Privacy Policy

The purpose of this Privacy Policy is to inform the users (hereinafter also referred to as: the individual or you) of the website https://www.sinecon.eu/ ("Website") of the purposes and basis for the processing of personal data by SINECON d.o.o., Prušnikova ulica 2, 1210 Ljubljana-Šentvid (hereinafter referred to as: SINECON, the company, we or the controller).

All personal data is processed, stored and protected in accordance with the applicable legislation governing the protection of personal data, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as "GDPR") and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter referred to as "PDPA-2"). Please read our Privacy Policy in detail to understand how we protect your privacy.

By providing us with your personal data, you declare that you have read our Privacy Policy and are aware of the processing methods and the legal basis for the processing of your personal data. If you do not agree to the processing methods, please do not provide us with your personal data.

BASIC TERMS

The following describes the basic terms you will encounter when reading our Privacy Policy:

Personal data: personal data is information that identifies an individual as a specific or identifiable natural person. An individual is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.

Data subject: is an identified or identifiable natural person whose personal data are processed by the controller who is responsible for the processing.

Processing of personal data: means any operation or set of operations which is performed upon personal data, and in particular the collection, retrieval, recording, adaptation, storage, alteration, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, classification or association, blocking, anonymisation, erasure or destruction of personal data. Processing may be manual or automated.

Restriction of processing of personal data: is the marking of stored personal data in order to restrict its processing in the future.

Profiling: means any form of automated processing of personal data which involves the use of personal data for the purpose of evaluating certain personal aspects relating to an individual, in particular for the purpose of analysing or predicting aspects concerning the individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Automated decision-making: means a decision based solely on automated processing (including profiling) which has legal effects or may significantly affect an individual.

Anonymisation: means the processing of personal data in such a way that, without further information, the personal data can no longer be attributed to a specific data subject, provided that such further information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to a specific or identifiable individual.

Data controller: is the natural or legal person or other person in the public or private sector who, alone or jointly with others, determines the purposes and means of the processing of personal data, or the person designated by law who also determines the purposes and means of the processing.

Personal data processor: is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

User of personal data: is the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party. Public authorities which may obtain personal data in the context of their enquiries under EU or Member State law are not considered to be users and their processing of personal data must comply with the applicable rules on the processing of personal data in relation to the purposes of the processing.

Third party: a natural or legal person, public authority, agency or other person other than the data subject, controller, processor or persons authorised by the processor or controller to process personal data.

Consent of the data subject: consent of the data subject shall mean any voluntary, explicit, informed and unambiguous indication of the data subject's wishes, by which he or she signifies, by a statement or by a clear affirmative action, his or her agreement to the processing of personal data concerning him or her.

THE CONTROLLER AND THE DATA PROTECTION OFFICER

The data controller is SINECON d.o.o., Prušnikova ulica 2, 1210 Ljubljana-Šentvid, tax number: SI 15281507, registration number: 8686670000, e-mail: info@sinecon.eu.

We do not have a designated Data Protection Officer.

THE PURPOSE OF THE PROCESSING, THE LEGAL BASIS FOR THE PROCESSING AND THE RETENTION PERIODS

  1. VISIT THE WEBSITE

By visiting the Website, we store your IP address until the end of the session at the latest. If our system determines that you are not performing any activities that would compromise the operation of our Website, this information is automatically deleted.

In the event that our system determines that you are engaging in activities that are clearly illegal or clearly aimed at disabling the Website, your IP address will be permanently stored and blacklisted by our system, and you will be prevented from further use of the Website.

Legal basis: for the processing of personal data: on the basis of its own legitimate interest (Article 6(1)(f) of the GDPR), the controller also processes personal data for the purpose of the security of the Website and the prevention of unlawful activities on the Website (e.g. hacking, phishing, etc.).

User categories: Website hosting provider and security solutions provider. Users process personal data solely on the instructions and under the control of the controller.

Retention period: depends on the cookies uploaded. For more information, visit here.

