Namen PRAVI UM politike zasebnosti je seznanitev obiskovalcev spletnega mesta www.tobiar.com z nameni in podlago obdelave osebnih podatkov s strani podjetja Pravi um, proizvodnja lesnih in drugih izdelkov, d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenija e-naslov: info@tobiar.com

(v nadaljevanju: PRAVI UM, mi ali upravljavec).

Vse naše aktivnosti so v skladu z evropsko zakonodajo (Uredbo (EU) 2016/697 o varstvu posameznikov pri obdelavi osebnih podatkov in o pretoku takih podatkov (v nadaljevanju: Uredba GDPR), konvencijami Sveta Evrope in nacionalno zakonodajo Republike Slovenije (Zakonom o varstvu osebnih podatkov (ZVOP-1), Zakonom o elektronskem poslovanju na trgu (ZEPT) itd.).

Podrobno preberite našo Politiko zasebnosti, da boste razumeli, kako varujemo vaše osebne podatke.

S posredovanjem vaših osebnih podatkov navajate, da ste prebrali Politiko zasebnosti in se zavedate načinov obdelave ter pravnih podlag obdelave osebnih podatkov. Če ne soglašate z načini obdelave vas prosimo, da nam ne posredujete vaših osebnih podatkov.

 

OSNOVNI POJMI

V nadaljevanju je seznam osnovnih pojmov, ki jih najdete v Politiki zasebnosti.

Osebni podatek: osebni podatek je informacija, ki posameznika identificira kot določenega ali določljivega posameznika. Posameznik je določljiv takrat, ko ga je mogoče neposredno ali posredno določiti, zlasti z navedbo identifikatorja, kot je ime, identifikacijska številka, podatki o lokaciji, spletni identifikator, ali z navedbo enega ali več dejavnikov, ki so značilni za posameznikovo fizično, fiziološko, genetsko, duševno, gospodarsko, kulturno ali družbeno identiteto. 

Obdelava osebnih podatkov: pomeni kakršno koli delovanje ali niz delovanj, ki se izvaja v zvezi z osebnimi podatki, zlasti pa zbiranje, pridobivanje, vpis, urejanje, shranjevanje, prilagajanje ali spreminjanje, vpogled, uporaba, razkritje s prenosom, sporočanje, širjenje ali drugo dajanje na razpolago, razvrstitev ali povezovanje, blokiranje, anonimiziranje, izbris ali uničenje osebnih podatkov. Obdelava je lahko ročna ali avtomatizirana.

Upravljavec osebnih podatkov: je fizična ali pravna oseba ali druga oseba javnega ali zasebnega sektorja, ki sama ali skupaj z drugimi določa namene in sredstva obdelave podatkov oziroma oseba, določena z zakonom, ki določa tudi namene in sredstva obdelave.

Oblikovanje profilov: pomeni vsako obliko avtomatizirane obdelave osebnih podatkov, ki vključuje uporabo osebnih podatkov za ocenjevanje nekaterih osebnih vidikov v zvezi s posameznikom

Anonimiziranje: je takšna sprememba oblike osebnih podatkov, da jih ni več mogoče povezati s posameznikom ali je to mogoče le z nesorazmerno velikimi napori, stroški ali porabo časa.

Privolitev posameznika: privolitev posameznika, na katerega se nanašajo osebni podatki, pomeni vsako prostovoljno, informirano in nedvoumno izjavo volje posameznika, na katerega se nanašajo osebni podatki, s katero z izjavo ali jasnim pritrdilnim dejanjem izrazi soglasje z obdelavo osebnih podatkov, ki se nanašajo nanj.

 

UPRAVLJAVEC IN POOBLAŠČENA OSEBA ZA VARSTVO OSEBNIH PODATKOV

Upravljalec osebnih podatkov je podjetje Pravi um, proizvodnja lesnih in drugih izdelkov, d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenija (PRAVI UM). V podjetju PRAVI UM je imenovana pooblaščena oseba za varstvo podatkov, ki je dosegljiva na elektronskem naslovu info@tobiar.com.

