Privacy policy

PRIVACY POLICY OF ZZI D.O.O.

1. Table of contents

1. Table of contents.

2. Who processes your personal data?

3. How is personal data processed?

4. To whom does the Privacy Policy refer?

5. How do we obtain your personal data?

6. What are the purposes based on which personal data is processed?

6.1. The processing conducted during the provision of our services.

6.2. The processing conducted during communication with subscribers and potential subscribers.

6.3. Personal data processing in relation to the organisation of events and training courses

6.4. Personal data processing for the purposes of marketing.

6.5. Other purposes of processing.

7. When do we process personal data as the personal data processor?

8. Is your personal data transmitted to third parties?

9. How is personal data protected?

10. What are your rights in relation to personal data processing?

11. Plug-ins.

12. Policy amendments.

This document contains all information relating to personal data processing that is conducted at ZZI d.o.o. (hereinafter “ZZI” or “we” or “us”). The document provides information on the purposes of processing, legal basis, categories of personal data, storage period and your rights relating to the processing.

2. Who processes your personal data?

ZZI acts as the personal data controller. Within the scope of its operations, ZZI may also act as the personal data processor. The cases where ZZI acts as the personal data processor are defined in detail in the chapter “When do we process personal data as the personal data processor”.

This Privacy Policy provides information on the categories of personal data collected, the reasons for processing personal data, the storage period and the rights available to you within the scope of personal data processing.

Information on the personal data controller:

ZZI d.o.o.

Pot k sejmišču 33

1231 Ljubljana – Črnuče

Slovenia

Contact person: Dr. Rok Bojanc

email: gdpr@zzi.si

3. How is personal data processed?

ZZI processes personal data based on predetermined and legitimate purposes. Personal data is processed solely for such purposes; in case of any additional purposes for personal data processing, you will be informed in advance.

Any personal data processing is conducted solely on the relevant legal bases, which are: contractual relationship, the law, legitimate interest or your consent.

Personal data is stored only for the period needed to fulfil the purpose for which it was collected. After the expiry of the storage period, personal data is deleted or destroyed in a manner rendering the reconstruction of personal data impossible.

4. To whom does the Privacy Policy refer?

This Privacy Policy is intended for all those individuals whose personal data is processed by ZZI as the personal data controller.

These include:

  • subscribers (contact persons, users),
  • - business partners,
  • - potential subscribers (online inquiry, contacts from events),
  • - interested public:
    • o visitors to the website,
    • o recipients of our e-news.

5. How do we obtain your personal data?

We obtain personal data directly from you (e.g. when you contact us with your inquiry) or indirectly (e.g. with your visit to our website, through our partner companies).

The provision of personal data is not necessary, unless it is required by the law. If you decide not to provide your personal data, it is possible that we will be unable to provide certain services to you (e.g. we cannot respond to your inquiry if you do not provide your contact information). Likewise, it is not possible to enter into a contract without certain personal data.

6. What are the purposes based on which personal data is processed?

This chapter provides information on the purposes of processing and the legal bases used to process personal data.

In relation to personal data processing, you have certain rights that are specified below.

Where personal data is processed on the basis of legitimate interest, you can submit an objection to personal data processing.

If you have given your consent to personal data processing, you always have the option to withdraw your consent.

7. The processing conducted during the provision of our services

This includes information on the processing of the personal data of our subscribers which is conducted for the purposes of rendering our services.

Purpose of processing

Legal basis

Personal data categories

Storage period

Conclusion of a contract and the fulfilment of obligations deriving from a contract

Contractual relationship

Name and surname of the contract signatory/representative, name and surname, email address, phone number of the contact person

5 years following the termination of a contract;

invoices are stored for 10 years pursuant to the requirements of the tax legislation

Providing assistance to users

Contractual relationship

Email address, phone number, name and surname of the contact person. In case of technical assistance, it is possible to consult the data stored by the controller for the subscriber.

5 years following the termination of a contract

Set-up and provision of a user account

Contractual relationship

Name and surname, email address of the user

5 years following the termination of a contract

Sending notifications regarding the operation/maintenance of the system and changes to the subscription relationship

Contractual relationship

Name and surname, email address of the user

5 years following the termination of a contract

8. The processing conducted during communication with subscribers and potential subscribers

This chapter defines the purposes of processing referring to communication with subscribers and potential subscribers outside the scope of contractual relationship.

Purpose of processing

Legal basis

Personal data categories

Storage period

Sending e-news to our subscribers

The law

Name and surname, email address

Until cancellation

Sending e-news to other recipients

Consent

Name and surname, email address

Until cancellation

Sending e-news to publicly available email addresses

Legitimate interest in obtaining new subscribers

Email address, company

Until cancellation

Implementation of mild segmentation during e-news transmission (irrespective of the recipient)

Legitimate interest in providing relevant news to subscribers

Name and surname, email address, data on the services used, location of business premises

Until cancellation

Monitoring the efficiency of the e-news sent

Legitimate interest in providing interesting contents to e-news recipients

Name and surname, email address, data on the services used, location of business premises, data on who opened the email and what contents they viewed

Until cancellation

The processing of inquiries (irrespective of the communication channel)

Legitimate interest in providing successful and efficient communication with potential subscribers

Tax number, company, address, contact person, email address, phone number, contents of the inquiry

1 year following the preparation of an answer to the inquiry

9. Personal data processing in relation to the organisation of events and training courses

Organisation and execution of webinars

Contractual relationship

Name and surname, email address, the data needed for the operation of the online webinar tool

1 year following the execution of the relevant webinar

10. Personal data processing for the purposes of marketing

This chapter includes information on the marketing activities conducted by ZZI.

