Privacy Policy
1. About privacy policy
Purpose of the Privacy Policy of POTCG, online stores, d.o.o. (hereinafter: the “Privacy Policy”) is the acquaintance of the users and other persons of the services of POTCG d.o.o. (hereinafter also referred to as “individuals”) with the purposes and basis of personal data processing by POTCG d.o.o., Ljubljanska cesta 38B, 1293 Šmarje – Sap, Slovenia (hereinafter: “POTCG d.o.o.”) and the rights of individuals in this field.
The company offers special care for the security of your personal data. All personal data provided is treated confidentially and is used only for the purpose for which it was provided. We manage your personal data with the utmost care, taking into account the applicable legislation and the highest standards of their treatment. We take care of the security of your personal data, among other things, with appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the data collected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been transferred, stored or otherwise processed.
At the same time, this Privacy Policy further clarifies the consent you have given to the processing of your personal data.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as repealing Directive 95/46 / EC (hereinafter: “General Data Protection Regulation”), the Privacy Policy covers the following information:
- contact information of the company,
- the purposes, bases and types of processing of various types of personal data of individuals,
- retention time of individual types of personal data,
- the rights of individuals with regard to the processing of personal data,
- the right to lodge a complaint concerning the processing of personal data,
- validity of the Privacy Policy.
2. Personal data collected by the company
If you are only a visitor to the website, we only collect information through cookies. If you are a user of services or a subscriber of services provided by the company, we also collect other personal data, that are required in order to perform the services that you have ordered or the services you are using. This personal information is:
- Name and surname
- contact email address
- contact phone number
- IP address
- information for issuing an offer according to your demand (your address, tax number).
3. Personal data controller
The controller of personal data processed in accordance with this Privacy Policy is POTCG d.o.o., Ljubljanska cesta 38B, 1293 Šmarje – Sap, Slovenia.
4. Categories of individuals whose personal data are processed
This Privacy Policy is intended for anyone who has subscribed to and / or used our services or submitted an inquiry, as well as for those who visit our website.
5. Purposes of data processing and bases for data processing
5.1 Processing under contract
As part of the exercise of contractual rights and fulfillment of contractual obligations, the company processes your personal data for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of possible changes, additional details and instructions for using services, for resolution of issues, objections or complaints, billing for services and for other purposes necessary for the implementation or conclusion of a contractual relationship between the company and the individual.
When billing for services, on the basis of tax regulations, we obtain and process your address for the correct issuance of the invoice.
5.2 Processing by law
On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and misuse of services, further to ensure the stable and secure operation of our system and services, as well as to implement information security measures, meet service quality requirements and detect technical system and service failures.
Based on a legitimate interest, we also use your personal data for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Regulation, in the event of suspected abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, pass this information on to other service providers, business partners, the police, the public prosecutor’s office or other competent authorities. In order to prevent future abuses or frauds, data on the history of identified abuses or frauds in connection with the individual, which includes data on the subscription relationship and, for example, IP address, may be kept for five years after the termination of the business relationship.
5.3 Processing on the basis of consent for the processing of personal data
The processing of data may also be based on your consent given to the company.
Consent may, for example, relate to the communication of offers, benefits and improvements to the services provided by the company. The purpose of such information is to bring the services as close as possible to your needs and desires and to increase their useful value to you. Notification is performed through the channels you have selected in the consent. You may revoke the notification at any time, as defined in the Privacy Policy.
You can withdraw or change your consent at any time in the same way as you gave it or in another way as defined by the Privacy Policy, while the company reserves the right to identify the customer. The change of consent can also be arranged via e-mail to [email protected] or with a written request sent to the company’s registered office.
Withdrawal or change of consent only applies to data processed on the basis of your consent. Your last consent given to us is valid. The possibility of revoking the consent does not constitute a right of withdrawal in the business relationship of the individual with the company.
The data for which your consent has been given, are in the absence of revocation, processed in up to two years after the termination of the business relationship with the company.
6. Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also provide personal data to such carefully selected external processors who will enter into a contract with the company for the processing of personal data or the same agreement or other binding document (hereinafter: “Processing Agreement”). We will provide or make available to external processors such data only to the extent required for a specific purpose. This data may not be used by an external processor for any other purpose, provided that it meets at least all the standards for the processing of personal data provided for by the applicable legislation. External processors are contractually obliged by the company to respect the confidentiality of your personal data.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities, which have a legal basis for this. Companies d.o.o. will e.g. respond to requests from courts, law enforcement and other national authorities, which may include national authorities from another EU Member State.
7. Period of retention of personal data
The data retention period is determined by the category of the individual data. We keep the data for a maximum of as long as is necessary to achieve the purpose for which they were collected or further processed, or until the expiry of the statute of limitations for the fulfillment of obligations or the legally prescribed retention period.
Accounting data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment of the service or until the expiration of the statute of limitations in relation to an individual claim, which may amount to one to five years. The invoices shall be kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other data obtained on the basis of your consent are kept for the duration of the business relationship and for 2 years after the termination, unless a longer retention period is determined by law. If the individual who gave consent for the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from its submission or until its revocation.
At the end of the retention period, the data shall be deleted, destroyed, blocked or anonymised, unless otherwise determined by law for each type of data.
8. Rights of Individuals in relation to the processing of personal data
We guarantee the exercise of your rights in relation to the processing of your personal data without unnecessary delay. We will decide on your request within one month of receiving your request. In case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, together with the reasons for the delay.
We accept requests regarding the exercise of your rights to the e-mail address [email protected] or by post to the address POTCG d.o.o., Ljubljanska cesta 38B, 1293 Šmarje – Sap, Slovenia.
In case you submit your request by electronic means, we will provide you with the information by electronic means whenever possible, unless you request otherwise.
Where there is reasonable doubt as to the identity of the individual we may request the provision of additional information necessary to confirm the identity of the individual.
If the individual’s requests, whom the personal data applies to, are manifestly unfounded or excessive, in particular because they are repeated, the company may: charge a reasonable fee, taking into account the administrative costs of providing the information or communication or implementing the required action, or refuse to act on the request.
We grant you the following rights in relation to the processing of your personal data:
(i) the right of access to data
(ii) the right of rectification
(iii) the right to erasure (“right to be forgotten”)
(iv) the right to limit processing
(v) the right to data portability
(vi) the right to object
(i) the right of access to data
You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information:
- processing purposes,
- the types of personal data processed,
- users or categories of users to whom personal data have been or will be disclosed,
- the envisaged retention period of personal data or, if this is not possible, the criteria used to determine that period,
- the existence of a right to require the controller to correct or delete personal data or to restrict the processing of your personal data, or the existence of
a right to object to such processing, - the right to lodge a complaint with the supervisory authority,
- where personal data is not collected from you, all available information regarding their source.
(ii) the right of rectification
You have the right to rectify inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to supplement incomplete personal data, including the submission of a supplementary statement.
(iii) the right to erasure (“right to be forgotten”)
You have the right to have your personal data deleted without undue delay when one of the following reasons applies:
- when personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for the processing,
- when you object to the processing of data and there are no overriding legitimate reasons for processing it,
- when personal data have been processed unlawfully,
- when personal data must be deleted in order to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.
(iv) the right to limit processing
You have the right to limit the processing of your personal data when one of the following cases applies:
- when you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the personal data,
- the processing is illegal and you oppose the deletion of personal data and instead request a restriction on their use,
- we no longer need your personal data for the purposes of processing, but you need it to assert, enforce or defend legal claims,
- if you have filed an objection regarding processing based on the legitimate interests of the company until it is verified that our legitimate reasons outweigh your reasons.
Where the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent, either to assert, enforce or defend legal claims or to protect the rights of another natural or legal person.
We are obliged to inform you before the restriction on the processing of your personal data is lifted.
(v) the right to data portability
You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable form, and the right to pass this data on to another controller without being hindered by the company when the processing is based on your consent and processing is performed by automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
(vi) the right to object
When we process your data on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless we prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or for asserting, enforcing or defending legal claims.
9. The right to lodge a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data can be sent to the e-mail address [email protected] or by mail to the address POTCG d.o.o., Ljubljanska cesta 38B, 1293 Šmarje – Sap, Slovenia.
In the event that we do not decide on your request within the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised your right of access to data and after receiving the decision you believe that the personal data you received is not the personal data you requested or that you have not received all the requested personal data, you can file a reasoned complaint with the Information Commissioner at the company within 15 days. We need to decide on your appeal as a new request within five business days.
10. Final provisions
Anything not covered by this Privacy Policy is subject to applicable law.
The company reserves the right to change this Privacy Policy. We will inform you about the change by publishing it on the official website of POTCG d.o.o. 30 days before its entry into force.
If you have any questions about this Privacy Policy or the information we hold about you, please email us at [email protected].
11. Validity of the Privacy Policy
This Privacy Policy is published on the website of POTCG d.o.o. and shall enter into force on 1st of November 2021.