The Company places particular emphasis on the security of your personal information. All transmitted personal data is handled confidentially and is used only for the purpose for which it was transmitted. We handle your personal data with utmost care, bearing in mind the applicable legislation and the highest standards of processing. In order to protect your personal data as effectively as possible, we use appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts. We also use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data that has been downloaded, stored or otherwise processed.
If you are only a visitor to a website, we only collect your data using cookies. If you are a service user or a subscriber to a service provided by the Company, we also collect other personal information that we need to provide the services you use or are subscribed to. This personal data is:
5.1. Processing on the basis of a contract:
In the context of the execution of contractual rights and the fulfilment of contractual obligations, the company processes your personal information for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of any changes, additional details and instructions for the use of services to solve any technical problems, objections or complaints, billing of services, and other purposes as necessary for the implementation or conclusion of the contractual relationship between the company and an individual.
When calculating the services, based on the tax regulations, we obtain and process your address for the correct issue of accounts.
5.2. Processing on the basis of law:
On the basis of legitimate interest, we use your personal information to detect and prevent the fraudulent use and misuse of services, in the context of ensuring the stable and safe operation of our system and services, and also for the purpose of implementing information security measures, meeting the requirements regarding quality of services, and detecting technical system and service failures.
On the basis of legitimate interest, we also use your personal information for the purposes of potential enforcement, judicial and extra-judicial recovery.
In accordance with the General Regulation, in the event of suspected abuses, the Company may process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing any fraud or misuse, and may, if appropriate, also forward this information to other providers of such services, business partners, the police, the Public Prosecutor's Office, or to other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuses or fraud in connection with an individual, including data on the subscription and, for example, IP address, can be kept for another five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent, which you have provided to the Company.
The revocation or alteration of consent refers only to data processed on the basis of your consent. The most recent consent that has been received from you is valid. The possibility of revoking your consent does not constitute a resignation from the business relationship of the individual with the company.
The data for which your consent is given shall be processed, in the absence of cancellation, for up to two years after the termination of the business relationship with the company.
If necessary, we will authorize other companies and individuals to perform certain tasks that complement our services. In such cases, the company may also transfer personal data to carefully selected external processors who will enter into a contract for the processing of personal data with the company, or into an agreement or other binding document (hereinafter: "Processing contract") with the same substance as the contract. For external processors, such data will only be transmitted or made accessible to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, and the external processor must meet at least all the standards for the processing of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities on a legal basis. The Company will, for example, respond to requests from courts, law enforcement and other state authorities, which could also involve the state authorities of another EU Member State.
The data retention period is determined according to the category of the individual data. We keep the data for as long as necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the limitation period for the fulfilment of the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact details of individuals may be kept until the full payment for the service or at the latest until the expiration of the limitation period in respect of an individual claim, which may legally last from one to five years. Invoices are kept for 10 years after the expiration of the year the invoice relates to in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If an individual who has given consent to the processing of personal data has not entered into a business relationship with us, their consent is valid for 2 years from its delivery or until its revocation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised if the law does not specify otherwise for the particular type of data.
We guarantee the exercise of your rights regarding the processing of your personal information without undue delay. We will decide on your request within one month of receiving it. In case of complexity and a greater number of requests, the deadline may be extended by up to two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request along with the reasons for the delay.
We accept requests regarding the exercise of your rights at email@example.com, or by post at Katern d.o.o., Planina 198, 6232 Planina.
When submitting an application by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of the individual who submits a claim relating to one of their rights, we may request the provision of additional information necessary to confirm the identity of the data subject.
Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the company may:
You have the following rights regarding the processing of your personal information:
(i) the right to access data
(ii) the right to rectification
(iii) the right to erasure ("right to be forgotten")
(iv) the right to the restriction of processing
(v) the right to data portability
(vi) the right to object
(i) The right to access data
You are always entitled to know whether personal data is processed in relation to you and, if so, you are also entitled to access your personal information, as well as the following information:
(ii) The right to rectification
You have the right to have any correction of inaccurate personal information relating to you performed without undue delay and, taking into account the purposes of the processing, the right to complete any incomplete personal data, including the submission of a supplementary statement.
(iii) The right to erasure ("right to be forgotten")
You have the right to have your personal information deleted without undue delay, if one of the following reasons applies:
(iv) The right to restriction of processing
You have the right to limit the processing of your personal information when one of the following applies:
If the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of its storage, shall be processed only with your consent or for the establishment, enforcement or defence of legal claims or for the protection of the rights of another natural or legal person.
Before cancelling the processing limit of your personal information, we are obliged to inform you of this.
(v) The right to data portability
You have the right to receive your personal information, which you have provided us, in a structured, widely used and machine-readable form, and the right to forward this information to another controller without the Company hindering you from doing so, when the processing is based on your consent and the processing is carried out using automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.
(vi) The right to object
Whenever your data is processed on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless we prove necessary grounds for processing that prevail over your interests, rights and freedoms, or to establish, enforce or defend legal claims.
Any complaint regarding the processing of your personal data may be sent to the e-mail address firstname.lastname@example.org or by post to the address of the company Katern d.o.o., Planina 198, 6232 Planina.
If we do not decide on your request within the legal deadline or if we reject your request, you have the option to lodge a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and if, after receiving the decision, you believe that the personal data you received is not the personal information you requested or that you did not receive all the required personal information, you can lodge a reasoned complaint before submitting a complaint to the Information Commissioner with the company within 15 days. We need to decide on your complaint as a new request within five business days.