Certain products/solutions of our vendors are subject to their specific policies related to privacy, which are not controlled by us. TeleGroup Slovenia shall provide if requested, all necessary information and wherever possible will also publish on our Internet page visible link leading to the Vendor’s official Internet page.
- PURPOSE OF THE POLICY
The Policy, acting as Controller of personal data, is issued by the company TeleGroup Slovenia d.o.o, hereon referred to as TeleGroup Slovenia, as an expression of its dedication to privacy and personal data protection through compliance with the law and regulations governing it in all countries where we operate, as well as during usage of our website by all interested parties, hereon referred to as User, or in plural Users.
- PURPOSE, AREA OF APPLICATION AND IMPLEMENTATION
The Policy is intended for any person whose personal data are collected and processed by us, outside of our organization, with who we communicate, incl. visitors of our website and other users of our services.
This Policy determines basic principles on which TeleGroup Slovenia, uses and processes personal data of its business partners: buyers, suppliers, sub-contractors and all other individuals. Minors younger than eighteen years of age do not comply with terms for usage of our Internet page and that is why we kindly ask minors not to disclose to us any of their data and not to use any of the services provided by or through our Internet page.
With this Policy, TeleGroup Slovenia sets out obligations and responsibilities of all its business organizational units and directly or indirectly controlled associated legal entities and their employees, during and related to the processing of personal data. Transfer of liability for Privacy protection to subcontractors shall be regulated by an Agreement for each particular project.
The owner of this Policy, responsible for its adequacy and updating is General Manager.
The person responsible for consistent implementation of this Policy is the director of the company TeleGroup Slovenia.
- REFERENCE DOCUMENTS
- Law on personal data protection of the Republic of Slovenia
- EU Regulation on personal data protection – GDPR
- General terms of our website usage
- Rulebook on organization and systematization of jobs
- Request for exercising rights Form
- BASIC TERMS, DEFINITIONS AND ABBREVIATIONS
Controller – an individual or legal entity, authority, agency or other body that alone or together with other bodies determines the purposes and means of processing personal data, the entity that decides how and why personal data are processed. He/she/it has the main responsibility for compliance with applicable laws on personal data protection.
Supervisory body – the independent public body that has the legal task of monitoring compliance with applicable data protection laws.
Personal data – are all data that are related to an individual whose identity is determined or it can be determined, based on these data.
Processing – means anything that is done with any personal data, whether through an automated process or otherwise, such as: collection, recording, organization, structuring, storage, adjustment or modification, retrieval, consultation, use, disclosure by transmission, by spreading or making available in any way, by harmonization or combination, limitation, deletion or destruction.
Processor – refers to any individual or legal entity, authority, agency or another body performing personal data processing on behalf of the Controller.
Anonymization: Personal data are irreversibly de-identified so that a person cannot be identified using reasonable time, cost and technology either by the Controller or any other person. The principles of personal data processing do not apply to anonymous data because they are no longer personal data.
Pseudonymization: The processing of personal data in such a way that personal data can no longer be attributed to a particular data subject without the use of additional information, provided that such additional data are kept separately and are subject to technical and organizational measures to ensure that they are not associated with any person. Pseudonymization reduces but does not completely eliminate, the possibility of associating personal data with the data subject. Since pseudonymized data are still personal data, the processing of pseudonymized data should be in accordance with the principles of personal data processing.
PDPL – Personal Data Protection Law of the Republic of Slovenia
- PERSONAL DATA THAT ARE COLLECTED AND PROCESSED
- Name and surname
- Name of the Employer
- Address of the Employer
- Position/function with the Employer
- Professional Qualifications
- Contact data: mobile tel. and office no., e-mail address
- Data on social media profiles
- Membership in expert associations, organizations, etc.
- Information on user interaction with our website:
Details on the device: type of device, operating system, type of browser, browsing settings, IP address, language settings, dates and time of connection to our Internet location and other technical communication information.
Usage data: records on logging and use of our website and other services, including registrations, details of the content you communicate with, votes in polls, questions, downloads, ratings, feedback, search queries, anonymous impressions (reviews), pageviews.
