The controller of personal data obtained on the website www.storiesbylea.com is the company Stories by Lea, a cake and pastry maker to order, Lea Grom s.p., which has full control over their processing. We will ensure the protection of your personal data with advanced technical, administrative, and physical security measures to protect data from unauthorized third parties or their disclosure, use, or modification.
Statement on Personal Data Protection
As the controller of personal data, the company Stories by Lea, a cake and pastry maker to order, Lea Grom s.p., is committed to processing, storing, and protecting your personal data with the highest security standards. Data will be carefully protected against misuse, theft, unauthorized use, forgery, and loss. Personal data will be used to process your orders, send electronic newsletters, or communicate through other channels in accordance with the purpose for which they were collected. Your personal data will not be disclosed to unauthorized persons and other third parties. The exception is trustworthy partners, data processors with whom we have previously concluded a contract on data protection, security, and legally compliant data processing. We commit to using the collected data only in accordance with the purpose for which you have given consent or which is in the legitimate interest of the user and the provider.
Methods of Collecting Personal Data
Collection of your data can take place through:
your personal subscription to newsletters. By subscribing to newsletters, the user agrees to receive promotional materials, images, advertisements, promotions, prices. We recommend that the user subscribes to receive newsletters as this may provide access to additional discounted prices;
purchase/order through the phone, website, or any other communication channel. In this case, all necessary data for the quality and smooth execution of the order are collected;
online purchase and your express consent to receive direct, personal communication. When making a purchase in our online store, you can confirm that you agree to and fully accept the General Terms and Conditions and explicitly consent to receiving advertising and marketing content.
Purposes of Collecting Personal Data
Order and Processing
In the case of online orders on the website www.storiesbylea.com, the entered data (email, mobile number, etc.) will be used for the purpose of arranging the delivery of ordered products, obtaining additional information from the user, or informing the user about the status of the order. In this case, the data is used solely for the purpose of a quality and comprehensive execution of the sales contract. These personal data are also essential for the final execution of the delivery, and therefore, they may also be provided to the delivery service or logistic center. Stories by Lea, a cake and pastry maker to order, Lea Grom s.p., as the controller of this personal data, uses all the data you entered in the order form and on the basis of which the sales contract is concluded for this purpose.
Direct, Personalized Customer Communication
Newsletters - We will send you newsletters if you have provided us with your email address through the website and given explicit permission to receive advertising content, important provider notifications, promotional terms, current offers, promotional materials, and other personalized communication via email, which the controller deems relevant for direct marketing of products.
Consent for personal, personalized communication - If you have provided consent in any form on the website for direct, personalized communication, the controller may send you relevant information via phone, email, SMS/MMS messages, mail, printed materials, and all other communication channels.
If you have made a purchase in the online store www.storiesbylea.com and, at the same time, agreed to the General Terms and Conditions and provided your email address and mobile number (SMS), we may, in accordance with the legitimate interest, send you electronic messages with offers of similar products or services. You can revoke this consent at any time by sending an email to email@example.com.
Use of Personal Data
The controller uses the collected data exclusively for the purposes for which the user has given consent or for the purposes for which the controller has a legitimate interest. In any case, the controller ensures that your data is handled in accordance with the applicable legislation, that data is not disclosed to unauthorized persons, and that all necessary measures are taken to protect your data from unauthorized access, disclosure, alteration, and destruction. The controller may only use the data for purposes for which you have given explicit consent or for which there is a legitimate interest. The controller may, in accordance with the law, process personal data for the purpose of fulfilling a contract concluded with the user, for the purpose of ensuring that the website works properly, for the purpose of ensuring security and confidentiality, for the purpose of legal obligations, for the purpose of ensuring the best possible user experience, for the purpose of improving the quality and services, for the purpose of sending promotional materials, and for the purpose of informing users of the provider's offerings, promotional terms, and promotional materials.
Personal Data Protection
The controller shall protect the user's personal data in accordance with ZVOP-1 and GDPR. For the controller, Lea Grom s.p., Stara Vrhnika 133, 1360 Vrhnika, the responsible person for data protection is Lea Grom, who can be contacted at firstname.lastname@example.org. Personal data is processed for the purposes of completing the order, ensuring security, improving the quality of services, and sending promotional materials. The data is processed on the basis of a sales contract, for which the data subject is a party, or on the basis of a consent. Personal data is not transferred to third countries or international organizations.
The controller may, in accordance with ZVOP-1 and GDPR, process personal data for the purpose of fulfilling the contract concluded with the user, ensuring proper operation, ensuring security and confidentiality, fulfilling legal obligations, ensuring the best possible user experience, improving quality, services, and offering promotional materials and information about provider offerings, promotional terms, and promotional materials.
Rights of the Data Subject
The user has the following rights:
the right to access personal data (Article 15 of the GDPR);
the right to correct personal data (Article 16 of the GDPR);
the right to delete personal data (Article 17 of the GDPR);
the right to restrict processing (Article 18 of the GDPR);
the right to data portability (Article 20 of the GDPR);
the right to object to processing (Article 21 of the GDPR).
Users can exercise their rights at any time by sending an email to email@example.com.
Revocation of Consent
If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw their consent at any time without affecting the legality of the processing based on the consent before its withdrawal. You can revoke your consent by sending an email to firstname.lastname@example.org.
The controller will keep personal data for as long as necessary to achieve the purposes for which the data was collected and processed. Personal data processed on the basis of consent will be kept until the consent is revoked or until the purpose for which the data was collected and processed is fulfilled. If personal data are processed on the basis of a contract, the controller will keep the data for the duration of the contract and for as long as necessary to fulfill the contractual obligations.
If you believe that your rights regarding personal data have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.
Last updated: October 28, 2022