This privacy policy contains information about the processing of personal data carried out by Stelkom d.o.o. (hereinafter also the ‘personal data controller’ or ‘controller’), as defined in more detail below.
We invite you to read the policy carefully.
With this privacy policy Stelkom d.o.o. specifies the processing of personal data carried out for staff purposes for:
- service subscribers,
- potential subscribers,
- website users, and
- e-news recipients.
This privacy policy provides information on:
- the personal data controller and how you can contact him/her,
- the types of personal data we process,
- the purposes of personal data processing,
- the legal basis for the processing,
- users of personal data,
- retention period,
- protection of personal data, and
- your processing rights.
Personal data controller
Your personal data controller is:
Stelkom d.o.o.
Špruha 19
1234 Trzin
You can contact the personal data controller at any time regarding questions about the processing of personal data at: info@stelkom.si
Processing of personal data
We process your personal data on an appropriate legal basis and for pre-defined, lawful purposes. In this chapter you will find information on what types of personal data we process, for what purposes and on what legal basis. Retention periods for each purpose are defined in a separate chapter.
How do you obtain my personal information?
We obtain your personal information directly from you. Thus, e.g. we obtain the information when you subscribe to our e-news or enter into a service contract with us. Certain data are also obtained indirectly, through the use of our website or by receiving customized e-newsletters (e.g. gathering information about your interaction with sent e-newsletters).
The provision of personal data is mandatory for you only when required by law. In other cases, the provision of personal data is not mandatory, however, certain activities cannot be performed without the processing of personal data.
It is important that all the data we process is accurate, complete and up-to-date. We strive to provide comprehensive information, however, we ask that you notify us immediately of any changes to your personal information.
What are the applicable legal bases for the processing of personal data?
We process your personal data on an appropriate legal basis, with the following legal bases available:
- Legislation; we may process your data when required to do so by applicable law.
- Contractual relationship; when the data are needed for the conclusion or fulfillment of a particular contract, we may process personal data.
- Legitimate interest; we may process your personal data based on our legitimate interests. When we process personal data on the basis of our legitimate interests, this will be specifically defined in this policy.
Your consent; we may also process personal data with your consent. We will never assume that you have consented to the processing but will formulate a clear possibility of consent. You can revoke any consent at any time without any negative consequences for you.
How is personal data processed by the controller?
You will find the purposes of the processing, the legal basis and the types of personal data we process to fulfill each purpose within this chapter. We always take care to collect the smallest possible amount of personal data that we need to achieve a particular purpose.
Purposes of personal data processing by the controller:
| Purpose | Legal basis | Types of personal data |
| Conclusion and execution of service contracts | Contractual relationship | Name and surname of the contract administrator, company, job title, contact details, data required for the provision of services |
| Communication with potential clients, including preparation of offers | Pre-contractual relationship | Name and surname, company, contact details |
| Communication with individuals based on your inquiry | Legitimate interest in effective communication with potential subscribers | Name and surname, company, contact details |
| Sending e-news to our subscribers | Law | Name and surname, e-mail address, company, job |
| Sending customized e-news | Consent | Name and surname, e-mail address, company, workplace, information on the individual’s work (see the section What are customized e-newsletters?) |
| Organization and implementation of events | Legitimate interest in ensuring participation in the event for registered individuals | The types of personal data are defined at the individual event |
| Photographing events and posting photos on social networks | Legitimate interest in carrying out promotional activities | A photograph of an individual |
General processing purposes required for safe operation of the controller:
These purposes of personal data processing are necessary in order to ensure secure operations for our subscribers and adequate protection for the controller. Certain processing of personal data is also carried out when required by law. Additionally, the following processing purposes help us optimize our website and thus improve user experience. The types of personal data we process depend on the individual case of operation. Whenever possible, we use aggregated data that cannot identify you.
| Purpose of processing | Legal basis | Types of personal data |
| Performing statistical analyzes of the use of our website | A legitimate interest in providing a good user experience | Use of aggregated data that do not allow identification |
| Network security in connection with the use of our website | A legitimate interest in ensuring cyber security | IP address |
| Fraud prevention | A legitimate interest in ensuring safe business | |
| Enforcement of our rights and other legal claims | Law | The scope of the data depends on the individual procedure |
| Legal obligations | Law | The scope of the data depends on the individual legal obligation. |
What are customized e-newsletters?
Customized e-newsletters are e-newsletters whose content is tailored to reflect your interests; in this way we provide you with information that is relevant to you and your field of activity. Customized e-news are prepared on the basis of personal data we collect about you. For this purpose, in addition to the data listed in the table above, we also collect:
- information on whether or not you opened our email,
- what content you viewed,
- information on the use of our website.
Based on this information, the content of the e-news is adjusted (we present those services and notices that are relevant to you) and the offer (e.g. an invitation to an event in Ljubljana is received only by subscribers whose headquarters are located in Ljubljana and the surrounding area).
Customized e-news will only be sent to you with your prior consent.
Who uses my personal data?
Only those persons who are authorized to process personal data may access your personal data. Your personal data is thus accessed by authorized employees of the controller and third parties, as defined below.
In the event that we provide personal data to third parties (i.e. our external processors), they may only process personal data on the basis of a concluded contract on the processing of personal data, which defines the rights and obligations of the external processor. Likewise, an external processor may not process this personal data for purposes that go beyond the purposes for which the data was collected. All external processors ensure appropriate personal data security standards that comply with the standards of the controller.
