Privacy Policy

This privacy policy describes how and why DIY Racked (“DIY Racked”, “DIY-Racked”, “we” or “us”) processes your personal data when you access or use any part of the Website www.diy-racked.com (the “Website“), shop online, communicate or interact with us in any other way. This privacy policy is meant to help you understand what data we collect, why we collect it and what we do with it. You will also find information about how you can affect the processing of your personal data and what rights you have.

What is personal data?

Personal data means any information relating to you that, directly or indirectly, may be used to identify you, for example your name and your e-mail address, but also information such as your IP-number and your user behavior when using the Website, may be personal data.

Who is responsible for processing your personal data?

When your personal data is being processed by us for our purposes, in the way set out in this Privacy Policy, DIY Racked is the data controller regarding such processing.

If you have any questions about our processing of your personal data or your rights connected hereto, you can always contact us. Please see our contact details under “Do you have any questions?”

From whom do we receive personal data about you?

Most of the personal data that we process about you is information that you have chosen to provide us with regarding yourself in different situations. For example when you purchase a product at our Website, when you register for a user account at the Website and/or when you sign up for our newsletter, as well as when you contact us in any other way (for example contacting our customer service or at social media channels).

We collect personal data when you purchase products from us, visit the Website or interact with us in any other way. Personal data we collect from you include details regarding products that you have purchased from us, information about your use of the Website, information about your geographical location and interaction data. Some of the information we collect is collected through our use of cookies. You can read more about our use of cookies further down.

When you sign up for a survey, contest or campaign offer that we arrange together with our partners we receive the information that you have chosen to provide our partner with in such survey, contest/campaign offer.

When you create or have a DIY-Racked account
If you want to purchase any of our products you need a DIY-Racked account. When you are logged into your account you will get a clear overview of the products you own. If you do not provide us with the personal data we cannot create or administer your account. If you do not want to provide us with the information, you cannot create an account with us or purchase our products.

To administer and complete your purchase (including upgrades of previously purchased products)

Processing made:

• Creation and administration of your DIY-Racked account (including to maintain correct and updated data)

• Confirmation of your contact information

• Administration of your purchase history connected to your DIY-Racked account (in order to provide you with the updates, upgrades and discounts you are eligible for)

• Sending you information about updates, upgrades and new releases of your purchased products

Personal data processed:

• E-mail address

• User name and password

• Purchase history (for example what products you have purchased)

Legal basis:

The processing is necessary in order to create and administer your account in accordance with our Terms & Conditions and for us to thereby fulfil our contract with you. If you do not provide us information of your e-mail address, your user name, we will not be able to create your account.

To administer information about your DIY-Racked account and your purchase history as well as sending you information about updates, upgrades and new releases of your purchased products is necessary for the purposes of our and your legitimate interest of having updated products.

When you visit or shop on our Website

In order for us to complete the purchase of a product that you have made and fulfil our obligations towards you, we need to process certain personal data about you. In addition, our payment services provider need information of your payment details in order for the purchase to be made. If the data is not provided to us and our payment service provider, we are unable to carry out your purchases on the Website.

To administer and complete your purchase (including orders for updates and upgrades of previously purchased products)

Processing made:

• Administration of your DIY-Racked account (including to maintain correct and updated data)

• Confirmation of your identity and verification of your contact

• Administration of your possible cancellations or complaints

• Administration of your payment is made by our payment solutions provider PayPal

Personal data processed:

• Identity and contact information – name, e-mail address etc.

• Information about your DIY-Racked account

• Order information

• IP-address

Legal basis:

The processing is necessary to fulfill a contract or in order to take steps at your request prior to entering into a contract. If you do not provide us information of your identity and your e-mail address, we will not be able to complete your purchase.

To administer your possible cancellations or complaints is necessary for us in order to comply with consumer related legislation. We also have a legitimate interest of defending ourselves in connection with a potential claim.

