MoreFromFood Privacy Policy
Last Updated: 27/09/2024
1. Preamble
- Dotcom d.o.o., Šmartinska cesta 106, 1000 Ljubljana (Dotcom) is committed to protecting the privacy and personal data of its customers in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, store, and protect personal data when visitors and customers (users) interact with our website and our software products (Software Products). It also outlines your rights regarding your data and how you can exercise those rights.
- By accessing or using Software Products, you consent to the collection, use, and disclosure of your information per this Privacy Policy. If you do not consent to the same, please do not access or use our website or Software Products.
2. Data controller information
- For the GDPR and other applicable data protection laws, Dotcom is your Data Controller. We are responsible for the collection, processing, storage, and protection of any personal data you provide to us in connection with your use of our website and Software Products. Below is our contact information for any business inquiries.
Dotcom d.o.o.
Šmartinska cesta 106
1000 Ljubljana
Reg. No.: 3317781000
Tax No.: SI 72412186
Email: info@dot-com.si
Phone: +386 597 15565 - If you have any questions or concerns about how we handle your data, please contact us using the contact information provided above.
3. Data processor role
- In some situations, Dotcom acts as a data processor for the personal data uploaded to Software Products by our users, who act as data controllers. This means that we process such personal data according to the Data Processing Agreements (DPAs), user instructions, and this privacy policy. If you are the holder of the personal data used by such a user of our Software Products, we are merely processing your data about you on our user’s behalf. If you have any requests about your data privacy rights, please reach out to the applicable user of our Software Products.
- In such cases where Dotcom acts as a data processor, i.e. where users are required to transfer personal data to Dotcom, users must adhere to the concluded Data Processing Agreements (DPAs) between them and Dotcom to ensure compliance with relevant regulations. Users must have the appropriate legal basis to act as data controllers and transfer personal data to Dotcom. Should users lack this legal basis, they are prohibited from transferring personal data to Dotcom. If the legal basis ceases to exist, users must promptly notify Dotcom. Dotcom will then take the necessary steps per applicable regulations, including ceasing the processing and deletion of such personal data. Failure to comply with these obligations renders users liable to both the affected individuals and Dotcom for damages. Dotcom reserves the right to deny access to Service Products to users who breach these obligations.
- The following may apply concerning individual data for which Dotcom acts as a data processor:
- Dotcom assists users in the fulfilment of their obligations to respond to data subject requests from individuals.
- Unless otherwise agreed in Data Processing Agreements (DPAs) between users and Dotcom, Dotcom may engage subprocessors to assist with certain aspects of data processing. Dotcom will only use subprocessors that provide adequate safeguards and enter into agreements with them to ensure their compliance.
- Dotcom will only transfer data to external regions by complying with approved data transfer mechanisms, as stipulated in this privacy policy and agreed in Data Processing Agreements (DPAs) between users and Dotcom.
- The user’s role as a data controller to individuals will not change. Users are solely responsible for determining how an individual’s data is processed.
4. The data we collect
As a software provider, we may collect various types of data when you interact with Software Products. This may include the following data:
- The data you provide:
- You may provide us with your name, email address, phone number, company name, requirements, and related information.
- You may also provide us with data about your employees so that we can add them to your account to use Software Products.
- You may provide the above data via form submissions or during meetings, including when you book a demo, engage us, contact us, set up an account, and use our Software Products.
- You are not obligated to provide us with any data, but we may be unable to provide Software Products without it.
- The data we collect from third-party sources:
- We do not collect data about you from third-party sources.
- The data we automatically collect:
- When you access our website or Software Products, we may try to make them personal to you. To do this, we collect data such as your device properties (IP address, geolocation, browser type, operating system, etc.) and your interests and preferences, including pages accessed, duration of access, issues encountered, referring website, etc. We may collect this data by deploying tracking cookies, beacons, pixels, and similar tracking technologies (see the cookie policy section for more about cookies).
5. Why we collect your data
We collect your data for the following purposes:
- To provide, operate, and maintain Software Products;
- To manage your account, registration, authentication, and account settings;
- To set up a demo meeting with you;
- To display our Software Products and its capabilities;
- To learn about your requirements;
- To respond to your inquiries, provide technical assistance, and improve customer service;
- To analyse usage data and feedback to enhance Software Products’ features and user experience;
- To set up an account for you and your employees to use our Software Products;
- To personalise our Software Products to your requirements;
- To comply with applicable laws;
- To enforce our Terms and Conditions or contractual agreements concluded with you;
- To troubleshoot issues you encounter and fix them;
- To market new Software Product features based on your interests;
- To protect your data and our app from unauthorised access,
- breaches, and other security threats; and
- To perform data analysis and research to improve our business operations and strategies.
