Personal data protection policy at holding kobilarna lipica
1. The Purpose and the Contents of the Policy
This Personal Data Protection Policy is valid for all individuals whose personal data is processed by the Company.
The purpose of this Policy is to inform everyone whose personal data is processed by the Company, about all the relevant information that refers to personal data, in one place.
Holding Kobilarna Lipica, d.o.o. (hereinafter as: Holding Kobilarna Lipica or the Company) respects fundamental human rights, and your privacy, and is aware of the responsibility for handling your personal data.
We pay special attention to processing personal data and implementing activities which are directed towards the efficient protection of the personal data of individuals. The Company is committed to safe, confidential and responsible processing of personal data, while at the same time we make sure that your personal data is processed according to the legislation governing personal data protection. We are led by the principles of lawfulness, justice and transparency, accuracy and confidentiality of data, as well as the principles of a minimum volume of data, the principles of purpose limitation and data storage limitation.
For the purpose of personal data protection, the Company has adopted the rules on personal data protection that comply with the General Data Protection Regulation, GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council, and other applicable legislation that regulates personal data protection. The rules, along with some other internal acts and measures, represent a set of personal data protection policies, with which we aim to effectively protect personal data.
2. Personal Data Controller
The Personal Data Controller is Holding Kobilarna Lipica, d.o.o., Lipica 5, 6210 Sežana, Slovenia.
3. Who Is Bound by the Policy and Who Processes Personal Data?
Personal data, which is at the Company’s disposal, can only be processed by its employees, based on instructions and authorisations which are necessary to carry out their work. These persons are committed to the confidentiality of personal data.
Processors are physical or legal entities, with which the Company makes an arrangement to carry out certain processing for them, in accordance with the instructions of the Company. The Company concludes specific contracts with Processors to define the purpose of processing, and how the personal data should be processed and effectively protected. In addition to the employees of the Company, Processors can be external contractors who carry out their work based on civil law contracts.
This Policy binds every person cooperating with the Company. This Policy also binds the dependent company, Kobilarna Lipica d.o.o..
The Company forwards personal data to public authorities that direct their official request to the Company, based on legislation, in the framework of the implementation of their official tasks or certain investigations of public interest.
4. Authorised Person for Personal Data Protection
The Company takes this issue with the utmost seriousness. In relation to that, you can contact us via our e-mail address: email@example.com, or via our address: Holding Kobilarna Lipica, d.o.o., Lipica 5, 6210 Sežana, Slovenia.
5. Records of Personal Data Processing
The Company conducts an up-to-date collection of personal data, which includes personal data of individuals, and is available at the Company headquarters, in written, as well as electronic form.
6. Types of Personal Data and Purposes of its Processing
The Company can only process personal data if it has a legal basis for that. In the framework of its activities, the Company can process personal data on the following bases:
– based on the law,
– based on the consent by an individual,
– for the needs of implementation of contracts and measures prior to the conclusion of the contract,
– based on legitimate interest of the Company.
Personal data that is collected based on a contractual relationship, is necessary for the implementation of the concluded contract and for the activities prior to the conclusion of the contract. If the stated personal data is not provided, or an individual to whom it refers, does not agree with its processing, the realisation of the contract is not possible.
In certain cases, the Company can process personal data on the basis of its legitimate interest, which particularly refers to the implementation of video surveillance, with the purpose of providing security, the implementation of direct marketing, and managing relationships with existing clients. The Company implements direct marketing for its existing clients, based on its legitimate interest, even if it does not have explicit consent from the client, but only if the client has not explicitly forbidden direct marketing.
Each processing of personal data has a specific purpose which is clearly presented to an individual by the Company when it collects the individual’s personal data. The personal data collected for the specific purpose is only processed by the Company for an additional purpose, but only if it is in line with the initial purpose.
7. Individuals’ Consent and Withdrawal of Given Consent
Personal data processing can also be based on actual consent given by an individual. It has to be voluntary, and it enables the Company to use the individual’s personal data only for the purposes defined in the consent.
An individual has the option to cancel the consent at any time. He/she may cancel it partially or completely, and we will no longer use his/her data for the purposes that the consent has been cancelled for. If an individual wants to cancel the consent, he/she should send us an e-mail to firstname.lastname@example.org. The consent will be valid immediately, or 15 days after the receipt of the withdrawal at the latest.
8. Individuals’ Rights and the Manner of Implementation of Rights
- Individuals’ Rights and the Manner of Implementation of Rights
The Company ensures individuals whose personal data is processed by the Company, the option to exercise their rights, which includes: the right to access, the right to correction, the right to deletion, the right to limitation of processing, the right to objection, and the right to transferability.