When we communicate with each other to provide you with support and customer service and to communicate with you in relation to such and similar matters

Processing made:

• Confirmation of your identity and contact information

• Communication and correspondence with you by e-mail or our digital channels

• Reply to your comments and questions

• Internal administration of your support matter or comments or questions to our customer service

Personal data processed:

• Contact information – name and e-mail address etc.

• Information that you provide us for example information about your DIY-Racked account, your products or the questions you ask about our products and services

• If you contact us in our digital channels (Facebook, Instagram, Twitter, YouTube): your profile name and photo

Legal basis:

The processing is necessary for the purposes of our legitimate interest of helping you with your support matter or reply to your comments and questions and in order to meet your request for communication with us.

To perform customer and market analyses and to evaluate our products and services in order to develop and improve our products and services for our customers

Processing made:

• Adaption of products and services in order to make them more user friendly

• Produce documentation to develop and improve our line of products and services

• Give our customers the possibility of affecting our line of products and services

• Analyses of the data we collect for the purpose. Based on the data we process we make analyses (on an aggregated level without being able to identify you as an individual) which form the basis of our development of our Website and our products and services.

Personal data processed:

• Purchase and user generated data (for example information about the products you have purchased, browsed and/or added to the cart, information about the pages you have visited and time spent on our Website, what links you have clicked and what content you have watched)

• Technical data (for example IP-address, geographical location, browser settings, platform)

• Information about how you have interacted with us

Legal basis:

The processing is necessary for the purposes of our legitimate interest of evaluating, developing and improving our Website and our products and services.

To send you information about our products and services and information about special offers, campaigns and tips on how to use our products

Processing made:

• Administration and sending of newsletters with information about our products and services and information about special offers or campaigns

• Administration and sending of personally adapted recommendations, offers and communication so that you receive offers and information about products and services that we think you are interested in

• Analyses of the data we collect for the purpose. Based on the data we process we make analyses and conduct profiling (on an individual level) which form the basis of our personally adapted recommendations, offers and communication with you

Personal data processed:

• E-mail address

For adapted communication, we also process this personal data:

• Information about your DIY-Racked account including your purchase history

• Purchase and user generated data (for example information about the pages you have visited and time spent on our Website, what links you have clicked and what content you have watched)

• Technical data (for example IP-address, geographical location, browser settings, platform)

• Information about how you have interacted with us

• User generated data relating to the newsletters and other communication we have sent you (for example information about your receipt and handling of our communication, including information about the e-mails you have opened, what links in the e-mails you have clicked)

Legal basis:

Your consent or our legitimate interest. If you want information about our products and services and information about special offers or campaigns you can sign up for our newsletters and/or personally adapted recommendations, offers and communication. You can withdraw your consent at any time (read more about this under “What rights do you have relating to the processing of your personal data?”) and we will stop sending you newsletters and/or personally adapted recommendations, offers and communication.

If you have recently purchased one of our products, we can send you newsletters and/or personally adapted recommendations, offers and communication based on our legitimate interest of marketing our products and services. You have the right to object to such marketing (including objecting to profiling) at any time and we will stop sending you newsletters and/or personally adapted recommendations, offers and communication.

When we process data in order to comply with legal obligations or to prevent abuse

Processing made:

• Necessary processing in order to comply with legal obligations that we are subject to, for example Sloevanian consumer legislation, the Slovenian Accounting Act, Slovenian tax legislation, the Slovenian rules on product liability or Slovenian rules on statutes of limitation

Personal data processed:

• Identity and contact information

• Payment details

• Information about purchased products

• Information about timing of purchases and possible cancellations or complaints

Legal basis:

The processing is necessary in order for us to comply with legal obligations we are subject to. If the information is not processed we are unable to comply with our legal obligations and will therefore be forced to deny your purchase.

To prevent and investigate abuse of our services or potential violation of law

Processing made:

• Necessary processing in order to prevent potential violation of law

• Necessary processing in order to protect our IT environment towards attacks and intrusions

• Necessary processing in order to prevent unpermitted use of user accounts

• Necessary processing in order to prevent unpermitted use of copyright and other IPR protected products

Personal data processed:

• Purchase and user generated data

• Technical data (for example IP-address, geographical location, browser settings, platform)

• Your DIY-Racked account

• E-mail address

Legal basis:

The processing is necessary for the purpose of our legitimate interest of protecting our IT environment and our products and services from attacks and intrusions and other abuse and of protecting our and our licensors copyright protected products.