 

NAMEN OBDELAVE IN PODLAGE ZA OBDELAVO PODATKOV

Osebne podatke obdelujemo na podlagi jasnega in nedvoumnega soglasja zadevnih posameznikov za naslednje namene:

  •  obdelavo naročil
  • obveščanje o novicah in ekskluzivnih ponudbah

Obdelava na podlagi pogodbe in namen obdelave:

  • sklenitev in izvajanje pogodbe
  • obveščanje strank o uspešnem naročilu 
  • za izvedbo storitev
  • za reševanje reklamacij
  • hranjenje podatkov o nakupu v skladu z veljavno zakonodajo

 

PODATKI, KI JIH ZBIRAMO

Zbiranje podatkov poteka na naslednje načine:

  • neosebni podatki: podatke o napravi ali druge dnevniške (angl. log) podatke upravljavec pridobiva avtomatično, ko posameznik uporablja storitve;
  • osebni podatki: podatke upravljavec pridobiva, če jih posameznik izrecno sporoči.

Za potrebe poslovanja PRAVI UM zbira naslednje osebne podatke:

  • e-mail naslov
  • telefonsko številko
  • ime in priimek
  • naslov za dostavo
  • številko stanovanja, apartma

Za točnost podatkov, ki jih vnesete, ne odgovarjamo. 

Posredovanje osebnih podatkov ni pogoj za uporabo naših storitev. Neosebni podatki se beležijo avtomatično. Te informacije uporabljamo za merjenje privlačnosti strani in izboljševanje vsebin in uporabnosti. Brez vašega izrecnega dovoljenja ne bomo pod nobenim pogojem posredovali vaših osebnih podatkov tretji osebi oziroma ne bomo omogočili tretji osebi, da vpogleda v vaše osebne podatke, razen če bi to od nas zahtevale državne oblasti in je taka obveznost določena v zakonu. Do trenutka, ko nam zaupate osebe podatke (kot so npr. ime in priimek, naslov elektronske pošte in drugo), so vsi podatki, ki jih avtomatično pridobivamo, ko uporabljate naše storitve, anonimni podatki in ne moremo ugotoviti in tudi ne ugotavljamo identitete posameznika.

 

POSREDOVANJE OSEBNIH PODATKOV TRETJIM OSEBAM ALI V TRETJE DRŽAVE

Zbranih osebnih podatkov ne posredujemo tretjim osebam ali v tretje države. Vaši podatki se obdelujejo le na območju znotraj Evropske unije.

 

PRIVOLITEV MLADOLETNE OSEBE 

Mladoletne osebe do 16 let ne bi smele posredovati kakršnih koli osebnih podatkov brez dovoljenja (privolitve ali avtorizacije) nosilca starševske odgovornosti (enega od staršev ali skrbnikov). Namerno ne bomo zbirali osebnih podatkov oseb, za katere vemo, da so mlajše od 16 let, ali jih kakor koli uporabljali ali jih razkrivali tretji nepooblaščeni osebi brez dovoljenja nosilca starševske odgovornosti za otroka.

Uporabljamo vso razpoložljivo tehnologijo ter si prizadevamo preverjati, ali je nosilec starševske odgovornosti za otroka dal ali odobril privolitev.

 

AVTOMATIZIRANO SPREJEMANJE ODLOČITEV IN PROFILIRANJE 

Posameznikovi osebni podatki niso predmet avtomatiziranega sprejemanja odločitev, prav tako niso predmet oblikovanja profilov.

 

POSAMEZNIKOVE PRAVICE

V skladu z določili GDPR ima posameznik pravico do dostopa do osebnih podatkov, pravico do popravka, pravico do izbrisa (»pozabe«), pravico do prenosljivosti, pravico zahtevati omejitev obdelave osebnih podatkov, pravico do ugovora ter pravico do vložitve pritožbe pri nadzornem organu. 

Pri uveljavljanju posameznikovih pravic ali pri pridobivanju dodatnih informacij se lahko obrnete na našo pooblaščeno osebo za varstvo podatkov, ki vam je na voljo na e-naslovu: info@tobiar.com. Vašo vlogo bo obravnavala pooblaščena oseba  in v roku 10 dni nanjo odgovorila v skladu z GDPR.

Kadar obstaja upravičen dvom v zvezi z identiteto posameznika, ki predloži zahtevo v zvezi s kakšno od njegovih pravic, lahko zahtevamo zagotovitev dodatnih informacij, ki so potrebne za potrditev identitete posameznika, na katerega se nanašajo osebni podatki.

Če so zahteve posameznika, na katerega se nanašajo osebni podatki očitno neutemeljene ali pretirane, zlasti ker se ponavljajo, lahko zaračunamo razumno pristojbino, pri čemer upoštevamo administrativne stroške posredovanja informacij ali sporočila ali izvajanja zahtevanega ukrepa, ali zavrnemo ukrepanje v zvezi z zahtevo.

