Pravilnik o privatnosti
The company is particularly concerned about the security of your personal information. All personal data transmitted are treated confidentially and are used only for the purpose for which they were transmitted. We handle your personal data with utmost care, keeping in mind the applicable legislation and the highest standards of their processing. To ensure the security of your personal data, we also provide for appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts, in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from unintentional or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been downloaded, stored or otherwise processed.
- contact information of the company,
- purposes, bases and types of processing of various types of individuals’ personal data,
- time of retention of individual types of personal data,
- rights of individuals with regard to the processing of personal data,
- right to file a complaint concerning the processing of personal data,
2) Personal data collected by the company
If you are only a visitor to the web site, we only collect data on you by using cookies. If you are a service user or a subscriber of services provided by the company, we also collect other personal data that we need to provide the services you have ordered or which you use. These personal data include:
- name and surname
- contact email address
- contact phone
- IP address
- information to issue an offer according to your enquiry (your address, tax number).
3) Personal data controller
4) Categories of individuals whose personal data are processed
5) Purpose of the data processing and the basis for processing
5.1. Processing under contract:
In the context of the execution of contractual rights and the fulfilment of contractual obligations, the company processes your personal information for the following purposes: identification of the individual, preparation of the offer, conclusion of the contract, provision of the ordered services, notification of any changes, additional details and instructions for the use of services, solving of technical problems, objections or complaints, billing of services and other purposes necessary for the implementation or conclusion of a contractual relationship between the company and the individual.
When calculating the services, based on tax regulations, we obtain and process your address for the correct issue of the account.
5.2. Processing under the law:
On the basis of legitimate interest, we use your personal information to detect and prevent fraudulent use and misuse of services, furthermore in the context of ensuring the stable and safe operation of our system and services, as well as for the purpose of implementing information security measures, meeting the requirements regarding quality of services and detecting failures of technical systems and services.
On the basis of legitimate interest, we also use your personal information for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Data Protection Regulation, in the event of suspected misuse of data the company may process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing any fraud or misuse, and may, if appropriate, also forward this information to other providers of such services, business partners, the police, the Public Prosecutor's Office or other competent authorities. For the purpose of preventing future misuse or fraud, data on the history of identified misuse or fraud in connection with an individual, including subscription agreement data and, for example, an IP address, can be kept for another five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent which you have provided to the company.
The withdrawal or change of consent refers only to data processed on the basis of your consent. Your most recent consent received shall be valid. The possibility of revoking a consent does not constitute an entitlement to withdraw from the business relationship of the individual with the company.
The data for which your consent is given shall be processed in the absence of cancellation up to two years after the termination of the business relationship with the company.
6) Restrictions on the transfer of personal data
If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors that will enter into a contract for the processing of personal data with the company or conclude a substantively equivalent agreement or other binding document (hereinafter: the Processing Contract). For external processors, such data will be transferred or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, wherein meeting at least all standards for the processing of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, the company also provides personal data to the competent state authorities that have a legal basis for this purpose. A Company d.o.o. will, for example, respond to the requests of courts, law enforcement agencies and other state authorities, which could also involve the state authorities of another EU Member State.
7) Personal data retention period
The data retention period is determined according to the category of individual data. We keep the data for as long as necessary to achieve the purpose for which they were collected or further processed or until the expiration of the limitation period for fulfilment of the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact details of individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in respect of an individual claim, which may be statutory from one to five years. The invoices are kept for 10 years after the expiration of the year to which an invoice relates in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If an individual who has given consent to the processing of personal data has not entered into a business relationship with us, his/her consent is valid for 2 years from its delivery or until its cancellation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised if the law does not specify otherwise for particular types of data.
8) Individuals' rights in relation to the processing of personal data
The exercise of your rights regarding the processing of your personal data is guaranteed without undue delay. We will decide on your request within one month of receiving your request. In case of greater complexity and a greater number of requirements, the deadline may be extended by up to two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request together with the reasons for the delay.
We can accept the requests regarding the exercise of your rights by e-mail to firstname.lastname@example.org or by post to Kovinoplastika d.o.o. - Alveus, Cesta 19. oktobra 57, Lož, 1386 Stari trg pri Ložu.
When submitting an application by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of an individual who submits a claim relating to one of his/her rights we may require that you provide additional information necessary to confirm the identity of the data subject.
If the data subject's claims are manifestly unfounded or excessive, especially as they are repeated, the company may:
- charge a reasonable fee, taking into account the administrative costs of transmitting the information or communication or the implementation of the requested action, or
- refuse to act on the request.
We grant you the following rights regarding the processing of your personal information:
Right of access by the data subject
Right to rectification
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object
Right of access by the data subject
You are always entitled to know whether personal data is processed in relation to you and, if so, to access your personal information and the following information:
- processing purposes,
- types of personal data being processed,
- users or categories of users to whom personal data have been or will be disclosed,
- the envisaged period of retention of personal data or, if this is not possible, the criteria used to determine this period,
- the existence of a right to require the controller to correct or delete personal data or limit the processing of your personal data, or the existence of the right to object to such processing,
- the right to lodge a complaint with the supervisory authority,
- when personal data is not collected from you, all available information related to their source.
Right to rectification
You have the right to obtain, without undue delay, the correction of inaccurate personal information relating to you, and taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary declaration.
Right to erasure (»right to be forgotten«)
You have the right to obtain the erasure, without undue delay, of your personal data if one of the following reasons applies:
- where personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for processing,
- when you object to the processing of data and there are no overriding legitimate reasons for processing them,
- where personal data have been processed unlawfully,
- when personal data need to be deleted in order to fulfil a legal obligation in accordance with EU law or Slovenian law.
Right to restriction of processing
You have the right to restrict processing of your personal data when one of the following is true:
- when disputing the accuracy of the data, for a period that allows us to verify the accuracy of personal data,
- if the processing is illegal and you are opposed to the deletion of your personal data and, instead, request a restriction of their use,
- if we do not longer need your personal data for processing purposes, but you need them in order to enforce, execute or defend legal claims,
- if you have filed an objection concerning processing based on the legitimate interests of the company, until it is verified that our legitimate reasons prevail over your reasons.
Where processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent or for the purpose of enforcement, execution or defence of legal claims, or for the protection of the rights of other natural or legal person.
Before cancelling the processing restriction of your personal data, we are obliged to inform you of the latter.
Right to data portability
You have the right to receive your personal information, which you have provided us, in a structured, generally applicable and machine-readable form, and the right to forward this information to another data controller without being hindered from doing so by the company when processing is based on your consent and the processing is carried out with automated means. At your request, where technically feasible, personal data may be transferred directly to another data controller.
Right to object
Whenever your data is processed on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless processing grounds are proven necessary which prevail over your interests, rights and freedoms, or for the purpose of enforcing, executing or defending legal claims.
9) The right to file a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data can be sent by email to email@example.com or by mail to Kovinoplastika d.o.o. - Alveus, Cesta 19. oktobra 57, Lož, 1386 Stari trg pri Ložu
In the event that we do not decide on your request within the legal deadline or if we reject your request, you have the possibility to file a complaint with the Information Commissioner.
You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and after receiving the decision, you believe that the personal data you received is not the personal data you requested or that you did not receive all the required personal information, you can file a reasoned complaint with the company within 15 days, before submitting a complaint to the Information Commissioner. We are obliged to decide on your complaint as a new request within five business days.
10) Final provisions