PRIVACY POLICY
1. About the Privacy Policy
The purpose of the Privacy Policy
of ASPIA, Aljoša FIJAVŽ s.p. (hereinafter “Privacy Policy”) is to inform users
of the services rendered by ASPIA, Aljoša FIJAVŽ s.p.[UsW1] and other
persons (hereinafter also called “individuals”), of the purposes and basis for
personal data processing by the company ASPIA, Aljoša FIJAVŽ s.p., Zeče 49,
3210 Slovenske Konjice (hereinafter “ASPIA, Aljoša FIJAVŽ s.p.”) and of
individuals’ rights in that area.
The Company places special
attention to the protection of your personal data. All personal data submitted
is kept confidential and used solely for the purpose for which it was
submitted. Your personal data is managed with utmost diligence, taking into
account the applicable legislation and top standards for personal data
treatment. The security of your personal data is provided with adequate
organisational measures, work procedures, advanced technological solutions and
external experts for the purposes of effective protection of your personal
data. The Company uses an adequate level of protection and reasonable physical,
electronic and administrative measures, with which the data collected is
protected against unintentional or unlawful destruction, loss, alteration,
unauthorised disclosure of personal data or unauthorised access to personal
data that has been transferred, stored or processed any other way.
At the same time, this Privacy
Policy further explains the consent you have given for processing your personal
data.
Pursuant to Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data
and on the free movement of such data, and repealing Directive 95/46/EC
(hereinafter “General Data Protection Regulation”), the Privacy Policy includes
the following information:
– contact information of the Company,
– purposes, bases and types of
processing various types of individuals’ personal data,
– period of storage for
individual types of personal data,
– rights of individuals related
with personal data processing,
– right to file an appeal related
with personal data processing,
– validity of the Privacy Policy.
2. Personal data that is
collected by the Company
If you are merely a visitor to
the website, the Company only collects data about you with cookies. If you are
the user or client of the services rendered by the Company, the Company also
collects other personal data that it needs to render the services you procured
or use. Such personal data includes:
– name and surname
– contact email address
– contact phone number
– address for invoice issuance or
address for the delivery of goods
– IP address
– data for the issue of a
quotation with respect to your inquiry (your address, tax number).
3. Personal data manager
The manager of the personal data
processed pursuant to this Privacy Policy is ASPIA, Aljoša FIJAVŽ s.p., Zeče
49, 3210 Slovenske Konjice.
4. Categories of individuals
whose personal data is processed
This Privacy Policy is intended
for everyone who has ordered and/or used the Company services or who has
submitted an inquiry and for those who visit the Company website.
5. Purposes of processing and
bases for data processing
5.1. Processing under contract:
Within the scope of exercising
contractual rights and fulfilling contractual obligations, the Company processes
your personal data for the following purposes: identification of an individual,
preparation of a quotation, conclusion of a contract, provision of the services
ordered, information of any changes, additional details and instructions for
using the services, settlement of any technical problems, objections or
warranty claims, billing of services and other purposes necessary for the
performance or conclusion of a contractual relationship between the Company and
an individual.
When billing services, the Company
obtains and processes your address for the purposes of correct invoice issuance
based on tax regulations.
5.2. Processing under the law:
Based on a legitimate interest,
the Company uses your personal data to detect and prevent any fraudulent use
and abuse of services and, subsequently within the scope of providing stable
and safe operations of our system and services, to implement IT security
measures, meet requirements related with the quality of services and to
identify any technical malfunctions of its systems and services.
Based on a legitimate interest,
your personal data is also used for the purposes of any enforcement, judicial
and extrajudicial recovery.
Pursuant to the General Data
Protection Regulation, the Company may process data on individuals in the event
of suspected abuse, i.e. within an adequate and proportionate scope in order to
identify and prevent any fraud or abuse, and may also, if appropriate, disclose
such data to other providers of such services, business partners, the police,
state prosecutor’s office or other competent bodies. In order to prevent any
future abuse or fraud, data on the history of identified abuse or fraud in
relation with an individual, which includes data on the commitment relationship
and, for instance, IP address, may be kept for another five years following the
termination of a business relationship.
5.3. Processing based on a
consent for personal data processing:
Data processing may also be based
on your consent that you have submitted to the Company.