Na podlagi zahteve posameznika zagotovimo kopijo njegovih osebnih podatkov, ki jih obdelujemo. Za dodatne kopije podatkov, ki jih zahteva posameznik, na katerega se nanašajo osebni podatki, lahko zaračunamo razumno pristojbino ob upoštevanju administrativnih stroškov.

 

PRAVICA DO DOSTOPA DO PODATKOV

Posameznik, na katerega se nanašajo osebni podatki, ima pravico pridobiti našo potrditev, ali se v zvezi z njim obdelujejo osebni podatki, in kadar je temu tako, dostop do osebnih podatkov in dodatnih informacij v zvezi z obdelavo osebnih podatkov ter pravico kadarkoli pridobiti kopijo  potrditve.

 

PRAVICA DO POPRAVKA

Posameznik, na katerega se nanašajo osebni podatki, ima pravico, da  brez nepotrebnega odlašanja popravimo netočne osebne podatke v zvezi z njim. Posameznik, na katerega se nanašajo osebni podatki, ima ob upoštevanju namenov obdelave pravico do dopolnitve nepopolnih osebnih podatkov, vključno s predložitvijo dopolnilne izjave.

 

PRAVICA DO IZBRISA (»pozabe«)

Posameznik, na katerega se nanašajo osebni podatki, ima pravico doseči, da brez nepotrebnega odlašanja izbrišemo osebne podatke v zvezi z njim:

  • kadar osebni podatki niso več potrebni za namene, za katere so bili zbrani ali kako drugače obdelani;
  • kadar posameznik prekliče privolitev, ki je podlaga za obdelavo podatkov, pa za obdelavo ne obstaja nobena druga pravna podlaga;
  • kadar posameznik ugovarja obdelavi na podlagi zakonitega interesa upravljavca, za njihovo obdelavo pa ne obstajajo nobeni prevladujoči zakoniti razlogi;
  • kadar posameznik ugovarja obdelavi za potrebe neposrednega trženja;
  • kadar je osebne podatke treba izbrisati za izpolnitev pravne obveznosti v skladu s pravom EU ali slovenskim pravnim redom; kadar gre za podatke, v zvezi s ponujanjem storitev informacijske družbe, nepravilno zbrane od otroka, ki skladno z veljavno zakonodajo takšnih podatkov ne more dati.

V primeru imeniške ali drugače objavljenih podatkov, smo sprejeli razumne ukrepe, vključno s tehničnimi, da upravljavce, ki obdelujejo osebne podatke, obvestimo, da posameznik, na katerega se nanašajo osebni podatki, od njih zahteva, naj izbrišejo morebitne povezave do teh osebnih podatkov ali njihove kopije.

 

PRAVICA DO OMEJITVE OBDELAVE

Posameznik, na katerega se nanašajo osebni podatki, ima pravico doseči, da podjetje omejimo obdelavo, kadar:

  • posameznik oporeka točnosti podatkov, in sicer za obdobje, ki upravljavcu omogoča preveriti točnost osebnih podatkov;
  • je obdelava nezakonita in posameznik nasprotuje izbrisu osebnih podatkov ter namesto tega zahteva omejitev njihove uporabe;
  • upravljavec osebnih podatkov ne potrebuje več za namene obdelave, temveč jih posameznik, na katerega se nanašajo osebni podatki, potrebuje za uveljavljanje, izvajanje ali obrambo pravnih zahtevkov 
  • je posameznik vložil ugovor v zvezi z obdelavo, dokler se ne preveri, ali zakoniti razlogi upravljavca prevladajo nad razlogi posameznika, na katerega se nanašajo osebni podatki.

 

PRAVICA DO PRENOSLJIVOSTI PODATKOV

Posameznik, na katerega se nanašajo osebni podatki, ima pravico, da prejme osebne podatke v zvezi z njim v strukturirani, splošno uporabljani in strojno berljivi obliki, in pravico, da te podatke posreduje drugemu upravljavcu, kadar:

  • obdelava temelji na privolitvi posameznika ali pogodbi ali se obdelava izvaja z avtomatiziranimi sredstvi.

