Privacy statement

Privacy statement

Personal data protection policy

The purpose of the personal data protection policy is to inform individuals, service users, employees and other persons (hereinafter: the individual) who cooperate with the company Tehnosol d.o.o. (hereinafter: the organization) on the purposes and legal bases, security measures and rights of individuals regarding the processing of personal data carried out by our organization.

We value your privacy, so we always protect your information carefully.
We process your personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (aka GDPR, hereinafter: the General Regulation)) and applicable legislation in the field of personal data protection. data (ZVOP-1, Ur. l. RS, no. 94/07) and other legislation that gives us a legal basis for the processing of personal data.

The personal data protection policy contains information for individuals on how our organization, as a controller, processes personal data received from an individual in line with the legal bases described below.

The manager
The controller of personal data is the organization:
Tehnosol d.o.o.
Zgornje Pirniče 45a, 1215 Medvode
E-mail: info@tehnosol.si
Phone + 386 (0) 1 3623023

Authorized person
The authorized person for the protection of personal data in the organization is the procurator Andrej Dovič, available at the email address

Personal data
Personal data means any information relating to an identified or identifiable individual (hereinafter: the data subject); an identifiable individual is one who can be identified directly or indirectly, in particular by indicating an identifier such as name, identification number, location data, web identifier, or by indicating one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

Purposes of processing and bases for data processing
The organization collects and processes your personal data on the following legal bases:

• processing is necessary to fulfil the legal obligations applicable to the controller;
• processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller;
• processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of measures at the request of such an individual before the conclusion of the contract;
• the processing is necessary for the legitimate interests pursued by the controller or a third party;
• the data subject has consented to the processing of his or her personal data for one or more specific purposes;
• processing is necessary to protect the vital interests of the data subject or other natural persons.

Fulfilment of a legal obligation or performance of a task in the public interest
Based on the provisions in the law, the organization primarily processes data on its employees, which is enabled by labour legislation. Thus, on the basis of a legal obligation, the organization processes the following types of personal data: name and surname, gender, date of birth, EMŠO, tax number, place, municipality and country of birth, citizenship, residence for the implementation of the employment contract and obligations under this title.

The legal basis for the processing of personal data of individuals also includes the Act on the Promotion of Tourism Development, the Act on the Realization of the Public Interest in Culture, the Sports Act, the Protection of Documentary and Archival Materials and Archives Act, the Act on Providing Funds for Certain Emergency Programs, and other legislation related to culture.In limited cases, the processing of personal data on the basis of public interest is also permissible in the organization.

Contract implementation
In the event that you enter into a specific contract with the organization, this is the legal basis for the processing of personal data. We may process your personal data for the purpose of concluding and implementing a contract, such as for ticket sales, subscriptions, library membership, etc. If the individual does not provide personal data, the organization cannot conclude a contract, nor can the organization provide you with services or deliver goods or other products in accordance with the contract, as it does not have the necessary data to perform these services. Based on the performance of a legal activity, the organization may inform individuals and users of its services via email about its services, events, education, offers and other content. An individual may at any time request the termination of such communication and processing of personal data, and cancel the receipt of messages via the unsubscribe link in the received message, or by sending an email to info@tehnosol.si or by regular mail to the address of the organization.

Legitimate interest
The exercise of the legal basis of a legitimate interest is otherwise limited to processing by public authorities in the performance of their tasks. However, the organization may also process personal data on the basis of a legitimate interest which the organization pursues to a limited extent. The latter is not permissible where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the event of a legitimate interest being exercised, the organization shall always make an assessment in accordance with the General Regulation. We can thus occasionally inform individuals about services, events, training, offers and other content via email, telephone calls and regular mail. An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or by sending an email to info@tehnosol.si or by regular mail to the address of the organization.

Consent-based processing
If the organization does not have a legal basis for an action demonstrated on the basis of law, the performance of a public task, a contractual obligation or a legitimate interest, it may ask the individual for consent. Thus, it may also process certain personal data of an individual for the following purposes when the individual gives his or her consent:

• address of residence and email address for information and communication purposes,
• tax number or social security number for the purposes of possible further action in the case of non-fulfilment of obligations (e.g. non-payment of an invoice),
• photographs, videos and other content relating to the individual (e.g. recordings at public events) for the purpose of documenting activities and informing the public about the work and events of the organization;
• other purposes for which the individual consents to.

If an individual consents to the processing of personal data and at some point no longer wishes to do so, he or she may request the termination of the processing of personal data by sending an email to info@tehnosol.si or by regular mail to the address of the organization.

