The controller of your personal data in connection with the website https://timberce.com/ (hereinafter referred to as “the website”) and your interactions with EBERCE d.o.o. is:
EBERCE, Informacijsko komunikacijska tehnologija in svetovanje, d.o.o.
Dunajska cesta 106
1000 Ljubljana, Slovenia, Europe
Company Registration Number: 5787882000
VAT ID: SI 90207777
Email: hello@timberce.com
(hereinafter referred to as “we,” “us,” “our,” “EBERCE,” “processor,” “provider,” “company,” or “organization”)
A Data Protection Officer has not yet been appointed. For any privacy-related inquiries or requests, please contact us at hello@timberce.com.
You can learn more about us, our services, and other activities here.
We are the owner and operator of the website https://timberce.com/ and its associated sub-domains or related websites (collectively referred to as “the website”).
This notice explains how EBERCE collects, processes, and protects the personal data of individuals who provide their data directly to us as the controller of personal data. This includes, but is not limited to, consenting to the use of cookies while visiting the website, filling out and submitting online forms through the website, or any other direct interactions.
Unless otherwise specified, terms used in this notice (e.g., personal data, processing, controller, processor, etc.) are defined as per the General Data Protection Regulation (GDPR).
All terms defined in this notice and used in singular form shall also apply to their plural forms, and vice versa. Similarly, terms relating to the masculine gender are intended to include all genders.
We reserve the right to update or modify this notice as needed. Significant updates or changes will be announced on our website.
In cases of substantial changes (e.g., alterations to the legal basis or purposes for processing previously collected data), we will notify affected individuals by email or other appropriate means.
NAME OF THE PERSONAL DATABASE | LEGAL GROUNDS | TYPES OF DATA & CATEGORIES OF DATA SUBJECTS | DEADLINES FOR DELETION OF PERSONAL DATA | PURPOSES OF PERSONAL DATA PROCESSING AND TYPES OF PROCESSING |
---|---|---|---|---|
Details of individuals who have purchased products through our website | Contractual relationship | – Name and/or surname of the individual who purchased the products – Email address of the individual who purchased the products – Shipping address information – Payment details – Transactional information – Information on the ordered products – Data required for invoicing – Other personal data related to the order of the company’s products | We may retain a minimized set of the aforementioned data, including contact, payment, and shipping information, until the expiration of the statutory period under which we may be held liable for hidden defects or invoice data (6–10 years). | This data is processed based on the contractual relationship established when the individual accepts our terms of sale and places an order. Processing includes: – Concluding transactions – Shipping products – Performing legally required actions (e.g., invoicing, sending order confirmations) Data may also be stored in email systems for order confirmations, forwarded to shipping providers, and archived in the company’s records. |
Data associated with the issuing of invoices/billing | Fulfilling our legal obligations | – Data on the authorized person of a client with a registered account for our services, including: – Email address – Password – First name and last name – Relevant account data, such as: – Company name – Pricing package – Special usage requirements | We are legally required to store this data for a period of 10 years. This data shall not be deleted if our organization is obligated to retain it after the termination of the contract (e.g., archiving issued invoices), as described in more detail under points 1.3 and 2 of this notice. | This data is processed for issuing invoices and billing, based on a concluded contract. The data is stored on our servers and in our CRM systems, viewed, and shared within and outside of our organization. Processing includes structuring and using the data in other relevant ways to achieve these purposes. |
Information on the individual communicating with the company via the email addresses and other communication channels that are available on the website | Negotiation for the conclusion of a contract. | Personal data of an individual who voluntarily communicates with the company (e.g., enquires about the company’s services, orders support services, proposes support-related questions, arranges to place an order via a published email address, etc.), whereby such situations justify the limited storage or processing of the individual’s data for the purpose of preparing the company’s response or for further communication. | Until the purposes for which the personal data had been collected for the processing of the individual personal data have expired (e.g., until the cessation of communications) or until 5 years have elapsed since the moment of last communication with the individual. | In the context of contract negotiations (i.e., obtaining information about or ordering a product or service or other voluntary communication between an individual and the company), the company may process the data in ways that are logically related to the negotiations taking place or the preparation of responses (e.g., storage in an email system for the purposes of responding and any further communication, storage of the data in the company’s archives, etc.). |
Details of individuals who have opted in to receiving the company’s newsletters and other commercial communication | Consent | Personal data of an individual who has consented to the company sending them commercial information and other useful information about its products and services to their email address from time to time. | To unsubscribe from receiving electronic communications, an individual may follow the unsubscribe link contained in each email. In any case, the individual may also request the deletion of their data by sending their request to the company’s official email address that is listed at the beginning of this document. | On the basis of consent, which has explicitly been obtained from the individual, the company may process (i.e., store and use in connection with the email system) the data solely for the purpose of providing commercial information and other useful information about its products and services. |
Data on individuals who communicate with our organization via our email addresses and other communication channels | Negotiations for the conclusion of a contract | – The name and/or surname of the individual who communicates with our organization – Their email address – Possibly their phone number – Any other personal data disclosed in such communications | Until we receive the opt-out request or the data deletion request of such individuals or until 4 years have elapsed since the last communication. *Individuals can always opt-out via the provided link or request the deletion of their data by sending their request to the official email address of our organization listed at the beginning of this document. | Based on negotiations for the conclusion of a contract (i.e., obtaining information about or ordering a service or other voluntary communication of the individual with our organization), our organization shall process the data in ways that are logically related to the negotiations regarding the conclusion of a contract or the preparation of a response (e.g., storage in the system for sending electronic messages for response purposes and possible further communication, data storage in our organization’s archives, etc.). |
In certain cases, based on its legitimate interests and unless otherwise stated above or elsewhere in this notice, our organization reserves the right to retain specific data beyond the stated period mentioned in section 2 of this notice. In such cases, data retention will be strictly limited to the information essential for pursuing those legitimate interests.
