In accordance with regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of users with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation or GDPR), the policy includes the following information:
- contact information of the company and contact of the data protection authorized person,
- purposes, bases and types of processing of various types of personal data of users, including profiling of personal data of users,
- transmission of data to third parties and to third countries,
- storage time of individual types of personal data,
- rights of users with regard to the processing of personal data,
- the right to lodge a complaint concerning the processing of personal data.
Where appropriate, the provisions relating to users shall also apply to issues of secrecy and confidentiality of communications of users who are legal entities.
The Café Capri may collect data in the context of purposes for:
- Order Processing.
- Account registration and activation.
- Technical and customer support.
- Marketing activities.
- Access to Cafe Capri's services on third-party sites.
- Other purposes required to use the Services.
The company processes personal data of users for the purpose of informing guests and guests of the cafe and recipients of e-news.
As part of the exercise of rights and fulfillment of contractual obligations, the company processes personal data of users for the following purposes:
- Send daily menus.
- Notification of special promotions and promotions of the cafe.
- Notification of special events of the cafe.
- Notification of catering offer, cooking courses and products.
- For the purpose of prize games.
According to the GDPR, the Café Capri processes data on several possible legal grounds:
Processing based on the legitimate interest pursued by the company
The Company may also process data on the basis of a legitimate interest pursued by the Company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring personal data protection, in particular personal data protection. when the data relate to a child. When it comes to the continued use of data collected about the user, the company conducts an assessment in accordance with the General Data Protection Regulation.
Such continued use of data in pseudonymous or aggregated form, for example, represents
legal use of data for marketing and other business or technical analysis of the company. As an additional measure in some forms of further traffic data, the deletion of certain data may also be used.
The user may object to the processing of his personal data.
Based on a legitimate interest, the company may contact users for the purpose of improving services for the purpose of determining their satisfaction with the services or user experience, even in cases where this is not strictly necessary for the performance of the contract. Due to the balance of this interest with the interests of the user, the Company does not contact again those users who objected to this.
The company has a legitimate interest in anonymising or aggregating data until the expiry of the legal retention period and further using it for analysis and research for marketing, network planning and the like.
Other legitimate interests may include preventing abuse, asserting claims or defending against claims in administrative and judicial proceedings. The legitimate interest also includes the legal verification of the solvency of users.
In the event of a suspected abuse, the Company may process data on users to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, pass this information on to certain other persons, e.g. business partners, the police, the public prosecutor's office or other competent authorities. For the purpose of preventing future abuses or fraud, information on the history of identified abuses shall be provided.
The Company reserves the right to process data on the fulfillment of contractual obligations of users (data on invoice payments) in order to ensure a higher quality of its services.
Processing on the basis of consent for the processing of personal data
Data processing may be based on the consent given by the user to the company. Consent may, for example, relate to the communication of offers and services, the preparation of offers tailored to the user habits or the provision of value-added services. The notification is made through the channels selected by the user in the consent. Email notification involves forwarding an email address to an external processor in order to display company advertising messages while browsing the web.
The data subject may at any time withdraw or change his or her consent in the same way as the consent was given or in any other way as defined by the company, while the company reserves the right to identify the customer. Withdrawal or change of consent refers only to data processed on the basis of consent. The last given consent of the user received by the company is valid. The possibility of revoking the consent does not constitute a right of withdrawal in the business relationship of the user with the company.
Consent may be given by one of the parents, guardian or custodian of a minor child who, in accordance with applicable law, cannot give consent himself. Such consent will be valid until one of the parents, guardian or custodian or the child himself, when he acquires, revokes or changes this right in accordance with applicable law.
Data for which consent has been given shall be processed in the absence of revocation for up to three years after the termination of the business relationship with the company.
