Privacy Policy

Data Protection

Personal Data Protection

At YST Group d.o.o., we treat data protection as one of the cornerstones of our success. In this document we will explain how your personal data is processed, how we ensure its security, and what rights you have in this regard, all as set out in the General Data Protection Regulation of the European Parliament and of the Council 2016/679 (hereinafter: the Regulation), in the provisions of Articles 5, 12 and 13.

Data Controller

The data controller is YST Group d.o.o., with its registered address at Litostrojska Cesta 40, 1000 Ljubljana, VAT number SI86544861, registration number: 8995923000.

Validity and Application of This Policy

This privacy and personal data protection policy applies to the website yoursoultime.si, (hereinafter: the website), which is managed by YST Group d.o.o. (hereinafter: the provider). This policy applies to all users of the website.

By using the website, the user confirms that they understand, accept, and agree to all provisions of this privacy and personal data protection policy.

This policy may be changed or amended at any time without prior notice or notification. By continuing to use the website after any such change, the user confirms their agreement to the changes.

What data about users does the provider collect

Personal and other data about users is collected by the provider through or with the help of the website.

Types of data the provider collects about users:

  • First name
  • Last name
  • Email address
  • Phone number
  • Gender
  • Street and house number
  • Postal code and city
  • Country of residence
  • Company name
  • Username
  • Password

Where and how data is collected:

  • Upon user registration for the use of the online platform and its associated services
  • Upon completion of the contact form
  • Upon user registration for the use of the Your Soul Time® online store
  • Upon registration to participate in prize draws
  • Upon completion of survey questionnaires published on the website or included in emails

Purpose of using the collected data:

  • sending newsletters, expert articles and other content related to the website to the registered email address
  • granting benefits, discounts, etc. related to the provider's products and services to newsletter subscribers
  • recording potential subscribers
  • preparing and sending offers to the registered email address
  • user segmentation (demographic, geographic, etc.)

Data Processing

Some of your data must be shared with other data controllers. These are primarily providers of various payment services (banks, PayPal, etc.). Another group of controllers are transport companies that ensure your order is delivered to your address.

For operational purposes, we also engage subcontractors who perform certain services on our behalf. These include primarily web hosting, certain online services, and similar. We have data processing agreements in place with all such subcontractors in accordance with Article 28 of the GDPR.

Data is also shared with government authorities when they request it. Data is provided to them only where a valid legal basis exists, meaning that the authority has the right to request data from us and does so in the appropriate manner — in writing.

The provider will not share collected data with third parties, unless a lawful basis for doing so exists (e.g. court orders or requests from other authorities, etc.).

The user acknowledges and agrees that the provider may entrust certain tasks relating to the collected data to third parties (data processors). Third parties may process the entrusted data solely within the scope of the provider's authorisation and in accordance with the purposes set out in the section "What data about users does the provider collect" of this policy.

Data Security and Retention Period

The provider protects all user data in accordance with this policy and with the requirements for securing personal data as set out by the legislation of the Republic of Slovenia and European Union regulations. The provider regularly performs data backups.

Registration data for the online store is retained for 5 years after the last login.

Data on past purchases is retained for as long as you have an active account with us. Once you close your account in the online store, or after 5 years have elapsed since your last login to the online store, your account data will be deleted. Data relating to direct marketing — that is, the consent given and the channels you permitted us to use — is retained for two years after the end of the year in which you withdrew your consent in full.

Other data may be retained for as long as it is strictly necessary to fulfil the purpose for which it was collected, after which it must be permanently deleted or effectively anonymised, so that the data can no longer be linked to a specific user.

User Rights

The provider will at any time allow a user who, upon registration or at a later stage, expressed a wish to receive the provider's electronic communications, to unsubscribe from receiving them in a clear and straightforward manner.

The user may at any time change or update their personal data, either on the website or by sending an email to the provider at hello@yoursoultime.si.

The user may, by submitting a request to hello@yoursoultime.si, ask the provider to complete or correct data relating to them that is incomplete or inaccurate.

The user may, by submitting a request to hello@yoursoultime.si, ask the provider to confirm whether it collects and processes data relating to the user, and what data it collects and processes. Such a request may be submitted once every 3 months.

