Notification to individuals under Art. 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data
Controller of personal data relating to websites
and your other interactions with PLANETVIDA education, consulting, design and supervision d.o.o. is:
Planetvida d.o.o. education, consulting, design and supervision
Fences 69
1370 Logatec
Registration number: 2350556000
VAT number: SI 34308164
email: planetvida@gmail.com
(hereinafter referred to as “organization” or “enterprise“)
In our organization, the authorized person for the protection of personal data has not yet been appointed. All questions, requests, inquiries and other messages related to the field of personal data protection in our organization can be addressed to: planetvida@gmail.com.
Introduction
Based on information about the organization and its mission
We are the company Planetvida d.o.o. education, consulting, design and supervision
For this purpose, our organization collects, stores and otherwise processes certain information and data, including personal data, as foreseen by the Personal Data Protection Act (ZVOP-2) or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation or GDPR).
Purpose and application of this Notice
This notice describes how our organization processes personal data of individuals to whom they have entrusted their personal data directly as a controller of personal data relating to websites
(e.g. when loading cookies when visiting a website, when filling out and submitting a contact form, etc.).
Use of terms and amendments to this Notice
Unless otherwise noted, they have terms appearing in this notice (e.g. personal data, processing, controller, processor, etc.), the same meaning as in the GDPR.
Phrase: website , or Website means Websites
and also covers all associated subpages and associated servers and systems.
Reinforced or defined terms in this Notice (e.g. The individual), otherwise written in the singular, also includes plural and vice versa, while the terms written in one gender include all genders (e.g. individual).individual).
We may update or change the information and information in this notice from time to time, whereby news about major changes will be published on our website.
In case of material changes (e.g. regarding the legal bases and purposes of processing already collected data), we will inform individuals about the proposed changes by e-mail or other appropriate means.
1. Overview of databases and categories of personal data, categories of data subjects, envisaged deadlines for erasure of personal data and legal bases for processing and purposes and categories of processing
1.1. Processing table
NAME OF THE CONTROLLER’S PERSONAL DATA DATABASE |
TYPES OF DATA IN THE PERSONAL DATA DATABASE |
CATEGORIES OF DATA SUBJECTS |
ESTIMATED DEADLINES FOR DELETION OF PERSONAL DATA* |
LEGAL BASIS FOR PROCESSING, PURPOSES OF PROCESSING AND CATEGORIES OF PERSONAL DATA PROCESSING ** |
Data related to the concluded contract or the provision of our services and invoicing |
– The name of the buyer or director who concludes the contract with our organization and any other data contained in the order forms/contracts/issued invoices.
|
The name of the buyer or director who concludes a contract with our organization or in respect of whom our organization issues an invoice for its services. |
Until the expiration of the retention period or the fulfillment of the purpose of processing individual personal data, whereby the organization can usually keep the data for 6 years after the end of the cooperation or longer (e.g. invoice data), as further specified under points 1.3 and 2 of this document. |
For the purpose of executing the concluded contract (e.g. performance and billing of the use of services, providing support, communicating regarding key information relating to the service), we may process various data about the authorized person of the customer who uses our services/is indicated on the invoice.
|
Information about the individual communicating with the organization via e-mail addresses and other communication channels available on the website |
– Name and/or surname of an individual communicating with our organization
– Any email address of an individual communicating with our organization
– Telephone number, if any, of an individual communicating with our organization
– Any personal data that is captured in communication with an individual |
Personal data of an individual who communicates with the organization at his own will (e.g. inquires about the services of the organization, arranges to visit a branch through a published e-mail address or contact form, etc.). |
Until the expiration of the purposes of processing individual personal data for which the data were collected (e.g. until the end of communication) or until 4 years have elapsed since the last communication with the individual.
