process this data on behalf of you. If you are receiving an item as a gift, we will process your data only to complete the gift request and our contractual obligations.
We have taken extensive technical and organisational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly checked and revised to take into account technological progress.
The personal data of the data subject is deleted or blocked, as soon as the purpose for which it was stored no longer applies. Storage can also be effected if this was required by the European or national legislators in European Union regulations, laws or other stipulations that the person responsible is subject to. The data is also blocked or deleted if a statutory storage period prescribed by the cited standards expires, unless there is a need for continued data storage for the purposes of a conclusion or performance of a contract.
3. Where do we receive information?
We collect your personal data from you when you place an order, send in items for sale, call our Customer Service, sign up for our marketing communications, order seller information, browse our website or use any other services offered by our website www.hishka.com
We use “cookies” to collect information. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from the service and stored on your computer’s hard drive. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
4. Data disclosure or transfer outside of EU or EEA?
We do not sell, trade, or otherwise disclose to outside parties your personally identifiable information. However we use subcontractors that process personal data on behalf of and for us such as service hostingpartners and other parties who assist us in operating our service, conducting our business, or servicing you, such as:
- Payment service providers, warehouses, order packers, and delivery companies
- Professional service providers, such as marketing agencies, marketing plarforms & services, advertising partners and website hosts who help us run our business
- hishka gift card partners
- Credit reference agencies, law enforcement and fraud prevention agencies
- Companies approved by you, such as social media sites.
- We may also disclose your information when we believe disclosure is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Some of our subcontractors may be based in non-EU countries. Where this is the case, we protect your privacy and your rights through the use of the European Commission’s standard data protection clauses.
5. Data protection and retention
The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Transport Layer Security (TLS) security protocol. Likewise, the entire browsing experience on our webstore is protected by the same security protocol (as indicated by the url beginning with https://). Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. We will not retain your personal data for longer than is necessary to fulfil the purposes for which you provided that personal data, unless the law permits or requires that we retain it for longer. The retention period varies depending on the purpose of the processing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data we have is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
5. Customer rights as data owners(subjects)
As a data subject you have the right to:
- Know what personal data of yours we are processing, where that data came from and how we are using that data
- Ask us to update, correct or supplement the data we hold about you
- Withdraw consent for processing for a specified purpose
- Ask us to delete or erase your data from our systems
- Limit or oppose our processing of your data
- Object to processing at any time free of charge, including profiling in so far as it relates to direct marketing
- Where processing is based on your consent or commission, ask us to supply the personal data we hold about you in an easily readable electronic format, or transfer that data direct to a third party nominated by you
- For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.