6. Our legal basis for data collection
We rely on the following legal basis/grounds when we process your data:
- Contractual Necessity: We process your data to fulfil our contractual obligations to you and provide you with Software Products and their functionalities. This includes managing your account and providing customer support services.
- Legitimate Interests: In some cases, we process your data to pursue our legitimate interests in a way that balances our needs with your privacy rights. This includes improving and maintaining Software Products, including our website and Software Products, to ensure optimal performance and security; providing you with relevant information about Software Products’ updates, features, and services; analysing user trends to understand how our website and Software Products are being used and identifying areas for improvement; and preventing fraud and protecting the security of Software Products.
- Consent: For specific purposes, we may request your explicit consent to collect and use your data. This could be for sending marketing communications or processing certain types of sensitive data. You have the right to withdraw your consent at any time.
- Legal Obligation: We may process your data to comply with legal and regulatory obligations, such as maintaining records, preventing fraud, and responding to lawful requests from authorities.
8. Interest-based advertising
- We work with (or may in the future work with) ad companies and network advertisers to market Software Products on other websites, apps, and similar platforms, which will help us to gather the effectiveness of our adverts. They may set cookies, beacons, and analytics tools to track your activity across our website and different websites and devices to build a profile of your interests. We may also share information about your interests, likes, and behaviours on our website with these companies. They may then use the data gathered to remarket Software Products to you when you visit their websites and other platforms. The data used in interest-based advertising is mostly anonymous, but it may also include your device’s IP address. However, you may still opt out of advertisements that are based on your interests.
- Please note that while you can opt out of interest-based advertising, it will not generally prevent you from seeing adverts. It will only prevent adverts from the data gathered about you.
9. Newsletter marketing
At your consent or based on the rights we have under the relevant legislation, we may send you marketing emails about offers, new features, and promotions relating to Software Products. We may obtain consent for email marketing when users submit their email addresses in the subscription form on our website, download our documents, or sign a quotation from us. If you no longer wish to receive marketing emails from Dotcom, you can always opt out at any time by using the unsubscribe button at the footer (bottom) of our emails.
10. Disclosure of data
We do not disclose or share your data except to the parties or circumstances described below:
- Service Providers: We may share your data with third-party service providers who perform services on our behalf. These services may include, without limitation, data hosting and storage, customer relationship management, analytics and performance monitoring, marketing, appointment booking, and website and account security. Our service providers are obligated to keep the data shared with them confidential and only for the purpose it was shared with them.
- Legal Requirements: We may disclose personal data to law enforcement and public offices if required to do so by law or in response to valid requests by public authorities, such as to comply with any legal obligation, including court orders, government regulations, or law enforcement requests to protect and mdefend our rights, property, or safety, and that of our users or the public.
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.
- With Your Consent: We may disclose your data for any other purpose with your explicit consent.
11. Security of data
- Dotcom ensures the maximum security of your data. We take your privacy seriously and implement a range of measures to protect it. Our security measures include the following:
- All our employees and third-party service providers are bound to ensure your data is handled with the utmost care and confidentiality.
- We use industry-standard protocols to enhance the security of user accounts, ensuring that only authorised individuals can access sensitive information.
- We employ industry-standard protocols to encrypt data transmitted between our servers and your browser, protecting it from interception and tampering.
- Our authentication services undergo regular controls, providing validation that our security practices meet rigorous standards for protecting data.
- We comply with the GDPR and other applicable privacy laws and have Data Processing Agreements (DPAs) in place, ensuring that your data is processed lawfully and transparently.
- We maintain full audited logs for each system and record the actions performed by actors. These logs are regularly reviewed to detect and respond to any suspicious activity promptly.
- We use a Firewall to protect our services from common web-based attacks, such as SQL injection, cross-site scripting (XSS), and other vulnerabilities.
- We continuously monitor our security practices and regularly update our security measures to adapt to evolving threats. Our commitment to maintaining high standards of data protection ensures that your data is secure with us.
