Privacy in the SKUPONI online system
This document presents the personal data protection policy according to the General Data Protection Regulation (GDPR) for the company Qualitas d.o.o., which acts as the "controller" (hereinafter the Controller).
The operator manages a family of online services (hereinafter referred to as Services) intended for advertising, promotion, marketing and sales (skuponi.si). For its basic operation, the controller processes and stores personal data of service users (hereinafter referred to as the Individual).
The individual uses the Services offered by the Administrator for his own benefit, at his own risk and voluntarily. In the same way, the Individual also shares his/her personal data with the Controller, since the Controller needs as much information as possible from the Individual to ensure the best possible quality of the Service, or the Individual, by providing personal data to the Controller, personalizes the experience of using the Services.
The administrator undertakes to legally and correctly handle personal, sensitive and commercially sensitive data, which is absolutely necessary for the successful operation and ensuring the quality of the Services.
We are committed to respecting the principles regarding the processing of personal data of Individuals, which are:
- Legality, fairness and transparency
- Purpose limitation
- Minimum data volume
- Storage limit
- Integrity and confidentiality
In order to provide quality services and to fulfill legal obligations, the controller must collect the Individual's personal data and store and handle them appropriately and in accordance with the principles for processing personal data.
In order to comply with the law, the manager must provide at least one legitimate reason for the processing (collection, use, management or disclosure) of personal data. In some circumstances, the consent of the Individual is not required.
The data protection policy is drawn up to interpret and ensure compliance with the law. Where there is a possibility of ambiguity, the document tries to explain in detail and comprehensibly, in order to reduce the risk and thereby protect the Individual.
The General Data Protection Regulation (GDPR) requires a clear, comprehensible and transparent explanation of the processing methods of the Individual's personal data, which is explained in this document, which also proves compliance with the law.
Collection of personal data
The controller ensures data collection in accordance with the data protection policy. This applies to personal data collected in person, over the phone or electronically via forms.
In each collection of personal data, the administrator ensures, if possible, the presence of clear and understandable explanations to the Individual, which personal data are collected, for what purposes they will be used, what are the consequences of not consenting to the processing of personal data, and explanations with whom it may be collected personal data shared.
The points listed above ensure that the Individual has sufficient information to give consent.
There are situations in which the collection of personal data is given implicitly; such as, for example, communication with support via phone or e-mail, where personal data is absolutely necessary to process the request itself.
Storage of personal data
Personal data and records relating to Individuals are stored securely, and only authorized individuals (employees) have access to this data.
Personal data will only be stored for as long as is necessary for their processing. Data that are no longer necessary for further processing will be removed in accordance with the law.
Access to data about the Individual
Every individual has the right to obtain information about the personal data of the Individual, which the Controller keeps about him. The controller will implement measures to ensure that this data is up-to-date by asking the Individual about changes.
All employees of the Administrator are obliged to ensure that the personal data of the Individual are factual and objective.
The manager will ensure that:
- It has a designated personal data protection official who ensures compliance with this personal data protection policy
- Anyone who processes personal data understands that by processing this data they are responsible for following good data protection practices
- Anyone who processes personal data receives appropriate personal data processing training
- Is everyone who processes personal data properly supervised
- Anyone processing personal data shall report suspected or actual misuse of data, following the data protection breach reporting procedure
- Anyone who would like to obtain information about the processing of personal data clearly understands what they have to do
- It clearly presents how it processes personal data
- It will regularly review and correct the procedures and methods of processing personal data so that they comply with the law
- It regularly checks and evaluates the methods and performance related to the processing of personal data
- Are all employees and contractual partners of the Manager aware that any misuse or failure to comply with the rules and procedures defined in this document may initiate disciplinary proceedings against them
According to the General Data Protection Regulation (GDPR), a lawful request to process personal data is required before personal data can be processed. If there is no other lawful purpose, the Individual must consent to the processing of personal data.
