Privacy policy

1) About the Privacy Policy

The purpose of the Privacy Policy is to inform users of the services of Habemus d.o.o. and other individuals with the purposes and legal basis of the processing of personal data by the company Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana, and the rights of individuals in this area.

The company pays special attention to the security of your personal data. All provided personal data is treated confidentially and is used only for the purpose for which it was provided. We manage your personal data with the utmost care, taking into account the applicable legislation and the highest standards of their treatment. We take care of the security of your personal data with, among other things, appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts with the aim of protecting your personal data as effectively as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or from unauthorized access to personal data that has been transferred, stored or otherwise processed.

This Privacy Policy further explains the consent you have given to the processing of your personal data.

The Privacy Policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (hereinafter: General Data Protection Regulation), the following information is covered:

– contact information of the Company,

– purposes, bases and types of processing of various types of personal data of individuals,

– storage time of individual types of personal data,

– the rights of individuals in relation to the processing of personal data,

– the right to lodge a complaint regarding the processing of personal data,

– validity of the Privacy Policy.

2) Personal data collected by the Company

If you are only a visitor to the website, we only collect data about you through the use of cookies. If you are a user of services or a subscriber to services provided by the Company, we also collect other personal data about you that we need to perform the services you have ordered or that you use. These personal data are:

– name and surname

– contact email address

– contact phone number

– IP address

– data for issuing an invoice based on your order, your address, tax number.

3) Controller of personal data

The controller of personal data processed in accordance with this Privacy Policy is Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.

4) Categories of individuals whose personal data is processed

This Privacy Policy is intended for anyone who has ordered and/or uses our services or products, as well as those who visit our website.

5) Processing purposes and legal basis for data processing

5.1. Processing on the basis of a contract:

In the context of exercising contractual rights and fulfilling contractual obligations, the Company processes your personal data for the following purposes: identification of an individual, conclusion of a contract, to provide ordered services/products, notification of possible changes, additional details and instructions for using services/products, to solve possible technical problems problems, objections or complaints, accounting for services or products and for other purposes necessary for the implementation or conclusion of a contractual relationship between the Company and the individual.

When invoicing services, based on tax regulations, we obtain and process your address for the correct issuance of the invoice.

5.2. Processing based on law:

On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further within the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services, and detecting technical failure of systems and services.

Based on a legitimate interest, we also use your personal data for the purposes of possible executions, judicial and extrajudicial recovery.

In accordance with the General Regulation, in case of suspicion of abuse, the Company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of possible fraud or abuse, and may, if appropriate, forward this data to other providers of such services, business partners, the police , the State Prosecutor’s Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.

5.3. Processing based on consent to the processing of personal data:

Data processing may also be based on your consent, which you have provided to the Company.

Consent may, for example, refer to information about offers, benefits and improvements to services or products provided by the Company. The purpose of such information is to bring the services and products as close as possible to your needs and wishes and thereby increase their useful value for you. The notification is carried out through the channels that you have chosen in the consent. You can cancel the notification at any time, namely in the manner defined in the Privacy Policy.

You can withdraw or change your consent at any time in the same way as you gave it or in another way as defined in the Privacy Policy, whereby the Company reserves the right to identify the customer. The change of consent can also be arranged via email to the address info@habemus.si or by sending a written request to the headquarters of Družba Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.

Withdrawal or change of consent only applies to data processed on the basis of your consent. Your last given consent that we received is valid. The possibility of revocation of consent does not constitute the right to resign in the individual’s business relationship with the Company.

Data for which you have given your consent and you have not revoked your consent are processed for up to two years after the termination of the business relationship with the Company.

6) Restrictions on the transmission of personal data

If necessary, we will authorize other companies and individuals to carry out certain works that contribute to our services. In such a case, the Company may also forward personal data to such carefully selected external processors who will conclude a contract with the Company on the processing of personal data, or an agreement or other binding document with the same content. We will forward this type of data to external processors or make them accessible only to the extent required for a specific purpose. This data may not be used by the external processor for any other purposes, while meeting at least all personal data processing standards provided for by applicable legislation. External processors are contractually bound to respect the confidentiality of your personal data.

The company Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana, on the basis of a reasoned request, also forwards personal data to competent state authorities that have a legal basis for this. The company will e.g. responded to the requests of courts, law enforcement authorities and other state authorities, which may also include state authorities of another EU member state.

