I. Področje uporabe pravilnika o varstvu osebnih podatkov This Personal Data Protection Policy (the “Policy”) applies to all Users of the Website as defined in the Terms and Conditions of Use. In this Policy, the terms User, Provider and Website have the same meaning as defined in the Terms and Conditions of Use. This Policy may be amended, revised or supplemented at any time without prior notice. By using the Website after it is amended, revised or supplemented, the User confirms that they accept the amendments, revisions or supplements. II. Types of Data Processed; Transmission of Data; Joint Data Controllers The Provider collects and processes the following personal data about Users: - Name and surname - Address and country of residence - Telephone number - E-mail address - Dates and times of logins to the Website - Bank account number (IBAN, SWIFT) - Exchange of money into coupons (number of coupons, value of coupons (amount of money exchanged), dates of exchange, etc.). The data listed in indents 1 to 4 of the preceding paragraph of this article is received by the Provider from the provider of the Cherrybox24 system every time the User logs into the Website using their login information (username and password) for www.cherrybox24.com. The Provider collects the data listed in indents 6 and 7 of the first paragraph of this article only from Users who have acquired the coupons on the Website. The Provider sends the data on the total value of orders and the information that the amount has been exchanged for coupons to the provider of the Cherrybox24 system, who awards a certain number of points or other benefits to the User based on that data in accordance with its own policy and terms of use. The following parties are joint controllers of the data listed in indents 1 to 4 of the first paragraph of this article within the meaning of the Personal Data Protection Act: - MIRAGO, poslovno svetovanje, d.o.o., represented by its managing director, Severin Hovelja (Website); - GS NEONBIT Ltd., Tower Bridge Business Complex, B402, 100 Clements road, London, United Kingdom, represented by its managing director, Imran Khakwani (Cherrybox24). III. Purposes of Processing; Security The Provider uses the collected User data for the following purposes: - login to the Website and enabling acquisition of coupons on the Website; - keeping a record of registered Users of the Website; - statistical, marketing and other analyses and research; - processing Users’ orders and acquisition of coupons on the Website; - performing executed contracts; - meeting other contractual obligations and the requirements of consumer protection laws; - meeting the requirements of tax laws; - communicating with Users; - occasionally sending commercial or non-commercial e-mails related to the Website or any activity of the Provider; - occasionally sending commercial or non-commercial e-mails for/from third parties – partners of the Website. The Provider carries out all the personal data protection procedures and measures required by the laws of the Republic of Slovenia and the European Union. The User agrees that the Provider may assign specific tasks related to User data to third parties (data processors) pursuant to a written agreement. Data processors may process personal data only within the scope determined in the agreement and only for the listed purposes. IV. Use of Cookies The Provider uses cookies to enable the use and operation of the Website, detect and correct errors and help collect information about the User’s browsing of the Website. Cookies are small files sent from the Website to the User's browser and stored on the data medium (typically a hard drive) of the User's electronic device (computer, smartphone etc.) as the User browses the Website. The next time the User visits the Website, the information stored in the cookie can be retrieved by the Website to inform the Website of the User's past activity. The Provider collects information using cookies in a manner that does not personally identify a specific User. The Provider uses its own cookies (first-party cookies), but allows certain third parties to install their own cookies (third-party cookies). Information on specific cookies, their data controllers, the purposes of processing data collected using cookies, and the validity period of the cookies is listed below: Data controller Cookie name Purpose of data processing Cookie validity period Provider PHPSESSID This cookie enables the Website to store data for the current browsing session. It is used on the Website to create user sessions and transmit data on the status of session cookies. Since the cookie is not time-limited, the session ends when the User’s browser is closed. The User may set, modify, adjust or revoke their consent (to the storage and accessing of cookies) in the browser they use to access the Website. V. Rights of the User The User may send a request to the Provider at the e-mail address info@cc24.com to confirm whether it collects or processes data related to the User. Such request may be sent once every quarter of the year. The User may send a request to the Provider at the e-mail address info@cc24.com to send the User a copy of any data related to the User by e-mail. Such request may be sent once every quarter of the year. The User may send a request to the Provider at the e-mail address info@cc24.com to change or update any data related to the User that may be incomplete or incorrect. The User may send a request to the Provider at the e-mail address info@cc24.comto permanently delete all data related to the User, except any data that the Provider is required to retain by law. Before the Provider deletes any data, it may request that the User prove their identity. Should the Provider still have any doubts as to the identity of the User, it may reject the User’s request. VI. Exclusion of Liability The Provider assumes no liability for any damage suffered by the User as a result of the User providing false, inaccurate or incomplete information when registering on or visiting or using the Website. If the above exclusion of liability is void or unenforceable for any reason, the Provider’s liability is limited to the maximum extent permitted by law. VII. Final Provisions If any provision of this Policy is invalid for any reason, such invalidity does not affect the validity of the rest of the Policy. In such a case, the invalid provision is deemed not to exist and the Policy applies without such provision. Any legal relationship between the User and the Provider based on this Policy is governed by and construed in accordance with the laws of the Republic of Slovenia, and the courts of the Republic of Slovenia have exclusive jurisdiction over any dispute or controversy arising out of or in relation to this Policy. This Policy is effective as of March 1st, 2018.