PRIVACY POLICY PLUT d.o.o.

The purpose of the Privacy Policy of PLUT d.o.o. (hereinafter referred to as the “Privacy Policy”) is to inform the users of the services of PLUT d.o.o. and other persons (hereinafter also referred to as “individuals”) about the purposes and basis of the processing of personal data by PLUT d.o.o., Senožeti 91A, Senožeti, 1262 Dol pri Ljubljani (hereinafter referred to as the “Company”) and the rights of individuals in this area.

The Company takes special care of the security of your personal data. All personal data provided is treated confidentially and is used only for the purpose for which it was provided. Your personal data is handled with the utmost care, taking into account the applicable legislation and the highest standards of treatment. We ensure the security of your personal data by, among other things, appropriate organisational measures, work procedures and advanced technological solutions, as well as by using external experts in order to protect your personal data as effectively as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to safeguard the personal data collected against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data that has been transmitted, stored or otherwise processed.

At the same time, this Privacy Policy further clarifies the consent you have given for the processing of your personal data.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”), the Privacy Policy contains the following information:

contact information of the company,
the purposes, grounds and types of processing of different types of personal data of individuals,
the retention periods for each type of personal data,
the rights of individuals with regard to the processing of personal data,
the right to lodge a complaint concerning the processing of personal data,
the validity of the Privacy Policy.

2) Personal data collected by the company

If you are a visitor to the website, we only collect information about you through the use of cookies. If you are a user of services or a subscriber to services provided by the company, we also collect other personal data about you that we need to provide the services you have subscribed to or use. This personal data includes:

name and surname
contact email address
contact telephone number
IP address
information to issue an offer according to your request (your address, tax number).

3) Data controller

The controller of the personal data processed in accordance with this Privacy Policy is PLUT d.o.o., Senožeti 91A, Senožeti, 1262 Dol pri Ljubljani.

4) Categories of individuals whose personal data are processed

This Privacy Policy is intended for anyone who has ordered and/or used our services, or submitted an enquiry, as well as those who visit our website.

5) Purposes of processing and grounds for processing

5.1. Processing on the basis of a contract:

In the context of the exercise of contractual rights and performance of contractual obligations, the Company processes your personal data for the following purposes: to identify you, to prepare a quotation, to conclude a contract, to provide the services you have ordered, to inform you of any changes, additional details and instructions for using the services, to resolve any technical problems, objections or complaints, to bill you for the services, and for any other purposes necessary for the performance or conclusion of the contractual relationship between the Company and you.

When billing for services, based on tax regulations, we also obtain and process your address for the correct invoicing.

5.2 Processing based on the law:

We use your personal data on the basis of legitimate interest for the detection and prevention of fraudulent use and misuse of the Services, further in the context of ensuring the stable and secure operation of our systems and Services, as well as for the purposes of implementing information security measures, meeting service quality requirements and detecting technical failures of systems and Services.

We also use your personal data for the purposes of possible enforcement, judicial and extrajudicial recovery on the basis of legitimate interest.

In accordance with the General Regulation, in the event of suspected abuse, the Company may, to the extent appropriate and proportionate, process data about individuals for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, also share such data with other providers of such services, business partners, the police, public prosecutors or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in relation to an individual, which may include data on the subscription relationship and, for example, the IP address, may be retained for a period of five years after the termination of the business relationship.

5.3. Processing based on consent to the processing of personal data:

The processing of data may also be based on your consent provided to the company.

For example, your consent may relate to being informed about offers, benefits and improvements to the services provided by the company. The purpose of such communication is to make the services as close as possible to your needs and preferences and thereby increase their useful value for you. The communication is carried out through the channels you have chosen by consent. You may withdraw your consent at any time in the manner set out in the Privacy Policy.

You may withdraw or modify your consent at any time in the same manner in which you provided it or in another manner as defined in the Privacy Policy, in which case the Company reserves the right to identify the customer. Changes to your consent may be arranged, among other things, by email to info@plt.si or by written request to the Company’s registered office.

Withdrawal or modification of consent applies only to the data processed on the basis of your consent. The last consent given by you and received by us shall be valid. The possibility to withdraw consent does not constitute a right of withdrawal in the individual’s business relationship with the company.

In the absence of revocation, the data for which your consent is given will be processed for up to two years after the termination of the business relationship with the company.

6) Restrictions on the transfer of personal data

Where necessary, we will authorise other companies and individuals to carry out certain work that contributes to our services. In such case, the Company may also provide personal data to such carefully selected external processors who will have entered into a personal data processing agreement or a substantively identical agreement or other binding document with the Company (the “Processing Agreement”). We will only provide or make available to such external processors such data to the extent required for the specific purpose. Such data may not be used by the external processor for any other purpose, subject at a minimum to compliance with all standards of processing of personal data provided for by applicable law. External processors are contractually bound to respect the confidentiality of your personal data.

Upon reasoned request, the Company shall also provide personal data to the competent state authorities which have a legal basis for doing so. For example, PLUT Ltd. will respond to requests from courts, law enforcement authorities and other state authorities, which may include state authorities of another EU Member State.

