The company takes special care of the security of customers' personal data. All personal data provided is treated confidentially and is used only for the purpose for which it was provided. The Company manages the personal data of its customers with the utmost care, taking into account the applicable legislation and the highest standards of customer treatment. The Company ensures the security of its customers' personal data by, among other things, appropriate organisational measures, work procedures and advanced technological solutions as well as by external experts. In doing so, the Company uses an appropriate level of protection and reasonable physical, electronic and administrative measures to safeguard the collected data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or unauthorised access to personal data that has been transmitted, stored or otherwise processed.
- contact details of the company,
- the purpose, grounds and types of processing of different types of personal data of individuals,
- the retention period for each type of personal data,
- the rights of individuals with regard to the processing of personal data,
- the right to lodge a complaint concerning the processing of personal data,
2. Personal data collected by the Company
These personal data include:
- name and surname
- contact e-mail address
- contact telephone number
- IP address
- details for issuing the offer according to the customer's request (address, tax number).
3. Controller of personal data
4. Categories of individuals whose personal data are processed
5. Purposes of processing and grounds for processing
5.1. Processing on the basis of a contract
In the context of the execution of contractual rights and the fulfilment of contractual obligations, the Company processes personal information for the following purposes: identification of the individual, preparation of a tender, conclusion of a contract, provision of ordered services, notification of possible changes, additional details and instructions for the use of services, objections or complaints, billing of services and other purposes necessary for the implementation or conclusion of a contractual relationship between the Company and an individual.
When billing services (based on tax regulations), the Company also obtains and processes the customer's address information for the correct invoicing.
5.2. Processing under the law
Based on legitimate interest, the Company also uses personal data to detect and prevent fraudulent use and misuse of the Services. In the context of ensuring the stable and secure operation of the Company's systems and services, and also for the purposes of implementing information security measures, meeting quality of service requirements and detecting technical failures of systems and services.
On the basis of legitimate interest, the Company also uses personal data of customers for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Regulation, the Company may, in the event of suspected abuse, process customer data to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may also transmit such data to the police, public prosecutor or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in relation to a specific customer (which includes subscription data) may be retained for a period of five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data
The processing of data may also be based on the customer's consent provided to the Company.
Withdrawal or modification of consent shall only apply to data processed on the basis of the customer's consent. The last consent received shall be valid. The possibility to withdraw consent does not constitute a right of withdrawal in the individual's business relationship with the Company.
In the absence of revocation, the data for which the customer's consent is given shall be processed for up to two years after the termination of the business relationship with the company.
6. Restrictions on disclosure of personal data
If necessary, the Company will commission other companies and individuals to carry out certain work (which contributes to the Services). In such case, the Company may also provide personal data to carefully selected external processors who will enter into a contract with the Company for the processing of personal data or a substantively equivalent binding document ("Processing Contract"). The Company will only provide or make available to such external processors such data to the extent required for the specific purpose. Such data may not be used by the external processor for any other purpose, subject at a minimum to compliance with all standards of processing of personal data provided for by applicable law. External processors are contractually bound to the Company to respect the confidentiality of personal data.
Upon reasoned request, the company will also provide personal data to the competent state authorities that have a legal basis to do so.
7. Period of retention of personal data
The retention period is determined according to the category of the individual data. Data shall be kept for no longer than is necessary to achieve the purpose for which they were collected or further processed or until the expiry of the limitation periods for compliance with the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, billing data and related contact details of individuals may be kept until payment for the service has been made in full or until the expiry of the limitation periods in respect of the individual claim. Invoices shall be kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other data obtained on the basis of the consent of our customers is retained for the duration of the business relationship and for 2 years after termination, unless a longer retention period is provided for by law. If the individual who has given consent to the processing of personal data has not entered into a business relationship with the Company, his or her consent shall be valid for 2 years from the date on which it was given or until it is withdrawn.
After the retention period has expired, the data will be deleted, destroyed, blocked or anonymised, unless otherwise provided by law for a specific type of data.
8. Rights of Individuals in relation to the processing of personal data
The exercise of customers' rights in relation to the processing of personal data shall be ensured without undue delay. Any request from a customer will be decided within one month of receipt of the request. In the event of complexity and a large number of requests, the time limit may be extended by up to two additional months. The extension of the time limit, together with the reason for the delay, shall be notified to the customer.
Requests concerning the exercise of customer rights are accepted by the Company at the e-mail address email@example.com or by post at Tajfun Planina d.o.o., Planina pri Sevnici 41a, 3225 Planina pri Sevnici.
Where a party submits a request by electronic means, the information shall (where possible) be provided to the party by electronic means unless the party requests otherwise.
Where there is reasonable doubt as to the identity of the individual making a request in relation to any of his or her rights, additional information necessary to confirm the identity of the individual may be requested.
If the data subject's requests are manifestly unfounded or excessive (in particular because of their repetitive character), the Company may:
- charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action; or
- refuse to act on the request.
We provide customers with the following rights in relation to the processing of personal data:
(i) the right of access to data
(ii) the right to rectification
(iii) the right to be erased ("right to forget")
(iv) the right to restriction of processing
(v) the right to data portability
(vi) the right to object
(i) right of access to data
The customer has the right to know whether personal data concerning him or her is being processed and, if so, to have access to the personal data and to the following information:
- the purposes of the processing,
- the types of personal data processed,
- the users or categories of users to whom personal data have been or will be disclosed,
- the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period,
- the existence of a right to have the controller rectify or erase personal data or restrict the processing of your personal data, or the existence of a right to object to such processing,
- the right to lodge a complaint with the supervisory authority,
- where the personal data is not collected from you, any available information regarding its source.
(ii) right to rectification
The customer has the right to obtain the rectification of inaccurate personal data without undue delay and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by submitting a supplementary declaration.
(iii) right to erasure ("right to be forgotten")
The customer has the right to request that his or her personal data be erased where one of the following applies:
- where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- where he or she withdraws the consent on the basis of which the processing is carried out and there is no other legal basis for the processing,
- where you object to processing and there are no overriding legitimate grounds for processing,
- where personal data have been unlawfully processed,
- where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law.
(iv) right to restriction of processing
The customer has the right to request that the processing of his/her personal data be restricted in the following cases:
- where he or she challenges the accuracy of the data, for a period which allows us to verify the accuracy of the personal data,
- the processing is unlawful and the customer objects to the erasure of the personal data and requests instead that its use be restricted,
- we no longer need the customer's personal data for the purposes of the processing, but the customer needs it to assert, exercise or defend legal claims,
- if the customer has raised an objection to processing based on the legitimate interests of the company, until it is verified that our legitimate grounds override yours.
(v) right to data portability
The customer has the right to receive the personal data that they have provided in a structured, commonly used and machine-readable format. At the same time, they have the right to transmit this data to another controller without being hindered by the Company.
(vi) right to object
Where data is processed on the basis of legitimate interest for marketing purposes, the customer may object to such processing at any time.
The Company shall cease processing personal data of customers unless it demonstrates compelling reasons for the processing that override the customer's interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9. Right to lodge a complaint concerning the processing of personal data
Any complaint regarding the processing of personal data should be sent to the e-mail address firstname.lastname@example.org or by post to Tajfun Planina d.o.o., Planina pri Sevnici 41a, 3225 Planina pri Sevnici.
In the event that the request is not decided within the statutory time limit or the Company refuses the request, the customer has the possibility to lodge a complaint with the Information Commissioner. The Customer also has the right to lodge a complaint directly with the Information Commissioner if he/she considers that the processing of personal data violates Slovenian or EU data protection legislation.
10. Final provisions
Tajfun Planina d.o.o.