  1. FILLING IN THE CONTACT FORM

Your personal data, such as first name, last name, e-mail, will be processed by the controller SINECON d.o.o., Prušnikova ulica 2, 1210 Ljubljana-Šentvid, for the purpose of communication with you. If you do not wish to provide us with your personal data on the form, we will not be able to answer your questions.

Legal basis: legitimate interest (communication with the general public) - 6(1)f GDPR.

User categories: data controller.

Retention period: until the end of the communication, before which you can request the deletion of your personal data.

CHILDREN'S PRIVACY

We are committed to protecting children's online privacy and internet safety. We do not offer products and services to children or knowingly collect or solicit personal information from children under the age of 15.

We will not keep any communications that we reasonably and reasonably believe to be from a child under the age of 15. We encourage parents or guardians of children under the age of 15 to regularly check and monitor their children's use of email and other online activities.

We use all available technology and make every effort to verify that the person with parental responsibility for the child has given or approved consent.

AUTOMATED DECISION-MAKING AND PROFILING

Individuals' personal data are not subject to automated decision-making, nor are they subject to profiling.

SECURITY OF YOUR PERSONAL DATA

We appreciate your trust in us and sharing your personal data with us. We are committed to protecting it and we take appropriate technical and organisational measures to ensure a high level of data protection (some of the measures we take include: the use of firewalls and data encryption, physical access control - securing IT premises and equipment, and control of information access authorisations through a system of passwords to authorise and identify users).

We restrict access to personal data to our employees, service providers and agents who need to know it in order to develop or improve our services.

You understand that our Website provides links to other Websites which are not owned and/or operated by us. Your use of these third party services is completely optional. We are not responsible for the content and/or practices of third parties.

PERSONAL DATA MANAGEMENT AND OPT-OUT

You can update or remove your personal data or opt out at any time.

  • Updates: if you still wish to use our products and services and change your relevant personal data (name, surname, address, email, telephone number), please let us know at info@sinecon.eu.
  • Deletion of personal data: if you wish to have your data removed from our collections in its entirety, please send us a request for deletion to info@sinecon.eu.
  • Opt-out: If you do not like receiving emails or other marketing materials, you can unsubscribe at any time by following the "unsubscribe" link in any marketing email you receive from us.

It can take up to 10 days to process a request sent to info@sinecon.eu. After this time, the request will be processed and, if it meets the conditions, will be valid.

Once we receive your withdrawal of consent, we will stop processing your personal data and delete it. We will notify you that your withdrawal has been taken into account.

INDIVIDUAL RIGHTS

Under the GDPR, the individual has the right to access personal data, the right to rectification, the right to erasure ("oblivion"), the right to data portability, the right to request restriction of processing of personal data, the right to object and the right to lodge a complaint with a supervisory authority.

To exercise your rights or obtain further information, please contact info@sinecon.eu. Your application will be responded to within 10 days and in accordance with the GDPR.

Where there is reasonable doubt as to the identity of the data subject making a request in relation to any of his or her rights, we may require the provision of additional information necessary to confirm the identity of the data subject.

If the data subject's requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action, or refuse to act on the request.

RIGHT OF ACCESS TO DATA

The data subject has the right to obtain our confirmation as to whether personal data concerning him or her are being processed and, where this is the case, to have access to the personal data and to additional information relating to the processing of the personal data, including:

  • the purposes of the processing;
  • types of personal data;
  • the users or categories of user to whom personal data have been or will be disclosed, in particular users in third countries or international organisations;
  • where possible, the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period;
  • the existence of a right to obtain from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject, or the existence of a right to object to such processing;
  • the right to lodge a complaint with the supervisory authority;
  • where the personal data are not collected from the individual, any available information concerning their source;
  • the existence of automated decision-making, including profiling, and meaningful information on the reasons for it, as well as the significance and foreseeable consequences of such processing for him.

Upon request, we will provide a copy of the personal data we process to the data subject. We may charge a reasonable fee, taking into account administrative costs, for additional copies of the data requested by the data subject.

RIGHT OF RECTIFICATION

The data subject shall have the right to have inaccurate personal data concerning him or her rectified without undue delay. The data subject shall have the right, having regard to the purposes of the processing, to have incomplete personal data completed, including by submitting a supplementary declaration.