Do you want to know more about our legitimate interest?

As we have described above under “What do we do with your personal data and why do we do it?” we sometimes process your personal data based on our legitimate interest. If you have any questions about this or want to know more about how we have determined our legitimate interest, you are welcome to contact us.

Do we transfer your personal data to third parties?

We will not sell your personal data to any third party without your consent, but in some cases we share your personal data with third parties. We conduct reasonable technical, organizational and legal security measures in accordance with applicable data protection regulation in order to ensure that your personal data is handled in a secure way when the data is transferred or shared with third parties. We will not sell your personal data to any third party without your consent.

If you want more information about the third parties that we share your personal data with, you are always welcome to contact us.

Suppliers of IT systems and their partners for development and support: We use different types of IT systems and services which is necessary in order for us to be able to provide you with the services you request and for us to conduct our business. Your personal data is stored and processed in some of these. We also use third party providers for web analytic services. The suppliers are engaged by us as our data processors and only processes the personal data on our behalf and according to our instructions.

Partners that power and provide your subscriptions: We use a third party provider that helps us administer your subscriptions you have made.

Partners who administers payments: We share your personal data with a third party payment solution provider that administrates payments for our products and ensures secure payments. The payment solution provider can also share the data with credit institutions or contractual partners if this aids processing your order.

Marketing partners: In order to market our products and services to you, for example by sending you newsletters, campaign offers or other information we share your personal data with the marketing company that provides us with marketing services.

Customer service, marketing services: In order to provide you with the best possible customer service we use a third party customer service provider. When you contact our support or customer service, your personal data is shared with the customer service provider. We also use a third party service provider for e-mail marketing services and similar. When we send you information about news, campaigns, offers and similar by e-mail your personal data is shared with such third party.

Other partners: We team up with different partners in order to provide you with special offers, features or contests.

In the event of a transfer of assets or shares: If DIY Racked were to be sold in whole or in part or acquire another company or its business in whole or in part, your personal data may be transferred to a potential seller or purchaser of such company or business.

Do we transfer your personal data to third countries?

Yes. DIY Racked is a Slovenian joint effort project and we are located in Slovenia, but some of our suppliers and partners have their businesses in countries outside EU/EEA. Therefore, we transfer your personal data to such countries. When such transfer is made, we will take all reasonable legal, technical and organizational measures in order to ensure that your personal data is handled securely and with an adequate security level and in accordance with current data protection legislation. This means that the transfer of personal data may be based on for example an adequacy decision by the European Commission, Model Contract Clauses or Privacy Shield.

How long do we store your personal data?

The same type of personal data may be processed for different purposes and based on different legal grounds, for example processing which is based on our obligations to fulfill a contract with you, based on our legitimate interest or based on your consent. This means that certain personal data may still be stored by us even if you withdraw your consent and the processing that your consent concern ceases. This also means that certain personal data may be eliminated from one system because it is no longer necessary for one particular purpose, but still be stored in another system based on your consent or for another purpose for which the personal data is still necessary. In some cases, the cookies we use may include personal data. You will find information about the storage time on your computer further down.

Personal data consisting of information about products you have purchased and your DIY-Racked account will be stored for twenty (20) years (i) after you have unregistered your account or (ii) after your latest activity connected to your account, for back-up purposes and in order to support DIY Racked with the possibility to provide the ability to re-download such products in the future. Other personal data connected to your DIY-Racked account will be processed until you unregister your account or ask us to delete certain data.

Personal data that we process in connection with your purchases on our Website and in order to administrate or to fulfill our obligations to you under a contract will be processed for as long as we have contractual obligations to you. If you have made a cancellation or claim we will process your personal data for as long as the process regarding the cancellation or claim is active.

