Privacy policy

GENERAL PROVISIONS

Manager data

It is the website manager who manages the content and personal information and determines the purposes and means of processing your personal information.

 

The controller of the personal information of users and this website is:

Name of Entity: Adin, d.o.o.
Address of Legal Entity: Zavrh nad Dobrna 9, 3204 Dobrna
Post office and town: 3204 Dobrna
Tax code: SI48894001
Registration number: 3728340000
Contact email: info@adin.si
Contact telephone number: +386 (0) 70 20 2000

Information on entry in the register or other public record: The company is entered in the court register of the Republic of Slovenia on 29/04/2010

Contact person and contact to provide information regarding the user’s personal information: Alenka Pohajač

Data on handlers

A personal data processor is one who processes personal data on behalf of the controller. The processor may only process personal data and for those purposes for which he has documented instructions from the controller.

Our processors process personal data of users in accordance with applicable law, based on the contractual relationship that exists and governs all areas of processing.

Legislation

Slovenian law and European law are used to evaluate these privacy conditions.

The privacy conditions are drawn up in accordance with the Personal Data Protection Act (ZVOP-1, Official Gazette of the RS, No. 94/2007 and amended), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, GDPR), Electronic Communications Act (Official Gazette RS, No. 109/12 and other Slovenian and European legislation governing particular fields.

Web site

Privacy policy is intended for users of the site: digital.adin.si.

Legal principles

The controller and his processors respect the general principles regarding the processing of personal data of users:

  1. We process personal data of users in a lawful, fair and transparent manner.
  2. We collect personal data for purposes that are predetermined, explicit and legal and do not further process personal data for purposes other than processing for scientific or historical research purposes and for statistical purposes, subject to certain conditions.
  3. We process personal data to the minimum extent possible for the purposes for which they are processed.
  4. We keep the personal information we process accurate and up-to-date, and we correct or delete inaccurate information.
  5. We keep personal information only for as long as is necessary for the purposes for which it is processed.
  6. We maintain appropriate personal data security, which includes unauthorized or unlawful processing and unintentional loss, destruction or damage through appropriate technical and organizational measures.

DEFINITIONS

Privacy Policy

The privacy terms are the internal act of the controller and apply to all legal relationships between him, the processors and the users. The act defines the rights and obligations of the controller and the processors in the management and processing of personal data of users.

Personal information

Personal information means any information relating to an identified or identifiable individual who is a natural person. An individual is one whose personal data is determined and processed in accordance with the purposes specified by the controller. An identifiable individual is one who can be directly or indirectly identified and his or her personal data processed in accordance with the purposes specified by the controller.

User

User is an individual who is a natural person whose personal data are processed on a legal or contractual basis between the controller and that individual, or on the basis of the explicit consent given by the individual to the controller.

Operator

The operator determines the purposes and means of processing in the context of his registered activity and / or legal authority. The user is aware in advance who is the controller of personal data and who is the processor of his personal data.

Obdelovalec

The processor processes personal data of individuals on behalf of the controller, according to his instructions, within the legitimate purposes and methods of processing. The controller provides the user with information about the processors of their personal data under these privacy terms.

Sub-contractor

The sub-contractor processes the personal data of individuals on behalf and on the instructions of the processor, within the legitimate purposes and methods of processing. The subcontractor is directly responsible to the processor, the processor to the controller.

Processing

Processing of personal data means any act or series of actions performed in connection with or without personal data or sets of personal data, such as the collection, recording, editing, structuring, storage, adaptation or modification, retrieval, insight, use , disclosure by means of mediation, distribution or otherwise making available, adapting or combining, limiting, deleting or destroying it.

PERSONAL DATA

Processing of personal data

The Operator may process the personal data of the site users, service subscribers and individuals in the legal entities with which he or she cooperates with the business. 

The terms of privacy define the manner in which the personal data of such individuals who have contracted or ordered the services are processed, if the processing of personal data is necessary and appropriate for the conclusion of the contract or order or for the fulfillment of the contract.

The privacy terms also define how personal data are processed for which the controller has a basis in law or for which he has obtained the written consent of the user, insofar as the personal data are entered directly on the controller’s website.

Legal basis for processing

A legitimate legal basis means that the controller processes personal data of users because it is required by law to fulfill the legal obligations that apply to the controller.

