The purpose of the Personal Data Protection Policy (hereinafter referred to as Policy), is to inform individuals, service users, employees and other persons (hereinafter referred to as individuals) who cooperate with the company Razvojni center Srca Slovenije, d.o.o. (hereinafter: the Organization) about the purposes and legal bases, security measures and the rights of individuals regarding the policy carried out by our organization.
We are aware of the importance of privacy and strive to protect your personal data in accordance with the applicable laws and regulations.
We process your personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (hereinafter: the General Regulation)) and applicable legislation in the field of personal data protection. data (ZVOP-1, Ur. l. RS, no. 94/07)) and other legislation that gives us a legal basis for the processing of personal data.
The policy contains information for individuals on how our organization, as a manager, processes personal data, which are received from individuals on legal bases, as described below.
The manager of personal data is the organization: Razvojni center Srca Slovenije, d.o.o., Kidričeva cesta 1, 1270 Litija, 01 89 62 710, [email protected]
In accordance with Article 37 of the General Regulation, we have appointed the following company as the data protection officer: Mitja Bratun, Razvojni center Srca Slovenije, d.o.o., Kidričeva cesta 1, 1270 Litija, 01 89 62 713, [email protected]
Personal data are any information relating to an identified or identifiable individual (hereinafter: the data subject); an identifiable individual is one who can be identified directly or indirectly, in particular by indicating an identifier such as name, identification number, location data, web identifier, or by indicating one or more specific factors such as physical, physiological, genetic , the mental, economic, cultural or social identity of that individual.
The organization collects and processes your personal data on the following legal bases:
Based on legal provisions, the organization primarily processes data of its employees, which is enabled by labor legislation.
Thus, on the basis of a legal obligation, the organization mainly processes the following types of personal data: name and surname, gender, date of birth, EMŠO / SSN (social securty number) , tax number, place, municipality and country of birth, citizenship and residence for the purpose of employment contract and obligations arising from it.
Legal grounds for processing personal data of individuals are also also written in: the Public Sector Wage System Act, the Civil Servants Act, the Protection against Natural and Other Disasters Act...
On the basis of public interest the processing of personal data is also permissible in the organization but only in limited cases.
If you sign a contract with the organization, it represents the legal basis for the processing of personal data. We may process your personal data for the purpose of concluding and implementing a contract, such as e.g. ticket sales, membership in the association, implementation of trainings, contract for the provision of services, etc.
If the individual does not provide personal data, the organization cannot conclude a contract, nor can the organization perform a service or deliver goods or other products in accordance with the contract, because it does not have the necessary data.
The organization may, on the basis of performing a lawful activities, inform individuals and users at their e-mail address about its services, events, education, offers and other content. An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail to [email protected] or by regular mail.
The exercise of the legal basis of a legitimate interest is otherwise limited to processing by public authorities in the performance of their tasks. However, the organization may also process personal data on the basis of a legitimate interest, which it may pursue to a limited extent.
The latter is not permissible where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject. Where a legitimate interest is exercised, the organization shall always make an assessment in accordance with the General Regulation.
Thus, it can occasionally inform individuals about services, events, trainings, offers and other content via e-mail, telephone calls and regular mail An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail to [email protected] or by regular mail.
If the organization does not have statutory legal basis of the public tasks, or a contractual obligation or a legitimate interest, it may apply for the consent of the individual. Thus, it may also process certain personal data of an individual for the following purposes when the individual gives his or her consent:
If an individual gives consent for the processing of personal data and at some point no longer wishes to do so, he may request the termination of the processing of personal data by requesting an e-mail to [email protected] or by regular mail.
The organization may process the data of the subject to the extent necessary to protect his or her vital interests. Thus, the organization can search for a personal document, check whether that person exists in the database, examine his anamnesis or contact his relatives for which the organization does not need his consent. This applies in cases where this is absolutely necessary to protect the vital interests of the individual.
The organization will retain personal data only for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the organization processes the data in accordance with the law, the organization will keep it for the period it prescribes In doing so, some data is kept for the duration of the collaboration with the organization, and some data needs to be kept permanently.
Personal data processed by the organization on the basis of a contractual relationship with an individual are kept by the organization for the period necessary for the performance of the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the organization. In this case, the organization shall keep the data for 5 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful settlement of the dispute.
Those personal data that the organization processes on the basis of the personal consent of the individual or a legitimate interest will be kept by the organization until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for erasing, the data shall be deleted within 15 days at the latest. The organization may also delete this data before revocation when the purpose of the processing of personal data has been achieved or if so provided by law.
Exceptionally, the organization may reject a request for erasing on grounds set out in the General Regulation, such as: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process data, public interest reasons, public interest archiving purposes, scientific or historical research purposes, or statistical purposes, implementation or defense of legal claims.
After the retention period, the manager effectively or permanently deletes or anonymises the personal data so that they can no longer be linked to a specific individual.
The contractual processors with which the provider cooperates are mainly:
Under no circumstances will the organization provide personal data to unauthorized third parties.
Contractual processors may process personal data only in accordance with the instructions of the organization and may not use personal data for any other purposes.
As a manager and its employees, the organization does not export personal data to third countries (outside the European Economic Area – EU member states and Iceland, Norway and Liechtenstein) and to international organizations, except in the US, with relations with US contract processors on the basis of standard contractual clauses (standard contracts adopted by the European Commission) and / or binding business rules (adopted by the organization and approved by the EU supervisory authorities).“
The organization takes care of information and infrastructure security (premises and application system software). Our information system is protected by, among other things, antivirus programs and a firewall. We have put in place appropriate organizational and technical security measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In the case of the transmission of special types of personal data, we provide them in encrypted form and protected by a password.
You are solely responsible for providing us with your personal data sefely and that the information provided is accurate and credible. We will do our best to keep your personal data accurate and, if necessary, updated, and we may contact you from time to time to confirm the accuracy of it.
According to the General Regulation, an individual has the following rights:
If you wish to exercise any of the aforementioned rights, send a request by e-mail to [email protected] or by regular mail to the address of the organization.
Access to your personal data and asserted rights is free of charge. However, we may charge a reasonable fee if the data subject’s request is manifestly unfounded or excessive, especially if its repeated. In this case, we can also reject the request.
In case of exercising these rights we will need to obtain certain information to help us to verify your identity, which is only a security measure to ensure that personal information is not disclosed to unauthorized parties.
In exercising the rights under this title you can also use a form of the Information Commissioner, which is available on their website.
Website is available here.
In case that you believe that your rights have been violated, you can contact the supervision authority or Information Commissioner. Website is available here.
If you have any questions regarding the processing of your personal data, you can always contact us.
Any changes in personal data protection policy will be posted on our website. By using the website, the individual confirms that he / she accepts and agrees with the entire content of this personal data protection policy.
The personal data protection policy was adopted by the responsible person of the organization on January 1, 2022.