(version: April 2020)
Purpose of the Personal Data Protection Policy EKOSEN d.o.o. (hereinafter: "Personal Data Protection Policy" ) is to familiarize users of EKOSEN d.o.o. services and other persons (hereinafter also referred to as "individuals" ) with the purpose and basis of the processing of personal data by EKOSEN d.o.o., Ptujska cesta 17, 2204 Miklavž na Dravskem polju, Slovenia (hereinafter: " EKOSEN d.o.o. " ) and the rights of individuals in this area.
The company offers special attention to the safety of your personal information. All personal data transmitted are treated confidentially and are used only for the purpose for which they were transmitted. We handle your personal data with utmost care, keeping in mind the applicable legislation and the highest standards of their treatment. For the security of your personal data, we also provide for appropriate organizational measures, work procedures and advanced technology solutions, as well as external experts, in order to protect your personal data as effectively as possible.We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been transferred, stored or otherwise treated.
At the same time, this Personal Data Protection Policy further explains the consent you have given for the processing of your personal information.
The Policy on the Protection of Personal Data is in line with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter : "General Data Protection Regulation" ), the following information is included:
contact information of the company,
purposes, bases and types of processing of various types of personal data of individuals,
the time of retention of individual types of personal data,
the rights of individuals with regard to the processing of personal data,
the right to file a complaint concerning the processing of personal data,
the validity of the Personal Data Protection Policy.
If you are only a visitor to a website, we only collect data using cookies. If you are a service user or a subscriber of a service provided by the company, we also collect other personal information that we need to provide the services you have ordered or that you use.
We store and process personal information for the purpose of maintaining contact with customers, working in CRM and e-invoices, reclamations, market information by e-mail, mail and for sales promotion. When sending e-mails, we store e-mails in the data inbox and the aggregate info mail or MailChimp.
For the purpose of informing with e-mail, we keep:
company name or natural persons.
For the purpose of obtaining data from e-forms online, we keep our work in CRM and e-invoices:
company name or representative person
data on premises,
way of heating.
For online store purposes we keep:
the name of the company or natural persons
information about your orders
For accounting purposes we keep:
For the IR Sun application purpose - IR Sun application records:
The location entered by the user for the purpose of displaying the weather
Username, email and password for the user account
Information about the building to help the repairer and for the statistics of the company Ekosen.
Information on the price of electricity entered by the user himself for the correct indication of consumption
Consumption and operation are stored on the server and are user related. It is kept until the user deletes the account / controller / group of controllers. Deleting a group of controllers or an individual controller deletes from the server the location and the statistics of energy consumption and its operation data.If you delete your account / user, all data will be deleted from our system. The MAC address (unique controller number) required for communication between the phone and the server communicating with the IR Sun regulators is recorded.
We collect personal information with explicit consent with the consent of individuals. We consent together with their content and the content of the form they were obtained with.
We use personal information in the following areas:
Support for customers
The collection of personal data is being stored in the territory of the European Union and is not being placed into the third countries.
In accordance with this Personal Data Protection Policy the manager of processed personal data is EKOSEN d.o.o., Ptujska cesta 17, 2204 Miklavž na Dravskem polju.
Official name of company: Ekosen d.o.o.Head office: Ptujska cesta 17, 2204 Miklavž na Dravskem polju, SloveniaCompany representative (CEO): Aleš BabičContact person for data protection: Ekosen d.o.o., Ptujska cesta 17, 2204 Miklavž na Dravskem polju, Slovenia, tel .: +386 2 620 81 99, e-mail: email@example.com.
5.1. Processing on the basis of a contract:
In the context of the execution of contractual rights and the fulfillment of contractual obligations, the company processes your personal information for the following purposes: identification of an individual, preparation of an offer, conclusion of a contract, to provide requested services, information on possible changes, additional details and instructions for using the services, to address any technical problems, objections or complaints, accounting for services and other purposes necessary for the implementation or conclusion of a contractual relationship between a company and an individual.
When billing the services, based on tax regulations, we obtain and process your address for the correct issue of the invoice.
5.2. Processing on the basis of a law:
On the basis of legitimate interest, we use your personal information to detect and prevent fraudulent use and misuse of services, further in the context of ensuring the stable and safe operation of our system and services, as well as for the purposes of implementing information security measures, meeting the requirements regarding quality of services and detecting technical system and service failure.
On the basis of legitimate interest, we use your personal information also for the purposes of possible enforcement, judicial and extrajudicial claims.
In accordance with the General Regulation, in the event of suspected abuses, an entity may process personal data in an appropriate and proportionate manner for the purpose of identifying and preventing potential fraud or misuse, and may, where appropriate, also forward this information to other providers of such services, business partners, the police , the Public Prosecutor's Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuses or fraud in connection with an individual, including subscriber relationship data and, for example, an IP address, can be kept for another five years after the termination of the business relationship.
5.3. Processing on the basis of consent to the processing of personal data:
Data processing can also be based on your consent, which you have provided to the company.
Consent may for example relate to the notification of offers, benefits and improvements to the services provided by the company. The purpose of this information is to make the services as close as possible to your needs and desires and to thereby increase the value for you. Communication is carried out via channels that you have selected in consent. You can revoke the notification at any time in the manner defined by the Personal Data Protection Policy.
You can either withdraw or alter your consent at any time in the same way as you gave it or otherwise, as defined by the Personal Data Protection Policy, whereby the company reserves the right to identify the customer. The change of consent can also be regulated by e-mail to firstname.lastname@example.org or by written request sent to the address of the company's headquarters.