In the Republic of Slovenia, the legal obligations to process certain personal data are determined in particular by:

  1. Value Added Tax Act ZDDV-1;
  2. Rules on the Implementation of the Value Added Law;
  3. Tax Procedure Act;
  4. Companies Act;
  5. Slovenian Accounting Standards;
  6. Accounting Law;

The manager, insofar as he or she processes personal data of the user because he / she has made an online purchase or ordered services from the manager, shall keep this account for another 10 years (as well as the user / buyer data in the account).

Contractual basis for processing

The contractual legal basis for the processing of personal data of users means that the processing is necessary for:

  1. performance of a contract to which the data subject is a party to the contract, or
  2. taking action at the request of such a user prior to the conclusion of the contract.

The controller provides the user with information about the processing of his personal data under these privacy terms and, where necessary, through notices on his website.

The controller does not require explicit consent for the contractual processing of personal data of the user.

Unless the user provides all the personal information that the manager needs to fulfill the contractual relationship, the operator cannot execute the user’s order. In doing so, the controller always takes care to obtain and further process from the user only as much personal information as is necessary to fulfill the contractual relationship.

Explicit consent as a legal basis

The explicit consent is the basis for the processing of personal data for which the controller has no legal or contractual legal basis for processing.

The operator shall provide the user with the explicit consent of the user, where necessary, without the pre-filled check box. The personal consent of the user is his voluntary declaration of his will that his personal data may be processed for a specific purpose, and is given on the basis of information provided by the controller with these privacy conditions and directly on the website before the user explicitly agrees to the processing.

Public interest

The controller may process personal data of users, insofar as the processing is necessary for:

  1. performing tasks in the public interest or
  2. to exercise the public authority conferred on the controller.za 

Legitimate interest

To the extent that processing is necessary for the legitimate interests pursued by the controller or a third party, the controller may process the personal data of users to the extent strictly necessary for the exercise of those legitimate interests, except where such interests outweigh the interests or fundamental rights and freedoms of the user to which this information relates, in particular when it comes to the processing of personal data of persons under the age of 16.

Protection of interests of natural persons

The controller may process the personal data of the user, insofar as the processing is necessary to protect the vital interests of the user or another natural person.

Types of personal information

Types of personal information of users that we process for predefined purposes:

  1. name and surname
  2. address of permanent or temporary residence
  3. post name and place
  4. email address
  5. Phone Number
  6. transaction account number
  7. credit card number
  8. IP address

The purpose of collecting personal information

The controller processes the personal data of the users for the purposes indicated and defines the legal basis on which it processes the data and determines whether or not the express consent of the user is required or not:

  1. fulfillment of a contractual obligation (ordering a product or service by a user), contractual basis, explicit consent NOT required
  2. sending information and notices arising from a contractual obligation (subscription to newsletters that do not have marketable content), contractual basis and legitimate interest, explicit consent NOT required
  3. submitting responses to user inquiries (filling in the inquiry form and / or contact form), contractual basis and legitimate interest, explicit consent NOT required
  4. sending advertising messages, advertisements, campaigns that do not result from a contractual obligation (subscription to newsletters having marketable content), explicit consent is required
  5. registration of the user for the purposes of using the services of the manager (online store, application, commenting, giving opinions), contractual basis, explicit consent NOT required
  6. market research and statistics for the purposes of performing the activities of the controller (anonymously, without processing personal data of users), legitimate interest, explicit consent NOT required

New intentions for processing personal data

The controller may process personal data for new purposes for which he has no proper legal basis and no explicit consent, provided that he provides the user with all the necessary information to process his personal data for new purposes and obtains new explicit consent for the processing of personal data.
The operator may only pass on personal data of users to third parties only in the case of criminal and civil proceedings to the extent specified by law.

User registration

  1. The user is obliged to provide accurate and true information upon and after registration. Any misuse of foreign personal information is prohibited.
  2. The user is obliged to receive the user name and carefully store the password and not to pass it on to third parties.
  3. The User is aware that in case of use of untrue data or misuse of foreign personal data, the controller may initiate appropriate legal proceedings against such user.
  4. Users can register if they are at least 16 years old at the time of registration.

