Privacy Policy

Website with information on data protection.

Article I. - Statement on the protection and collection of personal data

Website baronlux.com We are pleased that you have visited this website. We are committed to protecting your personal data in accordance with all applicable data protection laws, in particular in accordance with the EU General Data Protection Regulation (“GDPR”) and the Act on the Implementation of the General Data Protection Regulation. In this Data Protection Information, we explain what information (including personal data) we process about you in connection with your visit to and use of the above-mentioned digital information (“Website”). Baron Team doo is committed to protecting the personal data of customers, by collecting only the necessary, basic data about customers/users that are necessary to fulfill our obligations; informing customers about the use of the collected data, regularly giving customers the opportunity to choose how their data is used, including the opportunity to decide whether or not to have their name removed from lists used for marketing campaigns. All user data is strictly kept and is only available to employees who need this data to perform their job. All current and future employees of Baron Team doo and business partners are responsible for respecting the principles of privacy protection. By filling out the form when registering or making a purchase on www.baronlux.com, the visitor and/or customer confirms the accuracy and completeness of the provided data, including personal data. The controller responsible for the processing of personal data is Baron Team doo for services, available at the e-mail address: info@baronteam.hr . Any reference to "we" or "us" in this data protection information is a reference to the aforementioned entity.

Article II. Principles

In order to comply with applicable data protection laws, we only process your personal data on the basis of a lawful basis or if you have consented to it. This also applies to the processing of personal data for marketing purposes. On this website, we may collect data that does not allow us to draw direct conclusions about your identity. However, in certain cases - especially in combination with other data - this data may still be considered "personal data" in accordance with applicable data protection laws. Furthermore, on this website, we may also collect information that does not allow us to identify you, directly or indirectly; this is the case, for example, with the collection of data about all users of this website.

