Language:
EN
SL EN DE
Menu
Language:
EN
SL EN DE
Language:
EN
SL EN DE
Menu

+386 (0)3 5653630

info@kartem.si

Language:
EN
SL EN DE

Privacy Policy

1) About the Privacy Policy

The purpose of the Privacy Policy of Kartem d.o.o. (hereinafter: “Privacy Policy”) is to inform users of Kartem d.o.o. services and other individuals (hereinafter also referred to as “individuals”) about the purposes and legal basis for processing personal data by the company Kartem d.o.o., Cesta Tončke Čeč 44, 1420 Trbovlje, Slovenia (hereinafter: “the Company”) and the rights of individuals in this area.

The company devotes particular care to the security of your personal data. All personal data provided are treated confidentially and only used for the purpose for which they were provided. We manage your personal data with the greatest care, having regard to applicable legislation and the highest data processing standards. Our careful attention to the security of your personal data includes appropriate organisational measures, work procedures, advanced technological solutions and external experts in order to ensure that the protection of your personal data is as effective as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures by which personal data are protected against accidental or unlawful destruction, loss, alteration or unauthorised disclosure, and personal data that have been transmitted, stored or otherwise processed are protected against unauthorised access.

At the same time, this Privacy Policy offers additional clarification of the consent you have given to the processing of your personal data.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Privacy Policy contains the following information:

  • the company’s contact information,
  • the purpose, basis and type of processing of various categories of data subjects’ personal data,

  • the storage periods of individual categories of personal data,

  • data subjects’ rights in connection with personal data processing,

  • the right to lodge a complaint in connection with personal data processing,

  • the validity of the Privacy Policy.




2) Personal data collected by the company

If you are merely visiting the website, we collect data about you solely through the use of cookies. If you are a user of services or a subscriber to services provided by the company, we also collect other personal data about you that we need for the provision of the services you have ordered or are using. Your personal data are:

  • name and surname
  • contact email address
  • contact telephone number
  • IP address
  • data for issuing an offer based on your enquiry (your address, tax number).


3) Personal data administrator

The controller of personal data processed in accordance with this Privacy Policy is Kartem d.o.o., Cesta Tončke Čeč 44, 1420 Trbovlje, Slovenia.

 

4) Categories of data subjects whose personal data are processed

This Privacy Policy is intended for all individuals who have ordered and/or use our services, or have submitted an enquiry, as well as those who visit our website.


5) Purposes of and basis for processing data

5.1 Processing on the basis of a contract:

As part of the execution of contractual rights and the fulfilment of contractual obligations, the company processes your personal data for the following purposes: identification of the individual, preparation of an offer, contract conclusion, provision of services ordered, informing about any changes, additional details and instructions for using services, resolving any technical issues, objections or complaints, billing for services, and for other purposes necessary for the implementation or conclusion of a contractual relationship between the company and the individual.

When billing for services, in accordance with tax regulations, we also obtain and process your address in order to issue the invoice correctly.

5.2 Processing on the basis of law:

On the basis of legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, and, within the scope of ensuring the stable and secure operation of our system and services, for the purpose of implementing information security measures, meeting service quality requirements, and detecting technical malfunctions in systems and services.

On the basis of legitimate interest, we also use your personal data for the purposes of enforcement and judicial and extrajudicial recovery, where applicable.

Under the General Data Protection Regulation, in the case of suspected abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of potential fraud or abuse. If appropriate, the company may also disclose this information to other providers of similar services, business partners, the police, public prosecutors, or other competent authorities. For the purpose of preventing future abuses or fraud, data related to the history of identified abuses or fraud in connection with an individual, including data on the subscriber agreement and, for example, IP address, may be retained for up to five years after the termination of the business relationship.

5.3 Processing on the basis of consent to the processing of personal data:

The processing of data may also be based on consent which you have granted to the company.

Consent may relate, for example, to communication about offers, benefits and improvements to services offered by the company. The purpose of such communication is to bring the services as close as possible to your needs and wishes, thereby increasing their useful value to you. Communication is conducted through the channels chosen when granting consent. You can cancel the communication at any time, in the manner defined in the Privacy Policy.

You can withdraw or modify your consent at any time in the same way you gave it, or by another method defined in the Privacy Policy, where the company reserves the right to customer identification. Changes to consent can also be communicated via email to info@kartem.si or by a written request sent to the company’s registered office.

The withdrawal or modification of consent only applies to data processed on the basis of your consent. The valid consent is the last one we received. The possibility of revoking consent does not constitute a right of withdrawal in the business relationship between the individual and the company.

The data for which your consent is given are processed for up to two years after the termination of the business relationship with the company unless revoked.


6) Limitations on the disclosure of personal data

If necessary, we may authorise other companies and individuals to carry out specific works contributing to our services. In such cases, the company may disclose personal data to carefully selected external processors who will enter into a data processing agreement or an equivalent agreement or other binding document with the company (hereinafter: “Data Processing Agreement”). We will provide or make accessible such data to external processors only to the extent required for a specific purpose. External processors may not use these data for any other purposes and must meet at least all standards for the processing of personal data that are envisaged by applicable legislation. External processors are contractually bound to the company to respect the confidentiality of your personal data.

