Who we are
TomTek, Tomaž Tekavec, s.p. (in the following text referred as “TomTek”).
Our website address is: https://tomtek.eu (in the following text referred as “Website”).
The controller of your personal data is TomTek, Tomaž Tekavec s.p., Gorenje 24, 1332 Stara Cerkev, Slovenia, firstname.lastname@example.org.
Users of our website;
Recipients of our newsletters;
Participants in our events;
End users of our services (including the users of our online store, participants in our prize games, individuals who order free samples on our websites, members of the TomTek loyalty club);
Expert public whom we engage in the direct marketing of our products;
Candidates applying for our job vacancies.
Personal information we collect
We only process your personal data on the basis of clearly stated and legitimate purposes, which are defined in this Policy. TomTek is committed to the principle of data minimisation, which means that we collect, store and process only the data we need to fulfil the purposes for which they are collected.
We collect your personal information directly from you (e.g. you provide your personal information when ordering our services, participating in our events or making inquiries).
Your personal information may also be obtained from publicly available records. Personal data that we process may include:
General information about you – e.g. name and surname (including prefix or title), gender, age and date of birth;
Contact information – e.g. address, business address, e-mail address, telephone number, telephone number of your personal mobile phone;
Information about your profession – e.g. information about your education, academic title, professional qualifications, employment / position / role, specialization, customer account reference number, medical interest, official ID, membership in some professional bodies, your CV;
Technical information and interaction information – e.g.:
Information about the device that you use to interact with us, information about previous interactions or information about given presentations;
Information about your contact preferences or your preferred communication channel;
Information about the time you spent interacting with us, the location of these interactions, and your response to the various interactions you have with our representative.
Purpose of Data Processing and Types of Personal Data
All the personal information you provide to us will be treated confidentially and will only be used for the purposes for which it was submitted. Should a need arise for any further processing of your information for another purpose, we will contact you in advance and ask for your consent.
General Purposes of Processing
This section sets forth processing purposes that may be relevant end users:
- Compliance with requirements laid down by laws and regulations. In certain cases, laws and regulations may require us to process or communicate your personal information. In such cases, we process your personal information on the basis of the law; such processing or communication of personal data is mandatory.
- Retention of unsuccessful recruitment information submitted by candidates. Name, surname, e-mail, address, mobile phone, and CV are used for the purpose of carrying out recruitment and providing notice about current vacancies. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the section titled “Your Rights” for more information.
- Execution of prize games organized by TomTek. Name, surname, gender, age, e-mail, and address are used for the purpose of carrying out prize games. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the section titled “Your Rights” for more information.
- Enabling access and use of the TomTek loyalty club. Name, surname, gender, age, e-mail, address, history of purchases and prize items are used for the purposes of the loyalty club. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the section titled “Your Rights” for more information.
- Communicating with users based on your request, regardless of the request channel (e-mail, completing the contact form on our website, phone call, etc.). Name, surname, gender, age, e-mail and address are used for the purposes of responding to your request. This information is processed on the basis of our legitimate interest in familiarizing our customers with additional information and presentations for the purpose of improving our services. Please refer to Section 6 of this Policy for more information on legitimate interest as a basis for the processing of personal data.
- Distribution of newsletters to end users. Name, surname, gender, age, e-mail and address are used to distribute newsletters. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the section titled “Your Rights” for more information. Distribution of newsletters is carried out on the basis of basic content customization according to the products you have expressed interest in or purchased in our online store. Such customization is carried out on the basis of our legitimate interest in familiarizing our customers with additional information and presentations in order to improve our portfolio of services.
- Distribution of newsletters to our partners and potential partners Name, surname and e-mail are used to distribute newsletters. This information is processed on the basis of our legitimate interest in facilitating efficient and successful administration and management of our business. Please refer to section 6 of this Policy for more information on legitimate interest as a basis for the processing of personal data.
Purposes Related to the Provisioning of the Online Store Service
This category comprises processing purposes related to the use of the online store.
