About us
    • wpml-ls-flag
    • wpml-ls-flag
    • wpml-ls-flag

Data protection

Notice to individuals pursuant to Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data in 2.0.

The controller of personal data in relation to the website httšs://odlicno.si and your other interactions with the company Hrib d.o.o. is:

Hrib, d.o.o., Dobje pri Planini

Večje Brdo 8, 3224 Dobje pri Planini

Registration number: 5510201000

Tax number: SI 69624097

e-mail: odlicno@hrib.si

(hereinafter: “organization” or “company”)

All questions, requests, inquiries and other communications related to the protection of personal data in our organization can be addressed to: odlicno@hrib.si

Introduction

Basic information about the organization and its mission

Our organization collects, stores and otherwise processes certain information and data, including personal data, as provided for in the Personal Data Protection Act (ZVOP-2) or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the General Data Protection Regulation or GDPR).

Purpose and use of this notice

This notice describes how our organization processes the personal data of individuals who have entrusted their personal data to it directly as the personal data controller, in connection with the website https://odlicno.si/ (e.g. when loading cookies when visiting the website, when filling out and submitting a contact form, etc.).

Use of terms and changes to this notice

Unless otherwise stated, the terms appearing in this notice (e.g. personal data, processing, controller, processor, etc.) have the same meaning as in the GDPR.

The phrase website or website means https://odlicno.si/ and also includes all associated subpages and connected servers and systems.

It is considered that the strengthened or defined terms in this notice (e.g. individual), which are otherwise written in the singular, also include the plural and vice versa, and the terms written in one gender include all genders (e.g. individual).

  1. Retention period for personal data


The retention period for personal data depends on the purpose for which they were collected. We store data for a maximum of as long as is necessary to achieve the purpose for which they were collected or further processed, or until the expiration of the limitation periods for fulfilling obligations or the legally prescribed period, or until revocation, if the data is obtained on the basis of consent. Taking into account the nature of the processed data and the risks, we periodically and in a documented manner check whether the provisions on limiting the retention period are being complied with.
Unless otherwise provided by law for individual types of personal data, after the purpose of processing has been fulfilled, personal data is deleted, destroyed or anonymized, or another procedure is carried out that prevents the identification of the individual to whom the personal data relate, in particular by restricting access to them, blocking them or archiving them.

An individual can always request the deletion of data by sending their request to the official email address of the organization at the address provided at the beginning of this document.

1.1. The legal basis for processing personal data may lie in the performance of a concluded contract or negotiations for the conclusion of a contract

We may process personal data of individuals on the basis of a concluded contract (e.g. the performance of a service in our branch) or negotiations for the conclusion of a contract (e.g. when an individual wishes to obtain more information about our services through our official communication channels).

In the cases described, you provide us with personal data as part of a contractual obligation or as part of negotiations for the conclusion of a contract, whereby we consequently do not need your explicit consent for the above-mentioned processing of your personal data.

In principle, you will not suffer any serious negative consequences in situations where we would otherwise need your personal data to perform our services and you do not provide us with this data. However, such situations may significantly complicate or even make it impossible to perform the ordered services or our cooperation, and in such cases you will be informed about this in advance or subsequently.

1.2. The legal basis for processing your data may also be the law

In the organization, we also process personal data for the purposes of fulfilling legal and other regulations, especially those governing taxes and accounting (e.g. records of issued and received invoices, etc.), e.g.:

– when the organization is ordered by an inspector or other public authority to entrust the personal data of a certain customer / visitor to it in accordance with the law (e.g. in the context of carrying out an inspection under the provisions of the Inspection Control Act (ZIN),

– when the organization processes the personal data of a customer to whom it issued an invoice, the organization processes this invoice and data about the customer (e.g. personal name, contact details, etc.) on the basis of the Value Added Tax Act (ZDDV-1) (see section 2.2.), etc.

1.3. Based on the legitimate interests of the organization

We may also process certain personal data for the purposes of protecting our own legitimate interests. Such cases include, for example, when processing your data would be case necessary from the perspective of administrative, criminal or civil proceedings (e.g. when the organization would have to submit the database as evidence in the proceedings, otherwise the organization would suffer a penalty or incur serious and irreparable damage), whereby in such cases we will always process only those data that are strictly necessary to pursue such legitimate objectives.

The organization may also process the personal data of an individual in cases where the processing is necessary to protect the vital interests of the individual (e.g. insight into the address of an individual who is in immediate and serious danger to his life).

1.4. Based on the obtained consent

In principle, we do not condition cooperation with us and the use of the organization’s services on your consent to the processing of personal data.

Nevertheless, the organization may also process your personal data based on your explicit consent (i.e. consent). An individual’s express consent is considered to be their voluntary declaration of will, by which they agree to the processing of certain personal data for a specific purpose (e.g. your consent to receive our newsletters).

This type of communication can be canceled at any time by following the link contained in each such email, or by contacting us in this regard at the address provided at the beginning of this document.

Our online advertising can also be carried out based on your consent, if you have agreed to the installation of optional (advertising) cookies and tracking pixels of our advertising partners when visiting our website (e.g. the installation of a Google Analytics cookie, which allows us to more easily advertise our services to you on other websites, etc.).

The organization guarantees the individual the right to cancel their express consent at any time in a simple way, i.e. by contacting us in this regard at any time by email.

  1. Who within and outside the organization processes your personal data (personal data users)?

2.1. Certain employees in the organization

Your personal data is processed by those employees in the organization who need the data to perform their work tasks. All employees are obliged to maintain confidentiality and respect the protection of personal data.