Cookies

The manager provides users with a notice about the use of cookies in a prominent place on the website when the user visits the manager’s website. In the notification, the manager provides up-to-date cookie information, in particular:

 

  1. types and names of cookies,
  2. the purpose of their use and
  3. the duration of each cookie.

The operator provides a notification without consent insofar as he uses these cookies:

  1. cookies required solely for the purpose of transmitting a message over an electronic communications network and
  2. cookies that are strictly necessary to provide the information society service explicitly requested by the subscriber or user.

The operator shall provide the notice with the user’s consent in all other cases and shall inform the user accordingly of the cookie setting options. The operator does not use cookies without explicit consent without the user’s consent for the installation. The operator provides the opportunity to subsequently change the user’s consent by keeping the notice visible on the website.

The operator provides the notification via a special link on the website.

USER RIGHTS

General about rights

The user can request from the operator:

  1. access to personal information,
  2. correction of personal data,
  3. erasure of personal data (right to be forgotten),
  4. restricting the processing of personal data,
  5. objection to the processing of personal data,
  6. transfer of personal data.

The operator shall respond to the user’s request no later than 30 days after receiving the request

Right of access to information

The user has the right to receive confirmation from the controller whether personal data is being processed in connection with it.

The operator shall provide the following information:

  1. processing purposes,
  2. the types of personal data it processes,,
  3. to which processors have been transferred or disclosed personal data,
  4. estimated period of retention of personal data,
  5. acquaintance with the rights of the user: the right to delete, rectify, limit the processing or object to such processing,
  6. the right to lodge a complaint with the supervisory authority,
  7. if the personal data was not provided by the user for information, information regarding the source where the controller obtained the data,
  8. the existence of automated decision making, including the creation of profiles.

The user can exercise this right through the form: Exercise Rights – Form

Right to repair

The user may request the operator, without delay, to:

  1. correct inaccurate data processed by the controller (or his processor) in relation to him or her
  2. completes incomplete personal information

The operator provides a form for submitting a supplementary statement: Exercise of Rights – Form

Right of erasure

The user may request the operator to delete their personal data without delay if at least one of the following conditions is fulfilled:

  1. personal data are no longer needed for the purposes for which they were collected or otherwise processed,
  2. the user revokes the consent given to the processing manager and when there is no other legal basis for processing,
  3. the user objects to the processing of his personal data for the following reasons:
    1. the processing of personal data is in the public interest or
    2. the processing takes place because of the legitimate interests of the controller or
    3. the processing of personal data takes place for the purposes of direct marketing and / or creation of profiles.
  4. if his or her personal information is processed illegally
  5. if personal data need to be deleted to fulfill a legal obligation imposed on the controller by law
  6. if personal data have been collected in connection with the provision of information society services to a person under 16 years of age

The user can claim the right to delete personal data through the form: Exercise Rights – Form.

Right to limit processing

The user may request the operator to limit processing when one of the following cases occurs:

  1. when the user disputes the accuracy of the data, for the period during which the controller can verify the accuracy of the personal data ,,
  2. if the processing of the user’s personal data is illegal and the user opposes the erasure but requires a restriction of the processing or use,
  3. when the data controller no longer needs for processing purposes for which he had the legal basis or the express consent of the user, but needs them to enforce, execute and defend legal claims,
  4. if the user has lodged an objection (right to object) until it is verified that the legitimate reasons of the processing controller outweigh the reasons of the user to whom the personal data relate.

When a user exercises this right, the controller can only store its data and can only process:

  1. with the user’s (subsequently given) explicit consent,
  2. for the enforcement, enforcement or defense of legal claims,
  3. to protect the rights of other users (natural or legal persons),
  4. because of the important public interest of the European Union or the Republic of Slovenia.

The user can exercise this right through the form: Exercise Rights – Form

Right to data portability

The user has the right to receive from the controller personal data that he or she processes in connection with it. The operator must provide this information to:

  1. structured form,
  2. commonly used format,
  3. machine readable form so that the user can read the information easily.

The user also has the right to forward this acquired information to another controller without impeding it as a controller if:

  1. the data were processed on the basis of explicit consent and
  2. the processing is carried out by automated means.

The user has the right to transfer his data from one controller to another, where technically feasible.