Market communication with subscribers and potential subscribers with respect to the interest expressed within the scope of e-news.

Legitimate interest in preparing a relevant offer for e-news recipients

Email address, phone number, name and surname

1 year following the conclusion of communication

Market communication with potential subscribers following a promotional event

Legitimate interest in presenting services to obtain new subscribers

Email address, phone number, name and surname

1 year following the execution of the relevant promotional event

Execution of a prize game

Consent

The selection of personal data will be indicated within the scope of each prize game

3 months following the conclusion of the relevant prize game; data on prize winners is kept pursuant to the tax legislation

11. Other purposes of processing

This chapter defines the purposes related to company operations.

Enforcement of own rights or requirements for the fulfilment of obligations in formal procedures

The law

Data relevant to the issue at dispute

Throughout the term of the procedure to enforce a right or a request for the fulfilment of obligations and for another 10 years following the delivery of the final decision by the competent body

Provision of statistical analyses regarding the use of the website

Legitimate interest in website optimisation

Use of aggregated data where the identification of an individual is not possible

Use of aggregated data without a storage period

Provision of statistical analyses regarding e-news transmission

Legitimate interest in e-news optimisation

Use of aggregated data where the identification of an individual is not possible

Use of aggregated data without a storage period

More information on the purposes of personal data processing in respect of website users is available in the Cookie Policy.

12. When do we process personal data as the personal data processor?

As the provider of services enabling the digitalisation of business operations, ZZI acts as the personal data processor in relation to its subscribers.

Our subscribers act as the personal data controller in relation to the personal data they process using our technologies. Individuals whose personal data is processed within such scope need to contact the personal data controller (i.e. service subscriber) for any questions relating to personal data processing.

If we receive a request that falls within the scope of contractual processing that ZZI conducts for its subscribers, such a request will be forwarded to the relevant controller if it is possible to reliably identify the controller from the relevant request.

If such identification is not possible, the individual will be notified thereof and the request will be rejected.

13. Is your personal data transmitted to third parties?

Your personal data will be transmitted to third parties where it is strictly necessary to achieve the purpose of personal data processing.

Third parties cannot use your personal data for their own purposes and, furthermore, ZZI has concluded contracts on personal data processing laying down data protection and processing.

Third parties with which your personal data is shared:

  • ZZI subcontractors and partners,
  • accounting firm,
  • ZZI suppliers/contractors for the execution of works,
  • marketing mailing tool,
  • provider of the ticketing system in a cloud,
  • use of the chatbot and Viber and Whatsapp applications for the provision of technical assistance.

14. How is personal data protected?

ZZI makes sure that the personal data it processes is properly protected. To that end, ZZI uses different technical and organisational measures, in particular:

  • restricting access to personal data to authorised persons only,
  • prudent selection of contractual associates,
  • securing business premises, hardware, software and application software,
  • abiding by internal acts and policies laying down the methods and restrictions of personal data processing.

ZZI has been certified for quality management (ISO 9001:2015) and information protection (ISO/IEC 27001:2013).

15. What are your rights in relation to personal data processing?

Your rights in relation to personal data processing are:

  • - Right of access to personal data and receipt of a copy of personal data: you can request information whether your personal data is being processed. Furthermore, you can request information on processing and a copy of the personal data kept about you.
  • - Right to the rectification of personal data: if the personal data kept about you is incomplete or inaccurate, you have the right to request rectification.
  • - Right to restriction of personal data processing: you have the right to request the restriction of processing – you can exercise such right in certain cases, e.g. when personal data is being rectified. If you exercise the right to the restriction of processing, the use of your personal data will be suspended, whereas your personal data will not be deleted.
  • - Right to object to personal data processing: where your personal data is processed on the legal basis of legitimate interest or in cases of marketing communication, you have the right to object to such processing.
  • - Right to the erasure of personal data: you have the right to request the erasure of your personal data. The erasure of personal data is not possible where the processing is conducted on the basis of a contractual relationship or the law, except in cases where the storage period has already expired.
  • - Withdrawal of consent: where personal data processing is conducted on the basis of consent, you can withdraw your consent at any time. The withdrawal of consent yields no negative consequences for you, but it is possible that we will be unable to provide certain services due to the withdrawal of consent. You can give your consent by contacting us at: gdpr@zzi.si.
  • - Right to data portability: you can request that the personal data processed about you is transmitted to some other personal data controller. This is possible only where technically feasible.

If you believe that an infringement of personal data processing has occurred, you have the right to lodge a complaint with the Information Commissioner.

If ZZI receives a request for the enforcement of a right from which it is not possible to reliably establish the individual’s identity, we reserve the right to ask you to submit personal data that will provide reliable identification. If you fail to submit such data, your request will not be taken into consideration.

16. Plug-ins

This website provides the use of the following plug-ins: Facebook and LinkedIn. If you use the mentioned plug-ins, you should be aware that the use of social networks is fully managed by the relevant social network. Each social network is subject to separate terms and conditions that are not related to ours; the same applies to the personal data processing handled by each of the social networks.

Please note that you alone are responsible for any posts and interactions with the social networks, and that you should address any questions or claims to exercise your rights to the relevant social network.

To make access to information easier, you can find links to the Privacy Policies of each social network below:

Facebook

LinkedIn

17. Policy amendments

We reserve the right to amend this Privacy Policy. The latest version of the Privacy Policy will be published at: https://www.zzi.si/politikazasebnosti.html and www.bizbox.eu/politikazasebnosti.

Version: 2.0

Valid as of: 5 August 2022


Language versions: In case of any discrepancies between the Slovenian and the English versions, the Slovenian version prevails.