The company is particularly concerned about the security of your personal information. All personal data transmitted is treated confidentially and is used only for the purpose for which they were transmitted. We handle your personal data with utmost care, keeping in mind the applicable legislation and the highest standards of their treatment. For the security of your personal data, we also provide appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts, in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from unintentional or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data, that has been downloaded, stored or otherwise treated.
2) Personal data collected by the company
If you are only a visitor of our website, we only collect data using cookies. If you are a service user or a subscriber of a service provided by the company, we also collect other personal information that we need, in order to provide the services you have ordered or are using. This personal data is: - Name and surname - Contact email address - Contact phone - IP address - Bidding information according to your demand (your address, tax number).
3) The personal data controller
4) Categories of individuals whose personal data are processed
Any communication intended for children will be appropriate to their age and will in no case exploit children's trust, lack of experience or a sense of loyalty. We will always check orders from someone whom we know, or suspect is a child and doesn't explicit permission from parents or carers.
5) The purpose of processing and the basis for data processing
5.1. Treatment under contract:
In the context of the execution of contractual rights and the fulfillment of contractual obligations, the company processes your personal information for the following purposes: identification of the individual, preparation of the offer, conclusion of the contract, provision of the ordered services, notification of any changes, additional details and instructions for the use of services to solve any technical problems , objections or complaints, billing of services and other purposes necessary for the implementation or conclusion of a contractual relationship between the company and an individual.
When calculating the services, based on tax regulations, we obtain and process your address for the correct issue of the account.
5.2. Treatment under the law:
On the basis of legitimate interest we use your personal information to detect and prevent fraudulent use and misuse of services, further in the context of ensuring the stable and safe operation of our system and services, as well as for the purpose of implementing information security measures, meeting the requirements regarding quality of services and detecting technical system and service failure.
On the basis of legitimate interest, we also use your personal information for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Regulation, in the event of suspected abuses, an enterprise may process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing any fraud or misuse, and may, if appropriate, also forward this information to other providers of such services, business partners, the police , the Public Prosecutor's Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuses or fraud in connection with an individual, including subscriber relationship data and, for example, an IP address, can be kept for another five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent, which you have provided to the company.
The withdrawal or change of consent refers only to data processed on the basis of your consent. Your most recent consent that has been received is valid. The possibility of revoking a consent does not constitute a resignation in the business relationship of the individual with the company.
The data for which your consent is given shall be processed in the absence of cancellation up to two years after the termination of the business relationship with the company.
6) Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals, such as GLS Slovenija, Pošta Slovenije, PayMill, PayPall or MailerLite, as well as our Facebook Messenger bot applications to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors who will enter into a contract for the processing of personal data with the company, or in substance the same agreement or other binding document (hereinafter: the processing contract). For external processors, such data will be transmitted or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, and they need to meet at least all standards for the processing of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities that have a legal basis for this. D.o.o. companies will, for example, responded to the requests of courts, law enforcement and other state authorities, which could also involve the state authorities of another EU Member State.
7) Period of retention of personal data
The data retention period is determined according to the category of individual data. We keep the data for as long as necessary to achieve the purpose for which they were collected or further processed, or until the expiration of the limitation period for fulfillment of the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact details of individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in respect of an individual claim, which may be statutory from one to five years. The accounts are kept for 10 years after the expiration of the year to which the bill relates in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If an individual who has given consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the beginning of the consent or until its cancellation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised if the law does not specify otherwise for the particular type of data.
8) Individuals' rights in relation to the processing of personal data
The exercise of your rights regarding the processing of your personal information is guaranteed without undue delay. We will decide on your request within one month of receiving your request. In case of complexity and a greater number of requirements, the deadline may be extended by up to two additional months. If you extend the deadline, we will notify you of any such extension within one month of receiving the request together with the reasons for the delay.
The requirements regarding the exercise of your rights can be received by e-mail email@example.com or by post to NIL Plus d.o.o., Dvorjanska 15a street, 4207 Cerklje na Gorenjskem.
When submitting an application by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of an individual who submits a claim relating to one of his rights, we may require that we provide additional information necessary to confirm the identity of the data subject.
If the data subject's claims are manifestly unfounded or excessive, especially as they are repeated, the company may:
- Charge a reasonable fee, taking into account the administrative costs of transmitting information or communication or implementing the requested action, or - Refuse to act on the request.
We give you the following rights regarding the processing of your personal information:
(i) the right of access to data (ii) the right of correction (iii) the right to be erased ("right to forget") (iv) the right to restrict processing (v) the right to transfer data (vi) the right to object
(i) the right to access data
You are always entitled to know whether personal data is processed in relation to you and, if so, you are allowed access to your personal information and the following information:
- Processing purposes, - Types of personal data being processed, - Users or categories of users to whom they have been or will be disclosed personal data, - The planned period of retention of personal data or, if this is not possible, the criteria used to determine this period, - The existence of a right to require an administrator to correct or delete personal data or limit the processing of your personal information, or the existence of the right to object to such processing, - The right to file a complaint with the supervisory authority, - When personal data is not collected from you, all available information regarding their source.
(ii) the right of correction
You have the right to correct inaccurate personal information relating to you and taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary declaration.
(iii) the right to be erased ("right to forget")
You have the right to delete, without undue delay, your personal information if one of the following reasons applies:
- When personal data is no longer necessary for the purposes for which they were collected or otherwise processed, - When you revoke the consent on the basis of which the processing takes place, there is no other legal basis for processing, - When you object to the processing of data and there are no overriding legitimate reasons for processing them, - When personal data has been processed unlawfully, - When personal data has to be deleted in order to fulfill a legal obligation in accordance with EU law or Slovenian law.
(iv) the right to restrict processing
You have the right to limit processing of your personal information when one of the following is true: - When you dispute the accuracy of the data, for a period that allows us to verify the accuracy of personal data, - The processing is illegal, and you are opposed to the deletion of personal data and, instead, request a restriction on their use, - We do not need your personal information anymore for processing purposes, but you need them to enforce, enforce, or defend legal claims, - If you have filed an objection regarding processing based on the legitimate interests of the company until it is verified that our legitimate reasons are over your reasons.
When processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent or for the enforcement, enforcement or defense of legal claims or for the protection of the rights of another natural or legal person.
Before canceling the processing limit of your personal information, we are obliged to inform you of this.
(v) the right to data portability
You have the right to receive your personal information, which you have provided us, in a structured, widely used and machine-readable form, and the right to forward this information to another controller without hindering you from doing so when processing is based on your consent and the processing is carried out with automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.
(vi) the right to object
Whenever your data is processed on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless proven necessary processing grounds that prevail over your interests, rights and freedoms, or to enforce, enforce or defend legal claims.
9) The right to file a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data may be sent to the e-mail address firstname.lastname@example.org or by post to NIL Plus doo, Dvorjanska ulica 15a, 4207 Cerklje na Gorenjskem.
In the event that we do not decide on your request within the legal deadline or if we reject your request, you have the possibility to file a complaint with the Information Commissioner.
You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and after receiving the decision, you believe that the personal data you received is not the personal information you requested or that you did not receive all the required personal information, you can file a reasoned complaint before submitting a complaint to the Information Commissioner with the company within 15 days. We need to decide on your complaint as a new request within five business days.
10) Final provisions