Article III. Data processed

You can access our website without entering any personal data (such as your name and surname, postal address or email address). In this case, we also have to process certain data in order to enable you to access our website. In addition, we use certain analysis methods on this website and have integrated third-party functionalities (“social plug-ins”). Log files: When you visit this website, our web server automatically stores the domain name or IP address of the requesting computer (most likely your internet service provider’s computer), including the date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and terminal(s) you use to view our pages. Cookies: In order to make our website as user-friendly as possible, we - like many other website operators - use cookies. Cookies are small text files stored in your browser. These files help us to recognize certain preferences of our visitors while browsing the Internet and to design our pages accordingly. We mostly use temporary cookies (session cookies). They are automatically deleted at the end of your visit. However, we also use permanent cookies. They serve to improve user navigation according to your preferences. Our cookies do not collect any personal data and do not allow you to be identified on third-party websites. You can set your browser to notify you about the setting of cookies in order to make the use of cookies transparent to you. In principle, you can also refuse to accept cookies through your browser settings. However, this may mean that you may not be able to use all the functionalities of the Website. Here is a list of the cookies we use: _session_id, a unique identifier, per session, allows Shopify to store information about your session (referral, landing page, etc.); _shopify_visit, no data is kept, present for 30 minutes from the last visit, used by the provider of our website's internal statistics tracking service to record the number of visits; _shopify_uniq, no data is kept, expires at midnight (relative to the visitor) of the next day, counts the number of visits to the store by a single customer; cart, unique identifier, present for 2 weeks, stores information about the contents of the cart; _secure_session_id, unique identifier, per session; storefront_digest, unique identifier, unspecified if the store has a password, this is used to determine whether the current visitor has access You can control and/or delete cookies as desired. For more information, see: aboutcookies.org You can delete all cookies that are already stored on your computer, and most browser settings allow you to block the storage of cookies. If you block cookies, you may need to manually adjust some of your preferences each time you visit the website, and certain services and features may not be available. Website analysis using Google Analytics: On our website we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), in order to continuously improve our website. Google Analytics uses cookies that are stored on your computer and enable an analysis of the use of the website. The information collected by the cookie about your use of this website is generally sent to a Google server in Europe (or in a member state of the European Economic Area) in order to anonymize your IP address, in order to prevent any personal identification. Only after the IP address has been anonymized is the shortened IP address transmitted to a Google server in the USA and stored there. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. This website uses Google Analytics with the extension for anonymous collection of IP addresses (so-called IP masking). Google uses the collected data on our behalf to analyse your use of the website, to compile reports on website activities and to provide us with other services relating to website use. The IP address sent by your browser in the context of Google Analytics will not be combined with other Google data. You can refuse the use of cookies by selecting the appropriate settings in your browser. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address). You can also prevent Google from processing your data by downloading and installing the browser add-on available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. In this case, an opt-out cookie will be set which prevents your data from being collected in the future when you visit this website. Alternatively, you can prevent the transmission of your data to Google and its processing by Google using the link below. To opt out, click here. Additional information on data protection when using Google Analytics can be found here https://www.google.com/analytics/terms/ and here http://www.google.com/intl/de/analytics/privacyoverview.html. Google Remarketing: We also use Google's remarketing function on our website. This allows us to show you targeted advertising of assumed interests based on your behavior during previous visits to our website. If you have agreed with Google, your visits will also be recorded on all devices. This advertisement appears only in Google advertising spaces, either in Google Adwords advertising spaces or on the Google Display Network. Google uses cookies to analyze the use of websites as a basis for displaying advertising based on your presumed interests. Cookies are used to record visits to the Internet location and anonymous data about the use of the Internet page. No personal information about visitors to the website is stored. If you then visit another website in the Google Display Network, you will see ads that are likely to include the types of products and information that you have previously accessed. You can permanently disable Google's use of cookies by following the following link and downloading and installing the plug-in: https://www.google.com/settings/ads/plugin. Alternatively, you can disable the use of cookies by third parties by using the advertising network's deactivation website at http://www.netvorkadvertising.org/choices/ and the additional information provided there in the contradiction. More information about Google remarketing and Google's policy can be found at http://www.google.com/privacy/ads/. DoubleClick: We also use DoubleClick, a service also provided by Google, to show you ads that are relevant to you. Google assigns a pseudonymous identification number (ID) to your browser to check which ads are displayed in your browser and which ads were viewed. Cookies do not contain any personal information. The use of the DoubleClick cookie only allows Google and its partner websites to display ads based on your previous visits to our or other websites on the Internet. The information generated by the cookie is transferred by Google to a server in the USA for analysis and stored there. The transfer of data by Google to third parties is only carried out on the basis of legal regulations or within the framework of the described data processing. Google will not combine your data with other data that it has collected from you. You can refuse the use of cookies by selecting the appropriate settings in your browser. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website, as well as from Google processing it in this way, by downloading and installing the browser add-on at https://adssettings.google.com/u/0/authenticated?Hl=sr-GB by selecting the DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies on the Digital Marketing Alliance website - http://optout.aboutads.info. Facebook Pixel: We use the Facebook Pixel service provider Facebook, Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA - www.facebook.com – "Facebook") on our website. The Facebook Pixel provides the ability to track user behavior after they have been redirected to one of our Internet sites by clicking on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising efforts. The collected data is anonymous, so we cannot draw any conclusions about the user's identity, and we do not send any personal data to Facebook. However, Facebook stores and processes the data so that a connection to the corresponding user profile is possible and Facebook can use the data for its advertising purposes in accordance with the Guidelines for the use of Facebook data (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to show ads inside and outside of Facebook. A cookie may also be stored on your computer for these purposes. If you are a Facebook user and do not want Facebook to collect data about you via the Facebook Pixel and associate it with your user data stored on Facebook, you can deactivate the Facebook Pixel here. The contradiction applies to the browser you use. LinkedIn conversion tracking: We use analysis and tracking technology from the service provider LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA - www.linkedin.com - "LinkedIn") on our website. With this LinkedIn technology, advertisements can be displayed in accordance with your interests. We also receive aggregated and anonymized reports from LinkedIn about advertising activities and information about how you interact with our website. You can find further information about data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy#choices-oblig. You can deactivate the analysis of your behavior by LinkedIn and the display of recommended ads based on your interests by clicking "Reject to LinkedIn" (for LinkedIn members) or "Reject" (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Web analysis via Mouseflow: On our website, we use a web analytics tool from the service provider Mouseflow ApS (Flaesketorvet 68, 1711 Copenhagen, Denmark - [website] - "Mouseflow"), to record randomly selected individual visits (only with an anonymized IP address). This results in a protocol of mouse movement, mouse clicks and keyboard interaction, with the intention of randomly displaying individual visits to this website as so-called repeated sessions and evaluations in the form of so-called map, introducing potential improvements to this Internet site. Data collected by Mouseflow is not personal data and will not be transferred to third parties. The collected data is stored and processed within the EU. If you do not want this data about your visits to our website to be collected by Mouseflow, you can opt out of this on all websites that use Mouseflow via the following link: https://mouseflow.de/opt-out/. Social media add-on: We have integrated a button from the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA - www.facebook.com) into our website. You can recognize the Facebook buttons by the Facebook logo or the "Like" button. In order to prevent the automatic collection of data by Facebook as soon as you access our website, we have implemented a so-called two-click solution: In addition to the Facebook button, there is an area that looks like a switch. Only when you click on the switch and then click on the Facebook button again, information (such as the address of our website and your user ID) is sent to Facebook. As the operator of the website, we have no knowledge of the content of the transmitted data or how Facebook uses it. We do not receive any information about which button you clicked. For more information about how Facebook uses your data, please see Facebook's privacy policy: https://www.facebook.com/policy.php. Information and advice options, advertising and marketing We offer you various information and advice options via our contact form. Depending on the option you choose, we process different personal data:

a) Information received by mail/email

If you have chosen to send information materials, we will process the data you have entered in the contact form, at least your first and last name and the details of the contact channel you have chosen (mail and/or email) for the one-time dispatch of the material you have requested.