The withdrawal or change of consent refers only to data processed on the basis of your consent. Your most recent consent has been received. The possibility of revoking a consent does not constitute a resignation in the business relationship of the individual with the company.
Data for which your consent is given will be processed until cancellation. After receiving the cancellation under the conditions, in the manner and within the deadline set out in point 8, we delete personal data.
If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors that will enter into a personal data processing agreement with the company, or in substance the same agreement or other binding document (hereinafter: "processing contract"). For external processors, such data will be transmitted or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, meeting at least all the processing standards of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, the company also provides personal data to the competent state authorities, which have legal basis for this. EKOSEN d.o.o. will, for example, responded to the requests of courts, law enforcement and other state authorities, which could also involve the state authorities of another EU Member State.
The retention period is determined according to the category of individual data. The data shall be kept for as long as necessary to achieve the purpose for which they were collected or further processed or until the expiration of the limitation periods for fulfillment of the obligation or the statutory retention period.
We keep information about the received messages and clicks on the links in the received messages for 12 months after sending the message.
For the purpose of fulfilling contractual obligations, the accounting data and the associated contact information on individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in relation to an individual claim, which can be statutory from one to five years. Accounts are kept for 10 years after the expiration of the year to which the bill relates in accordance with the law governing value added tax.
Other information that we have obtained on the basis of your consent is kept for the duration of the business relationship and for 2 years after the termination, unless the law provides for a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the date of his or her cancellation.
After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised , unless the law specifies otherwise for the particular type of data.
The exercise of your rights regarding the processing of your personal information is guaranteed without undue delay. We will decide on your request within one month of receiving your request. In the event of complexity and a greater number of requirements, the deadline may be extended by up to two additional months. If you extend the deadline, we will notify you of any such extension within one month of receiving the request together with the reasons for the delay.
The requirements regarding the exercise of your rights can be obtained by e-mail email@example.com or by post to EKOSEN d.o.o., Ptujska cesta 17, 2204 Miklavž na Dravskem polju.
Whenever you submit a request by electronic means, we will, whenever possible, provide you with information electronically, unless you request otherwise.
Where there is reasonable doubt as to the identity of an individual who submits a claim relating to one of his rights, we may request that additional information be provided to confirm the identity of the data subject.
We provide the following rights regarding the processing of your personal information:(i) The right of access to information
(ii) The right of rectification
(iii) The right to erasure (‘right to be forgotten’)
(iv) The right to limit processing
(v) The right to data portability
(vi) The right to object
(i) The right of access to information
You are always entitled to know whether personal data is being processed in respect of you and, if so, access to your personal information and the following information:
types of personal data being processed,
users or categories of users to whom they have been or will be disclosed personal data,
the planned period of personal data saving or, if this is not possible, the criteria used to determine this period,
the existence of a right to require the administrator to correct or delete personal data or limit the processing of your personal information, or the existence of the right to object to such processing,
the right to lodge a complaint with the supervisory authority,
when personal data is not collected from you, all available information related to their source.
(ii) The right of rectification
You have the right to obtain, without undue delay, correcting inaccurate personal information relating to you and taking into account the purposes of the processing, the right to supplement incomplete personal information, including the submission of a supplementary statement.
(iii) The right to erasure (‘right to be forgotten’)
You have the right to delete, without undue delay, your personal information if one of the following reasons applies:
where personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
when you revoke the consent on the basis of which the processing takes place, there is no other legal basis for processing,
when you object to the processing of data and there are no overriding legitimate reasons for processing them,
where personal data have been processed unlawfully,
where personal data have to be deleted in order to fulfill a legal obligation in accordance with EU or
(iv) The right to limit processing
You have the right to limit processing of your personal information when one of the following is true:
You dispute the accuracy of the data for the period which enables the controller to verify the accuracy of your personal data,
the processing is unlawful, and you oppose the deletion of personal data, and instead ask for restrictions on their use,
we no longer need personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims,
if you filed an objection with regard to the processing, until it is checked whether legitimate reasons of the controller outweigh your reasons.
When the processing of your personal information has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent, or for the enforcement, execution or defense of legal claims or for the protection of the rights of another natural or legal person.
Before canceling the processing limit of your personal information, we are obliged to inform you.
(v) The right to data portability
You have the right to receive your personal information that you have provided us in a structured, widely used and machine-readable form, and the right to forward this information to another controller without hindering you in the case where the processing is based on your consent and the processing is carried out by automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
(vi) The right to object
Whenever your information is processed on the basis of a legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal information unless proven necessary processing grounds that prevail over your interests, rights and freedoms, or to enforce, enforce or defend legal claims.
Any complaint regarding the processing of your personal data can be sent to firstname.lastname@example.org or by post to EKOSEN d.o.o., Ptujska cesta 17, 2204 Miklavž na Dravskem polju.
In the event that we do not decide on your request within the legal deadline or if we reject your request, you have the possibility to lodge a complaint with the Information Commissioner.
You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised the right of access to the information and after receiving the decision, you believe that the personal data that you have received is not the personal data you requested or that you did not receive all the required personal information, you may file a reasoned complaint before submitting a complaint to the Information Commissioner with the company within 15 days. We need to decide on your complaint as a new request within five business days.
11) Validity of the Personal Data Protection Policy