Privacy policy

The purpose of the cbdmuay.com privacy policy (hereinafter: the policy) is to inform customers, potential customers or visitors to the MUAY Store websites about the purposes and legal basis for the processing of personal data.

The company TYKHE d.o.o., Stantetova 32, 3320 Velenje,  info@cbdmuay.com  (hereinafter: the company Namman Muay or the provider or manager of personal data) protects your personal data in such a way that their protection is ensured throughout the business.

At  Tykhe d.o.o,  we value your privacy, which is why we always carefully protect your data.

This privacy policy may be changed or amended at any time without prior warning or notice. By using the provider’s website after a change or amendment, the individual confirms that he agrees with the changes and amendments.

All our activities related to the processing of personal data are in accordance with applicable European legislation (mainly Regulation (EU) 2016/697 on the protection of individuals in the processing of personal data and on the flow of such data (General Data Protection Regulation or GDPR) and the conventions of the Council of Europe (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Act on the Protection of Personal Data (ZVOP-1, Official Journal of the RS, No. 94/07 ), the Act on Electronic Business on the Market (ZEPT, Official Journal of the RS, No. 96/09 and 19/15) etc.).

The Privacy Policy addresses the handling of personal information that Namman Muay obtains from you when you visit and use Namman Muay websites or otherwise provide it.

Controller and authorized person for data protection

The controller of personal data is the company Tykhe doo, Stantetova 32, 3320 Velenje, Slovenia.

Tykhe doo has appointed an authorized person for data protection who can be reached at the email address  info@cbdmuay.com .

If you have any questions regarding the use of this policy or in connection with the exercise of your rights arising from this policy, please contact the authorized person for the protection of personal data, via the contact specified in the next point of the policy.

Basic concepts

  • Personal data  means any information on the basis of which an individual can be identified (this includes, for example, name, surname, e-mail address, telephone number, etc.). 
  • Controller  means the legal entity that determines the purposes and means of processing your personal data. 
  • Processor  means a legal or natural person that processes personal data on behalf of the controller. 
  • Processing  means the collection, storage, access and all other forms of use of personal data. 
  • EEA  stands for European Economic Area, which refers to all the member states of the European Union, Iceland, Norway and Liechtenstein.

Personal data

Personal data is information that identifies you as a specific or identifiable individual. An individual is identifiable when it can be directly or indirectly identified, in particular by specifying an identifier such as name, identification number, location data, online identifier, or by specifying one or more factors that characterize the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

The provider, in accordance with the purposes defined below in this policy, collects the following personal data:

  • basic information about the user (name and surname, residential address, date of birth, location);
  • contact information and information about your communication with the controller (e-mail address (email), telephone number, date, time and content of postal or e-mail communication, date, time and duration of telephone calls, recording of telephone calls);
  • channel and campaign – the method of acquiring a member or the source through which the user came into contact with the manager (website and advertising campaign or campaign, call center, physical store);
  • information about the user’s purchases and issued invoices (date and place of purchase, purchased items, prices of purchased items, total purchase amount, payment method, delivery address, number and date of invoice issue, identifier of the person who issued the invoice, etc.) and data on resolving product complaints;
  • data on the user’s use of the operator’s website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, settings made on the website) and data on the use of received messages ( e-mail, SMS) of the operator;
  • personal data that the user provides voluntarily by filling out forms, e.g. in the context of prize games or the use of configurators to identify the optimal products for the user’s needs;
  • other data that the user voluntarily provides to the provider when making a request for certain services, insofar as this data is necessary for the performance of the service. The provider does not collect or process your personal data, except when you enable it or consent to it, e.g. through the use of the website, when ordering products or services, when you subscribe to receive an e-magazine, participate in a prize game, etc. The provider also processes its data when there is a legal basis for collecting personal data, a contractual basis or when the provider has a legitimate interest in the processing.

We also obtain your personal data based on the use of cookies on our website. The provider collects only those personal data that are relevant and necessary to fulfill the purposes for which this data is processed. The time period during which the Provider stores the collected data is defined in more detail in the Personal Data Storage chapter of this Policy.

Legal basis for data processing

The provider collects and processes your personal data on the following legal bases:

  • Processing based on the law
  • Processing on the basis of a contract
  • Processing based on individual consent
  • Processing based on legitimate interest

Processing on the basis of a contract

We need your data when it is necessary for the conclusion, implementation and fulfillment of contractual obligations. The transmission of personal data is voluntary in this case.

If you do not provide personal data, you cannot conclude a contract with the provider, nor can the provider provide you with services or deliver products.

Processing on the basis of given consent

We process your data when you give us your express consent. When processing is based on consent, we will make sure in advance that all the information you need to make your decision is available to you. You can withdraw your consent at any time. If you revoke your consent, the provider will not be able to provide you with certain services.

Processing based on legitimate interest

The provider may also process data on the basis of a legitimate interest, for which the provider strives, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data refer, which require the protection of personal data.

In the case of using a legitimate interest, the provider always performs an assessment in accordance with the General Data Protection Regulation.

In case of processing based on legitimate interest, the user has the right to object. You can read more about your rights in the continuation of the policy.

Processing based on the law

We process your personal data when such processing is required by legislation that binds us (e.g. tax legislation mandates the retention of issued invoices). We process this personal data in accordance with the requirements of the law.

Purposes of personal data processing

The provider collects and processes your personal data for the following purposes

