PRIVACY POLICY

This Analysis Adria, rešitve d.o.o. privacy policy (hereinafter referred to as: »Privacy Policy«) includes:

  1. Introduction
  2. The controller and data protection officer
  3. The purposes of the processing and the data we process
  4. Legal ground for the processing of personal data
  5. Transmitting the personal data
  6. Transfers of personal data to third countries
  7. Storage periods
  8. The rights of data subjects
  9. Data protection
  10. Cookies
  11. Validity of Privacy Policy

1. Introduction

At Analysis Adria, rešitve d.o.o. we value your privacy. We are taking utmost care in order to ensure the high level of personal data protection and follow the principles of safe data proccessing. In the following Privacy Policy, we explain what personal data we process, what are the purposes of such processing, as well as your rights, related to such processing. While processing personal data, we follow the principles of lawfulness, fairness and transparency, the purpose limitation, the data minimisation, accuracy, storage limitation, integrity and confidentiality.

2. The controller

The controller of personal data, that is being processed according to this Privacy Policy, is Analysis Adria, rešitve d.o.o., Tržaška cesta 515, 1351 Brezovica pri Ljubljani (hereinafter referred to as: ANALYSIS ADRIA).

3. The purposes of the processing and the data we process

We collect and process your personal data with the following purposes of the processing:

  • to provide you with information or services that you have requested from us. This information may include your name, address, email address, phone number, and other relevant information;
  • to keep in contact with you as our business partners and keep you up to date on our business activities and events. This information may include your name, address, email address, phone number, title, company and other relevant information;
  • to fulfill our contractual obligations towards you. This information may include your name, address, email address, phone number, title, workplace, company, type of cooperation with us;
  • to improve our website. This information may include your IP address, geographical location, device information, browser type, referral source, length of visit, operating system, number of page views, which pages you viewed and similar information;
  • to comply with or abide by legal obligations or requirements;
  • to send promotional messages to you relating to our activities, including invitations to other events. This information may include your name, address, email address, phone number, title, company and other relevant information;
  • for recruiting new employees. This information may include your name, address, email address, phone number, date of birth, information regarding your education and experiences, CV, photo and other relevant information;
  • for successful and effective organization of our events, including promotional activities and publications of audio, video and photographic documentation from events. This information may include your name, title, company, email address, phone number; short biography with picture (speakers/performers), audio, video and photographic documentation from events.

4. Legal ground for the processing of personal data

We process you personal data on the following legal grounds:

  • the performance of a contract with you in compliance with Article 6(1)(b) GDPR, when processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • our legitimate interest in compliance with Article 6(1)(f);
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person, in compliance with Article 6(1)(d);
  • your consent in compliance with Article 6(1)(a) GDPR, when the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • to comply with a legal obligation to which we are subject in compliance with Article 6(1)(c) or 6(1)(e).

5. Transmitting personal data

Following the purposes of the processing, ANALYSIS ADRIA can transmit your personal data to the following subjects:

  • our affiliated companies within the ANALYSIS ADRIA group;
  • contractual data processors, who might process personal data in our name and in accordance with our written instructions and for the purposes as stated above;
  • to other recipients, if obliged to do so subject to a court order or order issued by other governement authority or valid law.

6. Transfers of personal data to third countries

We may transfer your personal data to the recipients, located outside the EU/EEA (hereinafter referred to as: »third countries«), namely to our affiliated companies and contractual data processors. Such transfers take place under the safeguard measures as defined in GDPR, if and to the extent that is possible.

6.1. The social media platforms

The social media platforms include TikTok, Facebook, Youtube, Instagram, etc. TikTok, Facebook, Youtube and Instagram are independent personal data processors, who will process your personal data following their privacy policies, such as https://www.facebook.com/policy.phphttps://www.tiktok.com/legal/privacy-policy?lang=en&appLaunch=app in https://policies.google.com/privacy?hl=en-US.

6.2. Third parties services (Google)

Google is independent personal data controller and services provider (ex. Google Maps, Google Analytics), who processes your personal data following their own privacy policy: https://policies.google.com/privacy?hl=en-US.

6.3. Links to other websites

This website may contain links to third parties websites. We disclaim any control over, relationship with, or endorsement of these sites and shall not be liable for data protection while visiting such websites. Links to other websites are provided only as a convenience and we encourage you to read these third-party websites’ terms of use and privacy policies.

6.4. Transfer of personal data to USA

WARNING:

While using ANALYSIS ADRIA website, your personal data could be transfered and processed in the USA or other third country or it is not possible to prevent such transfer and further process by social media platforms. In such cases, it is possible that the level of data protection does not attain the levels of data protection, as defined in GDPR.

Transfer of personal data to USA / cessation of privacy shield application:

According to the Court of Justice of the European Union decision no. C-311/18, dated from 16th July 2020, the s.c. privacy shield, which had previously and in certain circumstance confirmed an adequate data protection level, no longer represnets a valid legal basis for transfer of personal data from EU to the USA.

In case we transfer the data to the USA or in cases when we use services provider, located in the USA, this is explicitly defined in this Privacy Policy.

