This policy aims to inform you about the principles of protection and personal data of visitors to our site, about our obligations as a controller of personal data and about the measures we have taken to prevent your data from being used.
The policy will not remain the same as long as our website exists; As digitalization progresses and the regulation of personal data processing relationships develops, we will strive to continuously improve and adapt our practices to this development, which in turn will be reflected in policy. Our intention is to publish a short message in the “news” section of “sopharmashop.com” with the most important highlights every time we change the policy for protection, confidentiality and privacy of personal data.
- This policy covers all activities related to the processing of personal data within the digital assets – property of “Sopharma Shop”.
- The personal data protection officer of “Sopharma Shop”, can be contacted through our Contact Us page.
II. SOME CONCEPTS OF IMPORTANCE FOR A BETTER UNDERSTANDING OF THIS POLICY
“Personal data” – this is any information that relates to you – the visitor/ user of our website and which alone or in combination with other information can help us establish your identity or associate your user behavior with a specific device, from which you access our website, for example.
“Subject of personal data” – this is you, the visitor to our site. What is written in this policy applies only to people, individuals, unless explicitly stated otherwise.
“Processing of personal data” – this is any action that we perform or can perform with your personal data, including, but not limited to, their collection, analysis or destruction.
“Personal data administrator” – in relation to our website, this is us, “Sopharma Shop”. We determine the purpose of the processing of your data, on one of the grounds provided by law; basically, we also determine the means by which this processing is performed – for example, the technical infrastructure and applications with which the processing is performed. Obligations regarding the security and protection of your personal data arise for us. For some processing of personal data we may act together with another administrator.
“Joint administrators” – administrators who jointly determine the purposes and means of processing. Such can be an agency for conducting the marketing strategies of “Sopharma Shop”, with which we jointly determine the goals and means for this.
“Processor of personal data” – this is a third party who processes your personal data on our behalf, where “Sopharma Shop” has strictly determined the purpose of processing, the means by which it occurs and has checked whether the person meets the requirements of the GDPR. Such a processor could be, for example, an agency that is responsible for “Sopharma’s Shop” social media marketing campaign and generates reports on its success.
A cookie is a small amount of text or data that is fed to your device (computer, laptop, tablet, phone) for storage and can be requested back from the domain from which it is “hooked” to the device. The function of the cookie can be varied: from keeping you logged in while filling out a registration form, to storing your language preferences for browsing our website, to tracking your browsing behavior, sometimes for a long time. period of time and regardless of the device used: in the latter case, as in all other similar cases, such a cookie may not be used without your prior consent on the basis of detailed information received.
The GDPR introduces or reinforces substantial legal mechanisms for the benefit of data subjects. Below we have listed some of them that are relevant to the processing of personal data regarding the use of digital assets.
“Digital Assets” – the website “sopharmashop.com” and social media pages of “Sopharma Shop”.
“User session” – The time between the authorization of the user and the moment of his exit or expiration due to inactivity of the same. During this time, the “Sopharma Shop” system uniquely recognizes the customer.
“Plug-in” – third party software, implemented in a digital asset of “Sopharma Shop” and related to tracking user behavior and/ or ensuring the operation of certain functionality by switching to the third party domain.
“Information society services ” are services that are usually provided for a fee and remotely through the use of electronic means. The recipient of such a service must have explicitly requested it. E-commerce is also a type of such service.
“Loyalty program” – marketing activity of “Sopharma Shop” for shopping customers with the opportunity to receive promotional prices.
III. COLLECTION AND USE OF PERSONAL DATA
“Sopharma Shop” strives to protect privacy and ensure the security of personal data of visitors and users of its digital assets. When you visit our website, the third-party web servers we have accessed on our site (such as Google) will temporarily store your device’s connection to our website, as well as the pages you visit on our site, identifying the type of your browser and operating system, as well as the website from which you were redirected to “sopharmashop.com”. We do not collect or process other personal data about you – such as your name, address, telephone number or e-mail address, unless you provide them in connection with your specific information request, when filling out a registration form for applying for a job or for a service or with a view to creating an account in our e-shop. By creating an account, you receive additional facilities for online shopping, which requires registration of our website and access password in order to easily identify and protect your personal data.