2.2. Government authorities

In certain cases prescribed by applicable law, the organization must also provide your personal data or report it to competent government authorities, as well as to authorities responsible for financial, tax or other supervision (e.g. the Office of the Information Commissioner of the Republic of Slovenia, etc.). In certain cases, the organization is also obliged to provide data to third parties if such an obligation to provide or disclose the data is imposed on the organization by law or by the legal entitlement of a third party.

2.3. Contractual processing of personal data

In addition to employees of the organization, users of personal data may also be employees of the organization’s contractual processors, who may process personal data as confidential exclusively on behalf of the organization and within the limits of the contract on external processing of personal data that the organization has concluded with each such processor. Contractual processors may process personal data only within the framework of the organization’s instructions (i.e. contracts), and may not use the data to pursue any of their own interests.

Contractual processors with whom the organization cooperates are:
persons who cooperate with us on the basis of enterprise or copyright contracts (IT system maintainers, software code developers, etc.),
bulk mail service providers, mail server hosting providers
payment service providers,
accountants or accounting services or accounting tools,
website hosting service providers (see section 2.4.).
The organization will not transfer your personal data to unauthorized third parties.

To obtain a detailed list of all contractual sub-processors of the organization, you can write to us at the email address provided at the beginning of this document.

2.4. Website hosting service provider

Our website is hosted on the company’s servers in Germany.

2.5. Export of personal data to third countries and international organizations and measures to protect transferred data

Our organization does not generally export personal data to third countries (i.e. outside the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and to international organizations.

You can obtain a list of all such sub-processors by sending a request in this regard to the email address provided at the beginning of this document.

  1. Processing and protection of special categories of personal data

We do not direct individuals to provide special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data or biometric data, data concerning health or data concerning an individual’s sex life or sexual orientation) in connection with our website or services.

If the organization becomes aware of a situation in which such data would be disclosed to it, the data received will be protected or otherwise appropriately handled.

  1. What are your rights regarding your personal data and how can you exercise them?

In relation to this notice on the processing of personal data or the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without reservation via the email address provided at the beginning of these General Terms and Conditions

You can also use the address provided to send your requests and exercise other rights related to personal data and the GDPR.

As a data subject, the GDPR offers you the opportunity to exercise the following rights against our organization:

  • Right to information: Individuals have the right to be informed about the collection and processing of their personal data.
  • Right to access: Individuals have the right to access their personal data and obtain information about how the data is processed, as well as a copy of the data itself.
  • Right to erasure (right to be forgotten): Individuals have the right to request the erasure of their personal data in certain circumstances.
    Right to withdraw consent: Where the processing of personal data is based on consent, individuals have the right to withdraw their consent at any time without any negative consequence.
  • Right to rectification: Individuals have the right to request the rectification of inaccurate or incomplete personal data. Where the data has been disclosed to third parties, we will, where possible, inform such third parties of the rectification.
  • Right to restriction of processing: Individuals have the right to request the restriction of processing of their personal data. This right applies in certain cases, for example where the accuracy of the data is contested or the individual has objected to its processing.
  • Right to data portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format in certain cases. They may also request that their data be transmitted to another controller, where the processing is based on consent or a contract and where the processing is carried out by automated means.
  • Right to object: Individuals have the right to object to the processing of their personal data based on legitimate interests or public interest/exercise of public authority. In such cases, we will cease such processing unless we can demonstrate compelling legitimate grounds which override the interests, rights and freedoms of the individual.
  • Rights relating to automated decision-making and profiling: Individuals have the right not to be subject to solely automated decisions, including profiling, which significantly affect them. They also have the right to obtain human intervention, to express their point of view and to appeal against such decisions.
  • Right to lodge a complaint with a supervisory authority: If you consider that the processing of personal data carried out by our organisation in relation to you infringes the provisions on the protection of personal data, you may, without prejudice to any other (administrative or other) legal remedy, lodge a complaint with a supervisory authority, in particular in the country where you have your habitual residence, where your place of work is located, or where the alleged infringement occurred (in Slovenia this is the Information Commissioner):
    – Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.com, telephone: 012309730, website: www.ip-rs.com.

A list of other EU supervisory authorities and their contact details is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#.edoms.

  1. Existence of automated decision-making and profiling

The processing carried out by our organization does not include automated decision-making and profiling based on your personal data.

  1. Processing of personal data of persons under the age of 15

Our organization has focused the development and provision of its services on the collection of personal data of persons over the age of 15. In cases where a younger person uses the organization’s services, the organization will, if it becomes aware of such a case, obtain the consent of the parent or guardian of such person.

If the organization subsequently determines that personal data of a person under the age of 15 is being processed in connection with the service, and their parent or guardian has not consented to this, it will do everything necessary to ensure that all personal data collected is deleted.

The above-mentioned persons or their parents or guardians may at any time submit their requests for the deletion of the data concerned.

  1. Who can you contact for further clarifications regarding the processing of personal data and your rights?

You can contact us at any time regarding the processing of your personal data at the email address provided at the beginning of this document.

  1. Protection of your personal data

In the organization, we carefully store and protect personal data using organizational, technical and logical-technical procedures and measures to protect the data against accidental or intentional unauthorized access, destruction, modification or loss, as well as unauthorized disclosure or other form of processing to which you have not expressly consented.

For this purpose, the organization has also adopted appropriate internal processes and established various measures (e.g. assigning, using and changing passwords, locking premises, offices, and locations of servers and workstations, regularly updating supporting software and upgrading security-related components, physically protecting materials containing personal data in specially designated places, training employees, etc.). The organization also requires the same security requirements from its contractual processors.

  1. Version and date of last update of this notice

The text of this notice represents version 2.0 of this document. This notice was last updated on 30. 11. 2024.