PRIVACY POLICY
RELATED TO BUSINESS PARTNERS AND POTENTIAL
BUSINESS PARTNERS OF
ISOKON, D.O.O., SLOVENSKE KONJICE
(hereinafter: the "Privacy Policy")
- THE SUBJECT OF THE PRIVACY POLICY, THE IDENTITY OF THE CONTROLLER, CONTACT DETAILS AND OUR VALUES AND GUIDELINES ON THE PROTECTION OF PERSONAL DATA
This Privacy Policy contains information on what personal data we process about our business partners, potential business partners and their contact persons, what the purpose of the processing of personal data is and also what the rights of the persons concerned are in relation to the processing of their personal data.
The controller of the personal data collected and processed in accordance with this Privacy Policy is ISOKON d.o.o., Industrijska cesta 16, 3210 Slovenske Konjice, Slovenia, registration number: 5805694000, tax number: SI 76809579 (hereinafter referred to as the "controller" or "we").
Contact details of the controller: E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; Telephone number: +386 (0)3 757 11 00.
The controller respects the privacy and personal data of its business partners, potential business partners and their contact persons. The controller is committed to the protection of personal data and follows the principles of secure processing of personal data. Personal or confidential data is handled responsibly, fairly, transparently and lawfully.
We take appropriate data security measures to ensure that personal data is not accessed by unauthorised persons, to maintain its confidentiality and integrity, and to prevent its loss, accidental destruction and similar, at all times during the processing of personal data. All data will be protected in accordance with the regulations on the protection of personal data. We collect and process personal data at all times in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "General Data Protection Regulation" or the "GDPR") and applicable laws. All data collected is treated as confidential and is not sold to third parties. In no case will your data be passed on to unauthorised persons or used for purposes other than those for which it was collected.
It is also the individual's responsibility to protect his/her personal data by, among other things, ensuring the security of His/her electronic devices (e.g. username and password protection) and ensuring that his/her computer is protected by appropriate (anti-virus) software.
- PURPOSE OF PROCESSING OF PERSONAL DATA AND LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
We collect and process personal data from our business partners, potential business partners and their contact persons for the following purposes:
- for the performance of a contract of which a business partner (to whom the personal data are related) is a party and for the implementation of measures or steps at the request of such data subject or partner;
- to establish a business relationship with a (potential) business partner, to carry out actions or steps at the request of a business partner prior to the establishment of a business relationship of a potential business partner with the controller and for the purpose of negotiating the establishment of a contractual relationship;
- to set up and maintain the records of business partners, potential business partners and their contact persons.
The legal basis for the collection and processing of data for the purposes referred to in paragraphs a) and b) of this point 2 of the Privacy Policy are the provisions of Article 6(I)(a) and (b) of the GDPR (in connection with Article 6 of the Personal Data Protection Act (ZVOP-2)).
The legal basis for the collection and processing of data for the purposes referred to in paragraph b) above of this point 2 of the Privacy Policy is, in certain cases, the consent of the data subject (provision of paragraph (a) of Article 6(I) of the GDPR (in connection with Article 6 of the ZVOP-2) - the data subject has given consent to the processing of his or her personal data for one or more specified purposes).
The legal basis for the collection and processing of data for the purposes referred to in paragraph c) above of this point 2 of the Privacy Policy are the provisions of paragraphs (a) and (b) of Article 6(I) of the GDPR (in connection with Article 6 of the ZVOP-2) and Article 30 of the GDPR.
- THE TYPES OF RELEVANT DATA THAT WE COLLECT AND PROCESS
We collect and process the following data about our business partners, potential business partners and their contact persons: (i) name of (potential) partner (company name), registered office, business address, registration/identification number, tax number, contact e-mail address(es), telephone number, fax number, language of the partner, products concerned, any remarks/comments; (ii) name of (potential) business partner's contact persons, function/workplace, language, e-mail address, telephone number, fax number, language, any remarks/comments. For potential partners, we also collect information on where the contact with the partner was established/obtained (e.g. name of the trade fair, relevant products, etc.).
- RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
In addition to the controller, the following persons process your personal data on the controller’s behalf and for its account:
- companies providing accounting, financial, logistics, transport, freight forwarding, customs and similar services for the controller;
- companies providing credit risk, insurance services related therewith and similar services to the controller, such as credit rating agencies (providing credit checks or ratings) and other entities providing trade reference, ratings, financing or credit insurance services, for the purpose of providing such services to the controller;
- companies providing information technology services to the controller (e.g. developers and maintainers of applications, IT services and software solutions) and information technology maintenance, including services related to the maintenance of servers and other IT infrastructure (the controller provides data to Isosport Verbundbauteile GmbH and Constantia Services GmbH, among others, for this purpose);
- recipients who have a basis for obtaining personal data in law or applicable regulations (e.g. competent tax authorities, pension and disability insurance institution, health insurance institution, etc.), in the individual's personal consent or in a contractual relationship.
- INFORMATION ON TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS
The controller does not transfer your personal data to third countries (i.e. countries outside the EU or the EEA) or to international organisations.
