The company is particularly concerned about the security of your personal information. All personal data transmitted is treated confidentially and is used only for the purpose for which it was transmitted. We handle your personal data with utmost care, keeping in mind the applicable legislation and the highest standards of processing. For the security of your personal data, we also provide for appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts, in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from unintentional or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been downloaded, stored or otherwise processed.
- contact information of the company,
- purposes, bases and types of processing of various types of personal data of individuals,
- the time of retention of individual types of personal data,
- the rights of individuals with regard to the processing of personal data,
- the right to file a complaint concerning the processing of personal data,
2.) Personal data collected by the company
If you are only a visitor to a website, we only collect data using cookies. If you are a service user or a subscriber of a service provided by the company, we also collect other personal information that we need to provide the services you have ordered or which you use. This personal data is:
- first and last name,
- contact email address
- contact phone
- IP address
- data required to provide an offer according to your demand (your address).
3.) Personal Data Manager
4.) Categories of individuals whose personal data is processed
5.) The purpose of the processing and the basis for data processing
5.1. Processing based on contract:
In the context of the execution of contractual rights and the fulfillment of contractual obligations, the company processes your personal information for the following purposes: identification of the individual, preparation of the offer, conclusion of the contract, provision of the ordered services, notification of any changes, additional details and instructions for the use of services, to solve any potential technical problems , objections or complaints, billing of services and other purposes necessary for the implementation or conclusion of a contractual relationship between the company and an individual.
When billing the services, based on tax regulations, we obtain and process your address for the correct issue of the invoice.
5.2. Processing based on the law:
Based on a legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further within the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services, and detecting technical failure of systems and services.
Based on a legitimate interest, we also use your personal data for the purposes of possible executions, judicial and extrajudicial recovery.
In accordance with the General Regulation, in case of suspicion of abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of possible fraud or abuse and may, if appropriate, forward this data to other providers of such services, business partners, the police , the State Prosecutor's Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent, which you have provided to the company.
The withdrawal or change of consent refers only to data processed on the basis of your consent. The most recent given consent that has been received by as is the one in force. The possibility of revoking a consent does not constitute a withdrawal from the business relationship of the individual with the company.
The data for which your consent is given shall be processed, in the absence of withdrawal, for up to two years after the termination of the business relationship with the company.
6.) Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors who will enter into a contract for the processing of personal data with the company, or in substance the same agreement or other binding document (hereinafter: the processing contract). For external processors, such data will be transmitted or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, meeting at least all standards for the processing of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, the company also transfers personal data to the competent state authorities that have a legal basis for this. The company will, for example, respond to requests from courts, law enforcement and other state authorities, which may also involve the state authorities of another EU Member State.
7.) The period for which the personal data will be stored
The data retention period is determined according to the category of individual data. We keep the data for as long as necessary to achieve the purpose for which it was collected or further processed or until the expiration of the limitation period for fulfillment of the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact details of individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in respect of an individual claim, which may be statutory from one to five years. The bills are kept for 10 years after the expiration of the year to which the bill relates in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If an individual who has given consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from its submission. In case of cancellation of consent, we will process your personal information for a maximum of 15 days from the day of the cancellation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised if the law does not specify otherwise for the particular type of data.
8.) Rights of individuals with regard to the processing of personal data
The exercise of your rights regarding the processing of your personal information is guaranteed without undue delay. We will decide on your request within one month of receiving your request. In case of complexity and a greater number of requirements, the deadline may be extended by up to two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request together with the reasons for the delay.
We accept the requests regarding the exercise of your rights by email@example.com or by post to GPTĐ d.o.o., 104. brigade Hrvatske vojske 8, 42240 Ivanec.
When submitting an application by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of an individual who submits a claim relating to one of his rights, we may require that we provide additional information necessary to confirm the identity of the data subject.
If the data subject's claims are manifestly unfounded or excessive, especially if they are repeated, the company may:
- charge a reasonable fee, taking into account the administrative costs of transmitting information or communication or implementing the requested action, or
- refuse to act on the request.
We provide the following rights regarding the processing of your personal information:
(i)the right to access data
(ii)right to corrections
(iii)the right to erasing ("right to be forgotten")
(iv)the right to limit processing
(v)the right to transfer data
(vi)the right to object
(i)the right to access data
You are always entitled to know whether personal data is processed in relation to you and, if so, access to your personal information and the following information:
- the purposes of the processing,
- types of personal data being processed,
- users or categories of users to whom personal data has been or will be disclosed,
- the planned period of retention of personal data or, if this is not possible, the criteria used to determine this period,
- the existence of a right to require an administrator to correct or delete personal data or limit the processing of your personal information, or the existence of the right to object to such processing,
- the right to file a complaint with the supervisory authority,
- when personal data is not collected from you, all available information regarding their source.
(ii)right to correction
You have the right to obtain, without undue delay, a correction of inaccurate personal information relating to you and taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement.
(iii)right to be erased ("right to forget")
You have the right to have, without undue delay, your personal information deleted, if one of the following reasons applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for processing,
- when you object to the processing of data and there are no overriding legitimate reasons for processing it,
- where personal data has been processed unlawfully,
- when personal data has to be deleted in order to fulfill a legal obligation in accordance with EU law or Slovenian law.
(iv)right to restriction of processing
You have the right to limit processing of your personal information when one of the following cases applies:
- when you dispute the accuracy of the data, for a period that allows us to verify the accuracy of personal data,
- the processing is illegal, and you are opposed to the deletion of personal data and, instead, request a restriction on their use,
- we do not need your personal information anymore for processing purposes, but you need it to enforce, carry out, or defend legal claims,
- if you have filed an objection regarding processing based on the legitimate interests of the company until it is verified that our legitimate reasons take precedence over your reasons.
When the processing of your personal information has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent or for the enforcement, execution or defense of legal claims or for the protection of the rights of another natural or legal person.
Before canceling the processing limit of your personal information, we are obliged to inform you of this.
(v)right to data portability
You have the right to receive your personal information, which you have provided us, in a structured, widely used and machine-readable form, and the right to forward this information to another controller without hindering you in the case where the processing is based on your consent and the processing is carried out with automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
(vi)right to object
The data subject shall, on grounds relating to his or her particular situation, have the right to object to the processing of personal data at any time if it is based on the legitimate interests pursued by the company or a third party.
We will stop processing your personal data unless proven necessary processing grounds that prevail over your interests, rights and freedoms, or to enforce, execute or defend legal claims.
9.) The right to file a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data may be sent to the e-mail address firstname.lastname@example.org or by post to GPTĐ d.o.o., 104. brigade Hrvatske vojske 8, 42240 Ivanec.
In the event that we do not decide on your request within the legal deadline or if we reject your request, you have the possibility to file a complaint with the Information Commissioner.
You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates the Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and after receiving the decision, you believe that the personal data you received is not the personal information you requested or that you did not receive all the required personal information, you can file a reasoned complaint before submitting a complaint to the Information Commissioner with the company within 15 days. We need to decide on your complaint as a new request within five business days.
10.) Final provisions