Protection of personal data
Our company is aware of the responsibility in handling the personal data of our customers, potential subscribers, visitors to our website and all individuals who, in contact with us, disclose their personal data (hereinafter: users) and provide and undertake to be personal data of users. used exclusively for the purposes stated in this document (Privacy and Personal Data Protection Policy).
This Privacy and Personal Data Protection Policy (hereinafter: the Policy) defines the methods of collecting personal data of users, the purposes for which we collect them, the security measures with which we protect them, the persons with whom we share them, and your rights regarding protection personal data. The protection and handling of users’ personal data is fully in line with the provisions of the General Regulation on Personal Data Protection (Regulation (EU) 2016/679, hereinafter: GDPR) and other legal regulations governing the field of personal data protection. Our activities are in accordance with European legislation and conventions of the Council of Europe (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189)) and the legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Ur. of the Republic of Slovenia, No. 94/07) and the Electronic Commerce on the Market Act (ZEPT, Official Gazette of the Republic of Slovenia, no.
1. Personal data
Personal data is any data on the characteristics, condition, conduct or relationship that refers to a specific or identifiable natural person, ie an individual, according to the form in which it is expressed. However, an identifiable natural person is one who can be identified, directly or indirectly, by his / her identification numbers (eg EMŠO, tax number, health insurance number, telephone number, vehicle registration number), or by reference to factors specific to its physical, physiological, mental, economic, cultural or social identity (eg employment, title, function, position or status in a particular entity, etc.).
• basic information about the user (name and surname, address),
• contact details and data on the user’s communication with the website owner (e-mail address, telephone number, date, time and content of the postal or e-mail communication),
• information on the user’s use of the website owner’s website (dates and times of website visits, pages visited or URLs),
• other information that the user voluntarily provides to the website owner upon request for certain services that require this information.
2. Purposes of processing and bases for data processing
Processing of personal data means any operation or series of actions relating to personal data which are automatically processed or which, in the case of manual processing, form part of a personal data file or are intended to be included in a personal data file, in particular collection, acquisition, entry, editing, storage , adapting or modifying, retrieving, viewing, using, disclosing, transmitting, communicating, disseminating or otherwise making available, classifying or linking, blocking, anonymising, deleting or destroying; processing can be manual or automated.
The owner of the website collects and processes personal data of users on the following legal bases:
• consent (consent) of the individual,
• legal and contractual basis,
• legitimate interest.
The owner of the website does not collect or process personal data of users, except when users allow it or. agree to this:
• when you subscribe to receive e-news,
• when you provide us with your information by e-mail,
• when you provide us with your information in the form of business cards,
• when there is a legal basis for the collection of personal data or the website owner has a legitimate interest in processing.
The time period in which the website owner keeps the collected data is specified in the chapter Retention of personal data.
2.1. Processing of personal data on the basis of consent
In our company we collect and process personal data of users for the following purposes:
• purposes of sending e-news,
• information about its services, offers and business opportunities, and
• invitations to events.
2.2. Processing based on laws and contractual arrangements
In the event that the provision of personal data is a contractual obligation, an obligation required to enter into and perform a contract with a provider, or a legal obligation, we will be required to ask you to provide your personal data; in the event that you do not provide personal data, you will not be able to conclude a contract with the provider, nor will the provider be able to provide you with services or supply products under the contract.
3. The personal data controller and the data protection officer
Our company is also a controller of personal data. We process data in accordance with the General Regulation on Personal Data Protection.
The authorized person for the protection of personal data in our company can be reached via the umbrella e-mail address.
4. Transfer of personal data to third parties or to third countries
Our company does not pass on the collected personal data of users to third parties or to third countries.
5. Retention of personal data
We retain the personal data that you have entrusted to us with your personal and explicit consent when registering, subscribing to e-news, downloading e-publications or submitting an inquiry, until your cancellation.
You can revoke your consent to the collection and processing of personal data at any time. Revocation of consent shall not affect the lawfulness of the collection and processing of data prior to revocation. All other personal data within the framework of contractual cooperation is stored in accordance with applicable law.
We take care of ensuring the protection of personal data in many ways. We store personal data in digital form, our computer systems are protected by technical and organizational measures that prevent accidental or unlawful destruction, loss, alteration and unauthorized disclosure or access to your personal data.
We store the data we collect on secure servers until your cancellation, but no longer than the maximum retention period. Business premises, equipment and system software, including input-output units, are also adequately protected.
6. Term of retention of personal data
The personal data of an individual obtained on the basis of consent may be processed and stored as long as there is an intention or until the revocation of the given consent of the individual.
The personal data of an individual processed on the basis of a contract may be processed and stored for a further 5 years from the fulfillment of the contractual obligations of both parties.
The invoices are kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing the field of value added tax.
The personal data of an individual may be processed for his own needs until the revocation of consent with a request to remove personal data from the database, otherwise only for as long as is necessary to achieve the purpose for which the data were collected, ie. 10 years for registered users and 5 years from the fulfillment of contractual obligations of both parties or for all other users and until the subscriber unsubscribes from the e-news or until the operator ceases its activity on the market.
During the management of personal data, upon request, the individual has the opportunity to view and update the data in the database. In accordance with the Value Added Tax Act, the company keeps the invoices for 10 years after the end of the invoice issuance year.
7. Individual rights
In accordance with the applicable legislation, the individual has the right to revoke the given consent at any time, request access, correction, restriction of processing or deletion of personal data.
You can revoke your consent to the processing of personal data at any time. For this purpose, you can send us your request at any time to our e-mail address or by regular mail to the company’s headquarters.
An individual may also file a complaint with us regarding the processing of his personal data.
An individual may also lodge a complaint regarding the processing of his personal data directly with the competent supervisory authority, ie. To the Information Commissioner of the Republic of Slovenia.
8. Conduct in case of infringements
In the event of breaches of personal data protection, our company will immediately implement all internal and external measures (technical, organizational) to protect the rights and interests of the individual. Each of those affected will be notified of possible violations, as well as the competent supervisory body in the Republic of Slovenia.