The company pays special attention to the security of your personal data. All provided personal data is treated confidentially and is used only for the purpose for which it was provided. We manage your personal data with the utmost care, taking into account the applicable legislation and the highest standards of their treatment. We take care of the security of your personal data with, among other things, appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts with the aim of protecting your personal data as effectively as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or from unauthorized access to personal data that has been transferred, stored or otherwise processed.
– contact information of the Company,
– purposes, bases and types of processing of various types of personal data of individuals,
– storage time of individual types of personal data,
– the rights of individuals in relation to the processing of personal data,
– the right to lodge a complaint regarding the processing of personal data,
2) Personal data collected by the Company
– name and surname
– contact email address
– contact phone number
– IP address
– data for issuing an invoice based on your order, your address, tax number.
3) Controller of personal data
4) Categories of individuals whose personal data is processed
5) Processing purposes and legal basis for data processing
5.1. Processing on the basis of a contract:
In the context of exercising contractual rights and fulfilling contractual obligations, the Company processes your personal data for the following purposes: identification of an individual, conclusion of a contract, to provide ordered services/products, notification of possible changes, additional details and instructions for using services/products, to solve possible technical problems problems, objections or complaints, accounting for services or products and for other purposes necessary for the implementation or conclusion of a contractual relationship between the Company and the individual.
When invoicing services, based on tax regulations, we obtain and process your address for the correct issuance of the invoice.
5.2. Processing based on law:
On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further within the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services, and detecting technical failure of systems and services.
Based on a legitimate interest, we also use your personal data for the purposes of possible executions, judicial and extrajudicial recovery.
In accordance with the General Regulation, in case of suspicion of abuse, the Company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of possible fraud or abuse, and may, if appropriate, forward this data to other providers of such services, business partners, the police , the State Prosecutor’s Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.
5.3. Processing based on consent to the processing of personal data:
Data processing may also be based on your consent, which you have provided to the Company.
Withdrawal or change of consent only applies to data processed on the basis of your consent. Your last given consent that we received is valid. The possibility of revocation of consent does not constitute the right to resign in the individual’s business relationship with the Company.
Data for which you have given your consent and you have not revoked your consent are processed for up to two years after the termination of the business relationship with the Company.
6) Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals to carry out certain works that contribute to our services. In such a case, the Company may also forward personal data to such carefully selected external processors who will conclude a contract with the Company on the processing of personal data, or an agreement or other binding document with the same content. We will forward this type of data to external processors or make them accessible only to the extent required for a specific purpose. This data may not be used by the external processor for any other purposes, while meeting at least all personal data processing standards provided for by applicable legislation. External processors are contractually bound to respect the confidentiality of your personal data.
The company Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana, on the basis of a reasoned request, also forwards personal data to competent state authorities that have a legal basis for this. The company will e.g. responded to the requests of courts, law enforcement authorities and other state authorities, which may also include state authorities of another EU member state.
7) Personal data retention period
The data retention period is determined according to the category of individual data. We keep the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for the fulfillment of obligations or the statutory retention period.
Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment for the service or, at the latest, until the expiry of the statute of limitations in relation to an individual claim, which can range from one to five years by law. Invoices are kept for 10 years after the end of the year to which the invoice refers in accordance with the law governing value added tax.
We keep other data that we have obtained on the basis of your consent for the duration of the business relationship and for 2 years after termination, unless the law stipulates a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the time it was given or until it is revoked.
After the expiration of the retention period, the data is deleted, destroyed, blocked or anonymized, unless otherwise stipulated by law for the individual type of data.
8) Rights of Individuals in relation to the processing of personal data
We guarantee the exercise of your rights in relation to the processing of your personal data without undue delay. We will decide on your request within one month of receiving your request. In the case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, along with the reasons for the delay.
We accept requests regarding the exercise of your rights to the email address email@example.com or by mail to the address Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.
When you submit a request by electronic means, we will provide the information to you by electronic means whenever possible, unless you request otherwise.
When there is a justified doubt regarding the identity of an individual who submits a request regarding one of his rights, we may request the provision of additional information that is necessary to confirm the identity of the individual to whom the personal data relates.
If the requests of the data subject are clearly unfounded or excessive, especially because according to state, the Company may:
– charges a reasonable fee, taking into account the administrative costs of providing the information or message or carrying out the requested action, or
– refuse to act on the request.
We grant you the following rights in relation to the processing of your personal data:
(i) the right to access data (ii) the right to correction (iii) the right to erasure (“right to be forgotten”) (iv) the right to limit processing (v) the right to data portability (vi) the right to object
(i) right of access to data
You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information:
types of personal data that are processed,
users or categories of users to whom personal data has been or will be disclosed,
the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period,
the existence of the right to request the controller to correct or delete personal data or to limit the processing of your personal data, or the existence of the right to object to such processing,
the right to lodge a complaint with the supervisory authority,
when personal data is not collected from you, any available information regarding its source.
(ii) the right to rectification
You have the right to have inaccurate personal data regarding you corrected without undue delay and, taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement.
(iii) right to erasure (“right to be forgotten”)
You have the right to have your personal data deleted without undue delay when one of the following reasons applies:
when personal data are no longer needed for the purposes for which they were collected or otherwise processed,
when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for the processing,
when you object to the processing of data, and there are no overriding legal grounds for processing them,
when personal data has been processed illegally,
when personal data must be deleted to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.
(iv) the right to restriction of processing
You have the right to obtain that we limit the processing of your personal data when one of the following cases applies:
when you dispute the accuracy of the data, namely for the period that allows us to verify the accuracy of the personal data,
the processing is illegal, and you object to the deletion of personal data and instead request the restriction of their use,
we no longer need your personal data for processing purposes, but you need them to assert, implement or defend legal claims,
if you have objected to processing based on the Company’s legitimate interests, until it is verified that our legitimate reasons override your reasons.
When the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, with the exception of their storage, is processed only with your consent, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
We are obliged to inform you before canceling the restriction on the processing of your personal data.
(v) the right to data portability
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without the Company preventing you from doing so, when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.
(vi) the right to object
When we process your data on the basis of a legitimate interest for marketing purposes, you can object to such processing at any time.
We will stop processing your personal data unless we demonstrate compelling reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
9) The right to file a complaint regarding the processing of personal data
Any complaint regarding the processing of your personal data can be sent to the email address firstname.lastname@example.org or by mail to the address Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.
In the event that we do not decide on your request within the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner.
You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right to access data and after receiving the decision you believe that the personal data you received are not the personal data you requested, or that you did not receive all the requested personal data, you can file a reasoned complaint with the Information Commissioner before filing a complaint with the Company within 15 days. We must decide on your complaint as a new request within five working days.
10) Final provisions