Privacy Policy of Blockhapp d.o.o.

Privacy policy of Blockhapp d.o.o. (hereinafter: the company)

About this Privacy Policy 

The purpose of this privacy policy (hereinafter: the Policy) is to inform individuals, users of services, subscribers, colleagues and employees and any other person (hereinafter: Individuals) about the purposes and legal bases, security measures and the rights of Individuals regarding the processing of personal data carried out by the company. This policy further explains the consent to the processing of personal data. 

The Policy is in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (hereinafter: the General Regulation)) and with the applicable legislation in the field of personal data protection and other legislation and includes:

  • contact company information and contact person information for personal data protection,
  • purpose, basis and types of data processing for different types of Individual’s personal data, including profiling of Individual’s personal data,
  • sharing data with third parties and in third countries (countries outside Member States of the European Economic Area),
  • retention of different types of personal data,
  • rights of an individual regarding personal data processing, 
  • right to appeal regarding the personal data processing. 

Where appropriate the parts of the Policy that refers to an Individuals are also used to regulate the issue of secrecy and confidentiality of communication with the users who are legal entities.

The purpose and the basis of data processing

The company collects and processes Individual’s information on the following legal bases:

  • processing is necessary to fulfil the legal obligation applicable to the controller.
  • processing is necessary for the performance of a contract, to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract.
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

processing is necessary to protect the vital interests of the data subject or other natural persons.

The purpose of data processing on the base of a contractual relationship: 

The company processes individual’s personal data for the purpose of notifying individuals about new records on the web page, for direct marketing and for segmentation. 

For the purpose of the performance of the contract the company processes the individual’s data as following:

  • email address and name (to notify, to send email news)
  • telephone number (to notify about the contract performance)
  • home address (to follow the fulfilment of payment obligations, to create and send bills)
  • company data (to follow the fulfilment of payment obligations, to create and send bills).

The purpose of data processing on the legal base:   

The company processes Individual’s personal data for the purpose of contracting, implementing, monitoring and ending contractual relationship. 

The purpose of data processing based on the given consent:

Individual’s data processing can be based on the consent that an Individual gives to the company. The consent can be given for informing about the company offers of products and services, to prepare offers that are adjusted to individual user habits or to notify about upgrading or added value services. The company uses the information channels selected by an individual when giving consent. Informing via email includes giving email address to the external data processor with the purpose to show the Company marketing messages while browsing the web.

When using WP Optin Wheel the Company stores the following data:

  • The player’s email address (if applicable),
  • The wheel ID this record belongs to,
  • A timestamp of when this record was inserted,
  • A hashed IP address (which can not be un-hashed),
  • A flag denoting whether this record is an opt-in,
  • Other data they filled out on the opt-in-form,
  • Whether or not the game was won and the associated prize.

The views and conversions are tracked anonymously. No sensitive or personal data is stored for this purpose.

 An Individual to whom the personal data are related to can at any time revoke her/his consent for data processing in the same way as consent was given or in the other way as defined by the Company. The Company can require Individual identification. Revocation or changes of an Individual consent is only related to data processing based on the consent. The last consent received by the Company is valid. The possibility to revoke the consent does not give the right to an Individual to terminate the contractual relationship with the Company.  When an individual is under aged the consent is given by the parent, the foster parent or by the guardian. 

Transferring Data to Service Providers in Third Countries (Countries that are not Members of the European Economic Area)

The Company may if this is in line with the purpose of the data processing and in line with the General Regulation make personal data available:

  • to persons/entities that carry out certain processing tasks for the Company such as: preparing and sending invoices or data analytics, maintenance and development of services, when those tasks include certain necessary personal data processing. 
  • to persons/entities that carry out selling and marketing activities for the Company, including field sales, or to persons/entities who cooperate with the Company to sell and market their own services or services of third parties in the scope that is necessary to carry out their services and in line with the purpose and the basis as defined in this policy. 

In case of a merger or when the Company is being taken over by another company, personal data are transferred to the acquiring company in line with the law. When using our services, an Individual gives her/his consent to further data processing by an acquirer.

Retention of Personal Data

Invoicing information and the related contact data about an Individual can be stored for the purpose  to fulfil the contact obligations until the full payment for the contractual services and/or products are received or until the statute of limitations deadline expires which can be from one to five years. Invoices are kept for 10 years after the year of the invoice in line with the VAT legislation requirements. If data are processed on the basis of an Individual consent for marketing services, product selling or carrying out added value services, data are stored and processed for so long as it is necessary to achieve the purpose for which personal data have been collected. All other data collected for the purpose of informing and direct marketing are stored until revocation. 

Rights of an Individual Regarding the Personal Data Processing

The Company enables Individuals to exercise their rights without any unnecessary procrastination and in any case no later than in one month after the receipt of the request. The Company may extend the deadline to exercise an Individual right for at most additional two months in respect to the complexity and the number of the requests. If the deadline is extended the Company notifies an Individual about such extension in one month since receiving the request, stating the reasons for the extension. 

The Company accepts the requests regarding Individual personal data processing rights to email info@blockhapp.com or to phone +38631 321 113. 

When the request is sent via electronic means, the information is provided back via electronic means when possible except if an Individual stated differently in her/his request. When there is a legitimate doubt about the Individual identity, who submitted the request regarding the personal data processing, the Company may request additional information to confirm an Individual identity to whom the personal data are referred to. If the request is apparently unfounded or exaggerated, particularly since is repeated the Company may charge a reasonable fee, taking into account processing costs of submitting the info or message or carrying out the request, or the Company may refuse the request. 