What can the personal data transfer to USA mean for you as user and what are potential risks thereof?

The risks derive from the powers and functions of american intelligent agencies and legal situation in the USA, which, according to the Court of Justice of the European Union, no longer ensures an adequate level of personal data protection.

The standard contractual clauses, as accepted by the Commission in 2010 (Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, 2010/87/EU) are no longer valid. The new standard contractual clauses were adopted by the Commission on 4th June 2021. Until 22nd December 2021, the old contractual clauses remain in force, if concluded before 27th September 2021. After 22nd december 2021, the new contractual clauses only will serve as a valid ground for data transfer.

What measure are we taking to ensure legal transfer of data to USA?

Whenever american providers offer such options, we opt for personal data processing on servers within the EU. In this way, the american intelligence agencies do not have access to personal data thereon.

In case of further use of tools, originating from the USA, we adopt the following measures:

If possible, we will always inform you before any US tools would be used and require your consent. The risks, related to the transfer of personal data to USA, are defined above.

We aim to conclude the standard contractual clauses with the suppliers from the USA.

7. Storage periods

We will process your personal data only for as long as reasonably necessary to fulfill the purposes, for which it was collected or received or to comply with any applicable legal requirements. Where your consent forms the legal basis for the processing of personal data, we will only process your data until your consent had expired or had been withdrawn.

8. The rights of data subjects

The subjects to who the personal data apply have the following rights, which shall be enforced free of charge. Before ensuring the individual’s rights, ANALYSIS ADRIA shall verify its identity. An individual shall make a request on a written form, sent to Mrs. Andreja Kastelic or through email on adriainfo@analysisadria.si .

ANALYSIS ADRIA shall fulfill such request within 1 month, except when the complexity of the request or numerous requests require longer time period. In the latter case, this period can prolonger for another 2 months period. ANALYSIS ADRIA shall inform the individual about such extension, as well as about the reasons thereof.

  • Right of access by the data subject: subject to request, data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Upon request, ANALYSIS ADRIA shall make a copy of all personal data that is being processed and present it to the data subject.

  • Right to rectification: The data subject shall have the right to obtain from ANALYSIS ADRIA without undue delay the rectification of inaccurate personal data concerning him or her.
  • Right to erasure (»right to be forgotten«): The data subject shall have the right to obtain from ANALYSIS ADRIA the erasure of personal data concerning him or her without undue delay and ANALYSIS ADRIA shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based and no other legal ground for processing exists;
    • the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation in Union or Slovenian law.
  • Right to restriction of processing: The data subject shall have the right to obtain from ANALYSIS ADRIA restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the data subject;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • ANALYSIS ADRIA no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    • the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to ANALYSIS ADRIA, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from ANALYSIS ADRIA to which the personal data have been provided, under the conditions set out in Article 20 GDPR.
  • Right to object: Subject to conditions, set out in Article 21 GDPR, the data subject has the right to object the processing of personal data, concerning him or her.
  • The withdrawal of consent: When the processing is based on the individual’s consent, he or she has the right to withdraw this consent at any time. Such withdrawal has no impact on the lawfulness of processing based on consent before the consent was withdrawn.

An individual shall file a complaint or make a request regarding the processing of his or hers personal data through email: adriainfo@analysisadria.si or mail: Tržaška cesta 515, 1351 Brezovica pri Ljubljani. You also have the right to lodge a complaint with the competent supervisory authority. Contact information: Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, phone: 00386 1 230 97 30, email: gp.ip@ip-rs.si, DPO for the supervisory authority: dpo@ip-rs.si.

9. Data protection

All personal data shall be protected according to the valid data protection laws as well as ANALYSIS ADRIA internal acts. The processed data shall not be used for any other purpose apart from those the data was collected for. ANALYSIS ADRIA takes all technical and organisational measures necessary to ensure high level of personal data protection within its information systems as well as providing the rights of data subjects.

10. Cookies

What are cookies?

Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. The cookies are not indispensable, but can significantly improve your web browsing experience. On this website, we only use cookies to keep track of the visits of our website. By using this website, you agree with the use of our cookies.

Different types of cookies

There are two types of cookies:

  • Non-persistent cookies (also called per-session cookies) are temporary and are not placed on your system’s hard drive. They are automatically discarded when the Web browser is closed;
  • Persistent Cookies are stored on a user’s device to help remember information, settings, preferences, or sign-on credentials that a user has previously saved. The technologies We use may include:
  • Cookies or Browser Cookies. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain section of your Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, the count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies
    Type: Session Cookies
    Administered by: Us
    Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user
    accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance CookiesType: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality CookiesType: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies allow us to remeber choises You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal Experience and to avoid You having to re-enter your preferences every time You use the Website.

11. Validity of Privacy Policy

This Privacy Policy is published on www.analysis.rs. We may update this Privacy Policy from time to time, whereas the updated Privacy Policy will be published on the website. With continuing use of the website after the Privacy Policy had been updated, you agree with such updates. This Privacy Policy latest update is dated from 12.01.2022.