Each individual can implement his/her rights in the way that enables his/her identification. In case the Company is not sure that the application has been provided by a certain person, the Company can accept additional, reasonable measures, which are necessary for the identification of an individual, including invitation of a person to personal identification at the Company’s headquarters.
An individual can send a written request to the electronic address email@example.com, or to the address Holding Kobilarna Lipica, d.o.o., Lipica 5, 6210 Sežana, Slovenia, or make an oral request in the minutes at the headquarters of the Company. Should the Company receive a request via e-mail, it will respond to it by electronic means, unless the individual to whom the personal data refers, requires otherwise.
The received requests will be processed immediately and without delay. The Company will prepare an answer no later than one month after receiving the request. If the Company was unable to prepare the answer in that period, due to the complexity of the request or a larger number of requests received, they would inform the individual about the reasons for delay, provide information about the measures taken, and prepare the answer in up to two months after receiving the request.
A copy of the personal data processed or the requested information is forwarded by the Company to the individual free of charge. A reasonable fee can be charged for additional copies requested by an individual, considering administrative expenses. Whenever an individual’s requests are clearly unfounded or excessive, particularly if they are repetitive, we can charge a reasonable fee, taking into consideration the administrative expenses of forwarding information or messages.
An individual has the right (the so-called right to access or familiarisation) to obtain information from the Company, whether his/her personal data is being processed, and if this is the case, to access the personal data and the following information:
- for what purposes the Company uses his/her personal data,
- the types of personal data concerned, the users or categories of users that the personal data were or will be disclosed to,
- whenever possible, the expected period of personal data retention, or if this is not possible, the measures used for the determination of this period,
- the existence of the right to demand correction or deletion of personal data from the Company, or restriction of processing personal data related to the individual, or the existence of the right to object to such processing, the right to submit a complaint to the supervisory authority,
- whenever personal data is not collected from the individual that it refers to, all information available about its source and the existence of automated decision-making, including profiling, and at least in such cases, meaningful information about the logic used for such decision-making, as well as the meaning and anticipated consequences of such processing for an individual, to which the personal data refers.
An individual to whom the personal data refers has the right to obtain correction of any inaccurate personal data related to him/her without delay (the right to correction). Considering the purposes of processing, the individual has the right to complement imperfect personal data.
An individual to whom the personal data refers has the right to obtain deletion of the personal data related to him/her without delay (the so-called right to deletion) in the following cases:
- the personal data is no longer needed for the purposes it was collected for or otherwise processed,
- an individual cancels the consent based on which the processing takes place, so there is no other legal basis for processing,
- an individual objects to the processing, and there are no dominant legal reasons for processing in existence,
- the personal data was processed illegally, or
- it is provided by the law.
An individual to whom the personal data refers has the right to achieve (the right to limited processing) that the Company limits the processing of his/her personal data, whenever one of the following cases applies:
- if an individual disputes the accuracy of the data, i.e. for the period that the Company is able to check its accuracy,
- if the processing is illegal and the individual opposes the deletion of the personal data and demands the limitation of its use instead,
- if we no longer need personal data for the purposes of processing, but the individual needs it for exercising, implementing or defending legal claims,
- if an individual has filed an objection related to data processing, until it is checked whether legitimate reasons of the controller prevail over the reasons of the individual.
Whenever processing of personal data has been limited due to the above-stated reasons, such personal data, with the exception of its storage, can only be processed with the consent of the individual to whom it refers, for exercising, implementing or defending legal claims, or due to protection of the rights of another physical or legal entity. Prior to the cancellation of the limitation of processing, the Company will notify the individual.
An individual to whom the personal data refers has the right (the so-called right of transferability) to receive personal data related to him/her, or information about which data has been forwarded to the Company, and on which basis, in a structured, generally used and machine-readable format.
An individual has the right to object (the so-called right to objection) to the following types of processing:
- processing that the Company carries out on the basis of its legitimate interest (upon giving an objection to the processing, the Company immediately stops processing the personal data, unless it proves necessary legitimate reasons for processing, which prevail over the interests, rights and freedoms of an individual),
- processing that has been carried out due to direct marketing (an individual can at any time object to the processing of his/her data for the purposes of direct marketing. He/she can file an objection in the same manner that he/she can exercise other rights from the field of personal data protection, as indicated in this Policy.)