Data for analysis: keywords, community, trends, quality and importance of contents.
Reviews, opinions and interests: any comments, ratings, opinions or statements you decide to send to us, or post on our Internet page, through a questionnaire or publicly post on social media platforms; interests and solutions relevant for wider community and CSR.
- WAYS OF COLLECTING PERSONAL DATA
Users’ data are being collected when they are disclosed by themselves, via e-mail, telephone, by fulfilling Questionaire on presence at some of our events, on our Internet page and in any other manner.
We collect, use and process personal data which the User decided to disclose himself, including via our Internet page.
User’s personal data can be received from third parties, e.g. via social media platforms on which we are present with our official pages.
- LEGAL BASIS OF PERSONAL DATA COLLECTION
We can rely on one or several legal bases, depending on circumstances:
Data processing is necessary concerning the performance of our obligations per any Agreement which the User may conclude with us. Data processing is required by applicable relevant law. Data processing is necessary to protect the vital interests of any individual.
Legitimate interest to conduct processing for management, doing business or promoting our business, provided that our legitimate interest does not overpower interests, fundamental rights and freedom of the User.
We do not collect nor in any other way process sensitive personal data of the User, except when:
Data processing is required or is allowed by applicable law on disclosure or prevention of criminal activities (including prevention of fraud);
Data processing is necessary for establishment, exercise or defense of legal rights.
- PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA
TeleGroup collects data only for the purpose of cooperation on a particular project or marketing event and communication and interaction with Users via our Internet pages and social media profiles.
Collection of personal data is done for the following purposes:
- Processing of Users’ orders;
- Sending application for reception of Newsletter;
- Sending of marketing announcements;
- Proposing of contents which might be of interest for the User, based on his/her previous activities;
- Marketing communication with Users through any media (e-mail, telephone, text messages, via social media, mail or courier), news and other information provided that it is secured that such communication is realized in compliance with relevant law;
- Recommendation of contents by the User to others;
- Profile settings;
- Enabling usage of certain functions of our solutions;
- Adjusting of products and services to Users’ needs;
- Providing Customer support;
- Management of job applications in TeleGroup Slovenia;
- Realization of our contract obligations during which we provide services to individuals on our behalf and for the account of our clients;
- Management of cooperation with our vendors;
- Improvement of our Internet page and our services: identification of problems with existing Internet location and our services; planning of improvement of existing Internet page and our services; creating a new website and our services.
- Questionnaires and quizzes: cooperation with Users to obtain responses, opinions, on our Internet page or our services
- SAFETY OF PERSONAL DATA
In accordance with the applicable law, we have taken strict physical, electronic and administrative measures related to the safety against accidental or illegal destruction, loss, changes, unauthorized disclosure, unauthorized access and other illegal or unauthorized ways of processing.
The data are available only to the employees and associated persons or partners who require those data for doing business or fulfillment of the contract.
We store and keep personal data in our internal electronic databases to which we apply all necessary organizational, technical and personnel measures of protection following requirements of existing Personal Data Protection Law (PDPL), including:
- Control of physical access to the system where personal data are stored;
- Data access control;
- Data transmission control;
- Data entering control;
- Data availability control;
- Other measures of information safety which are necessary for personal data protection.
- Data Accuracy
We take every reasonable step to ensure that the personal data of the Users we process are accurate and, where necessary, up to date. Any of the personal data we process that are inaccurate (given the purposes for which they are processed) is deleted or corrected without delay. We may from time to time ask the User to confirm the accuracy of his/her data.
- Minimizing of data
We take every reasonable step to ensure that the personal data of the Users we process are limited to the personal data reasonably required to the purposes set out in this Policy and the purposes of collection and processing set out above.
- IT manager is responsible for:
Ensures that all systems, services and equipment used for data storage fulfill acceptable safety standards.
Performance of regular check-ups and scanning, to ensure that safety hardware and software are properly functioning.
- Marketing director is responsible for:
Communication with Users via all media types (Internet, e-mail, letters…). Responding to any inquiry related to data protection received from the press or media houses.