- Enabling user access and use of the TomTek internet account available within the online store (the use of online store with registration). Name, surname, gender, e-mail, and address are used to fulfil the online purchase. This information is processed on the basis of your consent. You may at any time withdraw the consent to receiving promotional messages. Please refer to the section titled “Your Rights” for more information.
- Statistical analyses of customer data, orders and prospective buyers. This information is processed on the basis of our legal interest in the optimization of advertising and operations of TomTek. Should TomTek identify a need for further processing of personal data for purposes that are incompatible with the above stated purposes, we will provide prior notice and ask for your consent regarding such processing.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We limit the access to personal data both to TomTek and to employees in our affiliated companies. All employees who have access to personal data are liable to protect the personal data they process.
In accordance with applicable data protection and privacy regulations, we will take appropriate measures to ensure that your personal data will remain secure and safe in every transfer. We will define these measures by concluding appropriate contractual frameworks that will determine the protection of personal data.
Legal Grounds for the Use of Personal Data
The grounds on which we use your personal information:
Your express consent – we may occasionally ask for your consent to use your personal data for one or more purposes. Please refer to the section titled “Your Rights” for more information regarding the rights that you have when we process your data on the basis of your consent;
Legitimate interests – the use of your personal data helps us to manage and improve our operations and reduce interference in the provisioning of services. Moreover, the use of your personal data allows us to make our communication more relevant and personalized to you, and renders your experience with our services and products effective and successful. Legitimate interests may include:
Facilitating effective and efficient administration and management of our business;
Enabling our customers to have quick and easy access to products;
Maintaining compliance with our internal procedures and customer relationship management policies;
Providing up-to-date solutions when interacting with clients regarding medicines;
Familiarizing our customers with additional information and presentations for the purpose of improving our services.
Whenever we process your personal data on the basis of legitimate interests, we will explicitly indicate this in this Policy or inform you in advance on a special form.
Contractual or pre-contractual relationship – your personal data is processed when needed for the purpose of concluding and implementing an agreement with you. We process your personal data for the duration of the contractual term, including warranty or any other terms arising from the concluded contract (e.g. fulfilment of your orders in the online store).
The law – your personal data is processed when required by law (e.g., tax legislation).
You are obligated to provide personal information that we collect and process pursuant to laws and regulations. You communicate your personal information for the purpose of conclusion (and implementation) of an agreement on a voluntary basis. Nevertheless, we would like to point out that if you fail to provide us with personal information which we need in order to provide a specific service, we will not be able to provide that service (e.g. it is necessary that you provide your e-mail when making a purchase in our online store in order for us to fulfil your order).
With regard to personal data processing on the basis of your consent, the provision of personal information is always voluntary and without any negative consequences for you. Nonetheless, we would like to point out that we will not be able to provide certain services without your consent, or after you withdraw your consent (e.g. using TomTek loyalty club).
We store all personal data that we process in accordance with laws and regulations and only for the time required to achieve the purposes for which the data were collected.
When the personal data retention period is prescribed by law, data are kept in accordance with the provisions of the applicable law.
When the grounds for the collection and processing of personal data is an agreement, the retention period lasts for the entire contractual term, including warranty or any other period arising from the concluded agreement.
When collecting and processing your personal information on the basis of your express consent, we keep your personal information permanently or until revocation. In the event that the purpose for which we have processed your information will be fulfilled, we will delete your information even if you do not withdraw your consent. For example, when we organize a prize game, the purpose of the collection and processing is fulfilled when the prizes are awarded, so we will delete all the participants’ data (with the exception of those needed for legal reasons), even if you do not submit the revocation, because the purpose of the collection is fulfilled (i.e. prizes were awarded).
Data Protection Methods
TomTek commits to protecting the personal information you provide to us. TomTek will do everything to protect personal data from any violation and misuse.