Individuals always have the right to request the deletion of their personal data by sending a request to the official email address listed at the beginning of this document.
For the purposes outlined above (e.g., when data storage is mentioned), the data may be transferred to our organization’s contractual partners (subprocessors), as listed in section 3.3 of this notice. Subprocessors are authorized to process personal data exclusively for tasks assigned to them and directly related to the specified purposes.
In line with the above, the company conducts customized marketing communication related to its products, discounts, news, tailored offers, and other promotional content. This communication is carried out through various channels and in collaboration with different individuals:
Type of advertising activity | Description of the advertising activity | Legal basis for processing | Data that is processed | Retention period |
---|---|---|---|---|
Sending emails to people who have not yet been our customers. | Sending customized emails with tailored marketing content. | Consent | – Name – Surname – Email address – Data on past purchases or shopping cart contents – Data on email openings and link clicks | Until consent has been withdrawn. |
Sending marketing emails to existing customers of the company. | Sending customized emails with customized marketing content. | Legitimate interest | – Name – Surname – Email address – Telephone number – Data on past purchases or shopping cart contents – Data on email openings and link clicks | Until consent has been withdrawn. |
Sending emails to people who have put products into their cart and entered the required data, but did not complete their purchase (“cart abandonment”). | Sending customized emails with marketing communications referring to the contents of the abandoned cart or containing discounts for these and other products. | Consent | – Name – Surname – Email address – Telephone number – Data on past purchases or shopping cart contents – Data on email openings and link clicks | Until consent has been withdrawn. |
Showing ads to people who have agreed to the installation of optional cookies and tracking pixels. | (See the subpage on cookies). | Consent | (See the subpage on cookies). | (See the subpage on cookies). |
We may process personal data based on a concluded contract (e.g., a contract for the use of our services) or during negotiations for the conclusion of a contract (e.g., when an individual contacts our organization via official communication channels to request more information about our services).
In such cases, you provide personal data as part of a contractual obligation or during negotiations for the contract. Consequently, we do not require your explicit consent for this processing. While failing to provide the necessary personal data may not result in immediate severe consequences, it could significantly hinder or even prevent the execution of services or cooperation. You will be informed in advance or as the situation arises if such challenges occur.
Our organization may also process personal data to fulfill legal and statutory obligations, particularly those related to taxation and accounting (e.g., maintaining records of issued and received invoices). For example, when a regulatory inspector or public authority legally requires our organization to provide personal data for inspection or supervision purposes, such requests will be fulfilled in compliance with applicable laws.
In such instances, the organization may process client-related data (e.g., name, contact details, etc.) tied to the issuance of an invoice, as mandated by tax laws and regulations. For more details, refer to section 3.2 of this document.
Our organization may process certain personal data to safeguard legitimate interests. For example:
In all such cases, we ensure that data processing remains limited to the minimum required to fulfill these legitimate objectives.
Engaging with our services and interacting with us is generally not conditional on your agreement to the processing of your personal data.
However, we may process your personal data based on your explicit consent. Explicit consent is a voluntary declaration of intent in which you agree to the processing of specific personal data for a particular purpose. For example, when you consent to receiving newsletters or other commercial messages, we process the data specified in the relevant sections of the table in section 1, where consent is indicated as the legal basis for processing.
You can opt out of receiving such communications at any time by following the link provided in each newsletter or commercial email or by contacting us at the email address listed at the beginning of this document.
