GENERAL PROVISIONS

This Statement contains our Privacy Policy and we encourage you to read it carefully to understand how your information is being processed. Privacy Policy describes the types of personal information we collect about our customers and explains how we use, share and transmit the collected information, as well as the options available to our customers in relation to processing their data. We also describe the measures we take to provide data security and how you can contact us regarding our Privacy Policy.

Please read the Privacy Policy carefully. We suggest you to periodically check them in case of any changes regarding the collection and processing your personal information.

PERSONAL DATA PROCESSING MANAGER

The authorized representative of the Epimen Plus brand in Croatia and the personal data processing manager is the company Epimen d.o.o., Kovinska ulica 4a, Zagreb registered at the Commercial Court in Zagreb, MB: 05318009, OIB: 42488816079. Data is collected in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and legal regulations. Company Epimen d.o.o., as well as the brand Epimen Plus, have been focused on the satisfaction of their customers since the foundation. We process the confidential information of our customers with care and responsibility. We are committed to legitimate, fair and transparent processing of personal data while ensuring the access only to authorized personnel to use exclusively within the framework of regulations and with protection in a responsible manner.

DATA COLLECTION

The personal information might be collected while doing the following actions:

• Ordering products on the website www.epimenplus.com, through a customer registration or online purchase
• Browsing the website through cookies
• Except the above, we collect your personal information only if you provide them through the contact form, by phone or email.

Types of personal information might include the following:

• Registration details (name, address, e-mail address, phone number)
• Personal details (date of birth, sex)
• Username and password (when making a purchase in order to be able to sign in securely)
• Payment information (payment card number, expiration date, authorization number, security code, delivery and billing addresses)
• Purchase and transaction data (type and number of purchased or returned products)
• Customer support information, questionnaires and data exchanged with our customer support team
• Interests and experiences you provide regarding our products and services
• Your information obtained through publicly available sources
• Other information you provide by submitting a specific request about product or service

USE OF PERSONAL DATA

We use the above information only for the purposes indicated at the time of data collection or in the rules listed below. These purposes are as follows:

• Sending notifications about novelties, promotions and special offers through the information you have agreed to provide (e-mail, phone number or physical address)
• Providing information about products and services
• Transaction processing, including payments made through a website and creating R-1
• Creating and managing a user account on the webshop
• Identity checking (e.g. while signing up for a purchase)
• Communicating and answering customer support queries
• Providing information about products in stock or express billing service
• Managing, evaluating and improving products and services (e.g. new product launches and advertising campaigns, customer data analysis, accounting and auditing)
• Conducting direct marketing and behavioral advertising
• Tracking habits associated with products on the website
• Carrying out statistical or survey analysis in order to improve services
• Fulfilment of obligations arising from any agreements or contracts
• Ensuring that content from a web site is presented in the most effective way (personalized experience)
• Website administration
• Undertaking research and analysis, including the effectiveness of marketing and advertising campaigns
• Analyzing website visits and customized advertising

Please note that the data used to analyze and improve our product offerings can include the “Profile creation”. Profile creation refers to any form of automated processing of personal data that evaluates personal preferences and interests of an individual, but based on our processing, no decision is based solely on automated processing that produces legal effects.

Our ads and messages to the users might be directed through the network of advertising providers such as Google search engines and social media networks like Facebook.

While accessing the website, our web server temporarily stores the domain name or IP address of the device, as well as the date of access, the query about the files by the website visitor (file name and corresponding integral data about the Internet address), HTTP or HTTPS return code, the type of browser and the size of the files uploaded during the visit.

During the website visit, we might store the data for various security reasons. Such information may include the name of your Internet service provider, your IP address and referring websites. That data could lead to your identification but it is not used for that purpose.

This website uses Google Analytics, a web analytics service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”) for the purpose of analyzing its use. The information Google collects during your website visit (e.g. URL source, web browser, language settings, operating system, display resolution) is transferred to Google’s server in the United States and stored, analyzed and delivered to us in the anonymous form. Google is certified by the EU-US Privacy Shield, so the data processed by Google is subject to the appropriate level of data protection.

For further information on Google Analytics, please read the Google Analytics Terms of Use, the Basics of Safety and Data Protection from Google Analytics as well as the Google Data Protection Statement.

This policy concerns only the use of data which Epimen d.o.o. collects from the users (subjects). Other websites accessible through the www.epimenplus.com website include their own confidentiality and data collection statements, as well as the way these are used and published. Epimen d.o.o. is not responsible for the terms and conditions of third parties.