7) Period of retention of personal data

The retention period is determined according to the category of the individual data. We shall keep the data for no longer than is necessary to achieve the purpose for which they were collected or further processed or until the expiry of the limitation periods for compliance with the obligation or the statutory retention period.

Billing data and related contact data of individuals may be retained for the purpose of fulfilling contractual obligations until payment for the service has been made in full, or at the latest until the expiry of the statute of limitations in respect of the individual claim, which may by law range from one to five years. Invoices shall be kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.

Other data obtained on the basis of your consent is retained for the duration of the business relationship and for 2 years after termination, unless a longer retention period is provided for by law. If the individual who has given consent to the processing of personal data has not entered into a business relationship with us, his or her consent is valid for 2 years from the date on which it was given or until it is withdrawn.

After the expiry of the retention period, the data will be deleted, destroyed, blocked or anonymised, unless otherwise provided by law for a specific type of data.

8) Rights of Individuals in relation to the processing of personal data

We will ensure that your rights in relation to the processing of your personal data are exercised without undue delay. We will decide on your request within one month of receiving your request. In the event of complexity and a large number of requests, we may extend the time limit by up to two additional months. If we extend the deadline, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Requests concerning the exercise of your rights are accepted by e-mail to info@plt.si or by post to PLUT d.o.o., Senožeti 91A, Senožeti, 1262 Dol pri Ljubljani.

Where you submit a request by electronic means, we will, where possible, provide you with the information by electronic means, unless you request otherwise.

Where there is reasonable doubt as to the identity of the individual making a request in relation to any of his or her rights, we may require the provision of additional information necessary to confirm the identity of the data subject.

If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, the company may:

charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action; or
refuse to act on the request.

We provide you with the following rights in relation to the processing of your personal data:

(i) the right of access to the data
(ii) the right to rectification
(iii) the right to erasure (“right to be forgotten”)
(iv) the right to restrict processing
(v) the right to data portability
(vi) the right to object

(i) the right of access to data

You always have the right to know whether personal data is being processed in relation to you and, if so, to have access to the personal data and to the following information:

the purposes of the processing,
the types of personal data being processed,
the users or categories of users to whom the personal data have been or will be disclosed,
the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period,
the existence of a right to request the controller to rectify or erase personal data or to restrict the processing of your personal data, or the existence of a right to object to such processing,
the right to lodge a complaint with a supervisory authority,
where the personal data are not collected from you, any available information concerning their source.

(ii) the right to rectification

You have the right to have inaccurate personal data concerning you rectified without undue delay and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by submitting a supplementary declaration.

(iii) the right to erasure (“right to be forgotten”)

You have the right to have your personal data erased without undue delay where one of the following applies:

where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
where you withdraw the consent on the basis of which the processing is carried out and there is no other legal basis for the processing,
where you object to processing and there are no overriding legitimate grounds for processing,
where the personal data have been unlawfully processed,
where the personal data must be erased in order to comply with a legal obligation under EU or Slovenian law.

(iv) the right to restrict processing

You have the right to have us restrict the processing of your personal data where one of the following applies:

where you contest the accuracy of the data, for a period which allows us to verify the accuracy of the personal data,
the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use,
we no longer need your personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims,
if you have raised an objection to processing based on legitimate business interests, pending verification that our legitimate grounds outweigh yours.

Where the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data shall, with the exception of its storage, only be processed with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

We are obliged to inform you before revoking the restriction on the processing of your personal data.

(v) right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the company, where the processing is based on your consent and the processing is carried out by automated means. At your request, where technically feasible, personal data may be directly transferred to another controller.

(vi) Right to object

Where we process your data on the basis of legitimate interest for marketing purposes, you may object to such processing at any time.

We will stop processing your personal data unless we can demonstrate compelling reasons for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

9) Right to lodge a complaint concerning the processing of personal data

Any complaint regarding the processing of your personal data may be sent by e-mail to info@plt.si or by post to PLUT d.o.o., Senožeti 91A, Senožeti, 1262 Dol pri Ljubljani.

If we do not decide on your request within the statutory time limit or if we refuse your request, you have the possibility to lodge a complaint with the Information Commissioner.

You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU data protection law.

If you have exercised your right of access to data and, after receiving a decision, you believe that the personal data you have received is not the personal data you requested or that you have not received all the personal data you requested, you may lodge a reasoned complaint with the company within 15 days before lodging a complaint with the Information Commissioner. We must decide on your complaint as a new request within five working days.

10) Final provisions

Anything not covered by this Privacy Policy is subject to applicable law.

The Company reserves the right to amend this Privacy Policy. We will inform you of the amendment by posting it on the official website of PLUT Ltd. 30 days prior to its entry into force.

If you have any questions about this Privacy Policy or the information we hold about you, please contact us at info@plt.si.

11) Privacy Policy validity

This Privacy Policy is published on the website of PLUT Ltd. and will come into force on 01.01.2019.

PLUT Ltd.