An individual to whom personal data refers, has, without prejudice to any other legal remedy, the right to:
- file a complaint related to the processing of his/her personal data to the address firstname.lastname@example.org or
- any individual who believes that the Company has been processing his/her personal data contrary to the General Data Protection Regulation, can complain to the Information Commissioner of the Republic of Slovenia.
9. Period of Storage and Deletion of Personal Data
The length of the period of personal data storage depends on the basis of processing and the purpose of processing an individual category of personal data. Personal data is stored only for a period of time necessary to achieve the purpose for which it was collected and further processed, unless the current legislation stipulates otherwise or until an individual to whom the data refers cancels his/her consent.
After achieving the purpose of processing the data, the personal data is effectively and permanently deleted, destroyed, blocked or anonymised in such a manner that it can no longer be connected to a certain individual, unless there is another legal basis, or if this is necessary for exercising, implementing or defending legal claims.
If the Company processes data on the basis of the law, it will store it for the period prescribed by the law. Personal data that is processed on the basis of a contractual relationship, is stored for the period necessary for the implementation of the contract, and 5 years after its cessation, except in cases of disputes related to the contract between the Company and an individual to whom the personal data refers; in such a case, we will store the data for 5 years after enforceability of the court decision, or arbitration decision or settlement, or if there was no legal dispute, 5 years from the day of peaceful resolution of the dispute.
Invoices are stored for 10 years after the end of the year that the invoice refers to, in accordance with the law that regulates the scope of value added tax.
Personal data gathered on the basis of an individual’s personal consent, will be stored by the Company until fulfilment of the purpose for which it was collected, until withdrawal of consent, or until a request for deletion of the data, if the law demands so. After receiving a request for withdrawal or deletion, the data is deleted within 15 days at the latest.
10. Personal Data Protection
The Company aims to ensure the highest level of personal data protection, and with this purpose, carries out legal, organisational and corresponding logistical-technical procedures and measures to protect spaces and equipment, and to protect personal data from any unauthorised or illegal access, transfer or other processing.
11. Practice in Case of Violation
In case of violation of personal data protection, the Company will immediately carry out all the necessary and essential measures to protect the rights and interests of individuals whose personal data is processed. By that, it will notify individuals about it, as well as the competent supervising authority in the Republic of Slovenia.
12. Disciplinary Consequences
All principles described in this Policy must be strictly followed by employees of the Company. Violation of the rules on data protection can result in disciplinary or other measures.
13. Forwarding Personal Data to Third Countries
The Company does not forward collected personal data to third countries.
Cookies are small files which are stored in your browser, and collect certain information about your visit to the website. Their purpose is to help the web server to recognise your computer and your web browser, and to enable us to provide the operation of all functions of the website, while certain content can be adjusted just for you, so we can improve experience with the website and use them for the needs of analysing visits to the website.
The website enables you to manage your cookies – or reject them with the function integrated in the web browser. In case of rejecting cookies, you can still use our website, but it might not be fully displayed or might not work properly.
Necessary or requested cookies are cookies that make the website more useful. They enable basic functions, such as website navigation and access to special parts of the website. Without these cookies, the website does not guarantee its full functionality to the user, or it does not work properly. This also includes cookies intended for the adaptation of behaviour, or the look of the website during future visits, e.g. for the website to be shown in the selected language.
Cookies which are intended for monitoring the statistics, are statistical cookies which are collected anonymously, and report information to the owners of websites. This helps them to understand how visitors use the website, and to improve the user experience on the basis of such information.
Marketing and user profiling cookies are cookies that anonymously collect data about your visits to websites for marketing purposes. They are used by advertisers to show you advertisements which are more relevant and more interesting for you. They are also used to prevent displaying of advertisements that the user has already seen.
- wordpress_test_cookie: The cookie is used to check whether your web browser is set to allow, or reject cookies.
- cookielawinfo-checkbox-necessary: Cookie that keeps track of which cookies you approved.
- cookielawinfo-checkbox-non-necessary: Cookie that keeps track of which cookies you approved
- PH_HPXY_CHECK: Used to detect and prevent brute force attacks on the website.
- :quiz-js: used for quiz functionality (24h)lipica_token: used to grant access to the page via qr code. (24h)
Optional / analytical cookies:
- _ga: Registers a unique ID that is used to generate statistical data on how the visitor uses the website (2 years)
- _gat: Used by Google Analytics to throttle request rate (1 minute)
- _gid: Registers a unique ID that is used to generate statistical data (24 hours)
15. Publication of Changes
Holding Kobilarna Lipica reserves the right to change or complement the Personal Data Protection Policy. All changes to the Personal Data Protection Policy will be published by the Company on its official website.