We store personal data in paper or digital form. All paper documents with your personal data are stored in protected areas, our computer systems are protected by technical and organizational measures that prevent any accidental or deliberate destruction, loss, damage, alteration and unauthorized disclosure or access to your personal data.
Technical and organizational measures that we use to protect your personal data include, but are not limited to:
Regular backups that are properly protected;
Restriction of access to personal data;
Regular employee training on the subject of personal data protection and supervision over the work of employees;
Use of appropriate software protection.
After expiry of the retention period or the revocation of obtained consent, the data (including any copies thereof) are immediately, irretrievably and permanently deleted. Any personal data carriers where such data are located are also permanently destroyed or deleted.
Should a violation of personal data protection occur, we will immediately inform the competent supervisory authority. Should a criminal offence be suspected in the event of a violation of personal data protection, we will immediately notify the police or the competent prosecutor’s office.
Should a high-risk violation of personal data protection occur involving the rights and liberties of individuals whose personal data we process, we will inform you of such violation without any undue delay.
TomTek ensures that you can exercise all the rights that you have in relation to the processing of your personal data.
Termination of subscription to product newsletters. If you no longer wish to be informed about the products marketed by TomTek and its affiliated companies, you can contact us at email@example.com. The data subject may at any time request TomTek to:
Confirm whether the data relating to the data subject are processed or not.
Be granted access to the personal data:
Access to personal data will be granted only when we confirm that your personal data are processed. You have the right to request information about what data is being processed and what the source of this information is.
Enable the correction of inaccurate or incomplete personal data relating to the data subject: Please make sure to inform us of any change in your personal information as soon as possible, as this is the only way to ensure the accuracy and integrity of the personal data that we keep. You can notify us of any changes by use of the contacts listed in Section 10 of this Policy.
Enable the printout of personal data provided to us by the individual in a structured, generally used, machine-readable form.
Allow the right to have personal data deleted (i.e. the right to be forgotten): The right to have personal data deleted is limited as we cannot delete the personal data that we process on the basis of law and regulations or on the basis of a contractual relationship between us (including any warranty and other periods that may arise from a particular contract).
Enable the right to restrict processing (e.g., the request to restrict processing is possible when running the integrity check on the personal data that we process).
Allow the right to object to the processing: The right to object to the processing of personal data is limited to processing that is based on a legitimate interest (cases when a legitimate interest is the basis for the processing of your personal information are listed in this Policy or we will inform you accordingly in advance) and processing for the purposes of direct marketing, including profiling.
Make the data transferable and provide the data subject with data in a structured, generally used and machine-readable form or directly communicate them to another Controller.
Allow the right to withdraw consent, when personal data are processed on the basis of consent, whereas withdrawal of consent does not affect the lawfulness of data processing that was carried out prior to such withdrawal.
Consent may be withdrawn by an individual in any manner specified in Section 10 of this Policy. Withdrawal of consent does not create any negative consequences for you. After you withdraw your consent, we will not offer certain services if these services are of such a nature that we cannot perform them without you providing your personal information (e.g., without the processing of your e-mail address we cannot provide you with e-mail notification services). Every individual to whom data relates has the right to file a complaint against us with the Information Commissioner.
You can exercise your rights by contacting us by e-mail at: with subject of the message Personal Data protection.
TomTek commits to respond to the data subject’s requests without undue delay, and at the latest within the statutory deadlines.
This section sets forth the definition of terms used in this Policy.
- Personal data is any information that refers to a specific or identifiable individual, specifically: name, identification number, web identifiers as well as factors that are characteristic of the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
- Processing is any act or set of actions that is carried out with personal data and includes, in particular, the collection, editing, storing, modifying, viewing, retrieval and deletion of such data.
- Controller is a natural or legal entity who, alone or jointly with others, determines the purposes and means of processing. For the purposes of this Policy, TomTek is the Controller.
- Processor is a natural or legal entity as well as a public authority or agency or other body that processes personal data on behalf of the Controller.
- End user is any natural person who uses our services (including online store users, members of loyalty clubs, etc.).