Upon reasoned request, the company may also disclose personal data to competent state authorities with a legal basis for such disclosure. For example, Kartem d.o.o. will respond to requests from courts, prosecution authorities and other government bodies that could include the government bodies of other EU member states.


7) Personal data retention period

The data retention period is determined on the basis of the category of individual data. We retain data for as long as necessary to achieve the purpose for which they were collected or further processed, or until the expiry of the limitation periods for the fulfilment of obligations or the statutory retention period.

Billing data and associated contact information about individuals may be retained for the purpose of fulfilling contractual obligations until the complete payment for the service, or at the latest until the expiry of the limitation periods in connection with an individual claim, which according to law can range from one to five years. Invoices are retained for an additional 10 years after the end of the year to which the invoice relates, in accordance with the law governing value added tax.

Other data obtained based on your consent are retained for the duration of the business relationship and an additional two years after its termination, unless the law prescribes a longer retention period. If an individual who has given consent for the processing of personal data has not entered into a business relationship with us, their consent is valid for two years from the giving of consent or until its revocation.

After the expiry of the retention period, the data are deleted, destroyed, blocked, or anonymised unless the law prescribes otherwise for a specific type of data.


8) Data subjects’ rights in connection with personal data processing

We guarantee that you can exercise your rights in connection with the processing of your personal data without any undue delay. We will decide on your request within one month of receiving it. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If we extend the deadline, we will inform you of any such extension within one month of receiving the request, together with the reasons for the delay.

Requests in connection with the exercise of your rights may be sent by email to info@kartem.si or by post to Kartem d.o.o., Cesta Tončke Čeč 44, 1420 Trbovlje, Slovenija.

If you submit a request by email, we will endeavour where possible to provide the information electronically, unless you request otherwise.

When there is a reasonable doubt in connection with the identity of the data subject submitting a request in connection with any of his/her rights, we may request additional information necessary for establishing the identity of the data subject.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the company may:

  • charge a reasonable fee that reflects the administrative costs of sending information or messages, or carrying out the requested action, or
  • refuse to act on the request.


We grant the following rights in connection with the processing of your personal data:

(i) the right of access to data
(ii) right to rectification
(iii) the right to erasure (right to be forgotten)
(iv) right to restriction of processing
(v) right to data portability
(vi) right to object


(i) the right of access to data

You always have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if it is, the right to access the personal data and the following information:

  • the purposes of the processing,
  • the categories of personal data being processed,
  • the recipients or categories of recipient to whom personal data has been or will be disclosed,
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data, and the right to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where personal data is not collected from you, any available information as to its source.


(ii) right to rectification

You have the right to the rectification of inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(iii) the right to erasure (right to be forgotten)

You have the right to the erasure of your personal data without undue delay, where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
  • you withdraw the consent on which the processing is based, and there are no other legal grounds for the processing,
  • you object to the data processing, and there are no overriding legitimate grounds for the processing,
  • the personal data was unlawfully processed,
  • the personal data has to be erased for compliance with a legal obligation in EU or Slovenian law.


(iv) right to restriction of processing

You have the right to the restriction of the processing of your personal data, where one of the following applies:

  • you are contesting the accuracy of the data, for a period that allows us to verify the accuracy of the personal data,
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead,
  • we no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims,
  • you have objected to processing based on the company’s legitimate interests, pending verification of whether our legitimate grounds override yours.


Where the processing of your personal data has been restricted under the previous paragraph, with the exception of storage, the personal data may only be processed with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Before the restriction of processing of your personal data is lifted, we are obliged to inform you.

(v) right to data portability

You have the right to receive your personal data that you have sent to us, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller without hindrance from the company, when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, the personal data may be transmitted directly to another controller.

(vi) right to object

When we are processing your data on the basis of a legitimate interest for the purposes of marketing, you have the right to object at any time to this processing.

We cease processing your personal data, unless we demonstrate compelling grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.


9) Right to lodge a complaint in connection with the processing of personal data

Any complaint in connection with the processing of your personal data may be sent by email to info@kartem.si or by post to Kartem d.o.o., Cesta Tončke Čeč 44, 1420 Trbovlje, Slovenija.

Should we fail to decide on your request by the legal deadline, or refuse your request, you have the right to lodge a complaint with the Information Commissioner.

You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data breaches Slovenian regulations or EU regulations in the area of personal data protection.

If you have exercised the right of access to data, and after receiving a decision you believe that the personal data that you have received is not the personal data that you requested, or that you have not received all of the requested personal data, before lodging a complaint with the Information Commissioner you may lodge an argued complaint with the company within a deadline of 15 days. We must decide on your complaint as if it were a new request, within five business days.


10) Final provisions

Applicable legislation shall apply to all matters that are not regulated by this Privacy Policy.

The company reserves the right to amend this Privacy Policy. Any changes will be communicated by a post on the official website of Kartem d.o.o. 30 days before they become effective.

Should you have any questions about the Privacy Policy, or about the data that we keep on you, please email us at info@kartem.si.


11) Validity of the Privacy Policy

This Privacy Policy is published on the website of Kartem d.o.o. and entered into force on 25 May 2018.


Kartem d.o.o.

×
Back to top Back to top Back to top