The consent may, for instance,
refer to the provision of quotations, benefits and improvements to the services
rendered by the Company. The purpose of such notification is to bring the
services closer to your needs and wishes, thus enhancing the useful value for
you. Notification is made through channels that you have selected in your
consent. Notification may be cancelled at any time in the manner laid down by
the Privacy Policy.
You can withdraw your consent at
any time or amend it in the same way you gave your consent or some other way as
laid down in the privacy Policy, whereby the Company reserves the right to
identify the client. The change of consent may also be made with an email sent
to the address info@positiveboards.com or with a written request sent to the
Company’s registered office.
A withdrawal or change of consent
refers only to the data processed based on your consent. The valid consent
shall be your last consent given to the Company. The option of consent
cancellation does not constitute an entitlement to withdrawal in an individual’s
business relationship with the Company.
The data for which you have given
your consent shall be processed until cancellation. After receiving a
cancellation under the conditions, in the manner and within the period laid
down in point 8 hereunder, the Company will delete the personal data.
6. Restrictions on personal data
disclosure
If necessary, other companies and
individuals will be authorised to perform certain works that contribute to the Company
services. In such case, the Company may send personal data to such prudently
selected external processors, which will conclude a contract with the Company on
personal data processing or an equal agreement in terms of content or some
other binding document (hereinafter “Processing Contract”). Such data will be
sent or made available to external processors only within the scope required for
a specific purpose. Such data cannot be used by an external processor for any
other purpose, whereby the processor is to meet at least all personal data
processing standards as laid down by the applicable legislation. External
processors are contractually bound by the Company to respect the
confidentiality of your personal data.
Based on a substantiated request,
the Company shall disclose personal data to the competent state bodies that have
legal grounds for it. ASPIA, Aljoša FIJAVŽ s.p. will respond to requests made
by courts, law enforcement bodies and other state bodies, which may also
include the state bodies of some other EU Member State.
7. Period of personal data
storage
The period of data storage is
specified with respect to the category of individual data. Data is kept for as
long as it is necessary to achieve the purpose for which it was collected or
further processed or until the expiry of limitation periods for the fulfilment
of obligations or a statutory period of storage.
For the purposes of fulfilling
contractual obligations, billing data and therewith related contact data on
individuals may be stored until a service is paid in full or until the expiry
of limitation periods related with a particular receivable, which may last 1 to
5 years. Invoices shall be stored for another 10 years following the expiry of
the year to which they refer pursuant to the act governing value added tax.
Other data obtained on the basis
of your consent shall be stored for the term of the business relationship and
another 2 years following its termination, unless a longer period of storage is
laid down by the law. If an individual who has provided consent for personal
data processing has not entered into a business relationship with the Company,
their consent shall be valid for 2 years since it was given or until its
cancellation.
After the expiry of the storage
period, the data shall be deleted, destroyed, blocked or anonymised, unless
laid down otherwise by the law for a particular type of data.
8. Rights of individuals in
relation to personal data processing
The exercise of your rights in
relation to personal data processing is ensured without undue delay. Your
request will be resolved within one month of its receipt. In case of a complex
request or a large number of requests, the period may be extended for no more
than two months. If the period is extended, you will be notified of such
extension within one month of the receipt of the request along with the reasons
for the delay.
Requests related with the
exercise of your rights can be sent to the email address
info@positiveboards.com or by mail to the address: ASPIA, Aljoša FIJAVŽ s.p.,
Zeče 49, 3210 Slovenske Konjice.
When a request is submitted by
electronic means, information will be provided to you with electronic means
whenever possible, unless you request otherwise.
When there is reasonable doubt
related with the identity of an individual who submits a request relating to
any of their rights, the Company may request the provision of other information
that is required to confirm the identity of the data subject.
