For every diet
Privacy and personal data protection policy
The purpose of the Privacy and Personal Data Protection Policy (hereinafter: the Policy) is to acquaint website visitors (hereinafter: Individuals) with the purposes and basis of personal data gathering and processing by PAJS BREZ OBRESTI d.o.o. (hereinafter: the Company) and the rights of Individuals in this regard.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as the data protection act), the following information is covered:
- contact information of the Company that is handling personal data,the method of obtaining, using and processing personal data,
- what types of personal data the Company collects or obtains about Individuals,
- purposes of personal data processing of Individuals and legal basis for personal data processing,
- time of personal data retention and processing period,
- the rights of individuals in relation to the processing of personal data,
- the right to a formal complaint regarding the processing of personal data,
- protection of personal data,
- disclosure of web plug-ins and other online tools,
Where appropriate, the rights relating to Individuals shall also apply to users who are legal entities.
- the online store (hereinafter referred to as the Home page),
- organization of all forms of educational or other events and registration for such events,
- sign up for notifications about news and other activities,
- inquiries for solutions and services via e-mail, telephone and forms on the Home page,
- form submissions to obtain download documents available on the Home page, and
- Individual’s use of any other, current or future, online or offline services or technical support that the Company offers. (hereinafter all bullet points from (1) – (6) will be referred to as Services)
The controller of personal data is PAJS BREZ OBRESTI d.o.o., registered office and business address at Na Jelovcu 4, 2354 Bresternica.
All questions and any requests regarding the rights of the Individual are accepted by the Company by e-mail email@example.com or by post to the address PAJS BREZ OBRESTI d.o.o., Na Jelovcu 4, 2354 Bresternica.
The Company collects personal data from Individuals by providing subscriptions to email newsletters, and personal data them, use of the Homepage and its functionalities, when the Individual contacts the Company directly by email, telephone, or in writing, or via social networks, when registering for events. The Company may collect personal data from publicly available data such as. TIS, AJPES or in any other way by which Individuals provide personal data.
Where permitted by law, the Company obtains information from other public sources.
The types of information that the Company collects about Individuals may include information about the Individual, such as:
name and lastname,
- business email address or other email address provided by the Individual,
- the company for which the Individual works or has worked; position (function) in the company,
- telephone number,
- information about the computer or mobile device (eg IP address and browser type, Individual device type),
- Information about how the Individual is using the Homepage (eg, which pages the Individual visited, the time he or she Individual viewed the Hompega, and what the Individual clicked on).
The Company may obtain Personal Data from Individuals from certain publicly available sources, including (but not limited to) public online databases, business directories, media publications, social networks, websites, and other publicly available sources.
The Company stores personal data of Individuals on the servers of it’s IIT service providers in the cloud located in EU Member States. From time to time, personal data of Individuals may also be processed outside the EU on the servers of IT providers whose services are approved through certification mechanisms such as e.g. EU-US Privacy Shield.
Personal data of Individuals are kept as long as there is a basis for their processing and storage.
Personal data of Individuals obtained on the basis of application forms are processed and stored until revoked.
Personal data of Individuals obtained on the basis of consent are processed and stored until the consent is revoked.
For the purpose of fulfilling contractual obligations such as fulfilling orders, personal data of Individuals are kept until the full payment of obligations or until the expiry of the limitation period in relation to an individual claim. The invoices which also may contain personal data shall be kept for 10 years in accordance with the law.
Personal data may only be processed on existing legal bases and purposes determined by the GDPR and the law, which are known to the Individual in advance.
The Company processes personal data of Individuals in order to fulfill its obligations from the Articles of Association, from consent forms, from contractual relationships between Individuals and the Company and from value-adding services.
As part of exercising rights and fulfilling contractual obligations, the Company processes personal data for the following purposes: identification of the Individual, fulfillment of contractual obligations to the Individual, notifications about educational and other organized events and other notifications from the Companie.
Processing based on the legitimate interest pursued by the Company
The Company may also process data on the basis of a legitimate interest pursued by the Company, except when such interests are outweighed by the fundamental rights and freedoms of the Individual to whom the personal data relates, which require the protection of personal data.
Based on a legitimate interest, the Company may contact Individuals for the purpose of improving the user experience for the purpose of determining their satisfaction.
Other legitimate interests may include the prevention of abuse.
Processing on the basis of consent for processing of personal data
The processing of data may be based on the consent given by the Individual to the Company. Consent may, for example, relate to information about educational or other organized events, informing the Individual about novelties and the work of the Company. Communication is carried out through channels selected by the Individual.
The Individual may withdraw or change consent at any time in the same way as the consent was given or in another way defined by the Company, whereby the Company. Withdrawal or change of consent refers only to data processed on the basis of consent.
