The purpose of the Privacy Policy of Ekspekta d.o.o. (hereinafter: "Privacy Policy") is to inform users of Ekspekta d.o.o. services and other persons (hereinafter: natural persons) of the purposes and basis of personal data processing by Ekspekta d.o.o., Dunajska cesta 63, 1000 Ljubljana (hereinafter: Ekspekta), and the rights of individuals in this regard.
The company dedicates special attention to the security of your personal data. All provided personal data are treated confidentially and are used only for the purpose for which they were provided. We manage your personal data with the highest level of diligence, taking into account the applicable legislation and the highest standards of processing. We ensure the security of your personal data with appropriate organisational measures, work procedures and advanced technological solutions, as well as with external experts, in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the data collected against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data, or unauthorised access to personal data that have been transferred, stored or otherwise processed.
At the same time, this Privacy Policy further clarifies the consent you have given to the processing of your personal data.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), the Privacy Policy includes the following information:
If you are only visiting the website, we collect your data only with cookies. If you are a user or customer, using services provided by the company, we also collect other personal data that we need to provide the services that you have ordered or are using. These personal data include:
The controller of personal data processed in accordance with this Privacy Policy is Ekspekta d.o.o., Dunajska cesta 63, 1000 Ljubljana.
This Privacy Policy is intended for anyone who has ordered and/or used our services, submitted an enquiry, as well as those who visit our website.
As part of exercising contractual rights and performance of contractual obligations, the company processes your personal data for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of services ordered, notification of possible changes, additional details and instructions for using services, resolving potential technical issues, objections or complaints, invoicing for services and for other purposes necessary for the performance or conclusion of a contractual relationship between the company and the individual.
When invoicing for services, on the basis of tax regulations, we obtain and process your address in order to correctly issue the invoice.
On the basis of a legitimate interest, we use your personal data to identify and prevent fraudulent use and misuse of services, to ensure stable and secure operation of our system and services, as well as to implement information security measures, meet service quality requirements and identify technical system and service failures.
On the basis of a legitimate interest, we also use your personal data for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Data Protection Regulation, in the event of suspected misuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or misuse and may, if appropriate, pass this information on to other service providers, business partners and the police, public prosecutor's office or other competent authorities. For the purpose of preventing future misuses or frauds, historical data on identified misuses or frauds in connection with an individual, which includes data on the subscription relationship and, for example, IP address, may be kept for five years after the termination of the business relationship.
Data processing may also be based on your consent given to the company.
Consent may, for example, refer to information on offers, advantages and improvements to services provided by the company. The purpose of such information is to align the services as close as possible to your needs and desires, and to increase their useful value to you. Information is provided through channels you chose in the consent. You may cancel the subscription to such information at any time, as defined in the Privacy Policy.
You can withdraw or change your consent at any time in the same way as you gave it or in another way as defined by the Privacy Policy, with the company reserving the right to identify the client. The change of consent can also be arranged via e-mail to info@ekspekta.si or with a written request sent to the address of the company's registered office.
Withdrawal or change of consent affects only data processed on the basis of your consent. Your last consent given to us shall be considered effective. The option to revoke the consent does not constitute a right of withdrawal in the business relationship of the individual with the company.
The data for which your consent has been given are in the absence of revocation of consent processed up to two years after the termination of the business relationship with the company.
If necessary, we will authorise other companies and individuals to perform certain activities that contribute to our services. In such a case, the company may also provide personal data to such carefully selected external processors that will conclude a contract with the company for the processing of personal data or substantively identical agreement or other binding document (hereinafter: Processing Contract). We will provide or make available such data to external processors only to the extent required for a specific purpose. The data may not be used by the external processor for any other purpose, provided that it meets the minimum standards for the personal data processing stipulated by applicable legislation. External processors are contractually obliged by the company to respect the confidentiality of your personal data.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities, which have a legal basis for such actions. The company will, for example, respond to requests from courts, law enforcement bodies and other national authorities, which may include national authorities from another EU member state.
The data retention period is determined by the category of data. The data is kept for a maximum period necessary to achieve the purpose for which they were collected or further processed, or until the expiry of the statute of limitations for the fulfilment of obligations or the statutory retention period.
Accounting data and related contact data of individuals may be kept for the purpose of fulfilling contractual obligations until full payment of the service or until the expiry of the statute of limitations in relation to an individual claim, which, according to law, may amount to one to five years. Invoices shall be kept for 10 years after the end of the year to which the invoice refers, in accordance with the law governing value added tax.
Other data obtained on the basis of your consent are kept for the duration of the business relationship and for 2 years after the termination thereof, unless the law stipulates a longer retention period. If the individual who gave consent for the processing of personal data has not entered into a business relationship with the company, their consent is valid for 2 years from its submission or until its revocation.
At the end of the retention period, the data shall be deleted, destroyed, blocked or anonymised, unless otherwise required by law for each category of data.
We shall ensure that you can exercise your rights in relation to the personal data processing without undue delay. We shall decide on your request within one month of receiving your request. In case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, together with the reasons for the delay.
Requests regarding the exercise of your rights can be sent by e-mail to info@ekspekta.si or by mail to Ekspekta d.o.o., Dunajska cesta 63, 1000 Ljubljana.
When you submit a request by electronic means, we will provide you with the information by electronic means whenever possible, unless you request otherwise.
Where there is reasonable doubt as to the identity of an individual making the request in relation to any of their rights, we may request additional information necessary to confirm the identity of the data subject.
If the data subject's requests are manifestly unfounded or excessive, in particular because they are repetitive, the company may:
We shall ensure that you can exercise the following rights in relation to the personal data processing:
(i) data access
(ii) right to rectification
(iii) right of erasure ("right to be forgotten")
(iv) right to restriction of processing
(v) right to data portability
(vi) right to object
(i) Data access
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where they are, access to the personal data and the following information:
(ii) Right to rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you, and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right of erasure ("right to be forgotten")
You have the right to obtain from the controller the erasure of your personal data without undue delay where one of the following grounds applies:
(iv) Right to restriction of processing
You have the right to obtain restriction of processing where one of the following applies:
Where processing has been restricted under the previous paragraph, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
We are obliged to inform you before the restriction of processing of your personal data is lifted.
(v) Right to data portability
You have the right to receive the your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from the our company, when the processing is based on your consent and the processing is carried out by automated means. At your request, where technically feasible, the personal data can be transferred directly to another controller.
(vi) Right to object
When we process your data on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Any complains in regard to the processing of your personal data can be sent by e-mail to info@ekspekta.si or by mail to Ekspekta d.o.o., Dunajska cesta 63, 1000 Ljubljana.
In the event that we do not come to a decision regarding your request by the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulation on the protection of personal data.
If you have exercised your right of access to data and, after receiving the decision, you believe that the personal data you received is not the personal data you requested, or that you have not received all the requested personal data, you can file a reasoned complaint with company within 15 days before filing a complaint with the Information Commissioner. We are obliged to decide on your complaint as a new request within five business days.
All matters not covered by this Privacy Policy are subject to applicable law.
The company reserves the right to change this Privacy Policy. We will inform you of any change by publishing it on the official website of Ekspekta d.o.o. 30 days before it becomes effective.
If you have any questions about the Privacy Policy or the data we hold about you, contact us by e-mail to info@ekspekta.si.
This Privacy Policy is published on the website of Ekspekta d.o.o. and enters into force on 25 May 2018.
Ekspekta d.o.o.