Privacy Policy - The Flames Method

With this Privacy Policy, the company IDEYNIC 2.0 d.o.o. (hereinafter referred to as: “IDEYNIC 2.0«) is governing the rights and obligations of all users of the website (hereinafter referred to as: “users”), wherein the important principle is that the company shall respect and protect all personal data obtained from users in accordance with applicable legislation, and further undertakes to protect all personal data, obtained via the website or by using the website, in accordance with the purpose for which they have been forwarded. The term “user” relates to female and male users alike.

This Privacy Policy forms an integral part of our Terms and Conditions of Use, available on the website WWW.THEFLAMES.COM; the IDEYNIC 2.0 reserves itself the right to change its Privacy Policy at any time, without providing indicative notice. The user is bound by this Privacy Policy and by the Law on Protection of Personal Data applicable at the time the user is visiting or using the website.

In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), this Policy contains the following information:

contact information of the company and of the data protection officer,

purposes, grounds, and types of processing of different types of personal data provided by data subjects, including profiling personal data of data subjects,

transmission of data to third persons and into third countries,

time of storage of individual types of personal data,

rights of data subjects in regard to personal data processing,

rights of filing a complaint in regard to personal data processing.

Whenever applicable, the provisions related to data subjects are also used to address questions of confidentiality of communications of users who are legal persons.

Every time a user accesses or uses a website, he agrees or allows to have IDEYNIC 2.0 collect, keep, maintain, control, or otherwise process personal data related to him, in accordance with this Privacy Policy, the Terms and Conditions of Use, and the applicable Law on Protection of Personal Data. Among others, the user-related personal data include the data obtained by IDEYNIC 2.0 in regard to the fact that the user accessed the website, name, surname, address, phone numbers, payment information, information needed to access the ______ account, and/or information that the user transmits to IDEYNIC 2.0k voluntarily. IDEYNIC 2.0 owns the copyright on content and information generated through the use of the website. The user undertakes to protect his username and password, and to prevent access to unauthorised persons. IDEYNIC 2.0 also collects non-personal data, comments, videos, and other publications published by the user on the IDEYNIC 2.0 website.

IDEYNIC 2.0 can collect data in the context of the following purposes:

Registering and activating an account

Providing technical support and user support

Processing orders

Upgrading products and services

Marketing activities

Access to IDEYNIC 2.0 services on third-party websites

Other purposes needed to perform services

Job applications

Contract-based processing:

The company is processing personal data of data subjects for the purpose of direct marketing.

In accordance with the GDPR, IDEYNIC 2.0 processes the data based on several potential legal bases:

Law-based processing

The company processes personal data of data subjects for the purposes of concluding, implementing, monitoring, and terminating contractual relationships.

Processing on grounds of legitimate interest pursued by the company

The company can also process data on grounds of legitimate interest pursued by the company or by a third party, unless such interests are overrun by interests or basic rights and freedoms of a data subject, requiring the protection of personal data, especially when such personal data is the personal data of a child. In terms of further use of data collected on a data subject, the company shall undertake an assessment based on the GDPR.

Such further use in pseudonymised or aggregated form for example represents lawful use of data for marketing and other business or technical analyses of the company.

As an additional measure for some forms of further processing of traffic data, deletion of certain information is also possible.

The data subject has the possibility to object to data processing.

On grounds of a legitimate interest, the company can get in touch with the data subject with the purpose of improving its services and finding out whether they have been satisfied with their services or with the user experience; this is also possible if it is not imperatively urgent for the implementation of the contract. Due to the consideration of such interest in comparison to the interests of a data subject, the company shall not attempt to recontact individuals who have objected to it.

Other legitimate interests can constitute prevention of abuse, assertion of claims, or defence from claims asserted in administrative and legal procedures. A legitimate interest also entails legal verification of financial solvency of an individual.

In case of a suspected abuse, the company can process data of the data subject to an appropriate and reasonable extent for the purpose of identification and prevention of potential fraud or abuse; if it is appropriate, it can transfer such data to certain other persons, such as business partners, the police, the public prosecutor’s office or other competent authorities. For the purpose of preventing future abuse or fraud, the information on the history of discovered frauds.

The company reserves itself the right to process information on meeting contractual obligations of data subjects (information on paying the invoices) in order to ensure a higher level of quality of its services.

