Privacy Policy

PRIVACY POLICY
1. About the Privacy Policy
The purpose of the Privacy Policy of ASPIA, Aljoša FIJAVŽ s.p. (hereinafter “Privacy Policy”) is to inform users of the services rendered by ASPIA, Aljoša FIJAVŽ s.p.[UsW1]  and other persons (hereinafter also called “individuals”), of the purposes and basis for personal data processing by the company ASPIA, Aljoša FIJAVŽ s.p., Zeče 49, 3210 Slovenske Konjice (hereinafter “ASPIA, Aljoša FIJAVŽ s.p.”) and of individuals’ rights in that area.
The Company places special attention to the protection of your personal data. All personal data submitted is kept confidential and used solely for the purpose for which it was submitted. Your personal data is managed with utmost diligence, taking into account the applicable legislation and top standards for personal data treatment. The security of your personal data is provided with adequate organisational measures, work procedures, advanced technological solutions and external experts for the purposes of effective protection of your personal data. The Company uses an adequate level of protection and reasonable physical, electronic and administrative measures, with which the data collected is protected against unintentional or unlawful destruction, loss, alteration, unauthorised disclosure of personal data or unauthorised access to personal data that has been transferred, stored or processed any other way.
At the same time, this Privacy Policy further explains the consent you have given for processing your personal data.
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation”), the Privacy Policy includes the following information:
– contact information of the Company,
– purposes, bases and types of processing various types of individuals’ personal data,
– period of storage for individual types of personal data,
– rights of individuals related with personal data processing,
– right to file an appeal related with personal data processing,
– validity of the Privacy Policy.
2. Personal data that is collected by the Company
If you are merely a visitor to the website, the Company only collects data about you with cookies. If you are the user or client of the services rendered by the Company, the Company also collects other personal data that it needs to render the services you procured or use. Such personal data includes:
– name and surname
– contact email address
– contact phone number
– address for invoice issuance or address for the delivery of goods
– IP address
– data for the issue of a quotation with respect to your inquiry (your address, tax number).

3. Personal data manager
The manager of the personal data processed pursuant to this Privacy Policy is ASPIA, Aljoša FIJAVŽ s.p., Zeče 49, 3210 Slovenske Konjice.

4. Categories of individuals whose personal data is processed
This Privacy Policy is intended for everyone who has ordered and/or used the Company services or who has submitted an inquiry and for those who visit the Company website.

5. Purposes of processing and bases for data processing
5.1. Processing under contract:
Within the scope of exercising contractual rights and fulfilling contractual obligations, the Company processes your personal data for the following purposes: identification of an individual, preparation of a quotation, conclusion of a contract, provision of the services ordered, information of any changes, additional details and instructions for using the services, settlement of any technical problems, objections or warranty claims, billing of services and other purposes necessary for the performance or conclusion of a contractual relationship between the Company and an individual.
When billing services, the Company obtains and processes your address for the purposes of correct invoice issuance based on tax regulations.
5.2. Processing under the law:
Based on a legitimate interest, the Company uses your personal data to detect and prevent any fraudulent use and abuse of services and, subsequently within the scope of providing stable and safe operations of our system and services, to implement IT security measures, meet requirements related with the quality of services and to identify any technical malfunctions of its systems and services.
Based on a legitimate interest, your personal data is also used for the purposes of any enforcement, judicial and extrajudicial recovery.
Pursuant to the General Data Protection Regulation, the Company may process data on individuals in the event of suspected abuse, i.e. within an adequate and proportionate scope in order to identify and prevent any fraud or abuse, and may also, if appropriate, disclose such data to other providers of such services, business partners, the police, state prosecutor’s office or other competent bodies. In order to prevent any future abuse or fraud, data on the history of identified abuse or fraud in relation with an individual, which includes data on the commitment relationship and, for instance, IP address, may be kept for another five years following the termination of a business relationship.
5.3. Processing based on a consent for personal data processing:
Data processing may also be based on your consent that you have submitted to the Company.
The consent may, for instance, refer to the provision of quotations, benefits and improvements to the services rendered by the Company. The purpose of such notification is to bring the services closer to your needs and wishes, thus enhancing the useful value for you. Notification is made through channels that you have selected in your consent. Notification may be cancelled at any time in the manner laid down by the Privacy Policy.
You can withdraw your consent at any time or amend it in the same way you gave your consent or some other way as laid down in the privacy Policy, whereby the Company reserves the right to identify the client. The change of consent may also be made with an email sent to the address info@positiveboards.com or with a written request sent to the Company’s registered office.
A withdrawal or change of consent refers only to the data processed based on your consent. The valid consent shall be your last consent given to the Company. The option of consent cancellation does not constitute an entitlement to withdrawal in an individual’s business relationship with the Company.
The data for which you have given your consent shall be processed until cancellation. After receiving a cancellation under the conditions, in the manner and within the period laid down in point 8 hereunder, the Company will delete the personal data.