b) Telephone counseling

If you have chosen telephone consultation, we process the data you entered in the contact form, at least your first and last name and your telephone number, in order to provide you with the desired telephone consultation.

c) Personal counseling

If you have chosen personal counseling, we process the data you entered in the contact form, at least your first and last name, as well as your telephone number and/or email, in order to provide you with a personal counseling appointment.

d) Newsletter via email

If you have chosen to send the flyer by email, we process the data you have entered in the contact form, at least your first and last name and your email address, in order to send you the flyer by email. If you have chosen to send the newsletter by email, we process the data you have entered in the contact form, at least your first and last name and your email address, in order to send you the newsletter. In addition, we use other information you enter in the contact form in order to send you content tailored to your interests. We also analyze the data collected during the delivery and acceptance of such emails in aggregate form (delivery rate, opening rate, click rate, conversion rate, unsubscribe rate, bounce rate) in order to gain insight into their success and use. On the other hand, we also evaluate the data generated during your access to and use of these emails (opening time, hyperlink clicks, downloaded documents) in order to provide you with personalized information in future emailed flyers that best reflect your interests and needs.

e) Advertising and marketing

We inform you about products, services, offers and events. For this purpose, we process the necessary data that you have entered in the contact form, at least your last name and first name and contact channel details (email and telephone). You can place orders on our website without registering and creating an account. In this case, we will request and process the information necessary to process the order (e.g. your first and last name, billing address or other delivery address, email and the necessary payment information, delivery method and order information). Registration and account If you register as a user of our website - in particular when you create your account - we collect personal data and process the data provided in the registration form on our website. If you want to use certain content on our website or place an order, we may also request that you re-enter the data already collected during registration (in particular for the purpose of identifying you) and process further personal data for this purpose.

Article IV. Shopify

Our online store is hosted by Shopify Inc. They provide us with an online e-commerce platform that allows us to sell our products and services. Card information and personalized security features are not stored on the Shopify system, i.e. outside the system of the certified ISP of the contractual partner of RBA Bank.

Article V. Purpose and legal basis for processing your personal data

In order to enable you to use our website, we process personal data, which may include log files; this processing, for the purpose of our legitimate interest in the operation of our website, is based on Article 6(1) f) GDPR. We process the data collected using cookies and pseudonymous user profiles in order to better perform direct marketing, market research and further develop our digital offers based on user needs, and this processing, for the purpose of our legitimate interest in the operation of our website, is based on Article 6(1) f) GDPR. We process the data received in order to provide you with information and advice and to enable you to make your selection, and if you have decided to register for our email newsletter, in order to register you and deliver the newsletter to you by email. We process your personal data on the basis of your consent and in accordance with Article 6(1) a) GDPR. You can withdraw your consent at any time with effect from the moment of withdrawal of consent by contacting us using the contact details provided above at the beginning of this Data Protection Information. In every email you will find a link to unsubscribe from sending emails. If you order something through our website or if you register a user account on our website, we process the collected data on the basis of Article 6(1) b) GDPR in connection with the execution of the contract we have concluded with you. We may also process data related to your use of our website in order to comply with our legal obligations; this type of processing is based on Article 6(1) c) GDPR. To the extent necessary, we process your personal data (in addition to processing for the purpose of a business relationship or to comply with legal obligations) for the purpose of our legitimate interests or the legitimate interests of a third party based on Article 6(1) f) GDPR. Legitimate interest may include:
a) establishment, implementation and defense against legal claims;
b) the prevention, investigation, detection or prosecution of criminal offences; and
c) management and further development of our business, including risk management.

Article VI. Duty to provide data

The information required for registration to receive our email newsletter, to provide information and advice, to place online orders or to register as a user or to create a user account is marked as mandatory data in the relevant area of the website (e.g. contact form); without providing the mandatory data, we cannot enable you to use the relevant function. If we receive additional data from you, we will indicate whether the provision of such information is based on a legal or contractual obligation or is necessary for the performance of a contract. As a rule, we indicate which data can be provided voluntarily and not in accordance with a legal or contractual obligation or for the purpose of performing a contract.

