Tosla d.o.o., Železna cesta 18, 1000 Ljubljana (hereinafter: “Tosla” or “controller”), is dedicated to responsibly handling the personal data of our clients, potential clients, Tosla website visitors and any natural persons who reveal their personal information when contacting us (hereinafter: “users”), so we are implementing this Personal Data Protection Policy (hereinafter: “Policy”) to inform our users in a transparent, easy to understand way using plain language about the purpose, the legal ground for the processing of their personal data and their rights regarding the processing, as they are afforded to them under the Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia no. 94/2007) and the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “General Data Protection Regulation”).
Terms, such as “controller”, “processing”, “restriction of processing”, “processor”, “profiling”, “pseudonymization”, “third party” and “company”, used in this Policy have the meaning as stipulated in the General Data Protection Regulation.
In accordance with the General Data Protection Regulation, the Policy covers the following areas:
The controller of the users’ personal data is Tosla d.o.o., Železna cesta 18, 1000 Ljubljana. Tosla has designated a data protection officer, who can be reached by e-mail at firstname.lastname@example.org.
Personal data constitutes any information that identifies you as an identified or identifiable natural person. The user is identifiable when they can be directly or indirectly determined, especially using an identifier, such as the name, identification number, location data, an online identifier, or by stating one or more factors specific to the user’s physical, physiological, genetic, mental, economic, cultural or social identity. In accordance with the purposes stated in the following chapters of the Policy, the controller collects the following personal data:
The controller does not collect or process the user’s personal data without their expressed consent, i.e. when ordering products or services, subscribing to e-newsletters, participating in a prize contest, etc., when there is a legal basis for the collection of the personal data, the processing is necessary to execute contractual obligations or when the processing is necessary for legitimate interested pursued by the controller (hereinafter: “legitimate interest”).
Tosla will process your personal data for one of the purposes listed below based on the following legal basis:
Tosla will process your personal data solely for the purposes, for which they were collected and will not process them for purposes that are not compatible with the purposes, for which they were collected. Tosla collects only that personal data from the user that is vital for achieving a set purpose.
In certain cases, processing personal data is vital for the execution of the controller’s contractual obligations. If the user does not provide the necessary personal data, the controller is unable to finalize a contract with the user or perform services.
The controller will process your personal data to perform contractual obligations for the following purposes:
Based on your written consent, Tosla will process your personal data for the following purposes:
Any time you give consent for the processing of your personal data, the consent can be withdrawn at email@example.com.
Your personal data is also processed when required of us by the law. One example of such processing is processing your personal data for the purposes of judicial or administrative processes.
The controller can also process data based on legitimate interest, except when this interest is overruled by interests or basic rights and freedoms of the user to whom the personal data requiring data protection applies. In the case of using legitimate interest, the controller’s judgment always complies with the General Data Protection Regulation.
In certain cases, Tosla can, for further processing of your personal data based on the legitimate interest that was collected based on one of the aforementioned legal basis (consent, contract), implement certain safeguards for the protection of your personal data, such as pseudonymization, encryption, processing in an aggregated form and/or deleting certain categories of personal data.
Tosla will process your personal data based on a legitimate interest for the following purposes:
Your personal data can be accessed solely by Tosla employees and authorized processers of personal data.
Tosla will never forward your personal data to unauthorized third persons.
By using Tosla websites and other services, you agree that Tosla may entrust individual tasks about your personal data to the processers listed below. The listed processers can process your personal data exclusively in the name and in accordance with Tosla’s written instructions, within the limits of the authorization, as stated in the agreement between Tosla and the processor, and in accordance with the purposes as stated in the Policy. The processors of your personal data may under no circumstances use your personal data to pursue any kind of personal interest.
Tosla collaborates with the following processors:
The controller will not process personal data longer than necessary to achieve the purposes for which the personal data was collected and further processed.
The personal data processed by Tosla is processed in compliance with the agreement and is stored by Tosla for the period that is necessary to complete the contract and for 5 years after its completion, except in cases when a disagreement arises about the contract between you and the controller. In that case, Tosla keeps that data for 5 years after the finalized court judgments or arbitration decisions or settlement, or in the case of no litigation, for 5 years after the dispute has been resolved peacefully.
The personal data processed by Tosla based on the law is stored by Tosla for the legally determined duration of time.
The personal data processed by the controller based on your personal consent or legitimate interest are kept by Tosla permanently until you withdraw your consent or submit a request that the processing is terminated. Tosla will delete such data before they are withdrawn only if the purpose of the processing of the personal data has been achieved or if it is determined by the law.
After the storage duration period has elapsed, Tosla will effectively and permanently delete or anonymize your personal data so that it can no longer be traced back to you.
Tosla is dedicated to protecting your personal data. They prevent any unauthorized access to it, their use, and their revelation with the following measures:
Unauthorized access to personal data, their use, and revelation are prevented by Tosla with the following safety technologies and procedures:
In accordance with the General Data Protection Regulation, Tosla guarantees you the following rights relating to personal data protection, which are further elaborated in the following chapters of the Policy:
You have the right to obtain confirmation from Tosla as to whether or not they are processing your personal data, and, where that is the case, you have the right to access your personal data and the following information about personal data processing:
You have the right to obtain from Tosla without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain from Tosla the erasure of personal data concerning you without undue delay and Tosla shall have the obligation to erase your personal data without undue delay where one of the following grounds applies:
Where Tosla has acted in accordance with the Policy and has made your personal data public, Tosla shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user has requested the erasure of any links to, or copy or replication of those personal data.
You have the right to obtain from Tosla the restriction of processing of your personal data where one of the following applies:
You have the right to receive personal data concerning you, provided by Tosla, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from Tosla to which the personal data have been provided, when:
On grounds relating to your particular situation, you have the right to object, at any time to the processing of your personal data, if your objection is based on legitimate interests pursued by Tosla or a third party. Tosla shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If direct marketing is based on consent, the right to object can also be achieved by withdrawing the personal consent.
All the aforementioned claims on exercising rights regarding your personal data can be addressed to the controller at the e-mail address firstname.lastname@example.org or by post to the address Tosla d.o.o., Železna cesta 18, 1000 Ljubljana, Slovenia.
If you submit your claim, in accordance with the previous paragraph, using electronic means, the information, where possible, will be provided to you in electronic means, unless you request otherwise.
The controller can, for the purposes of reliable identification in cases of claiming rights on personal data, request additional information from you that is necessary to confirm your identity, and may decline acting in accordance with this chapter only in the event that they cannot reliably identify you.
The controller will respond to your request exercising your rights regarding your personal data without undue delay in no more than a month after receiving the claim. Tosla can extend the deadline to comply with the rights for no more than two additional months, taking into account the complexity and number of claims. If Tosla extends the deadline, they will inform you about the extension within one month of receiving the claim, including the reasons for the delay.
If your claims regarding this chapter are obviously unfounded or excessive, especially when repetitive, Tosla can:
You can send any potential complaint regarding the processing of your personal data to the e-mail address email@example.com or by post to the address Tosla d.o.o., Železna cesta 18, 1000 Ljubljana, Slovenia.
You have the right to lodge your complaint directly to the Information Commissioner if you believe processing your personal data is infringing on Slovenian State or EU rules on personal data protection.
This Policy enters into force on 25 May 2018 and can be changed or amended at any time.