7) Personal data retention period

The data retention period is determined according to the category of individual data. We keep the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for the fulfillment of obligations or the statutory retention period.

Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment for the service or, at the latest, until the expiry of the statute of limitations in relation to an individual claim, which can range from one to five years by law. Invoices are kept for 10 years after the end of the year to which the invoice refers in accordance with the law governing value added tax.

We keep other data that we have obtained on the basis of your consent for the duration of the business relationship and for 2 years after termination, unless the law stipulates a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the time it was given or until it is revoked.

After the expiration of the retention period, the data is deleted, destroyed, blocked or anonymized, unless otherwise stipulated by law for the individual type of data.

8) Rights of Individuals in relation to the processing of personal data

We guarantee the exercise of your rights in relation to the processing of your personal data without undue delay. We will decide on your request within one month of receiving your request. In the case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, along with the reasons for the delay.

We accept requests regarding the exercise of your rights to the email address info@habemus.si or by mail to the address Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.

When you submit a request by electronic means, we will provide the information to you by electronic means whenever possible, unless you request otherwise.

When there is a justified doubt regarding the identity of an individual who submits a request regarding one of his rights, we may request the provision of additional information that is necessary to confirm the identity of the individual to whom the personal data relates.

If the requests of the data subject are clearly unfounded or excessive, especially because according to state, the Company may:

– charges a reasonable fee, taking into account the administrative costs of providing the information or message or carrying out the requested action, or

– refuse to act on the request.

We grant you the following rights in relation to the processing of your personal data:

(i) the right to access data (ii) the right to correction (iii) the right to erasure (“right to be forgotten”) (iv) the right to limit processing (v) the right to data portability (vi) the right to object

(i) right of access to data

You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information:

processing purposes,

types of personal data that are processed,

users or categories of users to whom personal data has been or will be disclosed,

the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period,

the existence of the right to request the controller to correct or delete personal data or to limit the processing of your personal data, or the existence of the right to object to such processing,

the right to lodge a complaint with the supervisory authority,

when personal data is not collected from you, any available information regarding its source.

(ii) the right to rectification

You have the right to have inaccurate personal data regarding you corrected without undue delay and, taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement.

(iii) right to erasure (“right to be forgotten”)

You have the right to have your personal data deleted without undue delay when one of the following reasons applies:

when personal data are no longer needed for the purposes for which they were collected or otherwise processed,

when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for the processing,

when you object to the processing of data, and there are no overriding legal grounds for processing them,

when personal data has been processed illegally,

when personal data must be deleted to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.

(iv) the right to restriction of processing

You have the right to obtain that we limit the processing of your personal data when one of the following cases applies:

when you dispute the accuracy of the data, namely for the period that allows us to verify the accuracy of the personal data,

the processing is illegal, and you object to the deletion of personal data and instead request the restriction of their use,

we no longer need your personal data for processing purposes, but you need them to assert, implement or defend legal claims,

if you have objected to processing based on the Company’s legitimate interests, until it is verified that our legitimate reasons override your reasons.

When the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, with the exception of their storage, is processed only with your consent, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

We are obliged to inform you before canceling the restriction on the processing of your personal data.

(v) the right to data portability

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without the Company preventing you from doing so, when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.

(vi) the right to object

When we process your data on the basis of a legitimate interest for marketing purposes, you can object to such processing at any time.

We will stop processing your personal data unless we demonstrate compelling reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

9) The right to file a complaint regarding the processing of personal data

Any complaint regarding the processing of your personal data can be sent to the email address info@habemus.si or by mail to the address Habemus d.o.o., Celovška cesta 103, 1000 Ljubljana.

In the event that we do not decide on your request within the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner.

You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.

If you have exercised the right to access data and after receiving the decision you believe that the personal data you received are not the personal data you requested, or that you did not receive all the requested personal data, you can file a reasoned complaint with the Information Commissioner before filing a complaint with the Company within 15 days. We must decide on your complaint as a new request within five working days.

10) Final provisions

For everything that is not regulated by this Privacy Policy, the current legislation applies.

The company reserves the right to change this Privacy Policy. We will inform you about the change by publishing it on the official website of Habemus d.o.o. 30 days before its entry into force.

If you have any questions about the Privacy Policy or about the data we keep about you, please write to us at the e-mail address info@habemus.si.

11) Validity of the Privacy Policy

This Privacy Policy is published on the website of Habemus d.o.o. and enters into force on 01.21.2020

Habemus d.o.o.