Purpose of processingA more detailed explanation
Communicating with you regarding the provision of our services and responding to your inquiriesThis includes, in particular, notifications and responses to inquiries, resolution of complaints, completion of satisfaction surveys, etc. We carry out the aforementioned processing on the basis of the legitimate interest of ensuring effective communication and successful business operations of the company in relation to users.
Conclusion and fulfillment of obligations arising from the concluded contractConclusion and implementation of the contract concluded with the provider, including the provider’s fulfillment of your orders (delivery of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations of the provider and/or your obligations. We process personal data on the basis of a contract and a pre-contractual relationship. If you do not provide us with all the information necessary to conclude the contract, we reserve the right to postpone or cancel the order.
Direct notification of customers about special offers, discounts and other content via email or SMSAt Tykhe doo, based on the ZEKom-1 Act (Act on Electronic Communications of the Republic of Slovenia, implemented on the basis of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002), we inform our customers about our products, services and content . The buyer can request the termination of this type of communication and processing of personal data at any time (right to object). The buyer can terminate this type of communication at any time via the unsubscribe link in the received messages, or by sending a written request to the email address  info@cbdmuay.com , or by using the following form  https://cbdmuay.com/contact . In this case, we process your data on the basis of the law.
Direct notification of special offers and other content via emailAt Tykhe doo, based on your consent, we will inform you about our products, services, discounts and content via email. The customer can at any time request the termination of this type of communication and processing of personal data in such a way as to revoke the consent. The given consent can be revoked at any time via the contacts listed on the website https://cbdmuay.com/contact
Directly informing customers about special offers and other content via phone calls and regular mailAt Tykhe doo, based on the given consent, we occasionally inform customers about our products, services, discounts and contents via phone calls and regular mail. The customer can at any time request the termination of this type of communication and processing of personal data in such a way as to revoke the consent. The given consent can be revoked at any time via the contacts listed on the websitehttps://cbdmuay.com/contact
General statistical processing of data on customers and their orders and potential customers (contacts) for the purposes of internal sales analysis, repeat purchases, aggregate customer behavior, advertising optimization and business optimizationAt Tykhe doo, we carry out general statistical processing of data on customers and their orders and potential customers (contacts), on the basis of which we perform internal analyzes of sales, repeat purchases and aggregate behavior of customers, and monitor and optimize our business efficiency and optimize our advertising, e.g.: We monitor sales through our sales channels (internet, stores, call center) We monitor how many customers make repeat purchases, how quickly and at what value messages, phone calls and various advertising messages (TV ads, radio ads, online ads) and based on this we optimize our advertising (we decide what, where, to whom and how to advertise). to offer affordable products and services to its users. The said processing of personal data is based on the legitimate interest of the successful business of the provider and the provision of quality services to users.
Access to your past orders and other data by consultants at Namman Muay call center and stores in order to provide better service and offersWhen you call the Namman Muay call center (or our outgoing call to you) or in the case of your visit to the Namman Muay store (if and when you identify yourself), our sales and information consultants have access to your recorded personal data and purchase history, on the basis of which they will be able to offer you a better service and more personalized offers. We carry out this processing on the basis of legitimate interest. If you do not want this, you can stop this type of data processing at any time or by sending a written request to the email address info@cbdmuay.com .
Processing data on unclaimed remote orders for the purpose of fraud preventionAt Tykhe doo, based on our legitimate interest, we process data on sent and uncollected remote orders, with which we determine whether and which customers overproportionally order products remotely with payment upon collection and then do not collect these products, which causes us business damage. which we want to prevent. When we identify such customers, we disable them from ordering products with cash on delivery in the online store, but they are still allowed to order products with immediate prepayment by payment cards or PayPal.
Automatic email communication with the user based on his or of her starting the online purchase processAt Tykhe doo, on the basis of our legitimate interest, we occasionally send e-mail messages related to their unfinished purchase to potential buyers who have added selected products to their shopping basket but have not completed the purchase, with the aim of attempting to complete the purchase or offering help and information in this regard . If you do not want this, you can stop this type of data processing at any time or by sending a written request to the email address  info@muaystore.si 
Basic personalized communication (via email, SMS, phone calls, mail, browser notifications, website information, social networks) with discounts, offers and contentAs part of basic personalized communication (via email, SMS, phone calls, mail, browser notifications, information on the website, social networks), we try to present you with relevant offers, discounts and other content that might be of interest to you based on your past interactions. with us. For this we use the following information about you: Demographic information (gender, age,) Purchase history (purchased products, number of purchases) Simple handling of behavior on Namman Muay websites (viewing individual products or content that may trigger the sending of personalized messages), without using these data for the creation of user profiles. The customer can terminate this type of communication at any time via the unsubscribe link in the received messages or by sending a written request to the email address info@cbdmuay.com . We do not use any semi-automatic or automatic profiling, but simply select appropriate sets of recipients for individual messages. In doing so, we never focus on individual data, but perform aggregate processing of larger groups. Based on this data, it can then depend on which messages you will receive from us:
Using the Facebook advertising tool Facebook Custom Audiences (“Facebook customized audiences”)At Tykhe doo, we also use the Facebook Custom Audiences service for online advertising, as part of the obtained consent for communication with customized offers and content based on the user’s profile. This service works in the following way: Your email address, which we obtained from you during your purchase or your voluntary entry, is uploaded to Facebook. Facebook compares your email address with its user base and determines whether you are a Facebook user. If you are not Facebook user, then nothing happens with your email address and Facebook does not perform any activities with it. However, if you are a Facebook user, Facebook will add you to the newly created list of customized audiences, which will only and explicitly allow us to give this group users on Facebook, we show personalized ads. Based on this, we can show you more targeted and customized ads on Facebook, as well as, above all, additional discounts. You can stop this from our site at any time or by sending a written request to the email address   info@muaystore.si 
Use of online account and access to information under GDPRWe process your personal data to ensure access and use of your user account with the provider, which allows you to access the personal data we process about you and edit the consents given. You can also access information about past orders placed with you within this profile. We process personal data based on our legitimate interest.
Communicating with personalized offers and content based on your profileBased on your consent, the provider also carries out personalized communication, which is carried out through various communication channels (via email, phone calls, mail, browser notifications, information on the website, social networks). Because we want to offer you the best possible offers and content tailored exactly to your needs, with your consent we create your profile, which is the basis for personalized communication. We can use the following information about you for this: Demographic data (gender, date of birth or age, address) Your purchase history (purchased products, time of purchase, number of purchases) Answers in various Namman Muay questionnaires on Namman Muay websites Behavior on Namman Muay websites (viewing individual products or content, adding products to the shopping cart, internet transactions) Your responses (opening a message, clicking on a link, purchasing) to the various messages we send you Based on this user profile, it can then depend on what content and offers you will receive from us: What products and content we will present to you (e.g. about joints, detoxification, weight loss, general healthy eating, etc.) to be of maximum interest to you What offers you will receive (customers with a greater number or frequency of purchases from Namman Muay get better offers) How often will we send you messages and through which communication channels If you have given your consent for this type of processing and now you no longer want it, you can stop this type of data processing at any time via the unsubscribe link in the received messages or by sending a written request to the email address info@cbdmuay.com. 
Asserting legal claims, protecting our rights and resolving disputesWe collect personal data for the defined purpose in accordance with the law.
Legal obligationsWe collect your data to fulfill legal obligations, e.g. storing invoices for the purposes of tax legislation. We process your data only to the extent necessary to fulfill legal requirements.