RIGHT TO DELETION ("oblivion")

The data subject has the right to obtain the erasure of personal data concerning him or her without undue delay:

  • where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • where the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • where the data subject objects to processing on the basis of a legitimate interest of the controller and there are no overriding legitimate grounds for processing;
  • where the data subject objects to processing for direct marketing purposes;
  • where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law; where the data is incorrectly collected from a child who, in accordance with applicable law, is not able to provide such data in connection with the provision of information society services.

Where directory or other published data are involved, we shall take reasonable steps, including technical measures, to inform other controllers processing personal data that the data subject has requested them to erase any links to, or copies of, that personal data.

RIGHT TO RESTRICTION OF PROCESSING

The data subject has the right to restrict processing where:

  • the data subject contests the accuracy of the data for a period for which we can verify the accuracy of the personal data;
  • the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that its use be restricted;
  • we no longer need the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims ;
  • the data subject has objected to processing, pending verification that our legitimate grounds override those of the data subject.

THE RIGHT TO DATA PORTABILITY

The data subject has the right to receive personal data concerning him or her that we hold in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller without hindrance, where:

  • the processing is based on the individual's consent or on a contract or where the processing is carried out by automated means.

RIGHT TO OBJECT

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data which is based on legitimate interests pursued by us or by a third party. We shall no longer process the personal data unless we can demonstrate compelling reasons for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling insofar as it is related to such direct marketing. To the extent that the direct marketing is based on consent, the right to object may be exercised by withdrawing the personal consent given.

THE RIGHT TO LODGE A COMPLAINT CONCERNING THE PROCESSING OF PERSONAL DATA

The data subject may communicate any complaints regarding the processing of personal data to the following e-mail address: info@sinecon.eu or by post to SINECON d.o.o., Prušnikova ulica 2, 1210 Ljubljana-Šentvid.

In the event of a personal data breach, we will notify the competent supervisory authority, except where the breach is unlikely to have compromised the rights and freedoms of individuals. Where we suspect that a criminal offence has been committed at the time of the breach, we will notify the police and/or the competent prosecutor's office.

In the event of a breach which may result in a high risk to the rights and freedoms of natural persons, we will immediately or, where this is not possible, without undue delay, inform the data subject of the breach.

If the data subject has exercised the right of access to data with the controller and, after receiving the decision, considers that the personal data he or she has received are not the personal data he or she requested or that he or she has not received all the personal data requested, he or she may, before lodging a complaint with the Information Commissioner, lodge a reasoned complaint with the controller (SINECON) within 15 days. We will decide on the complaint as a new request within five working days.

If the data subject considers that his/her rights or the regulations on the protection of personal data have been violated, he/she may lodge a complaint with the competent state authority: the Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, e-mail: gp.ip@ip-rs.si).

RETENTION PERIOD OF PERSONAL DATA

We will keep the personal data of the data subject for as long as necessary to fulfil the purpose for which the personal data were collected and further processed.

We obtain some information through the use of cookies and other similar technologies by analysing your behaviour on our Website and your response to emails, and from third parties whose cookies are placed on your device with your consent (social media providers, etc.).

We will retain the data processed on the basis of legitimate interest or for the purpose of carrying out pre-contractual measures at your request for a maximum period of five years from the time when the purpose of our communication with each other has been fulfilled or until the expiry of the limitation periods for any claims.

Where the applicable sectoral legislation (e.g. tax legislation) provides for mandatory retention periods for personal data, we delete personal data after the expiry of the statutory period.

LINKS TO OTHER WEBSITES

The Website may contain links to third party websites which are not owned and/or operated by us. These websites have their own Privacy Policies, which you should familiarise yourself with as the operator accepts no responsibility for them.

CHANGES TO THE PRIVACY POLICY

We reserve the right, at our sole discretion, to update, modify or replace any part of the Privacy Policy by posting the update or modification on the Website without prior notice. Any change shall be effective from the date of public posting of the amended Privacy Policy on our Website.

 Published on: 2. 4. 2024