The Café Capri will provide all information exclusively to those who need to have this information in order to process orders and provide their services, to those who are under a non-disclosure obligation and only to its employees, server maintainers, external e-mail providers and other capital related companies. companies and / or third parties which, in accordance with the applicable regulations, have a basis for the acquisition, processing, transmission or storage of personal data in these regulations, the personal consent of the user or in a contractual relationship. The user agrees that the Café Capri may provide the collected data to those business partners, server maintainers, external providers of electronic communications and other capital-related companies and / or third parties that have a basis for obtaining, processing, transmitting or storing in accordance with applicable regulations. personal data in these regulations, the personal consent of the user or in a contractual relationship. Some of these contractual partners and related parties may be located outside the user's country of residence and by visiting the website, the user agrees to the transfer of data to and from these persons. The same applies to the case of the takeover of the Café Capri - data can be transferred to new owners. The data will be stored only for as long as the law allows, in cases of rejection of job advertisements, the data will be stored in the database of candidates for another 2 years, unless the user explicitly requests deletion.
If you provide credit card information to your business, that information will be encrypted over SSL technology and stored with AES-256 encryption. Although no method or data transfer is not 100% secure, the Café Capri strives and follows PCI-DDS requirements.
Café Capri uses the following cookies:
- Google Analyitcs cookies (_utma, _utmb, _utmc, _utmz). You can read more about Google Analytics cookies here.
- Session cookies (A cookie is stored in the cache and is not retained when you close the browser, the cookie is deleted. Session cookies do not collect information from users).
Café Capri does not answer that the content of the website is correct and accurate, it can only serve as information.
Whenever a user accesses a website, general, non-personal information (search engine users, number of visits, average time visited on the website, pages visited) is automatically recorded. This information is used by Café Capri to improve its content and usability, and this information is not subject to further processing and is not passed on to third parties.
The Café Capri only stores your data for as long as necessary to provide the Services. Café Capri can store data longer, but only in such a way that it can no longer be linked to you. It keeps data on payments only for as long as it is necessary for the exercise of rights from payments and complaints.
Some Services may allow a user to post or share their content. In this case, the user retains the intellectual property rights to the content published or shared and grants Café Capri the right to use this content for the purposes of providing or improving the Services. With each publication, the user warrants that he is the holder of all intellectual property rights in the published content or that he has all the necessary permissions to publish.
The Café Capri may allow or contain dialogs, forums, communication between users and the like, and the user undertakes not to use or abuse these methods of communication for the purpose of publishing immoral content, inciting hate speech, publishing content that violates any rights of third parties, the publication of any content that may have signs of crime, content that contains viruses, to collect information about other users, for corrupt practices and the like. Café Capri is not obliged to control such communication, but it has the right to inspect the published materials and communication and as a result may restrict or deny the user access to communication.
The Café Capri reserves the right to disclose all communications and publications when required by law and to withdraw any publications at any time without giving a reason.
The right to access data
The data subject has the right to obtain confirmation from the company as to whether personal data are being processed in relation to him or her and, where applicable, access to personal data and additional information relating to the processing of personal data to which include:
- purposes of processing;
- types of personal data;
- users or categories of users to whom personal data have been or will be disclosed, in particular users in third countries or international organizations;
- where possible, the estimated period of retention of personal data or, if this is not possible, the criteria used to determine this period;
- the existence of the right to require the controller to correct or delete personal data or to restrict the processing of personal data in relation to the data subject, or the existence of the right to object to such processing;
- the right to lodge a complaint with the supervisory authority;
- where personal data are not collected from the user, all available information regarding their sources;
- the existence of automated decision-making, including profiling, and meaningful information on the reasons for it, as well as the significance and foreseeable consequences of such processing
Upon the request of the user, the company provides a copy of his personal data to be processed. For additional copies of data required by the data subject, the company may charge a reasonable fee, taking into account administrative costs.
The right of data correction
The data subject has the right to have the company correct inaccurate personal data concerning him or her without undue delay. The data subject has the right to complete incomplete personal data, including the submission of a supplementary statement, taking into account the purposes of the processing.