When we process personal data as a result of your communication with us, in for example support and customer service matters, the processing will continue until your support matter or customer service matter have been completed and will thereafter be stored for 24 months after your ticket is closed in order to fulfil our legitimate interest to develop our products and improve service.

When we process personal data in order to analyze and develop our products and services the processing will continue for 24 months.

When processing is made in order for us to comply with legal obligations, your personal data will be processed for as long as is set out in the relevant legal obligation. When processing is made in order to prevent and investigate abuse or violations of law the processing may be made up to 36 months.

When we process user generated data from the Website (for example information about browsed products, products added to the cart, information about the pages visited and time spent on our Website, links clicked and content watched) which is collected through our use of cookies, the processing will continue for 36 months.

When personal data is processed based on your consent the processing will continue until you withdraw your consent, or otherwise indicate to us that you no longer wish to be subject to the processing.

When we process your personal data based on our legitimate interest, you have the right to object to the processing at any time.

Your personal data may be stored longer than the above, to the extent we are required to do so by law, regulation or decisions made by authorities.

What rights do you have relating to the processing of your personal data?

Below you will find a description of your rights regarding the processing of your personal data. If you wish to exercise any of these rights, you are welcome to contact us by using the contact details set out below.

Right to obtain access to information

You have the right to obtain access to information about the personal data we process about you and you also have the right to request correction of your personal data.

Right to control of your personal data

You have the right to object, at any time, to processing of your personal data which is based on our legitimate interest. Under certain circumstances, for example if you withdraw all or part of a given consent on the processing of personal data, object to our processing or if you think that the processing is not necessary for the stated purposes, you have the right to request erasure or restriction of your personal data. Under certain circumstances, you also have the right to receive the personal data concerning you that you have provided us with, in a structured, commonly used and machine-readable format and have the right to transfer such data to another data controller.

Right to withdraw your consent

You have the right to withdraw a given consent at any given time. The withdrawal of consent may, however, have no effect on our processing of your personal data for the period prior to the withdrawal took place. You also have the right, at any time, to object to the processing of your personal data for direct marketing and profiling.

Right to submit complaints

If you have any complaints regarding our processing of your personal data, you have the right to submit such complaint to the Danish Supervisory Authority or to another supervisory authority.

All communication and measures taken by us in connection with you exercising your rights is provided free of charge. If you make an obviously unreasonable or unjustified request, we do, however, reserve the right to charge you with a reasonable fee for the costs that arise for us in order to provide you with the requested information or to take the steps necessary to fulfil your request or to decline such request.

Do we use cookies?

Yes. We use cookies on the Website in order to provide you with access to various functions and the full user experience on the Website as well as for analyzes and profiling. We also use Remarketing with Google Analytics which allows us to provide the visitors of our Website with relevant ads, which means that Google Analytics will collect data about the visitors’ visit via Google advertising cookies.

What are cookies?

Cookies are files that are stored on the user’s computer to record information about a session. DIY Racked uses cookies for different purposes:

• To store the current contents of the shopping cart.
• To store the currently selected country for dealer localization purposes.
• To collect statistical information using Google Analytics. This lets us analyze your site usage to improve our site. Google’s privacy policy is here.

Cookies are NOT used by DIY Racked for these purposes:

• To store credit card numbers. All credit card transfers are handled by PayPal and are subject to their Privacy Policy, which is available on paypal.com.
• To store E-mail addresses.

Cookie storage time

Cookies are stored for 1 year.

What do we want to do in the future?

We always want to develop and improve our products and services that we offer you. If we introduce new features that affect the purposes for which we process your personal data or features that we think is, in any other way, of importance to you we will notify you of the changes at our website and by e-mail (if we have your e-mail address) before the changes become effective. If you for some reason do not like the changes we make, your rights under applicable data protection legislation will of course remain. You will always find the latest version of the Privacy Policy on the Website.

Do you have any questions?

If you have any questions regarding the way DIY Racked handles personal information, regarding the information in this Privacy Policy or if you have any requests regarding the processing of personal data, do not hesitate to get in touch with us through the Contact DIY-Racked Support page or send us an e-mail to info@diy-racked.com.