We provide your personal data to:
- business partners who help us to provide certain services in the field of marketing (sending e-mails, assistance in organizing events).
We transfer your personal data to third countries, ensuring adequate security of personal data for each transfer. We transfer personal data to third countries only if the external processor ensures the security of processing that complies with our standards.
How do you protect my personal data?
For the protection of personal data, we use various organizational and technical measures to ensure the highest possible level of security of personal data and to protect them from unauthorized interference.
We store personal data in physical and electronic form. Accordingly, we have taken various security measures, which include:
- locking of business premises and protection with an alarm system,
- restriction of access to personal data to authorized persons,
- ensuring the traceability of changes and access to personal data,
- training of employees on the topic of personal data protection,
- careful selection and control of external processors.
In the event of a breach of personal data protection, the controller shall, without delay, notify the Information Commissioner, who represents the competent supervisory authority for Slovenia, of any such breach.
However, in the event of a data protection breach that could pose a significant risk to the rights and freedoms of individuals, the controller will notify you of such an event immediately.
How long is my personal data retained?
| Purpose | Retention period |
| Conclusion and execution of service contracts | 3 years after the termination of the contractual relationship |
| Purpose | Retention period |
| Communication with individuals based on your inquiry | 90 days after the end of communication |
| Sending e-news | Until unsubscribing |
| Sending customized e-news | Until cancelation |
| Organization and implementation of events (free events) | 30 days after the event |
| Photographing events and posting photos on social networks | The entire duration of processing, which depends on the rules of publication on social networks; the deletion is carried out within 60 days of the cessation of processing |
| Performing statistical analyzes of the use of our website | Use of aggregated data that do not allow identification |
| Network security | For the entire duration of processing, in accordance with applicable law |
| Fraud prevention | For the entire duration of processing, in accordance with applicable law |
| Enforcement of our rights and other legal claims | For the entire duration of processing, in accordance with applicable law |
What about the use of social networks?
The controller allows individuals to interact via the LinkedIn social network. The social network operates in accordance with its own privacy and personal data processing rules, for which the personal data controller is not responsible. We urge you to read the terms of the social network before deciding on any interaction with the social network. We remind you that you are responsible for any posts via social networks. The controller does not assume any responsibility that would be related to the activities of the individual on social networks.
You can access LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy
What are my rights regarding the processing of personal data?
With regard to the processing of personal data, you have the following rights:
- The right of access to personal data and information on processing. You have the opportunity to request information on which of your personal data we process and to obtain information on the processing (i.e. the purpose of the processing, the legal basis, etc.).
- The right to rectification. You may request rectification of inaccurate or incomplete data we process about you.
- The right to receive a printout. You have the option to request a printout of the personal information you have provided to us. We will provide this information to you in a machine-readable, structured form.
- The right of erasure of personal data. Under certain conditions, you have the right to erase personal data. Erasure is possible when:
-
- the purpose of the processing of personal data has been fulfilled and the data are no longer needed,
- you revoke consent,
- you object to the processing and there are no overriding legitimate reasons,
- there is illegal processing of personal data,
- erasure is necessary to fulfill a legal obligation.
- The right to restrict processing. Under certain conditions, you may request a restriction on the processing of personal data. You can request data restriction:
- When requesting a correction of personal data,
- When data processing is illegal but you oppose the deletion,
- When the controller no longer needs personal data to fulfil the purpose, but you want to keep the data for the purpose of exercising certain rights,
- For the period of the assessment of the objection to the processing you have filed.
The restriction on processing is always temporary and ends when the reason for the restriction ceases.
- The right to object to the processing. Under certain conditions, you have the right to object to the processing of personal data. In the event of an objection, we will deal with your objection and perform a weighing according to our legitimate interest. You can object to the processing of personal data when it is processed on the basis of a legitimate interest. You can always object to the processing when it comes to processing for direct marketing purposes, including profiling.
- The right to provide personal data. You have the right to request that the information you provide to us is transferred to another controller in a commonly used and machine-readable form. You may request the transfer of personal data that is processed on the basis of a contractual relationship or consent and is carried out by automated means. Transmission to another controller can only be carried out if it is technically feasible; otherwise, we will provide the information to you.
- The right to revoke consent. When we process your personal data on the legal basis of consent, you always have the option to revoke your consent. You can revoke your consent by contacting us at: info@stelkom.si. Please note that we may no longer be able to provide certain services to you after revoking your consent. Revoking of consent does not affect the validity of retrospective processing.
All of the above rights can be exercised by sending the completed Rights Enforcement Form to the e-mail address: info@stelkom.si. The form is available to you here. If you do not submit the request using the form, we reserve the right to contact you and obtain additional information from you, if necessary to ensure reliable identification.
You will receive a reply within 30 days. We may extend this period in the event that the request on your part is extensive and the fulfillment of the request would take more time, of which you will be informed in a timely manner. In the case of objections that are clearly unfounded or recurring objections, we reserve the right to charge a reasonable fee. A reasonable fee shall take into account the cost of providing the information or communication or implementing the required action. You will be informed accordingly about the payment of the fee.
If you believe that there has been a violation of personal data protection by the controller, you have the right to file a complaint with the competent supervisory authority, which in Slovenia is represented by the Information Commissioner.