- RETENTION PERIODS FOR PERSONAL DATA
The retention periods (i.e. the periods for which the personal data will be stored) for personal data vary depending on the purposes for which we collect and process personal data. The retention periods are as follows:
- Personal data collected for the purpose of the performance of the contract shall be stored for the duration of the contract and, in principle, for 5 years after its termination (or until the expiry of the limitation or prescription periods for the assertion of claims arising from the concluded contracts (which, in principle, shall be 5 (years) from the due date of the claims; see. Article 346 of the Obligations Code)).
- With regard to the executed payments, the data will be kept for a period of 5 (five) years after the relevant tax or levy should have been paid or, in the case of initiation of tax proceedings, for 10 (ten) years from the start of the limitation period in accordance with the Income Tax Act (ZDavP-2). All invoices shall be stored for 10 years after the end of the year to which they relate.
- Personal data relating to contact persons of potential business partners shall be kept until the expiry of the limitation periods in relation to claims related to negotiations or, in the case of collection of such data on the basis of the consent of the data subject, until the withdrawal of the consent or, in the case of a change of contact person, until the controller is informed of the change.
- YOUR RIGHTS IN RELATION TO PERSONAL DATA
The data subject to whom personal data relate to may exercise the following rights in relation to his or her personal data: the right of access, the right to rectification, the right to erasure (the so-called right to be forgotten), the right to restriction of processing, the right to data portability, the right to object and the right to lodge a complaint with a supervisory authority. The rights may be limited in accordance with Article 23 of the GDPR.
The individual may exercise his or her rights set out in this Clause 7. by sending a written request to ISOKON, d.o.o., Slovenske Konjice, Industrijska cesta 16, 3210 Slovenske Konjice, Slovenia, or to This email address is being protected from spambots. You need JavaScript enabled to view it.. Before granting the request, the controller shall verify the identity of the individual exercising his/her rights under the personal data protection regulations, for security reasons and in order to prevent unauthorised disclosure or misuse of personal data.
- right of access to data
You have the right to ask us to confirm whether personal data is being processed in relation to you and, if it is, you can request access to your personal data and the following information: the purposes for which the personal data are being processed; the types/categories of personal data being processed; the recipients or categories of recipients to whom personal data about you have been or are being disclosed; the envisaged duration of the retention/storage of the personal data about you or, if not possible, the criteria used for determining that period; the existence of the right to request rectification or erasure of personal data concerning you, the existence of the right to restrict the processing of your personal data and the existence of the right to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; any available information on the source of the data, if the personal data is not collected from the data subject.
- Right to rectification
You have the right to ask us to correct/rectify your personal data that is inaccurate without undue delay. Taking into account the purposes of the processing, you have the right to have your incomplete personal data completed, including by means of providing a supplementary declaration.
- Right to erasure ("right to be forgotten")
You have the right to request that we delete your relevant personal data without undue delay where one of the following reasons applies: - the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- if you withdraw your consent or approval on which the processing of your personal data is based on and there is no other legal basis for the processing (in the case of withdrawal of consent, this does not affect the lawfulness of the processing of data carried out on the basis of consent until the withdrawal of consent); 3
- if you object to processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or if you object to processing in accordance with Article 21(2) of the GDPR;
- the personal data have been unlawfully processed; - the erasure of personal data is necessary for compliance with a legal obligation;
- the personal data have been collected in connection with the offer of information society services referred to in Article 8(1) of the GDPR.
- Right to restriction of processing
- You have the right to request us to restrict the processing of your personal data where one of the following reasons applies:
- you contest the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead that its use be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims; or
- you have lodged an objection to processing in accordance with Article 21(1) of the GDPR, pending the verification whether the legitimate interests of the controller override your grounds.
- Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, where the processing of your personal data is based on your consent and we carry out the processing by automated means. In exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where this is technically feasible.
- Right to object
Under the terms of Article 21 of the GDPR, it is possible to object to the processing of your data on grounds relating to your particular situation. This right applies to the processing of personal data carried out for direct marketing purposes, where this would be carried out by the controller.
- Right to lodge a complaint with the supervisory authority
You always have the possibility, in case you consider that we do not process your personal data in accordance with the laws and regulations, to lodge a complaint with the competent supervisory authority, which is:
Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; telephone: 01 230 97 30, website: www.ip-rs.si or to the person responsible at ISOKON d.o.o. at the following email address: This email address is being protected from spambots. You need JavaScript enabled to view it..
- CONTACT DETAILS OF THE CONTROLLER
If you have any questions about the personal data we control or to exercise your rights in relation to your personal data under applicable laws and regulations, please contact us at the address below: ISOKON, d.o.o., Slovenske Konjice Industrijska cesta 16 3210 Slovenske Konjice Slovenia or on the following email: This email address is being protected from spambots. You need JavaScript enabled to view it..
- CHANGES TO THE PRIVACY POLICY
We may change this Privacy Policy at any time. Therefore, please note that once a change to the Privacy Policy is effective, the revised Privacy Policy will apply and you are advised to check the Privacy Policy from time to time. For any changes that require your consent under applicable laws and regulations, we will ask for your consent in the prescribed form and manner.
This Privacy Policy is effective from 6 December 2023. I
SOKON, d.o.o., Slovenske Konjice