 

PRAVICA DO UGOVORA

Posameznik, na katerega se nanašajo osebni podatki, ima na podlagi razlogov, povezanih z njegovim posebnim položajem, pravico, da kadar koli ugovarja obdelavi osebnih podatkov, če ta temelji na zakonitih interesih, za katere si prizadevamo mi, ali tretja oseba. Osebne podatke prenehamo obdelovati, razen če dokažemo nujne razloge za obdelavo, ki prevladajo nad interesi, pravicami in svoboščinami posameznika, na katerega se nanašajo osebni podatki, ali za uveljavljanje, izvajanje ali obrambo pravnih zahtevkov. Kadar se osebni podatki obdelujejo za namene neposrednega trženja, ima posameznik pravico, da kadar koli ugovarja obdelavi osebnih podatkov v zvezi z njim za namene takega trženja, vključno s profiliranjem, kolikor je povezano s takim neposrednim trženjem. Kolikor neposredno trženje temelji na privolitvi, se pravica do ugovora lahko izvede s preklicem dane osebne privolitve.

 

PRAVICA DO VLOŽITVE PRITOŽBE V ZVEZI Z OBDELOVANJEM OSEBNIH PODATKOV

Posameznik lahko morebitno pritožbo, v zvezi z obdelovanjem osebnih podatkov, sporoči na elektronski naslov info@tobiar.com oziroma po pošti na naslov Pravi um, proizvodnja lesnih in drugih izdelkov, d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenija

V primeru kršitve osebnih podatkov bomo o tem obvestili pristojni nadzorni organ, razen kadar je verjetno, da s kršitvijo niso bile ogrožene pravice in svoboščine posameznikov. Kadar ob kršitvi obstaja sum, da je bilo storjeno kaznivo dejanje, bomo o tem obvestili policijo in/ali pristojno tožilstvo.

V primeru, da gre za kršitev, ki lahko povzroči veliko tveganje za pravice in svoboščine posameznikov, bomo o kršitvi nemudoma oz. kadar to ni mogoče, brez nepotrebnega odlašanja, obvestili posameznike, na katerega se osebni podatki nanašajo. 

Če je posameznik pri podjetju uveljavljal pravico do dostopa do podatkov in po prejeti odločitvi podjetja meni, da osebni podatki, ki jih je prejel, niso osebni podatki, ki jih je zahteval, ali da ni prejel vseh zahtevanih osebnih podatkov, lahko pred vložitvijo pritožbe Informacijskemu pooblaščencu vloži obrazloženo pritožbo pri upravljavcu v roku 15 dni. O pritožbi bomo odločili kot o novi zahtevi v petih delovnih dneh.

Če posameznik meni, da so kršene njegove pravice ali predpisi o varstvu osebnih podatkov se lahko pritoži pristojnemu državnemu organu: Informacijski pooblaščenec Republike Slovenije (Zaloška 59, 1000 Ljubljana, telefon: 01 230 97 30, faks: 01 230 97 78, e-pošta: gp.ip@ip-rs.si).

 

ČAS HRAMBE OSEBNIH PODATKOV

Posameznikove osebne podatke bomo hranili toliko časa, kolikor je to potrebno za uresničitev namena, za katerega so bili osebni podatki zbrani in nadalje obdelovani. 

Rok hrambe osebnih podatkov se lahko razlikuje glede na veljavno sektorsko zakonodajo (npr. zakonodaja s področja davkov, računovodstva). V primeru, ko veljavna sektorska zakonodaja določa obvezne roke za hrambo osebnih podatkov, bomo osebne podatke izbrisali po poteku z zakonom predpisanega roka.

 

PIŠKOTKI

Več o piškotkih si lahko preberete na tej povezavi:  https://tobiar.com/pages/piskotki.

 

VARNOST

Prizadevamo si za zagotavljanje varnosti osebnih podatkov. Vaši osebni podatki so ves čas zaščiteni pred izgubo, uničenjem, ponarejanjem, manipuliranjem in neavtoriziranim dostopom ali neavtoriziranim odkritjem. Uporabljamo ustrezno stopnjo zaščite in imamo vzpostavljene razumne fizične, elektronske in administrativne ukrepe, s katerimi varujemo zbrane osebne  podatke. 

Ob plačilu boste morda preusmerjeni na drugo spletno stran, ki bo od vas zahtevala plačilno kartico ali druge osebne podatke. Druga podjetja imajo svoje pravilnike glede zasebnosti in osebnih podatkov. Za te pravilnike ne prevzemamo nobene odgovornosti.

Kljub prizadevanju za zagotovitev varnosti lahko pride do vdora v upravljavčev sistem. V primeru da pride do spremenjenih, razkritih ali uničenih podatkov posameznika, bo upravljavec o slednjem obvestil posameznika preko e-pošte.