COOKIES

We will keep and evaluate information about your recent visit to our website and how you have used different parts of our site for analytical purposes and to understand how our users use our website.

In order to maintain your website and ensure its functionality at an expected level, Epimen d.o.o. uses the technology known as ‘cookies’. Cookies are small files that we send to your computer and are able to access later. They can be temporary or permanent. Thanks to cookies, you can search our websites easily and show results which are relevant for you. Cookies tell us what you and other visitors to our site are interested in, which helps us to improve it.

TRANSFER OF PERSONAL DATA TO THIRD PERSONS

We do not transfer your personal information to the third parties, except to the following entities:

• Our contractual-related processing executives, such as a company that helps us maintain websites, companies that provide email or SMS marketing services, intermediaries and service providers such as payment gateways (Pay Way), as well as Research and Analytics Services (Google Analytics)
• Legal entities within the Epimen d.o.o.
• Government institutions or legal entities
• Third parties, but only in case you gave us the permission to share your information with them

Third parties can transfer the data collected outside of the cases described above for business purposes only if they are pseudonymized or anonymized, including the number of visitors to the website and the number of clicks on our ads or newsletters.

In cases where we consign the data to the third parties (e.g. to provide you with the requested product or services or for other permitted purposes), we make sure that this third party is registered for the performance of such an activity and guarantees the protection and confidentiality of the data.

PROTECTION AND STORAGE OF PERSONAL DATA

We pay special attention and responsibility to the confidential information of our customers in a lawful, honest and transparent way.

We use technical and organizational security measures to protect your information from misuse, loss, threat or access by unauthorized entities.

We store personal information for as long as it takes to provide the requested service for which you have given consent, or until you revoke consent unless otherwise provided by the law.

In order to ensure additional security of your data and complete compliance with applicable regulations, we appointed the Personal Data Protection Officer: Andreja Babic, Bjelevina 3, 10000 Zagreb, email: [email protected]

The Personal Data Protection Officer shall be responsible for informing and advising the processing manager or the processing executor and the employees who perform processing under their obligations; monitoring the observance of relevant data protection regulations and the policy of processing executives in relation to the protection of personal data including the allocation of responsibilities, raising awareness and training staff involved in processing procedures; providing advice, when requested, in terms of assessing the impact on data protection and monitoring its execution, and co-operating with the Personal Data Protection Agency.

We also reserve the right to delete all of our data from our records if we estimate that they are defective or if a person illegally completes the application form with the information of a third person (a family member instead of his own). Although the customer confirms the authenticity of the data by his signature, in practice such omissions can occur and we have limited possibility to prevent them. We reserve the right to delete the information without notice for such cases. If the customer wishes to re-enrol to Epimen Plus customer base, he can do so in by applying correctly.

YOUR RIGHT

At any time, you have the right to access your personal information, i.e. to receive an information on how your personal data is used and processed, including the right to receive a copy of your personal information available.

Your personal right is that at any time, without any justification or consequences, you require that the company Epimen d.o.o. complement, correct, restrict the use, or cease to use and delete your personal information previously given by consent. Withdrawal of consent does not affect the legality of the processing that took place before the withdrawal.

If you want to stop the usage of your data for specific purposes, you can always do this by doing the following:

• You can unsubscribe from receiving news, promotions, and special offers for members by sending an email to [email protected] with the subject “Unsubscribe” and request explanation in the email body (e.g. I want to unsubscribe from the email, SMS, mail or all of the above…). The requests will be processed within a maximum of 5 working days.
• To disable the collection of cookies during your website visit, set your preferences at your Internet browser.
• To modify data or delete your data from our records and other specific situations, please send us an email with the text of a specific request at [email protected]

Your rights include the right to hand in a complaint for processing your personal data for direct marketing purposes. Upon receiving of such complaint, we will stop processing your information for this purpose.

If you have any questions regarding the privacy policy or if you want us to file a request regarding the termination of processing, alteration of data or other options at your disposal, you can always contact us on the following e-mail address: [email protected]. We will respond as soon as possible while taking care of the security of your data, and we will consult with our Data Protection Officer if necessary.

In case when email communication is not available, you can send us a written request to the company address: Epimen d.o.o., Kovinska ulica 4a, 10000 Zagreb, Croatia.

If you feel that your personal information is collected or used in a manner contrary to applicable regulations, you have the right to file a complaint to the Croatian Personal Data Protection Agency, Martićeva 14, 10000 Zagreb.

MEASURING LAW

All issues related to these privacy rules are applicable to Croatian law.

This privacy policy is effective from May 22, 2018.