The processing of personal data is considered lawful if:
- Is the processing of personal data necessary for the performance of a contract with the Individual or for entering into a contractual relationship with the Individual. Such an example could be the purchase of a coupon or product and the like
- Is the processing of personal data necessary for the fulfillment of legal obligations
- Is the processing of personal data necessary to protect the interests of the Individual or another person
- Is the processing of personal data necessary for the performance of tasks in the public interest, or for the performance of official powers held by the Controller
- Is the processing of personal data necessary for the purposes of the Controller's legitimate interests and does not prevail over possible damage to the rights and interests of the individual
- The processing has the consent of the Individual
Valid consent is considered if:
- Consent is given voluntarily: The individual has the option of choosing and controlling how his personal data can be processed
- Is the consent specific and informed: The individual understands all the purposes of personal data processing. If there are several different processing purposes, consent must be given for each of them
- Consent is unambiguous: The individual knows what he is consenting to and that he has given consent
- Is the consent given as a deliberate action of the Individual, for example signature, oral, electronic choice between options
Consent can be implied, for example by completing a questionnaire. Personal data collected on the questionnaire can only be processed for the purposes described on the questionnaire. Personal data may not be used for other methods of data processing, unless the Individual has given specific consent for other methods of data processing.
Consent can be considered as agreement to subsequent communication between the Controller and the Individual. For example, in the case of collecting personal data for one type of service, if the Controller offers another, similar service, it is reasonable for the Controller to contact the Individual in connection with the other service, if at the same time he offers the possibility to cancel the consent for communication in connection with the other service.
OBTAINING, RETAINING AND MANAGING CONSENT
Consent must be clear and distinguishable from other matters, written in an understandable form and in clear and understandable language.
It must be clear who consents, when the consent was given, how it was given, what it was given for, and when the Individual terminated the consent.
If the Individual is still interacting with the Controller in a way for which the Individual has already given consent to the processing of personal data, the consent is considered to be still valid. If the Individual no longer interacts with the Controller, it may be necessary to request consent again after re-interaction, depending on the time elapsed since the last interaction.
When consent has been given in accordance with Directive 95/46/EC, the Individual does not need to give consent again for the processing of data, if the consent was given in a way that complies with the conditions of the current GDPR regulation.
The Controller provides the Individual with information about his rights in a concise, transparent, comprehensible and easily accessible form, as well as in clear and simple language, in writing or in e-form. The administrator implements requests regarding rights without undue delay within one month of receiving the request, or at most two additional months later, taking into account the complexity and number of requests.
If the Individual submits the request in electronic form, the Controller shall, whenever possible, provide the answer in electronic form.
The individual has the possibility of filing a complaint with the supervisory authority and the possibility of exercising legal remedies.
If the Individual's requests are clearly unfounded or excessive, especially if they are repeated, the Administrator may:
- It shall charge a reasonable fee, taking into account the administrative costs of providing the information or message, or of carrying out the requested action
- Refuses to take action in relation to the request, whereby the Manager bears the burden of proof of obvious groundlessness or exaggeration
The Individual has the right to access the following information when Personal Data is obtained from the Individual:
- The identity and contact details of the controller and his representative, if any
- Contact details of the authorized data protection officer, if one exists
- Purposes of personal data processing, legal basis for their processing
- Legitimate interests sought to be asserted by the Manager or a third party
- Users or categories of users of personal data, if they exist
- Information on possible transfers of personal data to a third country
The Individual has the right to the following information to ensure fair and transparent processing when Personal Data is obtained from the Individual:
- The period of retention of personal data, or the criteria used to determine this period
- The existence of the right for the Individual to request withdrawal from the processing of personal data, or the correction or deletion of personal data, or the limitation of processing, the existence of the right to object to processing and the right to transfer data
- Where the processing is based on consent, the existence of the right to withdraw consent, without affecting the lawfulness of the processing carried out on the basis of consent until its withdrawal
- Existence of the right to lodge a complaint with the supervisory authority
- Existence of the right to information if the provision of personal data is a statutory or contractual obligation or an obligation that is necessary for the conclusion of a contract and the possible consequences if such data are not provided
- Existence of automated decision-making, including profiling, reasons, meaning and intended consequences
The individual has the right to request confirmation from the Controller if his personal data is being processed and how. In the event that his personal data is processed, the Individual has the right to obtain the following information about the processing:
- Purpose of processing
- Types of personal data
- Users or categories of users to whom personal data is disclosed, especially in the case of users in third countries
- When possible, the intended retention period of personal data, or the criteria by which the retention period is determined
- Existence of the right to request correction or deletion of personal data from the Controller, or restriction of processing of personal data and existence of the right to object to such processing
- The right to file a complaint with the supervisory authority When personal data are not collected from the Individual, information about their sources
- Existence of automated decision-making, information about reasons, meaning and intended consequences
An individual has the right to deletion, or the right to be forgotten, whereby the Administrator must delete the individual from storage without undue delay, if:
- The personal data are no longer necessary for the processing purposes for which they were collected or otherwise processed
- The individual revokes the consent on the basis of which the processing takes place and there is no other legal basis for further processing
- The individual objects to the processing and there are no overriding legal grounds for the processing
- Personal data was processed illegally
- Personal data must be deleted to fulfill a legal obligation in accordance with EU law or the law of a Member State applicable to the Controller
The individual has the right to restrict processing to the Controller in the following cases:
- The individual disputes the accuracy of the data for a period that allows the Controller to verify the accuracy of the personal data
- The processing is illegal and the individual opposes the deletion of personal data, and instead requests a restriction of use
- The Controller no longer needs the personal data for the purposes for which they were collected, but the Individual needs them to assert, implement or defend legal claims
- The individual lodges an objection and the controller's verification of the legal reasons for the individual's reasons has not yet been completed
When the processing of personal data is limited, such personal data, except for the storage, enforcement, implementation or defense of legal claims or for the protection of the rights of another natural or legal person, or for the public interest of the EU or a member state, is processed only with the permission of the Individual.
