Personal Data Protection and Privacy Policy
Slovensko - Varstvo osebnih podatkov in politika zasebnosti
General Terms
At Gambit trade d.o.o., we value our own privacy and respect yours. We pay special attention to the protection and security of your personal data. Your personal data, its collection and use form an integral part of our General Terms and Conditions and can only be fully interpreted in conjunction with them. We therefore recommend that you read them in full.
We collect, process and protect personal data in accordance with personal data protection legislation, the Personal Data Protection Act, the General Data Protection Regulation (GDPR), and other laws governing our business operations.
Our goal is for every Enaa user to know, understand and exercise their rights in this area to the greatest possible extent. We continuously improve the user experience in order to simplify the management of your preferences and settings. We also continuously update this policy to make it easier to understand how we work with our partners, third parties, cookies and other tracking technologies.
About Us
The data controller is Gambit trade d.o.o. (hereinafter: the Controller).
Ways You Can Use Our Services
You may use our services as:
- an anonymous visitor (in this case, with your consent, we collect data through cookies to ensure proper website operation, improve functionality and user experience, enhance security, and anonymously count website visitors);
- a subscriber to our e-publications (in this case, you may use our services as an anonymous visitor. The only personal data you provide is your email address and your choice of newsletter or e-publication. We do not collect any additional personal data about you. You may unsubscribe at any time using the unsubscribe link included in every e-publication, which will remove you from our mailing lists);
- a registered user;
- a registered or unregistered customer.
Personal Data We Collect
We collect several categories of personal data relating to our registered users and customers:
- Identity data: first name, last name, email address and password. Passwords are encrypted and known only to the user (we do not know them). For business users, identity data also includes the company name and tax number or VAT number. VAT numbers are also stored for individuals registered for VAT purposes. These details can be viewed and edited in the My Profile section.
- Contact details: delivery addresses, billing address and telephone number. These details can be viewed and edited in the My Profile section.
- Financial data: we do not store your credit card details. Such information is transmitted only to the issuer of your payment card or other payment service providers used for online payments.
- Order, purchase and payment data: we retain records of your orders and payments, including cancellations and returns. These details can be viewed in the My Profile section.
- Usage and profile data: viewed products, abandoned shopping carts, purchased products, communication through Questions & Answers, selected departments, selected profiles, submitted comments and product ratings. These details can be viewed and managed in the My Profile section.
- Marketing data: newsletter subscriptions, selected departments and wish lists. These details can be viewed and managed in the My Profile section.
- Technical data: IP address, browser type, operating system, device type, approximate device location and similar information required for security, traceability and system operation. With your consent, cookies may also be used to improve functionality, user experience, security, visitor statistics and website performance. At the beginning of a visit, a session cookie is assigned to identify the user and maintain the shopping cart. Gambit trade d.o.o. may also store other cookies on your device, such as an encrypted user identification number (to recognize you during future visits), Google Analytics cookies, Facebook cookies and similar technologies. Session cookies remain stored only for the duration of the visit and are deleted after one hour of inactivity. Persistent cookies remain stored on the visitor's device for a specified period, typically two years.
How We Obtain Data
We collect data about you when you:
- register as an Enaa user;
- place an order;
- cancel an order;
- subscribe to any of our newsletters or e-publications;
- participate in prize draws or competitions;
- browse our content;
- submit questions, comments or ratings regarding our products;
- submit inquiries, complaints, product returns or similar requests;
- communicate with us through social media;
- provide information through other sources (for example, your financing provider may inform us whether you qualify for installment purchases, while your payment card issuer confirms whether your card is valid and whether payment can be processed).
Technical data is collected automatically.
Google, Facebook and other social networks or advertising platforms may also provide us with information that you have authorized them to share.
How We Use Your Data
We collect and process personal data relating to registered users, customers and purchases for the following purposes:
- fulfilling our legal obligations (for example accounting and tax requirements);
- processing and fulfilling your orders;
- customer profiling in order to display offers that are more relevant to individual customers on our website and in our newsletters;
- awarding benefits within the Loyalty Club;
- business analysis, planning, statistical reporting and monitoring customer and visitor behavior, using anonymized data wherever possible.
We process newsletter subscription data solely for the purpose of delivering the selected newsletter or e-publication to your chosen email address.
The rules governing prize draws, competitions, related data processing and publication of winners are defined in the terms of each individual promotion.
Questions submitted through contact forms or email addresses published on our website will be used exclusively to resolve your issue or prepare a response to your inquiry.
Participation in surveys, publication of comments, questions and product reviews may be rewarded with Loyalty Club points.
When you communicate with us through social media, we may also use your information to provide marketing messages through the same social network, in accordance with the permissions you have granted to the operator of that social network.
Who Has Access to Your Personal Data
In addition to us, your personal data may also be processed by our trusted partners whom we require in order to provide our services, all in accordance with applicable personal data protection legislation and the General Data Protection Regulation (GDPR). In certain cases, your personal data may also be transferred to countries outside the European Economic Area. Before engaging any partner, Gambit trade d.o.o. verifies compliance with Slovenian and EU legislation. After onboarding, compliance of active partners is reviewed at least twice per year. If any non-compliance is identified, their services will be discontinued immediately.
We may share your personal data with:
- delivery service providers, to the extent necessary for transportation and delivery of your order.