 

SPREMEMBE POLITIKE ZASEBNOSTI

Najnovejšo različico Politiko zasebnosti lahko preverite na naši spletni strani.

Pridržujemo si pravico, da po lastni presoji posodobimo, spremenimo ali zamenjamo katerikoli del Politike zasebnosti, z objavo posodobitve ali spremembe na spletni strani brez predhodnega obvestila. Kakršnakoli sprememba velja od dneva javne objave spremenjene Politike zasebnosti na  naši spletni strani.

 

ENGLISH

 

The purpose of the Privacy Policy is to inform visitors of the website located at www.tobiar.com  (‘’Site’’), ) and individuals (hereinafter ‘’you’’, ‘’individual’’ and ‘’data subject’’) who fulfill one of the form on our website with the purposes and basis of the processing of your personal data by Pravi um, proizvodnja lesnih in drugih izdelkov, d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenija e-mail: (hereinafter also “PRAVI UM”, ‘’us’’, ‘’we’’, ‘’our’’)

All our activities are in accordance with the European legislation (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR), Conventions of the Council of Europe (and national legislation of the Republic of Slovenia (Zakonom o varstvu osebnih podatkov (ZVOP-1), Zakonom o elektronskem poslovanju na trgu (ZEPT) etc.).

The Privacy Policy explains our practices for handling personal data on- and off-line. If you provide us with personal data, we will treat it as outlined in the Privacy.

For you to use our Products and Services, you have to agree to our Privacy Policy. If you don’t agree with our Privacy Policy, we kindly ask you not to use our Products and Services.

 

DEFINITIONS

Our protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to begin by explaining the terminology used.

 

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

NAME AND ADRESS OF THE CONTROLLER 

The controller of the personal data gather on our website is company PRAVI UM d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenia. Authorized Data Protection Officer can be reach at e-mail: info@tobiar.com



LAWFUL BASIS FOR PROCESSING AND PURPOSES FOR THE PERSONAL DATA PROCESSING  

On the basis of explicit individual’s voluntary consent, we process personal data for below stated reasons:

  • for processing of individual’s order 
  • for notifying individuals about news and special offers

 

We process personal data on the basis of contract when it’s necessary for below stated reasons:

  • concluding and implementing of the contract
  • informing individuals about successful orders
  • providing our Service
  • resolving complaints
  • retention of personal data regarding the purchase in accordance with applicable law

 

WHAT TYPES OF INFORMATION DO WE COLLECT? 

We collect your information through our sites in several ways. 

Traffic information is erased or made anonymous when it’s no longer needed for the purpose of transmission or, in the case of payable services, up to the end of the period during which the bill may lawfully be challenged or payment pursued.

Beside traffic information mentioned above, we may collect two types of information: “personal data” and “aggregate information”.

We ask for and collect the following personal data:

  • e-mail
  • telephone number
  • name and surname
  • delivery address
  • number of the apartment

We are not responsible for the data precision entered by individuals.

Giving us your personal data is not a condition for using our Services. Non-personal information is stored automatically. We use it to measure usage of our Site and to improve content and usage. We shall not share nor give access to the third person to individual’s personal data without individual’s consent, unless it is required by the state authorities and if such obligation is required by law. Until individual entrusts us their personal data (such as: name in last name, email, etc.), all the data, which we gain automatically when you use our, is anonymous and the we cannot identify the individual.



WILL WE SELL OR GIVE YOUR PERSONAL DATA TO THIRD PARTIES OR THIRD COUNTRIES? 

We are not in the business of selling your personal data. Your personal data is only processed in EU.

We do not transmit your personal data to third countries. In case your personal data will be transmitted to other third countries we will notify you.

 

CHILDREN DATA

We are committed to protecting the online privacy of children and making the internet safe. We do not provide Products and Services to children, or knowingly collect or solicit personal data from children under 16 years of age. Any communication we get that is identified as being from a child under 16 will not be kept by us. We encourage parents or guardians of children under 16 to regularly check and monitor their children’s use of email and other activities online.

We use all available technology and we try to verify that parents or guardians of the children under 16 have given consent.

 

AUTOMATED DECISION MAKING AND PROFILING 

We do not process personal data for automated decision making and profiling. 