The Manager communicates changes, corrections, deletions or restrictions on the use of personal data to other Personal Data Processors, except in cases where this requires a disproportionate effort or proves impossible.
The individual has the right to receive personal data related to him, which was held by the Controller, in a structured, commonly used and machine-readable form, and the right to forward this data to another controller without the Controller to whom it was personal. data provided, while obstructing when:
- processing is based on consent (or contract),
- the processing is carried out by automated means.
The individual has the right to object to the processing of his personal data at any time. In this case, the controller shall stop processing personal data, unless it proves necessary legitimate reasons for the processing that override the interests, rights and freedoms of the individual, or for the assertion, implementation or defense of legal claims.
An individual has the right not to be subject to a decision based solely on automated processing that has legal effects in relation to him or similarly significantly affects him. However, it is permissible if the decision:
- Necessary for the conclusion or implementation of the contract between the Individual and the Manager
- Permitted in EU law or the law of a member state that applies to the Controller and also determines appropriate measures to protect the rights and freedoms and legitimate interests of the Individual
- Based on the express consent of the Individual
Individual rights may be limited by law in the following cases:
- If it is in the interest of national security
- For the purpose of defense For the sake of public safety
- For the prevention, investigation, detection or prosecution of criminal offenses or the enforcement of criminal sanctions
- In order to protect the independence of the judiciary and the judicial process
- Due to the enforcement of civil claims
Violations of personal data protection
In the event of a breach of personal data protection, the Controller shall notify the competent supervisory authority without undue delay, at the latest within 72 hours of becoming aware of the breach, unless it is unlikely that the rights and freedoms of individuals would be threatened by the breach of personal data protection. If the official notification was not given within 72 hours, the Administrator shall attach the reasons for the delay to the notification.
After becoming aware of a breach of personal data protection, the Processor shall notify the Controller without undue delay.
The notification contains:
- Description of the type of violation,
- number of concerned Individuals, types and number of concerned personal data records
- Name and contact details of the authorized person for data protection
- A description of the likely consequences of a breach of personal data protection
- A description of the measures taken by the Manager to address and mitigate any adverse effects of the breach, if applicable
If the information cannot be provided simultaneously, it shall be communicated gradually, without undue delay.
The manager documents every violation of personal data protection, including the facts related to the violation of personal data protection, its effects and the measures taken. The documentation enables the supervisory authority to verify compliance with this article.
NOTICE TO AN INDIVIDUAL ABOUT A BREACH OF PERSONAL DATA PROTECTION
If it is likely that a breach of personal data protection causes a high risk to the rights and freedoms of Individuals, the Controller shall notify the Individual without undue delay that the breach has occurred and in the message clearly describe the type of breach of personal data protection and also include information and recommendations regarding the breach .
Notification to the individual is not required if:
- Has the Controller already taken appropriate technical and organizational measures to protect personal data, in particular measures that make personal data unintelligible to anyone who is not authorized to access it, for example encryption
- Has the Controller taken measures to ensure that the high risk to the rights and freedoms of Individuals is unlikely to materialize again
- It would require a disproportionate amount of effort
What personal data do we collect?