- Pošta Slovenije d.o.o., Slomškov trg 10, 2500 Maribor
- suppliers, when your order includes products stocked by the supplier and they need your delivery address and order details to prepare the shipment;
- suppliers and authorized service centers when handling complaints, warranty claims or inquiries that require their involvement;
- payment service providers (Bankart, Diners, Summit Leasing);
- Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, acting as an independent controller and service provider processing personal data in accordance with its own privacy policy. On the page Google Data Use you can find information about how Google:
- protects your data and provides you with control over it,
- collects, uses, updates, manages, exports and deletes data,
- uses data for personalized advertising,
- shares data with third parties using Google's advertising systems for ad delivery and performance measurement,
- ensures compliance with European Union regulations.
- Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland;
- SurveyMonkey Europe UC, Shelbourne Buildings 2, Shelbourne Road, Ballsbridge, Dublin 4, Ireland, if you participate in customer satisfaction surveys;
- other advertising networks and social media platforms through cookies, where you have given consent;
- the manufacturer of the video surveillance system and surveillance cameras installed at our collection point in Ljubljana, Savska cesta 3a. Information regarding video surveillance is displayed on-site;
- authorized institutions where required by law (courts, government authorities and similar bodies).
All partners with access to personal data are contractually and legally obliged to handle such data responsibly and in compliance with applicable legislation. We provide only the information necessary to complete an order, provide a service or carry out another agreed activity.
Under no circumstances do we provide your personal data to unauthorized third parties.
Retention Periods for Personal Data
Your personal data will be retained and processed only for as long as necessary to fulfill the purposes for which it was collected, complete ordered or agreed services, and subsequently within the applicable limitation periods for obligations that may arise from the processing of such personal data, particularly where processing is required for the conclusion or performance of a contract.
Data processed on the basis of your consent will be retained until that consent is withdrawn.
Where retention periods are prescribed by law, personal data will be retained in accordance with those legal requirements.
Security Measures
We use multiple security systems on our websites to protect personal data against loss, disclosure, unauthorized alteration and misuse. All transfers of personal data are protected using SSL encryption technology, ensuring secure transmission of information.
Access to collected personal data is restricted to authorized persons only (employees and contractual partners) using secure usernames and passwords.
We kindly ask you to help protect your personal data by ensuring the security of your own username and password.
Cookies
The operation of our websites would be practically impossible without the use of cookies. If you do not wish cookies to be stored on your device, please remember that cookie management is entirely under your control through your browser settings. You may limit, disable or delete cookies at any time through your browser.
Our website is only one of billions of websites that may also place Google, Meta/Facebook and other third-party cookies on your device, or read cookies previously placed by those services. Such organizations may use the collected data for various purposes, including analytics, advertising and improvement of their own services. Your consent for such processing can be managed through the cookie settings available at the top of this page.
Cookies Used on Our Website
|
Cookie Name
|
Purpose
|
Duration
|
Provider
|
| consent | Consent | 1 year | Gambit trade |
| cookieyes-consent | Consent | 1 year | Gambit trade |
| basket | Shopping Cart | 10 years | Gambit trade |
| enaaShopper | Login | 1 month | Gambit trade |
| mscsShopper | Login | 1 month | Gambit trade |
| productsForComparison | Product Comparison List | 1 month | Gambit trade |
| _dc_gtm_UA-3048397-1 | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 10 minutes | Google Analytics |
| _ga_QSJN90WCMG | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 10 minutes | Google Analytics |
| _gat | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 10 minutes | Google Analytics |
| _ga | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 2 years | Google Analytics |
| _gat_gtag_UA_3048397_1 | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 10 minutes | Google Analytics |
| gid | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 1 day | Google Analytics |
| _glc_au | Registers a unique identifier (ID) used to generate statistical data on how visitors use the website | 2 years | |
| _fbp | Enables the display of third-party advertising in real time | 3 months | Facebook / Meta |
Your Rights
We provide our customers and users with full support in exercising the rights described below:
- through this page, we fully inform you about how we use your personal data;
- access to all personal data we hold about you is available through the My Profile menu and at https://www.enaa.com/profil;
- you always have the right to request correction of your personal data. In practice, we allow you to edit and update almost all of your personal information yourself through the My Profile section. In fact, we encourage you to keep your information accurate and up to date;
- in certain circumstances, you may also exercise your right to erasure. For example, if you are subscribed to one or more of our newsletters, you can unsubscribe yourself by following the link included in every newsletter or marketing email. If you have registered as a user but have never placed an order, we may delete your account upon request. However, if you have made purchases from us, please note that we are required by law to retain certain information;
- in certain cases, you may request a temporary or permanent restriction of the processing of all or part of your personal data;
- upon request, we will provide your personal data in electronic form;
- we will review and address any objections you raise regarding the processing of your personal data.
Some of these rights can be exercised directly through the tools and settings described above. The right to rectification is available through the My Profile section, and you may unsubscribe from newsletters at any time using the available unsubscribe options.
Access to the Data Protection Officer and the exercise of other rights is available by sending your request by registered mail to: Gambit trade d.o.o., Savska cesta 3a, 1000 Ljubljana, Slovenia, marked GDPR – SUBJECT, where SUBJECT may be one of the following rights: access, completion, rectification, restriction of processing, blocking of processing, erasure of personal data, objection to processing, data portability or other.
If you believe that your personal data is being stored or processed in violation of applicable personal data protection legislation, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.
The expanded scope of rights introduced on 21 May 2018 also applies to individuals who provided us with personal data before that date.
Last updated: 12 July 2024.