PERSONAL DATA PROTECTION: The notice from the controller to the individual regarding the processing of personal data
Our company is aware of the value of your personal data, which is why, on a daily basis, we are committed to providing appropriate processing of your personal data. The personal data processing notice from the controller to the individual keeps you informed about all news and important facts regarding the protection of your personal data.
Please read the following notice carefully before consenting to processing of personal data. We assure you that your personal data will be processed in line with the newest standards and legislature dealing with personal data protection.
What are personal data?
Personal data represent any information relating to an identified or identifiable natural person (i.e. an individual) regardless of the form in which they are expressed. These are the data that allow for your identification.
Examples of personal data: Personal identification number, tax ID number, health insurance ID number, phone number, vehicle registration number, personal bank account number...
Special categories of personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person's sex life or sexual orientation, data relating to criminal convictions and offences...
How and for how long will your personal data be stored?
Personal data collected with your express consent will be stored in an electronic or physical personal data filing system.
The collected personal data may be stored in the personal data filing system until you withdraw your consent to personal data processing, or for no longer than until the purpose for their processing is fulfilled, or unless the processing termination is required by applicable law.
All personal data collections will be safeguarded using the latest technological security measures.
Processing and use of your personal data
Following the General Data Protection Regulation (GDPR), your personal data may only be managed, collected, and processed by the controller (i.e. our company) under the following conditions:
- if we have obtained your express written or electronic consent
- if the collection of your personal data is needed to draw up a contract between you and our company
- if the collection of personal data is required by applicable law (e.g. data needed for invoicing)
What are the purposes for which we process your personal data?
The controller will manage, collect, and process the personal data for which your express written consent is required strictly for the purposes for which the data were supplied.
We undertake not to disclose or sell your personal data to a third party without prior notice and receipt of your express written consent. We will also not process your personal data in any way other than for the purposes for which the data were supplied.
Withdrawal of consent to personal data processing
You have the right to withdraw consent to the processing of personal data at any time for one or all of the purposes for which the personal data is being processed and to which you had consented.
To withdraw consent to the processing of your personal data send a written claim by post to our address or by e-mail to the e-mail address provided on our website.
In the event of the withdrawal of your consent to the processing of personal data, the controller will immediately delete and stop processing all your collected personal data.
Your legal rights regarding personal data protection
The new Regulation grants you many rights regarding your personal data safety. These are:
- Right to erasure and rectification of inaccurate personal data
You have the right to demand from the controller the rectification or completion of inaccurate or incomplete personal data concerning you.
You have the right to demand from the controller the erasure of personal data concerning you without undue delay.
The controller is obligated to communicate any rectification, completion, or erasure of personal data with you without undue delay.
- Right to restriction of personal data processing
You have the right to demand from the controller the restriction of your personal data processing where one of the following applies: the accuracy of personal data is contested, its processing is unlawful, if the controller no longer needs the personal data for the purposes of the processing, or if you have lodged an objection to its processing.
- Right to data portability
You have the right to receive from the controller the personal data concerning you that are being processed.
You have the right to demand from the controller the transfer of those data to another controller, should you so decide.
- Right to object
In addition to the right to withdraw consent, you may demand in writing the termination of use of your personal data which are being used expressly for information or direct marketing purposes at any time. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes by the controller effective immediately.
You may exercise all rights by addressing a written claim to the controller, which you may send by post to our address or by e-mail to the e-mail address provided on our website.
- Right to request access to personal data concerning you
You have the right to receive information from the controller whether any personal data concerning you is being processed, to access personal data concerning you, and to access the following information: purpose of processing, types of personal data concerning you, the users of your personal data, the estimated retention period for your personal data, the source of personal data.
- Personal data protection violation
In the event of the violation of your personal data protection and if such a violation could result in a great risk to your rights and freedoms, you will be notified immediately.
In the event of the violation of personal data protection, we shall without undue delay and no later than in 72 hours after the violation is discovered notify the competent public authority.
- Right to lodge a complaint
You have the right to lodge a complaint against the controller in case of personal data protection violation with the competent public authority at the following address: Informacijski pooblaščenec [Information Commissioner of the Republic of Slovenia], Dunajska cesta 22, 1000 Ljubljana, Slovenia, or by e-mail at: firstname.lastname@example.org.
Important information regarding the processing of your personal data
We undertake to process all collected personal data only for the above-mentioned purposes of managing or processing personal data and in accordance with the Personal Data Protection Act (ZVOP-1) and other applicable legislature, as well as in accordance with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR).