In the company Vizualis, d.o.o. we are aware of the importance of privacy protection, so all employees who process and use personal data in their work are familiar with the provisions of General Regulation 679/2016 on the protection of personal data (hereinafter: GDPR), applicable national regulations and guidelines. competent institutions for the protection of personal data in the field of our work.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“special categories of personal data” means data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data, data relating to the health, social status and protection of the individual’s sexual life or sexual orientation;
“processing” means any act or series of acts carried out in relation to personal data or sets of personal data, with or without automated means, such as the collection, recording, editing, structuring, storage, adaptation or modification, retrieval, inspection , use, disclosure through mediation, dissemination or otherwise making available, adapting or combining, restricting, deleting or destroying;
“restriction of processing” means the marking of stored personal data in order to limit their processing in the future;
“filing system” means any structured set of personal data which is accessible according to specific criteria, and the set may be centralized, decentralized or dispersed on a functional or geographical basis;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing
“third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“consent of the data subject“ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
“enterprise” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity
“supervisory authoritiy” means an independent public body, in Slovenia it is the Informacijski pooblaščenec (hereinafter IP);
PRINCIPLES WE RESPECT IN THE PROCESSING OF PERSONAL DATA
The principle of legality, fairness and transparency means that data is processed lawfully, fairly and transparently and in relation to the data subject.
The purpose limitation principle means that personal data of an individual are collected for specific, explicit and lawful purposes and are not further processed for a purpose incompatible with that purpose, except for archiving in the public interest, for scientific research, historical research purposes or statistical purposes.
The principle of minimum data means that personal data are relevant and limited to the reason for which they are collected, ie for the purpose for which they are processed.
The principle of accuracy means that the personal data collected is accurate and, where necessary, updated. Appropriate measures must be taken to ensure that inaccurate personal data are erased or corrected at any time, taking into account the purposes for which they are processed.
The principle of storage limitation means that personal data are stored in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which the data are processed. For a longer period, only personal data of individuals may be stored when it comes to archiving in the public interest, for scientific research, historical research or statistical purposes.
The principle of integrity and confidentiality means that personal data are processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by appropriate organizational and technical measures.
The principle of responsibility means that the controller of personal data is responsible for the processing of personal data in accordance with the mentioned principles and is able to prove this at any time.
CONTROLLER OF PERSONAL DATA
We handle your personal data carefully and we have appropriate technical and organizational measures in place to protect personal data.
PERSONAL DATA PROCESSORS
TYPES OF PERSONAL DATA AND PURPOSE OF PROCESSING
We collect different types of personal data, and the exact type depends on the type of contractual or other cooperation with you. The purpose of the processing of your personal data also depends on the type of contractual cooperation.
TRANSMISSION OF DATA TO THIRD PARTIES
We provide personal data to third parties only in the case of:
- that we are required to do so by law or
- on behalf of your consent.
STORAGE OF PERSONAL DATA
SSL OR TLS ENCRYPTION
RIGHTS OF THE INDIVIDUAL TO WHOM PERSONAL DATA RELATE
- access to data,
- data correction,
- erasure (“right to be forgotten”),
- processing restrictions,
- data portability,
- The data subject has the right to request the controller to provide him or her with an explanation of whether any personal data are being processed in relation to him or her. When the data of this individual are processed, the controller is obliged to provide the individual with access to personal data and inform the individual about the purpose of personal data processing, the types of data concerned, users to whom the data are or will be disclosed, the envisaged retention period or criteria. on the basis of which the period of retention of personal data is determined, on the individual’s right to request correction, deletion or restriction of the processing or objection to such processing. He must also inform the individual that he has the right to appeal to the supervisory authority and all other available information on the source of the collection of his personal data when they are not collected from the individual.
- The data subject has the right at any time to request that the controller, without undue delay, correct inaccurate data concerning him or request the completion of incomplete data, including the submission of a supplementary statement.
- Where one of the following conditions is met:
- the personal data of the individual are no longer necessary for the purposes for which they were collected or otherwise processed,
- the data subject revokes the given consent or consent to the collection and processing of his personal data and there is no other legal basis for the collection of personal data,
- the individual objects to the processing of personal data and there are no overriding legitimate reasons for their processing,
- personal data have been processed unlawfully,
- personal data have been collected in connection with the provision of information society services,
the individual has the right to have the personal data deleted by the controller deleted without undue delay.
That right of the data subject shall not apply where the processing of personal data is necessary in order to guarantee the right to freedom of expression and information, to fulfil a legal obligation to process under European Union or national law or to perform public tasks in public. interest or when it comes to the exercise of public authority conferred on the controller, for reasons of public interest in the field of public health and for the purpose of archiving in the public interest, scientific research, historical research or statistical purposes or when asserting, implementing or defending legal claims.
- The individual has the right to request the controller to restrict the processing of his personal data. A processing restriction may be applied where:
- the data subject disputes the accuracy of the data, for a period which allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests that their use be restricted;
- the controller no longer needs the personal data for the purposes of processing, but the data subject needs them in order to assert, implement or defend legal claims;
- the data subject has lodged an objection to the processing until it has been verified that the controller’s legitimate reasons outweigh the data subject’s reasons.
- The data subject shall have the right to receive personal data concerning him which have been transmitted to the controller and the right to transfer such data to another controller without being transferred by the controller to whom the personal data have been transferred. provided, hindering this.
- The data subject has the right to object at any time to the processing of personal data concerning him or her.
OBLIGATIONS OF THE CONTROLLER
Vizualis, d.o.o. decide on your request without undue delay and at the latest within one month of receiving the request. In the case of a more complex matter or in the case of a larger number of requests, this period may be extended by a maximum of two additional months, of which we shall notify you no later than one month after receipt of the request, together with reasons for delay and legal advice.
Vizualis, d.o.o. it may decide on your application in the form of a written notice, which must include an explanation of the reasons for the manager’s decision and information on the right to appeal in accordance with national rules.
Vizualis, d.o.o. bears the burden of proving the accuracy and up-to-datedness of personal data and the lawfulness of the processing of personal data, provided that the personal data have not been obtained solely on the basis of the data subject’s data.
If your request is incomplete or incomprehensible, it should not be rejected for that reason alone. Vizualis, d.o.o. it must, within five working days, request that the deficiencies be rectified and state that the applicant complete the request within three working days.
If the deficiencies are remedied within the time limit, the application shall be deemed to have been filed when the request to remedy the deficiencies was made. If the deficiencies are not remedied within this period, Vizualis, d.o.o. reject the request by decision. An appeal is allowed against this decision.
When we reject your request, you can contact Vizualis, d.o.o. file a reasoned appeal within 15 days of receipt of the notification or decision of Vizualis, d.o.o.
Vizualis, d.o.o. from the receipt of your request to the grant or in case of rejection of your request until the final conclusion, it may not destroy, change or dispose of the requested personal data regardless of the expiration of prescribed or internally determined retention periods of personal data.
DATA PROTECTION AUTHORIZED PERSON
For any questions related to the processing of your personal data or to exercise your rights in relation to personal data, you can contact our Data Protection Officer, Omnimodo, d.o.o., phone: +386 (0)1 23 223 47, e-mail: email@example.com.
If you believe that your rights to personal data protection have been violated in any way, or that we have not decided on your request within a certain period of time, you can complain to the supervisory body: Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, Slovenia.
Date: 1st January 2021