- While we take extensive measures to protect your data, it is also important for you to take steps to secure your information. This includes using strong passwords, enabling multi-factor authentication where available, and being cautious about sharing your personal information.
12. Retention of data
- We retain data about active users of our Software Products for as long as their account is active or otherwise contractually agreed. This information may include profile data, preferences, and other relevant information needed for the Software Products to function.
- If you choose to deactivate your account or request a deletion of your data (or we close your account after a period of inactivity), we delete your data within 120 days of your request or as contractually agreed with you. This retention period helps us with audit, tax, accounting, and compliance with applicable laws. We may be required to retain personal data for longer periods to comply with our legal obligations, resolve disputes, prevent any legal claims, and enforce our terms and conditions agreement. In that case, the data will be retained for the duration required by law.
- We may retain aggregated and other automatically collected, anonymous data for a longer duration to access trends, improve Software Products, and make informed decisions. This data will be used internally and not associated with any external activities.
13. International transfer of data
- We operate primarily in Slovenia, where your data is transferred and processed. However, we may use entities located in other regions, including outside the EU, EEA, and the UK. This means that we may share and transfer your data outside of the EU, including the United States and other locations where our third-party service providers operate. We commit to not transferring the personal data gathered for utilising Service Products outside of the EU, EEA, and the UK as long as it has been contractually agreed upon.
- Whenever we transfer personal data outside the EU, we ensure that appropriate safeguards are in place to protect your data in compliance with applicable data protection laws. These safeguards include those approved by the European Commission.
14. User rights
- You have the following rights in addition to those provided under this Privacy Policy (these rights are subject to those afforded by your location laws):
- Right to be informed: You have the right to know the data we are processing about you and why. You can do this by reviewing the data we collect section of this Privacy Policy. Users can generally exercise this right by reaching out to info@dot-com.si.
- Right to data portability: You can request a copy of the personal data we have about you in a machine-readable format and transfer it to another service provider. You can make a request at info@dot-com.si.
- Right to correct: You can request to correct any data you feel is inaccurate about you or your organisation. You can request to edit your data by contacting us or our representatives.
- Right to delete: Subject to our data retention policy, as defined in the “Retention of data” section above, you can request to delete your data at any time by reaching out to info@dot-com.si.
- Right to opt out of sale: We do not engage in practices regarded as the sale or sharing of data for monetary consideration. However, we may share data mwith third parties to help us market Software Products. As already highlighted, you may opt out of this sharing by using the cookie banner.
- Right to restrict processing: You have the right, under certain circumstances, to request that we restrict the processing of certain personal data.
- Right to object: You have the right to object to the processing of certain personal data (for example, if we market with your information).
- Right to withdraw permissions: If we have obtained data based on your permission, you can update it by using your device’s settings function.
- Right to Withdraw Consent: If you have given us consent to process your data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to non-discrimination: You have the right to exercise any of your rights under this Privacy Policy without discrimination.
- Right to report: If you believe that we are not processing your data as described under this Privacy Policy, you may be able to report us to any data protection or privacy authority applicable to your jurisdiction. For example, if you are in Slovenia, you can report us to the Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, Slovenija, email: gp.ip@ip-rs.si.
- . Where applicable, we may ask you to verify your identity before granting some of the rights above. This may be for the protection and safety of our community, and if we are unable to verify you or applicable law prohibits it, we may reject your request.
15. Children’s privacy
Dotcom is not targeted at individuals below 18 years of age. We do not knowingly collect or solicit personal data from individuals under 18 years of age. By accessing our website and using our Software Products, you warrant that you are at least 18 years of age. If you are a company representative, you must be at least 18 years of age to act on the company’s behalf. If we become aware that an individual below 18 years of age submits personal data to us, we will take steps to delete the data from our database.
16. Third-party links
Our website or Software Products may contain links and content from third-party services. Such links and content are not governed by this Privacy Policy. The policies that govern them are available on the respective providers of the links and content. Please endeavour to review them when you access such links and content. We are not responsible for the privacy practices of any external websites, software, or apps you link to from Dotcom.
17. Changes to this privacy policy
We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on Dotcom. We may notify you of changes via your email address, your account, or any of the Dotcom interfaces. The revised Privacy Policy will be effective immediately after the revised version is posted on this page, which shall be indicated by the Last Updated date above. Your continued access or use of Dotcom after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.