The user may, by submitting a request to hello@yoursoultime.si, ask the provider to send an electronic copy of the data relating to them. Such a request may be submitted once every 3 months. Before providing a copy of the data, the provider has the right to ask the user to verify their identity in an appropriate manner. If the provider still has doubts about the user's identity after this, it may decline the request.

The user may, by submitting a request to hello@yoursoultime.si, ask the provider to permanently delete all data relating to them. Before deleting the data, the provider has the right to ask the user to verify their identity in an appropriate manner. If the provider still has doubts about the user's identity after this, it may decline the request.

Disclaimer of Liability

The provider is not liable for any damage suffered by the user as a result of the user having provided the provider with incorrect, false, incomplete or outdated data relating to the user.

The provider is not liable for any damage suffered by the user as a result of unauthorised third parties having accessed, obtained, altered or otherwise processed their data without the provider's explicit consent or permission, and despite the provider's due diligence.

The provider shall in no case be liable — even where it has not exercised due diligence — for damage suffered by the user arising from the circumstances described in the preceding paragraph of this section, if such circumstances are a consequence of the user's failure to carefully safeguard the data required to access certain parts of the website (username and password). The user bears sole responsibility for protecting the data required to access certain parts of the website (username and password).

Upon any suspicion of misuse of their personal data or data required to access certain parts of the website (username and password), or upon suspicion of unauthorised access to such data, the user is obliged to notify the provider immediately.

Where a contractual relationship exists between the provider and the user, the provisions governing that relationship (contract, general terms and conditions, etc.) shall in any case apply with regard to exclusions and limitations of the provider's liability.

Rights of Website Users

You have all the rights provided for by the Regulation in Articles 15 to 20. In accordance with the foregoing, you have the right to request from us, as the data controller, access to personal data (Article 15), rectification thereof (Article 16), erasure of personal data (Article 17), restriction of processing (Article 18), the right to object to processing (Article 21), and the right to data portability (Article 20).

You may exercise these rights by sending an email to hello@yoursoultime.si. Within the statutory period (30 days from receipt of a complete application), we will verify whether you meet the conditions for exercising the right and will notify you of our decision.

Right to lodge a complaint

You may at any time lodge a complaint regarding the processing of personal data with the supervisory authority in Slovenia, namely the Information Commissioner, at the address Dunajska 22, 1000 Ljubljana.

Final Provisions

The invalidity of any provision of this policy, regardless of the reason for invalidity, does not entail the invalidity of this policy as a whole. In such a case, the invalid provision shall be deemed not written, and this policy shall continue to apply without that provision.

The legal relations between users and the provider are governed by the law of the Republic of Slovenia and the law of the European Communities. Any disputes shall be subject to the jurisdiction of the competent court in Ljubljana, Republic of Slovenia.

Cookies

Cookies are small files containing information that are temporarily stored on your computer. When cookies are installed on your computer, you are not notified of this. The main purpose of cookies is to allow web servers to recognise your computer and web browser, to personalise the website, and to ensure ease of use and speed. Cookies enable us to show you the correct information you are looking for and that is of interest to you. By collecting and remembering information about your website preferences through cookies, we can provide a better website and marketing experience. Cookies do not give us access to your computer, and the data we collect through cookies does not include personal data.

For the purposes of the Your Soul Time® website, we use the following cookies:

Strictly necessary cookies for the functioning of the website:

Session Cookie

Required for the operation of the content management and display system. This cookie ensures the correct receipt of electronic messages and content on the website. The cookie is deleted when the user leaves the website.

Cloudflare Cookie

This is intended for the Cloudflare CDN network services to speed up access to the server. Read more here.

Third-party cookies

Google Analytics

We use these cookies to record visitor statistics. These cookies contain no personal information and serve solely to ensure the uniqueness of visits. You can read more about Google Analytics cookies, their purpose and duration on the website

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

If you wish to block only Google Analytics services, you can do so on this website.

Facebook

These cookies are used for the operation of Facebook network plugins. For more information about the storage and use of collected information, please read https://www.facebook.com/help/cookies

How to manage cookies?

Most web browsers allow you to manage your cookie settings. You can decline or accept cookies using the function built into your web browser. If you decline cookies, you can continue to use our website, however certain sub-pages may not function correctly. Below you will find links to instructions on how to disable cookies in your web browser.

IMPORTANT! Cookies are files on your computer. To remove cookies, please check the links above for instructions on how to delete cookies in your browser.