The user can exercise this right through the form: Exercise Rights – Form

Right to contract

The User may at any time object to the processing of personal data concerning him / her when the controller processes his / her personal data:
1. in the public interest or
2. due to the legitimate interests of the operator, including the creation of profiles of that user

The controller shall not stop processing the user’s personal data on the basis of an objection if:

  1. demonstrates compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the user, or
  2. it needs them to enforce, enforce, or defend legal claims.

 

The operator must always comply with the request of the user when he objects to his personal data being processed for direct marketing purposes, including the creation of profiles insofar as it relates to direct marketing. The controller must stop processing this personal information for direct marketing purposes.

To this end, the operator shall have clear and separate information in the places where the user obtains the consent of the user to process his data for direct marketing purposes, so that the user can withdraw the consent at any time and object to the processing of that data for these purposes.

The right of objection can be exercised by the user through the form: Exercise of Rights – Form

Automated processing and creation of user profiles

The User has the right not to be subject to a decision based solely on the automated processing of his / her data, including the creation of profiles that have or have significant legal effects in relation to him / her.

The user cannot exercise his right not to have his data processed automatically, including the creation of profiles, if such a decision (automated processing):

  1. necessary for concluding or executing a contract between the user and the operator (eg online shopping cart),
  2. allowed under the law of the European Union or the Republic of Slovenia and also provides for appropriate measures to protect the rights and freedoms and legitimate interests of the user (eg processing of FURS data),
  3. justified by the explicit consent of the user (eg for direct marketing via automated messaging systems).

Right of appeal

The User may, if he considers that his rights under these Terms of Privacy have been violated, file a complaint with the competent supervisory authority located in the Republic of Slovenia: Office of the Information Commissioner.

Revocation of express consent

The operator is obliged to give the user the opportunity to fulfill the right of exemption guaranteed by the legislation in every form of direct marketing.


The controller shall prevent the use of personal data for direct marketing purposes within 15 days and shall inform the requesting user accordingly, in writing within a further five days or in another agreed manner.

COPYRIGHT

Texts on the Website

Unless otherwise stated on the website, it is prohibited to copy content or otherwise use the contents and text on the website of the operator. Any encroachment on copyright is considered an infringement of intellectual property rights and may be subject to legal action by the controller.

Photographs and audiovisual works on the Website

All images, videos and other audiovisual works posted on the Website are the copyrighted work and / or the property of the Operator and may not be copied or otherwise used beyond the needs of the Operator-User Collaboration, unless otherwise stated on the Website.

Any interference with copyright is considered an infringement of intellectual property rights and may be subject to legal action by the operator.

Legal document

The text of these privacy terms is in the possession of the controller and it is forbidden to copy, distribute or otherwise dispose of this text without the written consent of the information system owner who maintains the privacy conditions for the controller, except for exceptions allowed by law. Any infringement of copyright is considered an infringement of intellectual property rights and may be the subject of legal proceedings initiated by the owner of the information system, ie VIDICUM, Tjaša Vidic s.p. For additional information regarding this issue, please contact: support@conditions.si.

FINAL PROVISIONS

The binding nature of the legal conditions

  1. The privacy terms apply to all users who use the site and pass on personal information to the manager for management and further processing.
  2. The privacy conditions are binding on the controller, processors and users in the provision, management and processing of personal data of the user, and in the exercise of user rights and obligations of the controller and processors.
  3. Privacy conditions are an integral part of any processing of personal data, in accordance with predefined purposes, grounds for processing, user consent and types of personal data subject to further processing.
  4. The user is aware in advance of these privacy terms, which are accessible on the operator’s website and in all forms and actions where the user can submit personal data for processing.

Changes to Privacy Terms

  1. The Privacy Policy is updated regularly by the operator in accordance with legal changes.
  2. The operator shall inform users regularly and in a timely manner of changes in writing by email.
  3. The operator provides an archive of changes to the privacy terms and conditions, which is accessible to any user by prior written request to the operator’s contact email address.

Conflict solving

The operator and the user are obliged to resolve any disagreements and settle disputes in an amicable and consensual manner. To the extent that no amicable settlement is possible, the court in the Republic of Slovenia shall have jurisdiction over the dispute at the seat of the controller.

Local validity

The privacy terms apply to all users, regardless of country of access and to all types of processing of personal data, regardless of the user’s location.

Temporal validity

Legal terms apply from: 08/30/2019