Under the GDPR, the controller is the subject that, alone or jointly with others, determines the purposes and means of the processing of personal information.
The controller for the data processing related to the activities on our Website (and ATMs) is VENDITOR ULTIMUS d.o.o., incorporated and registered in Republic of Slovenia, with a registered office at Štefančeva ulica 1, 1210 Ljubljana - Šentvid.
For any clarification, question or requirement related to your privacy and the processing of your personal data, please contact firstname.lastname@example.org.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
We do not collect any special categories of personal data about you (so called sensitive data; this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Information is gathered from you in a range of ways that are outlined below:
Our use of your personal data depends on how and where you interact with us. However, whenever we process your personal data, we do so on the basis of a lawful “justification” (or legal basis) for processing. In the majority of cases, the processing of your personal data will be justified on one of the following bases:
|THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA||LEGAL BASIS||RETENTION PERIOD|
|I. Fulfilment of services
To enable us to perform the services to you – to carry out our contractual obligations relating to you, to manage our relationship with you which will also include notifying you about changes to our service and changes to our terms or policies.
|It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you.||We will store the data for as long as the agreement shall be in force and for additional period in which either party can make any legal claims arising out of this agreement.|
|II. Support services
To enable us to respond to your queries or requests in accordance with the content of such query or request.
|It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you.
It is also our legitimate interest to ensure quality information to Users and potential Users.
|We will store the data for as long as the agreement shall be in force and for additional period in which either party can make any legal claims arising out of this agreement.|
|III. Marketing communications
To provide news and information services including e-mail briefings and newsletters.
|We will only send you marketing communications where you have consented and expressed a preference to receive such marketing communications, where it is appropriate and relevant to our business relationship with you, or where we have other lawful right to do so.||Until withdrawal of consent.|
|IV. User insight and analysis
To collect insights into how you interact with our services so that we can personalise our communications with you and maintain and improve our websites and services.
|Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we deliver our online services to you and our other clients effectively and to ensure quality.
Where lawfully required, we may also process your personal information in accordance with your consent to the processing.
|We will store the data for as long as necessary for the purposes of the legitimate interests.
Until withdrawal of consent.
|V. Compliance with legal obligations
To comply with legal and regulatory obligations to which we are a subject (e.g. anti-money laundering).
|It is our legal obligation to do so.||We will store the data for a period required under the applicable laws.|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Some of our processes can involve profiling, automated processing and automated decisions.
We may in some instances use your personal data, such as your Usage Data, in order to better address your needs. For example, if you frequently engage in a certain service, we may use this information to offer you more similar services or inform you of specific news or features that may be useful for you. We may use automated individual decision-making in order to improve your experience.
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time. You can exercise this right by contacting us on: firstname.lastname@example.org by clicking on the “unsubscribe” button on our marketing emails or by choosing a similar opt-out option that we may provide for you to exercise your right to object to the processing of your personal data.
Where applicable, your personal data is collected and processed in compliance with the GDPR. We place great importance on the security of all personal data associated with our users. We have adopted security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access. We limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
For the best possible protection of your personal data outside the limits of our control, your computer or other device should be protected (such as by updated antivirus systems) and your internet service provider should take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
While we take reasonable steps to protect your personal data, we cannot guarantee that the personal data you disclose to us will be 100% secure, nor that any data breach will not occur. You accept the inherent security implications of dealing on-line over the Internet and will not hold us or our processors responsible for any data breach unless it is due to our negligence.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
However, if we do transfer personal data collected within the EEA to third parties outside the EEA, such transfer will be based on the safeguards either of the standard contractual clauses issued by the EU Commission, the EU-US or CH-US Privacy Shield certification, Binding Corporate Rules or other acceptable legal mechanisms. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical, and organizational security measures to protect your data.
Our general approach is to retain your personal data only for as long as required to fulfil the purposes for which it was collected, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. We generally retain your personal data for three (3) years from the end of our relationship or from the last contact from you, unless local law requires otherwise. However, in some circumstances we may retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time corresponding to the applicable statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
In some circumstances, certain personal data can be removed on your request. Also, note that due to technical limitations, the data may not be removed instantly. Please contact us for further information: email@example.com
We may also share your personal data with law enforcement, data protection authorities, government officials, and other authorities, including when:
We may also disclose certain personal data to our current or future affiliates, subsidiaries and other related entities, as well as to our operational and business partners and sub-contractors when this is necessary for the performance and execution of any contract, we enter into with them or you. We may also share your personal data with third parties in connection with potential or actual restructuring of our company or any of our assets, or those of any associated company, in which case personal data held by us about our users may be one of the transferred assets.
Our Website may include links to third-party websites, plug-ins, channels or other applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy statements. When you use the third-party services, we encourage you to read the privacy notice of every website or application you use.
Under certain circumstances, you have the following rights in relation to your personal data under GDPR:
For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data please contact us via firstname.lastname@example.org.
Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavour to respond to your request as soon as possible and in any case within the applicable timeframes.
Protecting the safety and privacy of children is very important to us. Our Website and Services are intended for a general audience and are not directed at individuals under the age of majority. We do not knowingly collect information from anyone under the age of eighteen (18) years, or any other age limit set out by the law of his/her country of residence children, or other individuals who are not legally able to use our Services. By registering or submitting an application, you confirm that you have reached the age of majority in your country of residence. If we learn that we have inadvertently gathered personal information from such an individual, we will take legally permissible measures to remove that information from our records. If you believe that we have mistakenly or unintentionally collected information from a child, please contact us via email@example.com.
VENDITOR ULTIMUS d.o.o.
You also have the right to lodge a complaint regarding the processing of your personal data by us at any time with your local data protection authority (you can find your data protection authority: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).
We would, however, appreciate the opportunity to deal with your concerns before you approach the authorities, so please contact us in the first instance.