Before receiving your personal data processed through the website, we will notify you in accordance with the requirements of Art. 13 of the GDPR. Thus, when processing occurs, you will know who is the administrator, on what grounds and for what purposes it processes your data, how it stores them, etc.
IV. FOR WHAT PURPOSES AND ON WHAT BASIS DO WE USE YOUR PERSONAL INFORMATION
1. Purposes of processing
“Sopharma Shop” collects through the website and uses your personal data for the following purposes:
- Providing services requested by you
Almost all personal data that you fill in the registration forms or your profile are needed to meet your need or the service requested by you, which “Sopharma Shop” provides. In order to provide quality services online and offline, we need your identification data, and their scope varies depending on the type of service requested and the applicable legal requirements.
In many cases, you use the registration forms prepared by us to ask a clarifying question in connection with the services provided, to express dissatisfaction or satisfaction, to file a complaint, grievance or complaint.
The personal data provided by you for the purpose of creating an account for the use of the e-shop, for example, as well as in other registration forms, may be used to inform you about new services provided by “Sopharma Shop”, available discounts on existing services or some service facilities we have created for you. The messages sent by us will comply with the applicable EU legislation.
In order to offer you discounts and promotional products, we also process your data and when you request a consultation through the website.
You can also state your wish on our website to subscribe to our newsletter by providing us with your email address.
You can easily and conveniently object to the use of your marketing data when the basis for processing is a legitimate interest, and we will terminate it immediately; information on how to withdraw consent once or object when receiving an unsolicited marketing message will always be prominently displayed in the message.
For the purposes of marketing, we analyze the traffic and track the user behavior of the website through third-party domain codes, where we process your personal data using cookies. You can read more about them in Section VI of this policy.
2. Grounds for processing
When we process personal data for the purposes of providing services that you have requested through our website, we most often process your personal data on a contractual basis in accordance with Art. 6 (1) (b) of the GDPR. When you contact us through our contact form, the basis on which we process your data is the consent you provide us – Art. 6 (1) (a) of the GDPR.
In case you are applying for a position announced by “Sopharma Shop” through the website, we collect the data for the purposes of selection on the basis of your consent in accordance with Art. 6 (1) (a) of the GDPR.
For the purposes of marketing activities, we process your personal data because we have a legitimate interest within the meaning of Art. 6, paragraph 1, letter “e” of the GDPR or because you have given us your consent to do so on the basis of Art. 6 (1) (a) of the GDPR.
V. WHAT TYPES OF PERSONAL DATA DO WE PROCESS
1. When providing the services requested by you
- To purchase products from our electronic pharmacy – name, surname, telephone number, city, postal code, address and e-mail address;
- In case you choose the option for online payment of the product, we do not process the data for the transaction, but only refer you to the secure environment of the payment system.
- To contact us – the contact form requires you to provide us with a name and e-mail address so that we can identify you and be able to respond to your inquiry, request or more.
2. When applying for a job advertisement
When you apply for a job advertisement, you provide us with the following data: names, data about your education, qualification, professional experience, motivation, etc., included in the CV or cover letter sent by you.
3. In carrying out marketing activities
- To receive a consultation – your e-mail address and data on your health, based on which you will receive a consultation;
- To subscribe to our newsletter, you voluntarily provide us with your e-mail address to which we send you news.
The cookies we use in our digital assets are presented in this policy according to the categories in which they fall.
1. Cookie categories
The categories are as follows:
 Absolutely necessary: Without these cookies you cannot fully browse our website and use its functionalities. Also, without them it is not possible to use the information society services requested by you.