Storage and deletion of personal data
The organization will retain personal data only for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the organization processes the data on the basis of the law, the organization will keep it for the period prescribed by law. In doing so, some data is kept for the duration of the collaboration with the organization, and some data needs to be kept permanently. Any personal data that is processed by the organization on the basis of a contractual relationship with an individual is kept by the organization for the period necessary to perform the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the organization. In such cases, the organization shall keep the data for 5 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful settlement of the dispute. The personal data that the organization processes on the basis of the personal consent of the individual or a legitimate interest will be kept by the organization until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for deletion, the data shall be deleted within 15 days at the latest. The organization may also delete this data before revocation when the purpose of the processing of personal data has been achieved or if so provided by law. Exceptionally, an organization may refuse a request for deletion for reasons set out in the General Regulation, such as: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process, public interest reasons, public interest archiving purposes, scientific or historical research purposes, or statistical purposes, implementation or for the defence of legal claims. At the end of the retention period, the controller shall delete or anonymize the personal data efficiently and permanently, so that it can no longer be linked to a specific individual.

Contractual processing of personal data and export of data
The organization may entrust the processing of personal data to a contractual processor for individual processing of personal data. Contractual processors may process confidential data only on behalf of the controller, within the limits of their authorization, which is set out in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.The contractual processors with which the provider cooperates are mainly:

• accounting services and other providers of legal and business advice;
• infrastructure maintainers (video surveillance, security, cleaning services);
• information system maintainers;
• email service providers and software providers, cloud services (e.g. Microsoft, Google);
• providers of social networks and online advertising (Google, Facebook, Instagram, etc.).

Under no circumstances will the organization pass on the personal data of an individual to unauthorized third parties. Contractual processors may process personal data only within the framework of the organization's instructions and may not use personal data for any other purpose. As a controller and its employees, the organization does not export personal data to third countries (outside the European Economic Area - EU Member States and Iceland, Norway and Liechtenstein) and to international organizations except the US, with US contract processors included in the Privacy Program, the EU-US Privacy Shield. The Information Commissioner writes more about the EU-US Privacy Shield at the following link: https://www.ip-rs.si/varstvo-osebnih-podatkov/obveznosti-upravljavcev/iznos-osebnih-podatkov-v-tretje-drzave/iznos-osebnih-podatkov-v-zda/.

The storage and management of cookies is under the full control of the browser used by the user. The browser can restrict or disable the storage of cookies as desired. You can also delete cookies stored by the browser, and instructions on this can be found on the websites of each browser

Data protection and data accuracy
The organization takes care of information security and infrastructure security (covering both premises and application system software). Our information systems are protected, among other things, by anti-virus programs and a firewall. We have introduced appropriate organizational and technical security measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In the case of the transfer of special types of personal data, we provide it in encrypted form and protected by a password. It is your responsibility to provide us with your personal information securely and to ensure that the information provided is accurate and credible. We will do our best to keep your personal data accurate and, if necessary, updated, and we may contact you from time to time to confirm the accuracy of your personal data.

Individual rights about personal data processing

The GDPR provides an individual with the following rights related to personal data processing:

• You may request information about whether we have personal information about you and, if so, what information we hold and on what basis we hold it and why we use it.
• You may request access to your personal information, which allows you to receive a copy of the personal information we hold about you and verify that we are processing it legally.
• You may request corrections to personal information, such as the correction of incomplete or inaccurate personal information.
• You may request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
• You may object to the further processing of personal data where we rely on a legitimate business interest (even in the case of a legitimate interest of a third party) when there are reasons related to your particular situation. Notwithstanding the provisions of the previous sentence, you have the right to object at any time if we process your personal data for the purposes of direct marketing.
• You may request a restriction on the processing of your personal data, which means stopping the processing of personal data about you, for example, if you want us to establish their accuracy or check the reasons for their further processing.
• You may request the transfer of your personal data in a structured electronic form to another controller, as far as possible and feasible.
• You may revoke the consent or consent you have given for the collection, processing and transfer of your personal data for a specific purpose; upon receipt of notice that you have withdrawn your consent, we will cease to process your personal data for the purposes you originally accepted, unless we have no other legitimate legal basis for doing so lawfully.

If you wish to exercise any of the aforementioned rights, send a request by email to info@tehnosol.si or by regular mail to the address of the organization: Tehnosol d.o.o., Zgornje Pirniče 45a, 1215 Medvode. Access to your personal data and the exercise of rights is free of charge for you. However, we may charge a reasonable fee if an individual data request is manifestly unfounded or excessive, especially if repeated. In such cases, the request may also be rejected. In the event of exercising the rights under this title, we may need to ask you for certain information to help us verify your identity, which is only a security measure to ensure that personal information is not disclosed to unauthorized persons. You can also use the Information Commissioner's form, which is available on their website, when exercising the rights under this title. Link to:https://www.ip-rs.si/fileadmin/user_upload/doc/obrazci/ZVOP/Zahteva_za_seznanitev_z_lastnimi_osebnimi_podatki__Obrazec_SLOP_.doc . In the event that you believe that your rights have been violated, you can contact the supervisory authority for protection or assistance. to the Information Commissioner. Link to: https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/
If you have any questions regarding the processing of your personal data, you can always contact us.

Post changes
Any changes to our privacy policy will be posted on our website. By using the website, the individual confirms that he or she accepts and agrees with the entire content of this personal data protection policy.

This personal data protection policy was adopted by the director of the organization, Aleš Burgar, on September 27, 2019