Article VII. Access to data

Your personal data is mainly processed within our company. Depending on the categories of personal data, only certain persons are allowed access to your personal data. Based on the role/rights management concept, access to personal data is limited to the functions that perform the processing and to the extent necessary for the respective processing purpose. We do not forward your personal data outside our company, except:

service providers who provide us with certain services, including the processing of personal data, under specific contracts, and approved subcontractors of our service providers, for example, for services such as data collection, hosting our websites, sending emails, providing information or consulting services, accounting services; and
private or public bodies, to the extent that we are required to transfer your personal data based on a legal obligation to which we are subject.
[other categories of recipients if applicable]

In general, the third-party service providers we use will collect, use and disclose your information only to the extent necessary to perform the service they provide to us. However, certain third-party service providers, such as payment processors and other payment processors, have their own privacy policies regarding the information we provide to them for your purchase transactions. For these third-party service providers, we encourage you to read their privacy policies so that you can understand how your personal information will be processed by them. In particular, please note that some service providers may be located in or have facilities that are located in a different jurisdiction from you or us. Therefore, if you choose to proceed with a transaction involving the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction in which the service provider or its facilities are located. Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Terms of Service. When you click on links in our online store, they may direct you away from our site. We are not responsible for the Privacy Policies of other sites and we encourage you to read their Privacy Policies.

Article VIII. Automated decision-making

In connection with the operation of our Websites, we generally do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR. If we implement such procedures in the future, we will inform you separately in accordance with the applicable legal provisions.

Article IX. Transfer of data outside the EU / EEA

Data may be transferred to recipients in so-called third countries only in connection with the use of service providers for the provision of information on web analysis services. “Third countries” are countries outside the European Union or countries that are not signatories to the Agreement on the European Economic Area and in which a data protection comparable to that in the European Union cannot be envisaged. If the information transferred contains personal data, we ensure before such a transfer that an adequate level of data protection is ensured in the third country or at the recipient in the third country. This may be the result of a so-called adequacy decision of the European Commission, which decides that an adequate level of data protection exists in the third country. Alternatively, the data transfer may also be based on so-called EU standard contractual clauses concluded with the recipient or, in the case of the recipient in the USA, in accordance with the principles of the EU-US Privacy Shield. Upon your request, we will be happy to provide you with further information on this and appropriate guarantees to maintain the envisaged level of data protection; the contact details can be found at the beginning of this data protection information. Information about participants in the EU-US Privacy Shield can also be found here: www.privacyshield.gov/list.

Article X. Data storage period

We generally store personal data as long as there is a legitimate interest in retaining such data and your interests in refraining from further processing your personal data prevail. If there is no longer a legitimate interest, we may continue to store the data if there is a legal obligation to do so (e.g. compliance with legal obligations to retain data). We will delete the personal data, even if you do not take any action, as soon as further retention is no longer necessary for the purposes for which the data were collected or otherwise processed, or if further retention is otherwise not permitted by law. In the case of such processing,

a) we will delete the data used to send information by post/email after the data has been sent to you,
b) we will delete the data used for telephone or personal consultations after the end of the respective consultation if you have not given your consent for further processing of your data (e.g. continuation of the consultation) or further storage is not necessary for other purposes (e.g. sending a specific offer based on the consultation);
c) store personal data for the preparation and sending of newsletters by email until you withdraw your consent or otherwise disagree with the processing. We may also store your personal data if we want to ensure that, at your request, you no longer receive further emails from us (blacklist).

If personal data need to be retained due to a legal obligation, they are retained until the end of the relevant retention period. If personal data are processed only in accordance with a legal obligation to retain, access to such data is generally restricted, so that the data is only accessible if necessary for the purpose of the retention obligation.

Article XI. Security

To protect your personal information, we will take reasonable precautions and follow industry best practices to ensure that it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. If you provide us with your credit card information, the information is encrypted using Secure Socket Layer technology (SSL) and stored with AES-256 encryption. We comply with all PCI-DSS requirements and implement additional generally accepted industry standards.

Article XII. Rights of the data owner

As a data owner, you have the right

request access to your personal data, Article 15 GDPR;
request the correction of inaccurate personal data, Article 16 GDPR;
request the erasure of your personal data ("right to be forgotten"), Article 17 GDPR;
request restriction of processing of your personal data, Article 18 GDPR;
exercise the right to data portability, Article 20 GDPR;
object to the processing of your personal data, Article 21 GDPR.

The above rights can be exercised in relation to us, e.g. by sending a notification to the channels listed on the first page of this data protection information. Furthermore, you have the right to lodge a complaint about our handling of personal data with the competent supervisory authority, Article 77 GDPR.

QUESTIONS AND CONTACT

If you would like to: access, correct, amend or delete the personal information we have about you, file a complaint, or simply want more information, please contact us at info@baronteam.hr or by mail at Baron Team doo, Dubravica 8, 10434 Strmec, Republic of Croatia.