 Cookies to improve the performance of the digital asset: These cookies collect information about how visitors use the website, such as which pages they access most often. These cookies do not collect information that relates to a specific visitor. All information collected by cookies from this group is aggregated and therefore anonymous. Their sole purpose is to improve the performance of the website.
 Functional: These cookies allow the website to store the choices you make and provide enhanced, customized functionality according to your characteristics and needs. For example, these cookies can be used to store the last product you entered in the shopping cart when you shop through our online store. We will anonymize the information that these cookies collect and they cannot track your browsing habits on other websites.
 Targeting or appropriate product advertising: These cookies are used so that we can show you an advertisement that best suits your interests and user behavior.
Your consent is a necessary condition for attaching a cookie, which is not absolutely necessary.
We use the capabilities provided by Google codes to measure traffic to our site in terms of number and frequency of visits. We do not use these capabilities to collect personal data or individual IP addresses; the data reaches us in aggregate form and anonymized for statistical purposes and to improve the visitor experience of our website.
You can find more about cookies uploaded by Google through our website at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage .
2. Cookie management
You may also use our products or services without agreeing to cookies that are attached to your device only with your consent as described above. You can withdraw your consent from the cookie control panel on our website at any time. You can delete your cookies from your device’s hard drive at any time (file: “cookies”). Please note that this may prevent you from seeing certain elements of our site or worsen your visitor experience.
Most web browsers now allow you to pre-control the attachment of cookies from your settings.
If you access our digital asset from a mobile device, you may not be able to deactivate cookies through your internet browser settings.
3. Use of codes for integration of our website with the social network Facebook
To make it easier for you to use our website, we use the Facebook Widget and provide you with the option to register on our website through your Facebook account. In this way, codes are attached to create a link between your Facebook profile, on the one hand, and our website and Facebook page, on the other hand. As long as this connection and the attachment of codes is realized only if you express a wish by registering on our website through your Facebook account, it is not required to obtain your explicit consent before attaching the codes.
Next, in order to better visibility of the services and innovations we provide to our customers, we have chosen to use the Facebook Pixel tool, which provides a link on our website to our Facebook page. Please note that the connection is made by attaching a cookie from the Facebook domain to your device, through which the social network can track your user behavior and browsing habits, including if you are not a registered user of the network at the time of uploading of the cookie. The cookie is set only with your prior consent, which can be withdrawn at any time.
Please note that the data processed by the above codes is obtained from Facebook, which falls under the jurisdiction of the United States of America (USA). In this situation, it is possible to process personal data through their transfer to the United States.
VII. DISCLOSURE OF YOUR PERSONAL DATA
In order to be fully informed about which third parties and for what purpose may access your personal data collected in connection with the visit/ use of our website, please read the following.
Recipients of your personal data are agencies for conducting marketing campaigns of “Sopharma Shop”. These companies receive your data when setting cookie settings and conducting other marketing activities related to our website and our Facebook page.
Processors of your personal data are also all third parties who attach codes and cookies to your device when you visit our website, such as Google and Facebook.
Processors of personal data and as such recipients can be companies providing web hosting on our website.
Recipients of your personal data for marketing purposes may be companies that conduct e-mail marketing by sending you advertising e-mails and attaching codes when they are opened.
Access to your personal data may also have companies that provide IT support to our information systems, in which we store your data received through the website. Their access to the data in the systems is aimed at ensuring the normal and secure operation of the systems, and thus the protection of the processed data.
VIII. PROTECTION OF PERSONAL DATA
“Sopharma Shop” takes precautionary measures, including administrative, technical and physical measures, to protect your personal information from loss, theft and misuse, as well as from unauthorized access, disclosure, alteration or destruction.
All employees of “Sopharma Shop” are obliged to protect the confidentiality of your information, as well as to observe the applicable organizational and technical measures for protection. Access to your data is limited to the principle of necessity to perform the duties of the relevant employee/ contractor who accesses it.