If required, cooperation with IMS Manager to ensure that marketing initiatives are compliant with data protection principles.
- Human resources director is responsible for:
Raising the level of awareness of employees about the protection of personal data of Users. Organizing training on personal data protection to raise the awareness of employees who work with personal data.
- Head of legal and personnel affairs is responsible for:
Personal data protection agreed with the customer being transferred to suppliers and subcontractors;
In cooperation with relevant managers, works on improving the level of awareness of suppliers and subcontractors on personal data protection;
Reduction only to the requirements for the transfer of personal data to any third party, suppliers and subcontractors we use.
- Procurement service
Must ensure that the company preserves the right to revision of suppliers from the field of personal data protection.
- DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The private information we collect are not and will not be subject of trade. Private data are distributed to third parties only for the purposes and in the course of doing business.
With the prior express consent of the User, we may provide his/her personal data to our customers or vendors to allow them to contact the User with information that may be of interest to him/her, provided that such communication does not otherwise violate relevant laws.
Certain Processors that can access personal data which Users leave through our website are based in foreign countries, such as IT service providers; plugin vendors for social networks; etc., which are placed anywhere in the world. Exporting data outside the country is done based on the default level of adequate protection of personal data in those countries, under our PDPL and GDPR.
Following the applicable regulations in the field of personal data protection, TeleGroup Slovenia has the right to, in case of a request of a state body, institution, agency or competent regulatory body, make the User’s data available to those bodies, institutions and regulatory bodies, exercising or defending legal rights, for investigation, prevention and detection of criminal offenses and criminal prosecution.
- LEGAL RIGHTS OF USERS IN RELATION TO PERSONAL DATA WE COLLECT AND PROCESS
- The right to request access to personal data and information concerning the processing or copy of his/her personal data.
- The right to object, on legitimate grounds, to the processing of his/her personal data.
- The right to request the correction of any inaccuracy or amendment of his/her personal data.
- The right to request the deletion of his/her personal data.
- The right to request a restriction on the processing of his/her personal data.
- The right of data transfer, to transfer the User’s personal data to another Controller, so much as possible.
- In cases we process personal data on the basis of consent, the right to withdraw that consent.
- The right not to be subject to a decision made solely on the basis of automated processing, incl. profiling.
- The right to be informed about the violation of personal data, if that violation of personal data can produce a high risk to the rights and freedom of natural persons.
- The right to judicial protection if he/she considers that his/her rights from the PDPL have been violated.
- Other rights guaranteed by applicable PDPL.
The person, subject of data, may exercise his/her rights by filling in the Request for exercising the right which is available in the business premises of the Controller, as well as on the website of the Controller.
The user can contact us at any time if he no longer wishes to receive any information from TeleGroup Slovenia by sending UNSUBSCRIBE by e-mail to: email@example.com and will be immediately removed from our mailing list.
In relation to the exercise of his/her rights, the Controller will provide the person whose data have been collected with all necessary additional information, as well as assistance, following the conditions and in the manner prescribed by the applicable PDPL.
- PERIOD OF PERSONAL DATA STORAGE
We will retain copies of personal information in a form that allows identification until the moment of revocation of informed consent, or only for as long as it is necessary in relation to the goals and purposes outlined in this Policy unless applicable law requires a longer period.
In particular, we may retain the personal data of the User for any period necessary to establish, exercise, or defend any legal rights.
- MANNER OF OBTAINING ADDITIONAL PROCESSING NOTICES
The person whose data are being processed, in relation to all issues related to the processing of personal data, including the manner of exercising rights and access to documents that further regulate the manner of data processing, may contact our Officer in charge for contact regarding personal data protection, Primož Bedrač via phone: +386 41 530 570, or e-mail address: firstname.lastname@example.org
and/or by letter to the address:
Dunajska cesta 167, Ljubljana, Slovenia
The contact person in charge of personal data protection shall respond to any inquiry in the shortest possible time, depending on the inquiry itself but in any case not longer than 30 days from the proper reception of inquiry. This deadline may be prolonged, if required, for additional two months, taking into consideration the complexity and number of inquiries.