The Company places particular emphasis on the security of your personal information. All transmitted personal data is handled confidentially and is used only for the purpose for which it was transmitted. We handle your personal data with utmost care, bearing in mind the applicable legislation and the highest standards of processing. In order to protect your personal data as effectively as possible, we use appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts. We also use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data that has been downloaded, stored or otherwise processed.
2) Personal data collected by the company
If you are only a visitor to a website, we only collect your data using cookies. If you are a service user or a subscriber to a service provided by the Company, we also collect other personal information that we need to provide the services you use or are subscribed to. This personal data is: - name and surname - contact e-mail address - contact phone number - IP address - information to issue an offer according to your inquiry (your address, tax number). 3) The personal data controller
4) Categories of individuals whose personal data are processed
5) The purpose and bases for data processing
5.1. Processing on the basis of a contract:
In the context of the execution of contractual rights and the fulfilment of contractual obligations, the company processes your personal information for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of any changes, additional details and instructions for the use of services to solve any technical problems, objections or complaints, billing of services, and other purposes as necessary for the implementation or conclusion of the contractual relationship between the company and an individual.
When calculating the services, based on the tax regulations, we obtain and process your address for the correct issue of accounts.
5.2. Processing on the basis of law:
On the basis of legitimate interest, we use your personal information to detect and prevent the fraudulent use and misuse of services, in the context of ensuring the stable and safe operation of our system and services, and also for the purpose of implementing information security measures, meeting the requirements regarding quality of services, and detecting technical system and service failures.
On the basis of legitimate interest, we also use your personal information for the purposes of potential enforcement, judicial and extra-judicial recovery.
In accordance with the General Regulation, in the event of suspected abuses, the Company may process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing any fraud or misuse, and may, if appropriate, also forward this information to other providers of such services, business partners, the police, the Public Prosecutor's Office, or to other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuses or fraud in connection with an individual, including data on the subscription and, for example, IP address, can be kept for another five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent, which you have provided to the Company.
The revocation or alteration of consent refers only to data processed on the basis of your consent. The most recent consent that has been received from you is valid. The possibility of revoking your consent does not constitute a resignation from the business relationship of the individual with the company.
The data for which your consent is given shall be processed, in the absence of cancellation, for up to two years after the termination of the business relationship with the company.
6) Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals to perform certain tasks that complement our services. In such cases, the company may also transfer personal data to carefully selected external processors who will enter into a contract for the processing of personal data with the company, or into an agreement or other binding document (hereinafter: "Processing contract") with the same substance as the contract. For external processors, such data will only be transmitted or made accessible to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, and the external processor must meet at least all the standards for the processing of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities on a legal basis. The Company will, for example, respond to requests from courts, law enforcement and other state authorities, which could also involve the state authorities of another EU Member State.
7) Period of retention of personal data
The data retention period is determined according to the category of the individual data. We keep the data for as long as necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the limitation period for the fulfilment of the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact details of individuals may be kept until the full payment for the service or at the latest until the expiration of the limitation period in respect of an individual claim, which may legally last from one to five years. Invoices are kept for 10 years after the expiration of the year the invoice relates to in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If an individual who has given consent to the processing of personal data has not entered into a business relationship with us, their consent is valid for 2 years from its delivery or until its revocation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised if the law does not specify otherwise for the particular type of data.
8) The rights of individuals relating to the processing of personal data
We guarantee the exercise of your rights regarding the processing of your personal information without undue delay. We will decide on your request within one month of receiving it. In case of complexity and a greater number of requests, the deadline may be extended by up to two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request along with the reasons for the delay.
We accept requests regarding the exercise of your rights at email@example.com, or by post at VITAL-AIM d.o.o., Podraga 46, 5272 Podnanos.
When submitting an application by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of the individual who submits a claim relating to one of their rights, we may request the provision of additional information necessary to confirm the identity of the data subject.
Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the company may:
- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or - refuse to act on the request.
You have the following rights regarding the processing of your personal information:
(i) the right to access data (ii) the right to rectification (iii) the right to erasure ("right to be forgotten") (iv) the right to the restriction of processing (v) the right to data portability (vi) the right to object
(i) The right to access data
You are always entitled to know whether personal data is processed in relation to you and, if so, you are also entitled to access your personal information, as well as the following information:
- the purposes of the processing, - the types of personal data being processed, - the users or categories of users to whom the personal data has been or will be disclosed, - the foreseen period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period, - the existence of the right to request from the controller the rectification or erasure of personal data or the restriction of processing your personal information, or the existence of the right to object to such processing, - the right to lodge a complaint with a supervisory authority - if the personal data is not collected from the data subject, any available information as to its source;
(ii) The right to rectification
You have the right to have any correction of inaccurate personal information relating to you performed without undue delay and, taking into account the purposes of the processing, the right to complete any incomplete personal data, including the submission of a supplementary statement.
(iii) The right to erasure ("right to be forgotten")
You have the right to have your personal information deleted without undue delay, if one of the following reasons applies:
- when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; - when you revoke the consent on the basis of which the processing takes place and there is no other legal basis for processing, - when you object to the processing of data and there are no overriding legitimate reasons for processing it, - if personal data has been processed unlawfully, - when personal data has to be deleted in order to fulfil a legal obligation in accordance with EU law or Slovenian law.
(iv) The right to restriction of processing
You have the right to limit the processing of your personal information when one of the following applies: - when you are contesting the accuracy of the data, for a period enabling us to verify the accuracy of the personal data, - the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; - we no longer need your personal data for the purposes of the processing, but it is required by yourself for the establishment, exercise or defence of legal claims; - you have filed an objection regarding processing based on the legitimate interests of the company, until it is verified whether our legitimate reasons outweigh your reasons.
If the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of its storage, shall be processed only with your consent or for the establishment, enforcement or defence of legal claims or for the protection of the rights of another natural or legal person.
Before cancelling the processing limit of your personal information, we are obliged to inform you of this.
(v) The right to data portability
You have the right to receive your personal information, which you have provided us, in a structured, widely used and machine-readable form, and the right to forward this information to another controller without the Company hindering you from doing so, when the processing is based on your consent and the processing is carried out using automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.
(vi) The right to object
Whenever your data is processed on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless we prove necessary grounds for processing that prevail over your interests, rights and freedoms, or to establish, enforce or defend legal claims.
9) The right to lodge a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data may be sent to the e-mail address firstname.lastname@example.org or by post to the address of the company VITAL-AIM d.o.o., Podraga 46, 5272 Podnanos.
If we do not decide on your request within the legal deadline or if we reject your request, you have the option to lodge a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and if, after receiving the decision, you believe that the personal data you received is not the personal information you requested or that you did not receive all the required personal information, you can lodge a reasoned complaint before submitting a complaint to the Information Commissioner with the company within 15 days. We need to decide on your complaint as a new request within five business days.
10) Final Provisions