Privacy policy statement

The controller of personal data, as defined by the EU General Data Protection Regulation (GDPR) and the applicable law governing the protection of personal data, is:

BUF online store, represented by:
BUF electrical automation engineering d.o.o.
Bratuževa ulica 13a
5290 Šempeter pri Gorici, Slovenia

BUF, the operator of the online store bu-f.si, undertakes to store and process all acquired personal data in accordance with the GDPR and applicable Slovenian legislation (Personal Data Protection Act).

Acquisition of personal data

We obtain personal information in the following ways:
when ordering products in the online store;
when registering a user account;
by telephone communication with the customer;
in personal communication with the client;
by e-mail communication with the customer;

What data do we collect?

For the needs of providing services, the company BUF (online store bu-f.si) collects, processes and stores the following data:

name and surname,
address and place of residence,
e-mail address,
Username,
password in encrypted form,
telephone number
other data that you, as a user, voluntarily enter in the form on the bu-f.si website
Contact information that you provide us when filling out or. we need to place an order / request / application / registration to process your order and to communicate with you. If you do not provide us with the above contact information, we will not be able to process your order. BUF is not responsible for the accuracy of the information you enter as a user of our website.

Purpose of collecting and processing personal data

Order in the online store:
We use personal information to process your order. We use the data to issue an invoice and process the delivery. We do not use the entered data in the future without your explicit consent.

User account:
We store personal data in the user account for which we have obtained the prior consent of the users. Users can change and delete personal data at any time.

Email communication:
We use personal information to process your e-mail contact. We will not use personal data in the future without your explicit consent.

Transmission of personal data
We disclose personal data to law enforcement agencies and other government bodies if required by law or necessary to prevent, detect or prosecute criminal offenses and fraud. We undertake not to pass on your data to unauthorized persons or other persons for advertising purposes under any circumstances.

Your rights

In accordance with the provisions of the EU General Data Protection Regulation (GDPR), you have the following rights:

access to and copy your personal information.
to supplement or correct your personal data if it is incomplete or inaccurate
until the deletion of your personal data, especially if they are no longer necessary for the purposes
due to which they were collected, whether they were processed illegally or were processed on the basis of your consent, you have revoked the consent and there is no other legal basis for their processing
until the transfer of personal data to another controller, where technically feasible
to limit the processing of your personal data, especially if you dispute its accuracy – for a period that allows us to verify the accuracy of your personal data; if the processing is illegal, you oppose the deletion of personal data; if the data retention period has expired and you need it to enforce legal claims
you can revoke your informed consent.
When exercising all your rights or obtaining additional information, please contact our data protection officer, who is available at the e-mail address: info@bu-f.si. We will process and respond to your application in accordance with the GDPR.

If you believe that your rights or regulations on personal data protection have been violated, you can complain to the competent state authority: Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, e-mail: gp.ip@ip-rs.si).

Period of retention of personal data

If we have your explicit consent for a specific purpose of processing, the retention period is: until revoked.
Statutory processing under Article 6.b of the GDPR – processing is required for the performance of a contract (retention period: 10 years), or for the implementation of measures at the request of such an individual before the conclusion of the contract (retention period: 5 years).