6. Restrictions on personal data disclosure
If necessary, other companies and individuals will be authorised to perform certain works that contribute to the Company services. In such case, the Company may send personal data to such prudently selected external processors, which will conclude a contract with the Company on personal data processing or an equal agreement in terms of content or some other binding document (hereinafter “Processing Contract”). Such data will be sent or made available to external processors only within the scope required for a specific purpose. Such data cannot be used by an external processor for any other purpose, whereby the processor is to meet at least all personal data processing standards as laid down by the applicable legislation. External processors are contractually bound by the Company to respect the confidentiality of your personal data.
Based on a substantiated request, the Company shall disclose personal data to the competent state bodies that have legal grounds for it. ASPIA, Aljoša FIJAVŽ s.p. will respond to requests made by courts, law enforcement bodies and other state bodies, which may also include the state bodies of some other EU Member State.

7. Period of personal data storage
The period of data storage is specified with respect to the category of individual data. Data is kept for as long as it is necessary to achieve the purpose for which it was collected or further processed or until the expiry of limitation periods for the fulfilment of obligations or a statutory period of storage.
For the purposes of fulfilling contractual obligations, billing data and therewith related contact data on individuals may be stored until a service is paid in full or until the expiry of limitation periods related with a particular receivable, which may last 1 to 5 years. Invoices shall be stored for another 10 years following the expiry of the year to which they refer pursuant to the act governing value added tax.
Other data obtained on the basis of your consent shall be stored for the term of the business relationship and another 2 years following its termination, unless a longer period of storage is laid down by the law. If an individual who has provided consent for personal data processing has not entered into a business relationship with the Company, their consent shall be valid for 2 years since it was given or until its cancellation.
After the expiry of the storage period, the data shall be deleted, destroyed, blocked or anonymised, unless laid down otherwise by the law for a particular type of data.