Sharing data to third parties and sharing data to third countries (countries not members of the European Union or the European Economic Area) is allowed If this is in accordance with the purpose for which consent for processing of personal data was given and is in accordance with EU law and Slovenian regulations. The company may provide personal data for Individuals to:
- third parties who perform individual processing tasks for the Company, such as the preparation and transmission of invoices, maintenance and development of the network and other services, including software, when these tasks include the processing of personal data to the extent necessary to perform this services,
- to third parties who provide services to the Company or cooperate with the Company to the extent necessary for such tasks within the purposes and bases defined in this Policy.
The Company guarantees to the Individuals the exercise of their rights without undue delay and in any case within one week of receiving the request. The company may extend the deadline for exercising the rights of the Individual by a maximum of three additional weeks, taking into account the complexity and number of requirements. If the Company extends the deadline, it shall notify the Individual of any such extension within one week of receiving the request.
The Company accepts requests regarding the rights of the Individual by email or by post mail to the Company’s address. An individual may also submit a request at the Company’s registered office.
The Company grants the following rights to individuals whose personal data it has obtained on the basis of consent with regard to the processing of personal data:
- the right to access data,
- the right to rectify or change data,
- the right to be forgotten (deletion of data),
- the right to restrict processing,
- the right to object.
The right to access data
Individuals have the right to obtain confirmation from the Company whether their personal data is being processed by the Company. Individuals also have the right, where applicable, to access their personal data and additional information relating to the processing of personal data.
Upon the request of the Individual, the Company provides a copy of personal data being processed.
The right to rectify or change data
Individuals have the right to have the Company correct personal data concerning them without delay. Individuals have the right to add incomplete personal data, including the submission of new application forms, taking into account the purposes of the processing.
Upon the request of the Individual, the Company provides a copy of the Individuals personal data being processed.
The right to be forgotten (deletion of data)
Individuals have the right to have the Company delete all personal data relating to them without delay, and the Company has the obligation to delete the personal data without undue delay:
- where personal data is no longer necessary for the purposes for which it was were collected or otherwise processed,
- when the Individual revokes the consent, which is the basis for data processing and there is no other legal basis for further data processing,
- when the Individual objects to the processing on the basis of the legitimate interest of the Company and there are no overriding legal reasons for their processing,
The right to restrict processing
Individuals have the right to restrict processing of their data where:
- The individual disputes the accuracy of the data, for a period that allows the controller to verify the accuracy of personal data,
- The processing is illegal and the Individual opposes the deletion of personal data and instead requests a restriction on the use of data.
The right to object
Individuals have the right to object to the processing of personal data at any time, for any reasons, that relates to their personal data, its use or processing by the Company or a third party.
An individual may send a complaint regarding the processing of personal data to the Company’s by email or by post. An individual may also file a complaint at the Company’s registered office.
Also, each Individual has the right to lodge a complaint directly with the Information Commissioner of the Republic of Slovenia (Slovenian Information Commissioner, Zaloška 59, 1000 Ljubljana), if the Individual considers that the processing of personal data is in violation of Slovenian regulations or EU regulations.
The Company has taken appropriate technical and organizational measures to protect the personal data of Individuals and protect them from unauthorized or illegal use or processing of personal data and against accidental loss or destruction or damage to personal data of the Individual, including:
- the principle of minimum data and processing on an anonymised basis, whenever possible,
- training of employees in the Company on the importance of confidentiality and maintaining the privacy and security of data of Individuals,
- a commitment to take appropriate disciplinary action to enforce employee privacy responsibilities,
- careful and responsible selection of third party processors,
- using secure servers to store personal information.
The Company points out that the transfer of information (including personal data) via the Internet is not always completely secure, and if an Individual provides any information via the Internet (either by email, or via the Homepage or in any other way), it does so at its own risk. The Company assumes no responsibility or any costs, or damage to reputation, or any other form of loss or damage suffered by the Individual as a result of the transmission of data over the Internet.
The Homepage uses the Google Maps mapping service operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. If an Individual wants to use Google Maps, it is necessary to save the Individual’s IP address. This information is usually transferred to Google’s servers in the United States and stored there. The company has no influence on this data transfer. The use of Google Maps is in our legitimate interest to make the Homepage more attractive and to make it easier for Individuals to find and access the Company’s headquarters. This is a legitimate interest in accordance with Art. 6 (1) (f) GDPR. Further information on the handling of user data can be found in the Google Privacy Statement.
Some or all of the cookies used by the Company on the Homepage may be rejected by the Individual by changing the browser settings, but this may reduce the Individual’s ability to use the Homepage or some or all of its functions. For more information on cookies, including how to change your browser settings, visit allaboutcookies.org.