The Company provides the
following rights related with personal data processing:
(i) the right to access data
(ii) the right to correction
(iii) the right to erasure (“the
right to be forgotten”)
(iv) the right to limit
processing
(v) the right to data portability
(vi) the right to object
(i) the right to access data
You shall always have the right
to be informed whether personal data is processed in relation to you and, if
so, to access personal data and the following information:
– the purposes of processing,
– types of personal data being
processed,
– users or categories of users to
whom personal data has been or will be disclosed,
– the planned period of personal
data storage or, if not possible, the criteria used to determine such a period,
– existence of the right to
request a correction or erasure of personal data or the limitation of personal
data processing from the manager or the existence of the right to object to
such processing,
– the right to file a complaint
to a supervisory authority,
– when personal data is not
collected from you, all available information in relation to its source.
(ii) to right to correction
You have the right to have the Company
correct incorrect personal data related to you without undue delay and, taking
into account the purposes of processing, the right to supplement incomplete
personal data, including the submission of an additional declaration.
(iii) the right to erasure (“the
right to be forgotten”)
You have the right to have the Company
erase your personal data without undue delay for one of the following reasons:
– when personal data is no longer
necessary for the purposes for which it was collected or processed some other
way,
– when you cancel your consent,
based on which processing is made, and there is no other legal basis for
processing,
– when you object to data
processing and there are no prevailing legal reasons for processing,
– when personal data has been
processed unlawfully,
– when personal data has to be
erased to meet a legal obligation pursuant to the EU acquis or Slovenian law;
(iv) the right to limit
processing
You have the right to have the Company
limit the processing of your personal data in one of the following events:
– when you object to the accuracy
of data, i.e. for a period that allows the Company to verify the accuracy of
personal data,
– when the processing is unlawful
and you object to the erasure of personal data and instead request a limitation
of its use,
– when your personal data is no
longer required for the purposes of processing, but you need it to enforce,
exercise or defend legal claims,
– if you have filed an objection
in relation to processing that is based on the Company’s legal interests until
it is checked whether the Company’s legitimate reasons prevail over your
reasons.
When the processing of your
personal data has been limited pursuant to the previous paragraph, such
personal data, except for its storage, shall only be processed with your
consent or for the enforcement, exercise or defence of legal claims or for the
protection of the rights of some other natural person or legal entity.
Before the restriction on the
processing of your personal data is cancelled, the Company is obliged to inform
you.
(v) the right to data portability
You have the right to receive the
personal data you submitted in a structured, generally used machine-readable
form, and the right to submit the data to some other manager without the Company
hindering you, when the processing is based on your consent and performed by automated
means. At your request, when technically feasible, personal data may be
directly transmitted to some other manager.
(vi) the right to object
When your data is processed on
the basis of a legitimate interest for the purposes of marketing, you can
object to such processing at any time.
The processing of your personal
data will be terminated, unless the Company demonstrates urgent reasons for
processing that prevail over your interests, rights and freedoms or in order to
enforce, exercise or defend legal claim.
9. The right to file a complaint
in relation to personal data processing
Any complaint related with the
processing of your personal data can be sent to the email address
info@positiveboards.com or by mail to the address ASPIA, Aljoša FIJAVŽ s.p.,
Zeče 49, 3210 Slovenske Konjice.
If your request is not resolved
within the statutory period or is rejected, you can file a complaint to the
Information Commissioner.
Furthermore, you have the right
to file a complaint directly to the Information Commissioner if you believe
that the processing of your personal data is in violation of the Slovenian and
EU regulations governing personal data protection.
If you have enforced the right to
access data and believe, after you have received a decision, that the personal
data you received is not the personal data you requested or that you have not
received all required personal data, you can file a reasoned complaint to the Company
no later than 15 days before filing a complaint to the Information
Commissioner. Your complaint is to be resolved as a new complaint within 5
working days.
10. Final provisions
Any issue that is not regulated
in this Privacy Policy shall be subject to the applicable legislation.
The Company reserves the right to
amend this Privacy Policy. The Company will inform you of the amendment by
publishing it on its official website www.positiveboards.com 30 days before it
enters into force.
If you have any questions
regarding the Privacy Policy or regarding the data kept about you, you can send
us an email to info@positiveboards.com.
11. Data Protection Officer – CLICK
12. Validity of the Privacy
Policy
This Privacy Policy is published
on the www.positiveboards.com website and enters into force on 25 May 2018.
[UsW1]Tule bi bilo pametno dodati: (v nadaljevanju “podjetje”) oz. v prevodu: (hereinafter “Company”)