8. Rights of individuals in relation to personal data processing
The exercise of your rights in relation to personal data processing is ensured without undue delay. Your request will be resolved within one month of its receipt. In case of a complex request or a large number of requests, the period may be extended for no more than two months. If the period is extended, you will be notified of such extension within one month of the receipt of the request along with the reasons for the delay.
Requests related with the exercise of your rights can be sent to the email address info@positiveboards.com or by mail to the address: ASPIA, Aljoša FIJAVŽ s.p., Zeče 49, 3210 Slovenske Konjice.
When a request is submitted by electronic means, information will be provided to you with electronic means whenever possible, unless you request otherwise.
When there is reasonable doubt related with the identity of an individual who submits a request relating to any of their rights, the Company may request the provision of other information that is required to confirm the identity of the data subject.
The Company provides the following rights related with personal data processing:
(i) the right to access data
(ii) the right to correction
(iii) the right to erasure (“the right to be forgotten”)
(iv) the right to limit processing
(v) the right to data portability
(vi) the right to object
(i) the right to access data
You shall always have the right to be informed whether personal data is processed in relation to you and, if so, to access personal data and the following information:
– the purposes of processing,
– types of personal data being processed,
– users or categories of users to whom personal data has been or will be disclosed,
– the planned period of personal data storage or, if not possible, the criteria used to determine such a period,
– existence of the right to request a correction or erasure of personal data or the limitation of personal data processing from the manager or the existence of the right to object to such processing,
– the right to file a complaint to a supervisory authority,
– when personal data is not collected from you, all available information in relation to its source.
(ii) to right to correction
You have the right to have the Company correct incorrect personal data related to you without undue delay and, taking into account the purposes of processing, the right to supplement incomplete personal data, including the submission of an additional declaration.
(iii) the right to erasure (“the right to be forgotten”)
You have the right to have the Company erase your personal data without undue delay for one of the following reasons:
– when personal data is no longer necessary for the purposes for which it was collected or processed some other way,
– when you cancel your consent, based on which processing is made, and there is no other legal basis for processing,
– when you object to data processing and there are no prevailing legal reasons for processing,
– when personal data has been processed unlawfully,
– when personal data has to be erased to meet a legal obligation pursuant to the EU acquis or Slovenian law;
(iv) the right to limit processing
You have the right to have the Company limit the processing of your personal data in one of the following events:
– when you object to the accuracy of data, i.e. for a period that allows the Company to verify the accuracy of personal data,
– when the processing is unlawful and you object to the erasure of personal data and instead request a limitation of its use,
– when your personal data is no longer required for the purposes of processing, but you need it to enforce, exercise or defend legal claims,
– if you have filed an objection in relation to processing that is based on the Company’s legal interests until it is checked whether the Company’s legitimate reasons prevail over your reasons.
When the processing of your personal data has been limited pursuant to the previous paragraph, such personal data, except for its storage, shall only be processed with your consent or for the enforcement, exercise or defence of legal claims or for the protection of the rights of some other natural person or legal entity.
Before the restriction on the processing of your personal data is cancelled, the Company is obliged to inform you.
(v) the right to data portability
You have the right to receive the personal data you submitted in a structured, generally used machine-readable form, and the right to submit the data to some other manager without the Company hindering you, when the processing is based on your consent and performed by automated means. At your request, when technically feasible, personal data may be directly transmitted to some other manager.
(vi) the right to object
When your data is processed on the basis of a legitimate interest for the purposes of marketing, you can object to such processing at any time.
The processing of your personal data will be terminated, unless the Company demonstrates urgent reasons for processing that prevail over your interests, rights and freedoms or in order to enforce, exercise or defend legal claim.
9. The right to file a complaint in relation to personal data processing
Any complaint related with the processing of your personal data can be sent to the email address info@positiveboards.com or by mail to the address ASPIA, Aljoša FIJAVŽ s.p., Zeče 49, 3210 Slovenske Konjice.
If your request is not resolved within the statutory period or is rejected, you can file a complaint to the Information Commissioner.
Furthermore, you have the right to file a complaint directly to the Information Commissioner if you believe that the processing of your personal data is in violation of the Slovenian and EU regulations governing personal data protection.
If you have enforced the right to access data and believe, after you have received a decision, that the personal data you received is not the personal data you requested or that you have not received all required personal data, you can file a reasoned complaint to the Company no later than 15 days before filing a complaint to the Information Commissioner. Your complaint is to be resolved as a new complaint within 5 working days.

10. Final provisions
Any issue that is not regulated in this Privacy Policy shall be subject to the applicable legislation.
The Company reserves the right to amend this Privacy Policy. The Company will inform you of the amendment by publishing it on its official website www.positiveboards.com 30 days before it enters into force.
If you have any questions regarding the Privacy Policy or regarding the data kept about you, you can send us an email to info@positiveboards.com.

11. Data Protection Officer – CLICK

12. Validity of the Privacy Policy
This Privacy Policy is published on the www.positiveboards.com website and enters into force on 25 May 2018.


 [UsW1]Tule bi bilo pametno dodati: (v nadaljevanju “podjetje”) oz. v prevodu: (hereinafter “Company”)