Storage of personal data

The provider will keep your personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected.

Those personal data that the Provider processes on the basis of the law, the Provider keeps for the period prescribed by law.

Those personal data that the Provider processes for the purpose of carrying out a contractual relationship with an individual, the Provider keeps for the period necessary for the execution of the contract and for another 5 years after its termination, except in cases where there is a dispute between you and the Provider regarding the contract ; in such a case, the Provider keeps the data for 5 years after the finality of the court or arbitration decision or settlement, or, if there was no legal dispute, 5 years from the date of the peaceful resolution of the dispute.

Those personal data that the Provider processes on the basis of the individual’s personal consent, the Provider keeps permanently, until this consent is revoked by the individual. The provider deletes such data before cancellation only when the purpose of personal data processing has already been achieved.

After the retention period has expired, the controller effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.

The manager defines the deadlines in more detail in the table below:

Purpose of processingRetention period
Communicating with you regarding the provision of our services and responding to your inquiries6 months from the end of communication
Conclusion and fulfillment of obligations arising from the concluded contract5 years from the execution of the contract
Direct notification of customers about special offers, discounts and other content via email or SMSUntil cancelation
Directly informing customers about special offers, discounts and other content via phone calls and regular mailUntil cancelation
Access to your past orders and other data by consultants at Namman MUAY call center and stores in order to provide better service and offersUntil cancelation
Processing data on unclaimed remote orders for the purpose of fraud prevention5 years from the start of processing
Automatic email communication with the user based on his or of her starting the online purchase processUntil cancelation
Basic personalized communication (via email, SMS, phone calls, mail, browser notifications, website information, social networks) with personalized discounts, offers and contentUntil cancelation
Using the Facebook advertising tool Facebook Custom Audiences (“Facebook customized audiences”)Until cancelation
Using an online accountUntil cancelation
Access to specific information on the websiteUntil cancelation
Personalized e-magazinesUntil cancelation
Marketing communications using user profilingUntil cancelation

Contractual processing of personal data

The provider can entrust individual tasks related to the processing of your data to other persons (contractual processors). Contract processors can process confidential data exclusively on behalf of the provider, within the limits of the provider’s authorization (in a written contract or other legal act) and in accordance with the purposes defined in this privacy policy. Contract processors with whom the provider cooperates are:

  • Accounting Service; law firms and other providers of legal advice;
  • data processing and analytics providers;
  • maintainers of IT systems;
  • email providers (eg Mailchimp and others);
  • payment system providers such as Braintree, PayPal and others);
  • providers of customer relationship management systems (e.g. Metakocka, Pipedrive);
  • providers of online advertising solutions (e.g. Google, Facebook).

The provider will not forward your personal data to unauthorized third parties.

Contractual processors may only process personal data within the framework of the controller’s instructions and may not use personal data to pursue any personal interests. The administrator and users do not export personal data to third countries (outside the member states of the European Economic Area – EU members and Iceland, Norway and Liechtenstein) and to international organizations.

Freedom of choice

You control the information you provide about yourself. If you decide not to provide your data to the provider, then we will not be able to provide you with certain services.