With your consent, we may also engage in online advertising using optional (advertising) cookies and tracking pixels from our advertising partners. For example, consenting to the installation of the Google Analytics cookie enables us to advertise our services more effectively on other websites. A detailed list of optional cookies, the data processed, and their retention periods is available on the “Cookies” page.
You have the right to withdraw your consent at any time in a simple manner by contacting us at the email address listed at the beginning of this document. The withdrawal of consent does not affect the legality of the processing performed prior to the withdrawal.
If you do not provide consent, provide it partially, or later withdraw it (fully or partially), we will cooperate with you to the extent possible under the given consent or as permitted by applicable laws. Consent is entirely voluntary, and a refusal to provide it or a later withdrawal will not affect your other rights or result in additional costs or disadvantages for you.
The retention period for personal data depends on the purpose and legal basis for processing each data category. Generally, personal data is retained for as long as necessary to fulfill the purpose for which it was collected or as required by applicable regulations. Once the retention period expires, the data is deleted.
If the retention period for specific data is not explicitly defined in the table in section 1, the following applies:
Additionally, our organization may retain data for an additional 15 days after the expiration of the retention period to allow for secure deletion from all servers and data carriers.
Individuals may always request the deletion of their data by contacting us at the official email address listed at the beginning of this document.
Your personal data is processed by employees within our organization who require access to the data to perform their job duties. All employees are bound by confidentiality agreements and are required to protect your personal data.
In certain circumstances, as mandated by applicable laws, our organization is required to provide or report your personal data to relevant government authorities. These may include financial, tax, or regulatory bodies (e.g., the Estonian Data Protection Inspectorate). Additionally, we may be obligated to provide personal data to third parties if such an obligation is imposed by law or legally justified by a third party’s entitlement.
Apart from our employees, personal data may also be processed by individuals employed by our contractual processors. These processors act solely on behalf of our organization and within the limits set by agreements for external processing of personal data.
Contractual processors are bound by confidentiality and may only process data in accordance with our organization’s instructions, as outlined in their contracts. They are prohibited from using the data for their own purposes. Examples of such processors include:
Our organization ensures that personal data will not be disclosed to unauthorized third parties. If you would like a detailed list of all contractual subprocessors, you can send a request to the email address listed at the beginning of this document.
The hosting of our website and storage of data submitted via the website (e.g., through contact forms) are managed by our hosting provider, whose servers are located within the EU. To request information about our hosting provider, please email us at hello@timberce.com.
As a general rule, our organization does not transfer personal data to countries outside the European Union, Iceland, Norway, and Liechtenstein (the EEA) or to international organizations.
However, there are occasional exceptions, such as the transfer of certain technical or personal data to servers located in the United States. For example, data collected by Alphabet Inc. (Google) cookies or email addresses entered into commercial messaging tools.
In such cases, the processors in question comply with stringent data protection measures, including:
For additional information on the categories of users and data subprocessors, or to request further details, you can contact us at the email address listed at the beginning of this document.
Our organization does not intentionally collect or direct individuals to provide special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health-related data, or data concerning an individual’s sex life or sexual orientation) in connection with our website or services.
If we become aware that such data has been disclosed to us, we will ensure that it is protected and handled appropriately according to applicable data protection laws.
You may contact our organization at any time via the email address listed at the beginning of this document if you have questions regarding this notice or how your personal data is being processed. This address can also be used to submit requests or exercise your rights under the GDPR.
As an individual whose personal data is processed, the GDPR provides you with the following rights:
For individuals in the Republic of Slovenia, the supervisory authority is:
Informacijski pooblaščenec
Dunajska 22, 1000 Ljubljana, Slovenia, EU
Email: gp.ip@ip-rs.com
Phone: +38612309730
Website: www.ip-rs.com
A list of other EU supervisory authorities and their contact information can be found here: European Data Protection Board Members.
Our organization does not use automated decision-making or profiling in any form.
Our organization does not knowingly collect or process personal data of individuals under 15 years of age.
If we become aware that personal data of such individuals has been processed without the consent of a parent or legal guardian, we will take all necessary steps to delete the data.
Parents, guardians, or the individuals themselves may submit requests for the deletion of such data at any time by contacting us via the email address listed at the beginning of this document.
You may limit or revoke your consent for data processing at any time by contacting our organization as the processor of your personal data via the email address listed at the beginning of this document.
Our organization employs comprehensive organizational, technical, and logical measures to securely store and protect personal data. These measures are designed to prevent accidental or intentional unauthorized access, destruction, alteration, or loss of data, as well as unauthorized disclosure or other processing activities not expressly consented to.
We have implemented appropriate internal processes and measures, such as:
Our organization also requires similar commitments from its contractual processors to ensure the security of your personal data.
Date of Publication / Last Revision: Version 1.0, dated 13th December 2024.
EBERCE d.o.o.