The Company enables to Individuals the following rights regarding personal data processing:

  • the right to make a request for the access to personal data 
  • the right to make a request for corrections of personal data
  • the right to make a request for deletion (“the right to be forgotten”)
  • the right to make a request for limitation of further processing of personal data
  • the right to make a request for the transfer of personal data.  

The Right to Make a Request for the Access to Your Personal Data

An Individual, to whom the personal data are related to, has the right to make a request for the information whether the Company has got her/his personal information and, if so, what information the Company has got and the information regarding the personal data processing such as: 

  • the purpose of personal data processing,
  • what information the Company has,
  • users or type of users that the personal data have been or will be revealed to, particularly the users in the countries outside EU or international organizations,
  • if possible, the foreseeable retention period of personal data, or if this is not possible the criteria that are used to determine the retention period,
  • the existence of the right to make a request for correction or deletion or limitation of Individual personal data processing or the right to make a request for objection to personal data processing,
  • the right to make an appeal to supervisory authority,
  • when the personal information is not obtained from an Individual, all available information regarding the source,
  • the existence of automated algorithms for decision making, including profiling with the meaningful explanation about reasoning as well as the meaning and anticipated consequences of such data processing for an Individual.

Based on the Individual’s request the Company provides an Individual with the copy of her/his personal data that are processed by the Company. Further copies of data requested by an Individual to whom the data are related to can be subject to a reasonable fee based on administrative costs.

The Right to Make a Request for the Correction of Your Personal Data

An Individual, to whom the data are related to, has the right to achieve that the Company with no further delay corrects any inaccuracy in her/his personal data. An Individual, to whom the data are related to, has got the right in relation to the purpose of data processing to correct incomplete personal information including to submit complementary statement.  

The Right to Make a Request for Deletion (the Right to Be Forgotten)

An Individual, to whom the data are related to, has got the right to achieve that the Company with no further delay deletes her/his personal data. The Company has an obligation to delete personal data without further delay:

  • when personal data are no longer needed for the purpose they were collected or processed 
  • when an Individual revoked the consent for the personal data processing and there is no other legal basis for data processing 
  • when an Individual object to further processing based on the Company legitimate interest and there are no other prevailing legitimate reasons 
  • when an Individual object to further data processing for marketing purposes
  • when personal data need to be deleted to fulfil the legal obligations arising from the General Regulation
  • when the personal data in relation to the information society services has been obtained in an incorrect way from the under aged person that in line with the regulation cannot give such data.

When the data are identifiable or can be directly or indirectly identified, the Company takes reasonable steps, including technical, to notify the personal data controllers about an Individual request to delete the possible relations to the personal data to whom an individual is related to or its copies. 

The Right to Make a Request for the Limitation of Further Personal Data Processing  

An Individual, to whom the data are related to, has the right to achieve that the Company limits the personal data processing when:

  • An Individual objects the accuracy of the personal data, namely for the period, that enables the personal data controller to check the accuracy of personal data
  • The personal data processing is illegal and an Individual objects the deletion and instead requires limitation of personal data usage
  • The Company does not need personal data for the purpose of personal data processing, but the data are needed by an Individual to whom the data are related to for the enforcement, implementation or the defence of the legal claims.
  • An Individual filed an objection regarding the personal data processing until it is cleared whether the legal reasons on the side of the personal data processor prevail over the reasons of an Individual to whom the personal data are related to. 

The Right to Make a Request for the Transfer of Personal Data.  

An Individual, to whom the data are related to, has got the right to obtain the personal data related to her/him, that were in the possession of the Company in a structured, generally used and machine readable form and the right to transfer this data to another data processor without being obstructed by the Company when:

  • The personal data processing is based on an Individual’s consent or contract and the data are processed in an automated way. 

The Right to Object the Personal Data Processing 

An Individual, to whom the data are related to, has the right to object the personal data processing on the basis of her/his special position if this is related to legitimate interests for which the Company or third party endeavours. The Company terminates the data processing unless it proves that it has urgent reasons for data processing that prevail over interests, rights and freedom of an Individual to whom the data are related to or to enforce, implement or defend the Company legal claims. When the personal data are processed for the purpose of direct marketing an Individual has got at any time the right to object the personal data processing that are related to her/him for the purpose of the marketing activity including profiling, when it is related to this direct marketing.  When the direct marketing is based on the consent given by an Individual the right to object can be executed with the revocation of this consent. 

The Right to Make an Appeal Regarding the Personal Data Processing

An Individual can send an appeal in relation to her/his personal data processing rights to email address 

 info@blockhapp.com, or via regular mail to Blockhapp d.o.o., Trg komandanta Staneta 6, 1000 Ljubljana.

An Individual to whom the personal data are related to, has got the right to make an appeal to information commissioner in case she/he considers that the personal data processing related to her/him violates Slovenian or EU regulation regarding personal data protection. 

When an Individual has already exercised the right to access her/his personal data and after receiving the Company decision she/he considers that personal data obtained are not those that were requested or that not all personal data were given she/he can file another justified request before appealing to the information commissioner. The Company must decide about the new request in five days. 

Cookies Policy

Ow our website we use cookies and similar tracking technologies to track the activity and to hold certain information which may include an anonymous unique identifier.

Cookies are files with small amount of data which are sent to your browser from a website and stored on your device. 

User can instruct the browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, user may not be able to use view or use some of our services on website 

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to  hold the session of the user and to operate our services.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Analytical Cookies. Analytical cookies are used to determine usage of a site, they may track an individual user in anonymous way.

The Validity of the Privacy Policy 

This policy is published on the web page  https://karjola.com  and was adopted by the responsible person of the Company  on the 6.09.2022. 

The project is supported by:

© Copyright – Karjola – Made by: Oriole Code