, (hereinafter referred to as »controller«), process your personal data. This Policy explains for which purposes and based on which lawful basis we process, how long we retain and what are your rights related to your personal data. We value your privacy and we will safeguard your personal data. We will not share your data with third parties without your explicit consent or other lawful basis and we will not further process it in a manner that is incompatible with the purposes for which it was collected.
In order to prevent unauthorised or unlawful disclosure or access and to preserve integrity of your personal data we established adequate technical and organisational measures. Even so, we cannot fully guarantee prevention of all data breaches. As our information system contains certain links to other websites, that are not under the control of the controller, we cannot take any responsibility with regard to the protection of data on those websites.
2. DATA CONTROLLER
Alpska cesta 43
Registration n.: 5353254000
The Controller manages the following websites: http://hypex.si
3. LAWFUL BASIS FOR PROCESSING
During the provision of our services we collect and process personal data only in accordance with the purposes for which the data was gathered. We maintain up-to-date Records of our processing activities, which contain the details of our personal data processing activities. Personal data of children under the age of 16 is only processed based on consent given or authorised by the holder of parental responsibility over the child.
3.1. Legal Obligations
The majority of our processing activities are necessary for us to comply with our legal obligations (e.g. Accounting Act, Employment Relationship Act, Value Added Tax Act).
We process personal data in order to fulfil our contractual obligations and related steps before entering into a contract (e.g. to deliver our products to the buyers).
In certain cases, we process personal data based upon individual's consent, but only in accordance with the purposes for which the consent has been given. Based on consent we collect and process personal data for marketing purposes, such as communication about our promotions, news, event invitations, for statistical purposes, collecting usage information and customised offers.
If an individual does not give his consent or he or she (partially) withdraws consent, we will only further process personal data within the scope of the valid consent or in accordance with the applicable legislation.
Individuals may unsubscribe from receiving our messages at any time. Instructions on how to unsubscribe can be found in each of our messages.
Individuals may at any time also object to processing of personal data concerning him or her. If such an objection is filed, we will not further process personal data for such purposes. The right to object can be filed via e-mail at firstname.lastname@example.org
or by sending a regular mail to HYPEX, d.o.o., Alpska cesta 43, 4248 Lesce, Slovenia. We will process an individual request without undue delay and no later than 15 days after we receive it.
3.4. Legitimate Interest
In rare cases we process personal data also based on legitimate interest, but never without having first established a business relationship or other legitimate grounds.
4. DATA USERS
The users of personal data are the employees, contractual partners and data processors of Hypex d.o.o., which are bound to safeguard and protect your personal data in accordance with the applicable legislation, non-disclosure agreements or data processor contracts. Users can only access personal data based on their authorisation and assigned access rights.
We may need to send personal data to third parties if such a requirement is prescribed by law (e.g. Court order).
More detailed information about the categories of users, contractual partners and data processors can be provided on demand by sending an e-mail to email@example.com
5. DATA RETENTION
Data retention period depends on the lawful basis and the purposes for processing of personal data. We store personal data only as long as necessary to fulfil the purposes for which it was collected. Afterwards, and if no other lawful basis for processing exists, we erase, destroy, block or anonymise personal data.
6. TRANSFER OF DATA TO THIRD PARTIES
We transfer personal data to third parties only to fulfil the legal or contractual obligations or with an explicit consent of an individual.
7. PROTECTION OF PERSONAL DATA
We store personal data in physical and electronic form at our headquarters. The data is protected with security and encryption measures that ensure security and confidentially of information.
The access to personal data is limited to the employees that need to have access to certain data in order for us to be able to provide our services and products in line with our professional standards. These employees are bound by strict contractual confidentiality obligations, which, if breached, may lead to sanctions including the termination of employment contract.
8. DATA COLLECTION AND PROCESSING
We strive to process as little of personal data as possible and we only collect data of individuals, which is needed to fulfil the legal or contractual obligations, in accordance with the purposes listed in a specific consent or legitimate interest.
8.1. Job Application Form
Our website contains a job application form, where interested individuals may enter their data and join our candidate pool. The purpose of such collection of personal data is communication with regard to possible employment and related processing activities.
Personal data we collect through the application form are name, surname, e-mail address, date of birth, gender, address, education, phone number, CV and other personal data provided by the applicants.
We will only process the collected personal data for as long as necessary to fulfil the purposes for which it was collected. If an individual has not been selected for a specific job opening, we will store his or her data no longer than 24 months. In such cases we will only process data for similar vacancies.
8.2. Registered users
Our website allows registered users to log in and access a dedicated part of the website, where they may access and manage their purchase orders. Registration of users is not publicly available and access to the dedicated part of the website is only granted by the website administrator based on business relationship and mutual agreement.
In case of such registration we process personal data of registered users in order to fulfil our contractual obligations. By doing so we process name and surname, e-mail address, job position and other contact details. With explicit consent we also send registered users promotional materials.
8.3. Website Usage Data
When you visit our website we may automatically gather certain data about the hardware and software of your device. Personal data that may be gathered this way, such as IP address, is not stored or is stored in an anonymised form. We use Google Analytics to analyse gathered data solely for the purposes of website usage statistics.
9. DATA SUBJECT'S RIGHTS
We guarantee you an option to exercise your rights as data subjects. We will enable you to exercise your rights cost-free, but in case some unexpected administrative costs arise we may have to charge you for them (e.g. repetitive requests, multiple copies requests).
In order to exercise your below listed rights you may contact us via e-mail at firstname.lastname@example.org
or by regular mail at HYPEX, d.o.o., Alpska cesta 43, 4248 Lesce, Slovenia. If you believe that your rights have been violated you may contact the Slovenian Information Commissioner, Zaloška 59, 1000 Ljubljana, phone n. 00386 01 230 97 30, fax 01 230 97 78, e-mail email@example.com
9.1. The Right to Access
An individual has the right to receive a confirmation from us on whether we process his or her personal data without undue delay. An individual can request access to his or her personal data that has been collected by the controller.
9.2 The Right to Rectification
An individual has the right to request any inaccurate or out of date personal data to be rectified or updated.
9.3 The Right to Erasure
An individual has the right to request his or her personal data to be erased if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- an individual withdraws consent;
- an individual objects to the processing of his or her personal data;
- the personal data have been unlawfully processed;
- based on a legal obligation.
The right to erasure cannot be enforced if further data processing is necessary based on legal obligations or for the establishment, exercise or defence of legal claims.
9.4 The Right to Restriction of Processing
An individual has the right to obtain restriction of processing if:
9.5 The Right to Object
- the accuracy of the personal data is contested by the data subject;
- the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.
An individual has the right to object to processing of his or her personal data when such processing is based on consent or legitimate interest for marketing purposes. In case of such objection we will immediately cease the processing activities, unless processing is needed for the establishment, exercise or defence of legal claims;
10. LOST OR STOLEN DATA
If data gets stolen, lost, accessed or shared with an unauthorised third party, an individual needs to notify us accordingly without undue delay so that we may take appropriate measures within our power to protect his or her rights.
11. FINAL PROVISIONS