Individuals who wish to unsubscribe from the Namman Muay e-newsletter should notify us at info@cbdmuay.com. If your personal information changes (postal code, e-mail address, physical address, telephone number), please inform us of the changes at the e-mail address info@cbdmuay.com . 

Automatic recording of information (non-personal data)

Whenever you access the website, general, non-personal data (number of visits, average time spent on the website, pages visited) is automatically recorded (not as part of the registration). We use this information to measure the attractiveness of our website and to improve its content and usability. Your data is not subject to further processing and is not forwarded to a third party.

Cookies

Cookies are invisible files that are temporarily stored on your hard drive and allow the provider to recognize your computer the next time you visit the website. The provider uses cookies only to collect information concerning the use of the website and to optimize its internet advertising activities.

Advertising cookies track the individual’s use of the Provider’s website, unless the individual does not agree to the use of cookies on the page.

Safety

The provider makes great efforts to ensure the security of personal data. Your information is protected against loss, destruction, falsification, manipulation and unauthorized access or disclosure at all times.

To protect personal data, we implement organizational and technical measures such as:

  • employee training;
  • supervision of employees and regular reviews of the performance of individual employees;
  • careful selection and control of contract processors;
  • backup of electronically stored data;
  • regular maintenance and updating of computer equipment;
  • adoption of relevant internal regulations and instructions on the protection of personal data.

Consent of a minor in relation to information society services

Minors under the age of 16 should not submit any personal information to websites or otherwise without the permission (consent or approval) of the holder of parental care for the child (one of the parents or guardians). The provider will never knowingly collect personal data from persons known to be minors (under the age of 16), or use it in any way or disclose it to an unauthorized third party without the permission of the child’s guardian. This does not affect the general contract law of the Member States, such as the rules on the validity, formation or effect of a contract in relation to a child.

In such cases, taking into account available technology, the provider makes reasonable efforts to verify whether the holder of parental care for the child has given or approved consent.

Individual rights regarding data processing

If you have any questions regarding our personal data protection policy or the processing of your personal data, you can contact us at any time. Write to us at  info@cbdmuay.com  or call us at +386 40 364 244. Based on your request, we will provide you with the required information or (in accordance with the law) take care of the realization of your rights.

You have the following rights in relation to processing: 

Right to withdraw consent:  if you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw this consent at any time, without affecting the lawfulness of data processing based on consent. performed until its cancellation.

Consent can be revoked by a written statement sent to the manager at one of the contacts listed on the website https://cbdmuay.com/contact .

Revocation of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, it is possible that the controller may no longer be able to provide one or more of its services to an individual after the withdrawal of consent to the processing of personal data, if it concerns services that cannot be provided without personal data (e.g. benefit club or personalized notification). 

The right of access to personal data:  as an individual, you have the right to receive confirmation from the provider (personal data manager) as to whether personal data is being processed in relation to you, and, when this is the case, access to personal data and certain information (about the purposes of the processing, types of personal data, about users, about retention periods or criteria for determining periods, about the existence of the right to correct or delete data, the right to limit and object to processing and the right to appeal to the supervisory authority, about the source of the data, if the data was not collected at you, about the existence of automated decision-making, including the creation of profiles, the reasons for it and the meaning and consequences of such processing for you, and other information in accordance with Article 15 GDPR); 

Right to rectification of personal data:  as an individual, you have the right to have the provider correct inaccurate personal data relating to you without undue delay. As an individual, taking into account the purposes of the processing, you have the right to complete incomplete data, including submitting a supplementary statement; 

The right to erasure of personal data (“right to be forgotten”):  as an individual, you have the right to have the provider delete personal data relating to you without undue delay, and the provider must delete the data without undue delay when one of the following reasons exists:

(a) the data are no longer necessary for the purposes for which they were collected or otherwise processed,

(b) if you withdraw your consent and there is no other legal basis for the processing,

(c) if you object to the processing and there are no overriding legitimate grounds for the processing,

(d) the data has been processed illegally,

(e) the data must be deleted to comply with legal obligations under EU law or the law of a Member State applicable to the provider,

(f) data was collected in connection with information society service offerings.