Processing on grounds of consent given for the processing of personal information:

Data processing can be based on consent provided to the company by an individual. Such consent can, for example, be related to being informed of the offer and services, preparation of offers tailored to the habits of each individual, or performing value-added services. Such informing is performed through channels chosen by the data subject in his consent. Informing via e-mail address includes forwarding the e-mail address to an external processor with the purpose of displaying advertising messages of the company while browsing online.

The data subject can withdraw his consent at any time or change it in the same way that the consent was given, or using another method determined by the company, wherein the company reserves itself the right to identify the customer. Withdrawal or modification of the consent is only related to information that is being processed based on the consent. The last given consent of the data subject received by the company applies. The possibility of withdrawing the consent does not constitute entitlement of the data subject to retire from the business relationship he is maintaining with the company.

In accordance with applicable legislation, the consent for a minor can be given by one of the parents, the foster parents, or the legal guardian of said minor. Such consent shall remain valid until one of the parents, the foster parents, or the legal guardians withdraws or modifies it; furthermore, it can also be withdrawn by the minor himself when he is granted such right in accordance with applicable legislation.

In the absence of a withdrawal, the information for which the consent has been given are being processed for three years after the termination of the business relationship with the company.

IDEYNIC 2.0 shall transfer all data exclusively to third parties who must be in possession of said data in order to process orders and provide their services; third parties who are bound to secrecy; and only its employees, server technicians, outsources dealing with forwarding e-mails, and other capital companies and/or third persons who have a basis to obtain, process, transfer, or keep personal data in accordance with applicable provisions in this Policy, a personal consent of a user, or a contractual relationship. The user consents that IDEYNIC 2.0 transfers all data to its business partners, server technicians, outsources dealing with forwarding e-mails, and other capital companies and/or third persons who have a basis to obtain, process, transfer, or keep personal data in accordance with applicable provisions in this Policy, a personal consent of a user, or a contractual relationship. Some of said business partners and connected entities can be established outside of the country of residence of the user; by visiting the website, the user agrees that his information be transferred to these persons and to these countries. The same applies in case of acquisition of IDEYNIC 2.0: the data can be transferred to new owners. The data shall be kept exclusively for the duration allowed by the legislation; in case of a negative answer provided to a job application, the information shall be kept in the base of candidates for 2 years, unless the user explicitly requires the data to be deleted before such deadline expires.

If you are transferring credit card information to IDEYNIC 2.0, such information shall be encrypted via SSL technology and kept with AES-256 encryption. Even though no methods of data transfer are 100% safe, IDEYNIC 2.0 is trying to comply with requests of PCI-DDS.

Theflamesmethod.com uses the following cookies:

– cookie name: _ga_”code” and _ga, expires: 2 year, description: Two cookies that are a product of Google Analytics (optional)

Essential website cookies:

These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.

cookie name: moove_gdpr_popup, expires: 1 year, description: This cookie rememberes when you click “Agree” for cookie banner at the bottom
cookie name: __tlbcpv, expires: 1 year, description: Used by sites created with WordPress to check whether a browser has cookies enabled. Expires after a session is ended.
cookie name: wp_woocommerce_session_, expires: 2 days, description: Cookie used for Woocommerce plugin for WordPress and ensures that shop functions properly

IDEYNIC 2.0 is not responsible for the correctness and accuracy of the content of its website, which can therefore only serve for informational purposes.

The user undertakes exclusive responsibility to ensure that the data and the contact information is authentic; in addition, he is also responsible for the safe access to his personal data. The user can withdraw his consent for the processing of personal data at any time. At the same time, the user confirms having been made aware of the fact that he has the right to insight, transcribe, copy, complete, correct, block, and delete personal data related to him (in accordance with the applicable Law on Protection of Personal Data), unless such right is limited by applicable regulations. In this case, IDEYNIC 2.0 will immediately do whatever it takes to fulfil said request. Should the user have any questions related to this Privacy Policy, he can contact info@theflamesmethod.com.

Whenever a user is accessing the website, general and non-personal data (users of the web browser, number of visits, average time of the visit of the website, pages visited) are automatically recorded. This information is used by IDEYNIC 2.0 in order to improve the content and the serviceability; such data are not subject to further processing and will not be forwarded to third persons.

IDEYNIC 2.0 only keeps your data for as long as it is necessary. IDEYNIC 2.0 can keep the data longer; however, the company can only do that in a way which makes it impossible for said data to be connected to you. The payment information is only kept by IDEYNIC 2.0 for as long as it is necessary in order to ascertain the rights related to payment and complaints.