 

YOUR RIGHTS AS THE DATA SUBJECT 

In relation to your personal data that we process, you have the right:

  • To obtain confirmation whether we process your personal data;
  • To access personal data referring to you;
  • To rectification
  • To erasure (right to be forgotten)
  • Of restriction of processing 
  • To data portability
  • To object
  • To state that the decision based solely on the automated processing of your personal data, including the creating of profiles, that has legal effects relating to you or significantly affects you in a similar way, does not apply to you,
  • To withdraw data protection consent

For all stated rights, you may, at any time, contact our authorized Data Protection Officer at e-mail _____. We shall respond to your request in 10 working days in accordance with GDPR.

If a reasonable doubt regarding the identity of data subject making a request regarding his rights exist, we may require additional information necessary for confirmation of the identity of data subject.

If data subject’s request is manifestly unfounded or excessive, especially if the requests are repeated, we may charge a reasonable fee, taking into account the administrative costs of transmitting the personal data or the action of refusing the request. 

First copy of your personal data in electronic or hard is free of charge, but you will be charged for each additional copy with a fee to cover the administrative cost of preparing the copy. 

Right of confirmation and access

You have the right to obtain from us the confirmation as to whether or not personal data concerning to you is being processed. If it is, you have the right to obtain from us free information about your personal data stored at any time and a copy of this information.

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement

Right to erasure (Right to be forgotten)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary: 

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • When you withdraw consent and where there is no other legal ground for the processing.
  • You lodge an objection to the processing and there are no legitimate grounds for processing. 
  • The personal data have been unlawfully processed.
  • The personal data are those collected from children as part of information society services.

Insofar as we made personal data public and we are required to delete them, we will  take into account all available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

Right of restriction of processing

Each data subject shall have to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data. 
  • The processing is unlawful and you oppose the erasure of the personal data and you demand instead the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but you require them to assert, exercise or to defend legal claims.
  • You have objected to processing and it has not yet been determined whether the legitimate grounds of the controller override yours.

Right to data portability

You have the to receive the personal data concerning you, which was provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent or contract and the processing is carried out by automated means.

Furthermore, in exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, if the task is carried out in public interest, if the processing if for the exercise of official authority vested in us or for our legitimate interest (or those of a third party). This also applies to profiling based on these provisions. PRAVI UM shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If PRAVI UM processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to PRAVI UM to the processing for direct marketing purposes, PRAVI UM will no longer process the personal data for these purposes.

Right to appeal

Individual may file potential complait regarding personal data protection at email: or by regular post at Pravi um, proizvodnja lesnih in drugih izdelkov, d.o.o., Ob železnici 27, 1420 Trbovlje, Slovenia. 

If the event of breach of security occurs, we shall inform the competent supervisory authority, unless if it did not endanger the rights and freedoms of individuals. When there is a suspicious doubt that a crime was committed, we will inform the police and/or prosecutor’s office.

If an individual has exercised right to access and after our decision individual believes, that received personal data is not personal data that individual demanded, or that individual did not receive all the requested data, the individual can file, before filing complaint to the Information Commissioner, a reasoned complaint to PRAVI UM within 15 days. We must provide a decision about this complaint as if it were a new request within five business days. 

If individual believes that its rights or law regulations on personal data protection have been violated, individual may complain to the competent state authority: Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, e-mail: gp.ip@ip-rs.si).

 

WHAT HAPPENS IF A BREACH OF SECURITY OCCURS AND YOUR PERSONAL DATA IS TAKEN?

While we strive to protect your personal data, we cannot guarantee its absolute security. Despite our efforts, there remains the possibility that information may be accessed, altered, disclosed, or destroyed due to a security breach. In the unlikely event of a breach of security, and we have a way and (if required) your permission to do so, we will notify you by email if your personal data was involved in any way. We are not responsible for the functionality, privacy, or security measures of any other organization.

 

DATA RETENTION 

We store your information for as long as it, in our discretion, remains relevant to its purpose. 

Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration.



COOKIES

You can read more about cookies on following link: ______

 

HOW DO WE PROTECT YOUR PERSONAL DATA?

We appreciate your trust in sharing your personal data with us and are committed to protecting it. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures as well as physical security measures. We restrict access to personal data to our employees, service providers and agents who need to know that information in order to operate, develop or improve our Services. We use secure socket layer (SSL) technology to encrypt and protect your personal data.

We are not responsible for the functionality, privacy or security measures of any other organization.

 

CHANGE OF PRIVACY POLICY 

We keep our Privacy Policy under regular review and we may change it from time to time. 

This Privacy Policy was last updated on 4.5.2020.