IX. STORAGE OF PERSONAL DATA
Personal data obtained through the forms of the website are stored in our information system, for the operation of which technical and organizational security measures have been taken, including the use of a separate high-end server with limited access, which is only and only this website; using an encrypted connection to access the server; use of SSL and DDoS protection, HTTP/ 2, “smart” Firewall, etc.
Personal data collected through cookies is kept within the time limits specified in the cookie table above.
The CVs, photos and contact details sent through the website are collected with your consent and are subject to strict confidentiality; the data on the candidates who have not been selected to conclude a contract with “Sopharma Shop” shall be destroyed immediately after the completion of the selection procedure, but not more than 6 months; the data of successful job candidates become part of their employment records.
X. YOUR RIGHTS AS A SUBJECT OF PERSONAL DATA
1. Right to information
You have the right to receive information about important characteristics of the processing of your personal data, including, but not limited to, its purpose, term and grounds, recipients and categories of recipients of personal data and others. Depending on the method of initial collection of information, we will show the most important in this regard in an appropriate and easily visible way each time.
2. Right of access
You have the right to access your personal data collected directly by “Sopharma Shop” by logging in to your account on “sopharmashop.com” or by contacting our personal data protection officer.
3. Right of portability
We are obliged to provide you with all personal data processed by us, provided to us in order to provide a service at your request or collected by you with your consent, upon request, in machine-readable format. The request should be sent by inquiry to our data protection officer. When you submit a request for portability, we should fulfill it within 20 working days of receiving it via electronic communication channel. specified by you. The term may not be exactly 20 working days, when the cookies through which your personal data is processed are uploaded by external domains with your consent; In our response to your request for the exercise of the right of portability, we will indicate the period within which we will be able to fulfill your request.
4. Right of adjustment
You have the right to ask us to correct incorrectly recorded or stored personal data about you that you have provided to us through our website and we should do so within 15 working days of receiving your request. You can send your request to our data protection officer.
5. The right to request a restriction on the processing of your personal data
You have the right to request that we temporarily suspend the processing of your personal data (without deleting them) in the event of an objection made by you to their specific processing or in case of legal claims or a complaint filed by you in the Commission for Personal Data Protection. You can address the request to our data protection officer.
6. Processing on the basis of a legitimate interest of “Sopharma Shop” or a third party and objection to such processing
When your consent has not been requested and given for the purposes of a specific processing, or it is not directly necessary for the performance of the service requested by you, we most likely have our or a third party’s legitimate interest, which we have determined not to damages or would slightly affect your right to privacy. Such an assessment will always be documented by us and will follow certain criteria and arguments. You have the right to acquaint yourself with the main points of it upon request, as well as to raise an objection that, given the specifics of your specific situation, the relevant processing affects your right to privacy and/ or protection of personal data more substantially than provided in justification way. In these cases, we should consider your objection and give a reasoned opinion on its acceptance or rejection within 20 working days. By objecting to this processing, you can also exercise your right under item 5 above. You can address the objection to our data protection officer.
7. Withdrawal of your consent
In cases where we have requested your consent for the processing of your personal data, you can always withdraw it. If you are not sure on what grounds we process your personal data, you can always ask us this, as well as the exact way in which you gave your consent – you can send the request to our data protection officer. We will reply you within 15 working days. We maintain an up-to-date database of consents for the processing of personal data, which we can consult at any time. Withdrawal of consent is done in the same way as you gave it and we will provide you with information or email where you can do so easily and conveniently in response to your inquiry.
8. Right to appeal to the Commission for Personal Data Protection
Whenever you believe that your GDPR rights have been violated, you can lodge a complaint with the Data Protection Commission. However, it could be very constructive if you first contact our personal data protection officer to discuss the issue. We undertake to return a reply to you within 15 working days of receiving your complaint or question.