The Administrator collects and stores personal data of Individuals, which the Individual voluntarily submits directly to the Administrator when they wish to use the Services provided by the Administrator. Typically, this occurs at the time of registration to use the Services.
Alternative situations in which the Controller obtains personal information are prize games, registration for secondary Services (for example, registration for receiving electronic notifications).
In all cases where the Controller collects personal data, there is a legal basis or the Individual's consent for the processing of personal data.
The individual's personal data collected by the Administrator are obtained in the following situations and are as follows:
- Creating a user profile for using the Services, or using at least one of the Services offered. The personal data collected in this way are processed either for the quality of the Service or to meet legal requirements when performing the Service or entering into a contractual relationship with the Controller, such as for example the purchase of a product, reservation of a tourist arrangement (Name, Surname, Email address, Address, Telephone number, Date of birth, Primary place, Secondary place, photo). Personal data collected in this way may be mandatory or optional. Mandatory personal data are those without which the normal operation of the Services would be limited or impossible (for example, e-mail), and optional personal data are those that improve the user experience, but are not essential for the basic operation of the Service (for example, a telephone number for notifications about deliver shipments).
- Request for help from customer support either via email, online form, or phone support. The personal data collected in this way are necessary to process the request itself (Name, Surname, Email address)
- Registration via an electronic form or registration for electronic newsletters (E-mail address, First name, Surname)
- Participation in sweepstakes, questionnaires or any other participation in activities that require an Individual's personal information
Other methods of collecting personal data, or data that can be used to identify an Individual, are:
- User account information. These include coupon codes, purchases and communications related to purchases (inquiries and reviews)
- Information about the use of the Service, which is automatically collected during the use of the Service (device type, browser type, location, language preferences, cookies, IP address, login time, clicks on categories and pages, adds to cart, purchase, any errors that occurred during the use of the Services) and assist the Manager in:
- Ensuring a higher quality of service by recognizing the technical capabilities and preferences of the Individual and his devices with which he uses the Services of the Operator
- Ensuring higher security of the Individual by recognizing unusual logins, unusual purchases, attempted abuse
- Ensuring a faster and better response in case of solving problems and disputes
- Data obtained by Data Processors
How do we process personal data?
The concrete way of processing personal data depends on the Service that the Individual uses and on the preferences of the Individual.
USE OF PRIMARY SERVICES AND PERSONALIZATION
We process an individual's personal data for authentication and identification of the individual when logging into the system, for personalizing received electronic messages, for recording interests and wishes, such as using a shopping cart or browsing categories.
COMMUNICATION RELATING TO THE SERVICES
We process the individual's personal data for communication related to the services offered by the Controller, or to provide the Service as such (communication regarding the daily offer is also the primary Service of the Controller).
The controller also processes personal data in connection with purchases and coupons. It is not possible to unsubscribe from this type of processing, as it is necessary for the provision of the Service as such and is tied to the Individual entering into a contractual relationship with the Controller (purchase).
The Administrator may communicate with the Individual about alternative and new Services that are directly or indirectly related to the Services for which the Administrator has already obtained the Individual's consent.
MARKETING AND PROMOTION OF SERVICES
On the basis of prior consents, or the use of the Services, the Controller may recommend, suggest, or otherwise promote and market new Services, or offers within the Services. Withdrawal from this type of personal data processing is possible.
For customer support, the processing of the Individual's personal data is necessary. For more accurate analysis, faster and better resolution of problems or disputes, the Manager may request additional personal and other information.
SAFETY AND PROTECTION
We process personal data to ensure the safety and security of Individuals, Controllers and Processors. This type of processing includes the monitoring of logins to the service, monitoring of service use, monitoring of the Individual's activities within the Services, with which the Administrator can more easily identify threats and attempts at abuse of the Service, the Individual, the Administrator or the Processors.
EXECUTION OF LEGITIMATE INTERESTS
If this is legally required, the Administrator may process personal data without the Individual's consent, or the continued use of the Service is considered to be the execution of the contract between the Administrator and the Individual. A concrete example of such processing of personal data is, for example, the purchase of a product, where the performance of the Service is not possible without the processing of personal data.
The manager can process personal data even if he is convinced that he is protecting his own legitimate interests, or that he is protecting the interests of other involved natural or legal persons.