However, as an individual, in certain cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete data; 

Right to restriction of processing:  as an individual, you have the right to have the provider restrict processing when one of the following cases exists:

(a) if you dispute the accuracy of the data for a period that allows the provider to verify the accuracy of the data,

(b) the processing is unlawful and you object to the deletion of the data and instead request the restriction of its use,

(c) the provider no longer needs the data for processing purposes, but you need them to assert, implement and defend legal claims,

(d) you have objected to the processing until it is verified whether the provider’s legitimate reasons prevail over your reasons; 

Right to data portability:  as an individual, you have the right to receive the personal data relating to you that you have provided to the provider in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without being the provider to whom the personal data was provided obstructed, namely when:

(a) the processing is based on consent or on a contract and

(b) the processing is carried out by automated means.

As an individual, when exercising the aforementioned right to portability, you have the right to have personal data directly transferred from one operator (provider) to another, when this is technically feasible; 

The right to object to processing:  as an individual, based on reasons related to your particular situation, you have the right to object at any time to the processing of personal data, which is necessary for the performance of tasks in the public interest or in the exercise of public authority granted to the provider (point (e) of the article 6 (1) GDPR) or is necessary due to the legitimate interests pursued by the provider or a third party (point (f) of Article 6 (1) GDPR), including the creation of profiles based on the aforementioned processing; the provider stops processing personal data, unless it demonstrates imperative legitimate reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where personal data is processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including profiling, insofar as it is related to such direct marketing; when an individual objects to processing for direct marketing purposes, the data is no longer processed for these purposes.

When data is processed for scientific or historical research purposes or statistical purposes, the individual has the right to object to the processing of data concerning him for reasons related to his special situation, unless the processing is necessary for the performance of the task being carried out for reasons of public interest; 

The right to lodge a complaint with a supervisory authority:  without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to lodge a complaint with a supervisory authority, in particular in the country of your habitual residence, your place of work or in where the violation allegedly occurred (in Slovenia, this is the Information Commissioner), if you believe that the processing of personal data concerning you violates regulations on the protection of personal data.

Without prejudice to any other (administrative or extrajudicial) means, you as an individual have the right to an effective legal remedy, namely against the legally binding decision of the supervisory authority in relation to it, as well as in the case when the supervisory authority does not consider your complaint or you are does not inform about the status of the case or about the decision on the appeal within three months.

Courts of the Member State in which the supervisory authority has its seat are competent for proceedings against the supervisory authority. An individual can address all requests regarding the exercise of rights in relation to personal data, in writing, to the controller, namely to one of the contacts listed on the website https://cbdmuay.com/contact .

For the purposes of reliable identification in the case of exercising rights in relation to personal data, the administrator may request additional data from the individual, and may refuse to take action only if he proves that he cannot reliably identify the individual.

The controller must respond to the individual’s request, with which he/she exercises his/her rights in relation to personal data, without undue delay and no later than one month after receiving the request.

Notification to the supervisory authority about a breach of personal data protection

In the event of a violation of the protection of personal data, the Provider is obliged to notify the competent supervisory authority, except when it is probable that the rights and freedoms of individuals were not threatened by the violation. When there is a suspicion that a crime has been committed at the time of the violation, the Provider is obliged to inform the police and/or the competent prosecutor’s office about the violation.

In the event that it is a violation that may cause a great risk to the rights and freedoms of individuals, the Provider is obliged to report the violation immediately or when it is not possible, without undue delay, to inform the individuals to whom the personal data refer. The notification to the individual must be made in understandable and clear language.

Access to social networks

Through our website, you can access the web plugins defined below, which the provider uses in its operation:

  • Facebook
  • Instagram
  • Youtube

Each of the listed social networks operates in accordance with its terms of use and privacy policies when providing its services. Namman Muay assumes no responsibility in relation to the use of social networks to which it provides access through its website. Questions and the exercise of rights must be addressed to the individual social network. Privacy policies are available at the links below:

Announcement of changes

Any changes to our privacy policy will be posted on this website. Updated: 10/06/2024