Certain services can enable the user to publish or share his own content. In such a case, the user keeps the intellectual property rights for the content published or shared by him; however, he grants IDEYNIC 2.0 the right to use said content for the purpose of performing or improving its services. For each publication, the user guarantees that he is the owner of all intellectual property rights of the content published, or that he has obtained all necessary permissions to publish it.

The pages of IDEYNIC 2.0 can contain dialog boxes, forums, communication among users and similar features. The user undertakes to not use or misuse said means of communication in order to publish immoral content, incite hate speech, publish content breaching any and all rights of third parties, publish content that could bear the characteristics of criminal offences, publish content containing viruses, collecting data on other users, committing acts of corruption, etc. IDEYNIC 2.0 is not obliged to control such communication; the company does have the right, however, to view published materials and communication and, consequentially, limit or prevent the user from accessing said communication.

IDEYNIC 2.0 reserves itself the right to disclose all communication and publications whenever it is so required by the law; in addition, it can also withdraw any publications at any time without stating the reason.

RIGHTS OF DATA SUBJECTS

Right of access to data

The data subject shall have the right to obtain from the company confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and additional personal data processing related information, including the following:

the purposes of the processing;
the categories of personal data;

the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for.
Based on a request from a data subject, the company shall provide for a copy of his personal data that are being processed. Additional copies required by the data subject can be provided for a reasonable fee, taking into consideration administrative costs.

Right to rectification

The data subject shall have the right to obtain from the company without undue delay the rectification of inaccurate personal data concerning him- Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the company the erasure of personal data concerning him or her without undue delay and the company shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

the data subject objects to the processing on grounds of legitimate interest of the company, and there are no overriding legitimate grounds for the processing;
the data subject objects to processing on grounds of direct marketing;
the personal data have to be erased for compliance with a legal obligation in European Union or Slovenian law; such data have been incorrectly collected from a child in relation to proposing the services of an IT company, wherein said child cannot provide his consent in relation to applicable legislation.

Whenever said data are directory data or data otherwise published, the company shall take reasonable measures, including technical measures, to inform the personal data processors that the data subject requires them to delete any potential links to such personal data or copies thereof.

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the company no longer needs the personal data for the purposes of the processing, but they are
required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

The data subject shall have the right to receive the personal data concerning him, which he has provided to the company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the company to which the personal data have been provided, where the processing is based on consent of the data subject or on a contract, and where the processing is carried out by automated means.

Right to object

The data subject shall have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning him, if such processing is based on legitimate interests pursued by the company or a third party. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where direct marketing is based on consent, the right to object can be implemented by withdrawing said personal consent.

Right of filing a complaint in regard to personal data processing

The data subject can lodge any potential complaints related to personal data processing by e-mail to info@theflamesmethod.com.

Additionally, each data subject has the right to lodge a complaint directly with the Information Commissioner if he feels that processing of his personal data is breaching Slovenian regulations or EU regulations in the field of personal data protection.

If the data subject has exercised his right to access his personal data and believes that personal data received in accordance with the decision of the company are not the personal data he required, or thinks that he did not receive all personal data he required, he can lodge a complaint with explanation with the company within 15 days before lodging

a complaint with the Information Commissioner. The company must decide on the complaint within 5 working days, wherein they must be treating this complaint as a new request.

COMMUNICATION

The company can only contact the user through remote communication means if the user is not explicitly refusing such communication. Advertisement e-mails must be clearly and unequivocally marked as such, and the sender must be clearly visible. The request of the user to no longer receive advertisement messages must be respected unconditionally.

Advertisement e-mails will contain the following:

– they shall be clearly and unequivocally marked as advertisement messages,

– the sender shall be clearly marked,

– different actions, promotions, and other marketing techniques shall be clearly marked as such and shall also state the conditions in order to be able to participate,

– the manner of unsubscribing from receiving advertisement messages must be clearly stated,

– the request of the user to no longer receive advertisement messages shall be respected unconditionally by IDEYNIC 2.0.

If your data change, you can require them to be rectified at any time at info@theflamesmethod.com

If you no longer wish to receive marketing and promotional materials, let us know immediately, and use the option “Unsubscribe”.

If you wish to remove your personal data from the IDEYNIC 2.0 system in their entirety, send a request to info@theflamesmethod.com by stating which data you wish to delete permanently. Your request will be respected by IDEYNIC 2.0 no later than within 10 working days.