If there are none of the above-mentioned reasons for the processing of personal data, and the Individual has agreed to the processing of data for a specific purpose, the Individual's personal data may be processed for this purpose until cancellation, or until otherwise determined by a change in the personal data protection policy.
How do we share the obtained personal data with third parties?
To ensure the quality of the Services, or to provide the Services, we may share the obtained personal data with third parties. In these cases, the Controller has concluded a contract with the Processor on the processing of personal data, unless the processing of personal data is necessary for the execution of legitimate interests.
The manager does not use the databases of personal data for sale in any way, but processes them and submits them for processing only for the purposes of performing the Services. If there is no other legitimate interest in the transmission of personal data to third parties, the Controller obtains consent from the Individual for such processing.
How do we store and protect the collected personal data?
INFORMATION SECURITY AND DATA STORAGE
Personal data of Individuals are stored and processed on web servers in Slovenia. The controller constantly strives to maintain and develop the information system in accordance with the latest technological security standards in order to protect the Individual's personal data.
Despite the high standards and implemented protections that the Administrator managed to implement in its information system, due to the nature of the Internet, it cannot guarantee the subsequent misuse of personal data that would occur after the transfer from the Administrator's servers to the Individual, or in the event of an intrusion into the information system where The controller does not have its own resources or the ability to prevent such abuses.
HOW LONG DO WE KEEP PERSONAL DATA?
The length of time personal data is stored depends on the type of personal data, the individual's use of the Service, the method of processing, and legal requirements. When and if personal data are no longer absolutely necessary for processing, or if the Individual decides to terminate the user profile, the Manager deletes, pseudonymizes or anonymizes such data, except in cases where it is absolutely necessary for the continuation of the Service of the Manager, or must remain kept due to legal requirements.
Data collected for the needs of the user's user profile are stored as long as the user of the Service is active, or for a reasonable time after the end of the activity in case the user decides to become active again.
An activity is considered any activity of the Service user, from registration, login, transfer to basket, purchase, read e-mail or opening a website. Data that help the Administrator to process claims or disputes from the Individual, or are in any other way legally required to be kept for a longer period of time, will be preserved even in the event of termination of the user profile. A typical example of this is coupon and purchase data.
Personal data directly related to marketing (cookies, category clicks, ad clicks), even in the case of termination of processing consent, may be kept for a reasonable time after the termination of consent, if this is necessary for the Manager's business processes or ensuring the quality of the Service. In the event of termination of use of the Services and thus termination of the collection and processing of data directly related to marketing, personal data collected for marketing purposes may be deleted within a reasonable time, provided that they do not otherwise affect the quality of the Services provided by the Controller.
Personal data collected through forms, sweepstakes and other sources
Personal data collected for processing purposes that are not directly related to the Services provided by the Controller may have different storage periods, depending on the processing purpose.
If the personal data is not otherwise designated for alternative purposes of processing (to ensure legal interests, with the consent of the Individual), such personal data may be deleted, anonymized or pseudonymized after the time required for processing has elapsed, depending on the type of data and the method of processing.
Access and control of personal data collections
An individual who is a user of the Services provided by the Manager can access personal data collections through his user profile, where he also has the option of monitoring, updating personal data and changing consents.
Some personal data cannot be managed by the user himself, in these cases a user support contact is available who, if possible, makes the change on behalf of the individual, at his request.
An Individual as a user can also access data through which the Individual can be determined and which was not provided by the Individual, such as coupons, purchases, which the Individual cannot change, he can only access this data. In case of changes, a user support contact is available, who, if possible, makes the change on behalf of the Individual.
Personal data collected through questionnaires, prize games, employment forms or other online or physical forms that are not linked to the profile of the Service user and are still stored by the Controller are generally valid and processed for a shorter period of time than personal data collected for the primary purposes of processing , therefore, personal data that is not part of the collection of personal data that is accessible in the user profile is not easily accessible to the user, except on request via the user support contact, who delivers such information on request, or changes personal data.
DEACTIVATION OF THE USER PROFILE
The individual has the option of terminating the user profile in the event that he no longer wishes to use the Services provided by the Controller. Termination can be done by the Individual through the user support contact, who, if possible and if it does not hinder other business processes or legal interests of the Manager or related persons, will perform the termination at the request of the Individual.
Alternatively, it is possible to withdraw from individual services or individual methods of data processing, in which case the complete termination of the user profile is not necessary.