The right of erasure ("right of oblivion")
The data subject has the right to have the company delete the personal data concerning him or her without undue delay, and the company has the obligation to delete the personal data without undue delay:
- where personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- however, when the user revokes the consent which is the basis for the processing of data, there is no other legal basis for the processing;
- where the user objects to the processing on the basis of the legitimate interest of the company, but monitors their processing, there are no overriding legitimate reasons;
- when the user objects to the processing for the purposes of direct marketing;
- where personal data must be deleted in order to fulfill a legal obligation in accordance with EU law or the Slovenian legal order; in the case of information relating to the provision of information society services incorrectly collected from a child who is unable to provide such information in accordance with applicable law.
In the case of directory or otherwise published data, the company shall take reasonable steps, including technical measures, to inform controllers of personal data that the data subject shall request them to delete any links to this personal data or copies thereof.
The right to limit processing
The data subject has the right to have the company restrict processing when:
- The user disputes the accuracy of the data, for a period that allows the controller to verify the accuracy of personal data;
- the processing is illegal and the user opposes the deletion of personal data and instead requests that their use be restricted;
- the company no longer needs personal data for processing purposes, but
the data subject needs to assert, enforce or defend legal claims;
- the user has lodged an objection to the processing until it is verified that the legitimate reasons of the controller outweigh the reasons of the user to whom the personalrelates.
The right to data portability
The data subject has the right to receive personal data concerning him or her held by the company in a structured, commonly used and machine-readable form, and the right to pass this data on to another controller, without being hindered by the company to which the personal data have been provided, where the processing is based on the consent of the user or the contract and the processing is carried out by automated means.
The right to contract
The data subject has the right to object to the processing of personal data at any time, for reasons related to his / her special situation, if it is based on the legitimate interests pursued by the company or a third party. The company ceases to process personal data unless it proves compelling reasons for processing that outweigh the interests, rights and freedoms of the data subject, or for asserting, enforcing or defending legal claims. Where personal data are processed for the purposes of direct marketing, the user has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, including profiling, insofar as it relates to such direct marketing. To the extent that direct marketing is based on consent, the right to object may be exercised by revoking the personal consent given.
The right to lodge a complaint regarding the processing of personal data
The user may send a possible complaint regarding the processing of personal data to the following e-mail address mailcafecapri.si or by regular mail to the address Ljubljana, Petkovškovo nabrežje, 33. The user can also file a complaint at the company's point of sale.
Also, each user has the right to lodge a complaint directly with the Information Commissioner if he/she considers that the processing of personal data concerning him/her violates Slovenian or EU regulations in the field of personal data protection. p>
If the user has exercised the right of access to data with the company and after receiving the decision of the company considers that the personal data received is not personal data requested or that he has not received all requested personal data, he may by filing a complaint, he/she shall submit a reasoned complaint to the data protection authorized person in the company within 15 days. The company must decide on the appeal as a new request within 5 working days.
The user may contact the user via means of distance communication only if the user does not explicitly object. Advertising e-mails must be clearly and unambiguously marked as advertising messages, and the sender must be clearly visible. The user's wish not to receive advertising messages must be unconditionally taken into account.
Advertising emails will contain the following components:
- will be clearly and unambiguously marked as advertising messages,
- the sender will be clearly visible,
- the various campaigns, promotions and other marketing techniques will be marked as such, and the conditions for participating in them will be clearly defined,
- the way to unsubscribe from receiving advertising messages will be clearly presented,
- the Café Capri will explicitly respect the user's wish not to receive advertising messages.
In the event of a change in your data, you can request corrections at any time at mailcafecapri.si.
If you no longer wish to receive marketing and promotional materials, let us know immediately and use the "unsubscribe" option. "unsubscribe".
If you want to completely remove your personal data from the Café Capri system, send a request to mailcafecapri.si or address Café Capri, Ljubljana, Petkovškovo nabrežje, 33 and indicate which data you want to permanently delete. The Café Capri will comply with your request within 10 working days at the latest.