In case of termination of the user profile, the Controller keeps some of the collected personal data for a reasonable period.
COMBINATION OF USER PROFILES
User profiles belonging to the same person or Individual, cannot be combined.
DELETION OF PERSONAL DATA
Personal data that the Individual wishes to terminate can be deleted or their processing restricted if this does not hinder the Controller's business processes or the Controller has no other legitimate reasons for continuing to store this personal data.
Some types of personal data are such that deletion is already enabled in the user profile, but those that do not have this option are data for which it is necessary to contact user support, who does this on behalf of the Individual.
REQUEST FOR LIMITATION OF PERSONAL DATA PROCESSING
An individual may request a restriction on the use of personal data, while the Administrator reserves the right to request reasons for such restriction if the type of personal data is not simple and if the restriction of personal data processing may affect business processes or there are other legitimate reasons for processing.
In the case of simple types of personal data, the possibility of limiting the processing for a specific purpose is already enabled and available in the user profile or in the footer of an email message, where the Individual can manage the consents and limitations of the processing of individual personal data for specific purposes. If there is no such option, or if the Individual cannot find it, they can contact user support, who will change the restrictions or give consent on behalf of the Individual.
PORTABILITY OF PERSONAL DATA
The Individual may request from the Controller a collection of personal data that the Controller maintains about the Individual, whereby such collection is in an electronically readable format, so that personal data can be transferred to another similar Service. The operator provides the possibility to export collections of personal data, but this does not apply to all types of personal data, as not all types can be transferred to another service.
In case of requests for the export of personal data, the Individual contacts the user support, who prepares such an export within a reasonable time, the export is not automatic and not immediate. In the case of multiple consecutive unfounded requests for the export of personal data collections, or requests that the Administrator rightly considers to be disproportionately frequent, the Administrator reserves the right to charge a fee for the service of exporting personal data.
Personal data processors
To provide the Services, the Controller cooperates with other legal entities that can process certain types of personal data managed by the Controller.
For each processor of personal data, the Controller has concluded a contract on cooperation and processing of personal data, unless the processing of personal data is necessary for the legitimate interests of the Controller or the Processor. Personal data processors can be, among others:
- Payment processors and payment providers
- Providers of technical or other business support services
- Providers of communication methods such as electronic notifications and electronic chat
- Providers of customer management tools
- Providers of tools to analyze the use of the Services and facilitate troubleshooting of the Services
- Service providers promoted, marketed and sold by the Manager
The processors of personal data are the following (the list may change according to the Controller's requirements):
Means of payment
The country of the provider depends on the service provider
Processors and methods of processing that are not listed above may process pseudonymized or anonymized personal data and are thus exempt from the requirements
General regulations on data protection.
Reporting violations and abuses
If an individual suspects that there has been abuse or a violation in the processing of his personal data, he can report the suspected violation to the Controller's email address listed in the contact information.
In order to process the request as quickly as possible, the Individual must provide as much relevant information as possible (which user profile, which personal data is alleged to have been abused, in what way and for what reason the Individual believes that it is a violation or abuse).
The administrator implements requests regarding violations and misuse of personal data without undue delay within one month of receiving the request, or at most two additional months later, taking into account the complexity and number of requests.
Data Protection Authority
The controller is confident that it collects and stores personal data of Individuals in accordance with the General Data Protection Regulation (GDPR) and other valid laws in the Republic of Slovenia and the European Union.
In case of questions and complaints regarding the general regulation on data protection, you can contact the data protection authority, which in the Republic of Slovenia is the Information Commissioner of the Republic of Slovenia, reachable at the address below:
Zaloška cesta 59
T: 01 230 97 30
F: 01 230 97 78
Personal data is processed by Qualitas d.o.o., as a joint Controller. For all questions regarding personal data and their processing, you can contact us by email at email@example.com.
For requests related to changing or updating personal data, deleting user accounts, logging out or any other possible problem with the user profile, contact us via e-mail at firstname.lastname@example.org.
To report a suspected violation in the processing of personal data, contact us via email at the address email@example.com.
The Controller undertakes to respond to all requests related to the protection of personal data within 30 days of receiving the request. For more difficult disputes or problems, we reserve the right to extend this period to an additional 60 days.
Ljubljanska c. 24b
For more information regarding the General Data Protection Regulation, visit https://www.eugdpr.org/