|
Based on the negotiation of the conclusion of the contract (i.e. obtaining information about or ordering a service or other voluntary communication of an individual with the organization in this regard), the organization may process the data in ways logically related to negotiations regarding the implementation of the subject of the service or the preparation of a response (e.g. storage in the system for sending electronic messages for response and possible further communication, data storage in the archives of the organization, etc.). |
Data of individuals who have signed up to receive informational e-mails from the organization |
– E-mail address of the individual
|
Personal data of an individual who has consented to the organization periodically providing information, advice and other useful information regarding the organization’s services to his e-mail address.
|
Until you unsubscribe from receiving electronic communications, whereby the logoff link is contained in every e-mail. *An individual can always request unsubscribing or deletion of data by sending his request to the official e-mail address of the organization: XYZ
|
Based on the obtained consent, the organization may process the data (i.e. store and use in connection with the electronic messaging system) exclusively for the purpose of providing information, advice and other useful data regarding the organization’s services.
|
Data of individuals applying for a vacancy in an organisation |
– Name and surname of the candidate – E-mail address of the candidate – Curriculum vitae, letter of motivation, data on previous work experience or other information relevant to the selection procedure and provided as such when the vacancy is published
– Any personal data included in email correspondence with such an individual |
Personal data of an individual applying for a vacancy in an organization. |
Until the completion of the employment process, if the organization has not obtained explicit consent from the individual for longer data storage.
|
Based on negotiations for the conclusion of an employment contract, the organisation may process the data (i.e. collect, store for the duration of the selection procedure, review, structure) and otherwise meaningfully use it exclusively for the purpose of the employment process (e.g. evaluating individual references and communicating with them about the progress of the employment process, using data to view other publicly available information about an individual, etc.). |
Data of individuals who may be disclosed during workshops, coaching or during the performance of other services |
– First names, surnames, addresses and other data that he discloses to clients during workshops, coaching or during the performance of other services (e.g. in video format)
|
Clients who order the implementation of workshops, coaching or the implementation of other services
|
Until the expiration of the retention period or fulfillment of the purpose of processing individual personal data (e.g. completion of coaching), whereby the organization usually does not store the data on its own media, but uses the carriers or devices of the client, and does not create any copies of the data without the explicit request of the client. |
For the purpose of executing the concluded contract (e.g. conducting a workshop, recording coaching, etc.), we may process various client data. |
*In certain cases based on its legitimate interests, the organization reserves the right to keep certain data longer than the overwritten deadlines (e.g. in the case of an inspection process in connection with a service/sweepstake/form), whereby the organization will in all such cases limit the retention of data to those data that are necessary to pursue such legitimate interest. The deletion of data can always be requested by the individual by sending his request to the official e-mail address: XYZ.
** In relation to superscript purposes (e.g. data storage), the data may be transmitted for processing to contractual partners of the organization (sub-processors) listed in section 3.3 of this notice. Sub-processors may process data only in connection with the performance of tasks assigned to them that are directly related to the pursued purposes.
1.2 The legal basis for the processing of personal data may lie in the fulfilment of the concluded contract or negotiations for the conclusion of a contract
We may process individuals’ personal data on the basis of a concluded contract (e.g. performance of a service at our branch) or negotiations for the conclusion of a contract (e.g. when an individual through our official communication channels wants to obtain more information about our services).
In the cases described, you provide us with personal data as part of a contractual obligation or as part of negotiations for the conclusion of a contract, whereby we do not need your explicit consent for the superscript processing of your personal data.
In principle, you will not suffer any serious negative consequences in situations where you would otherwise need your personal data to perform our services and you will not provide us with this data. Such situations can significantly complicate or even prevent the execution of ordered services or our cooperation, whereby in these cases you will be informed in advance or subsequently.
1.3. The legal basis for processing your data may also be the law
The organization also processes personal data for the purpose of fulfilling legal and other regulations, especially those governing taxes and accounting (e.g. records of issued and received invoices, etc.), e.g.:
– when an organisation is instructed by an inspector or other holder of public authorizations to entrust him with the personal data of a particular buyer / visitor in accordance with the law (e.g. in the context of carrying out inspections in accordance with the provisions of the Inspection Act (ZIN),
– when an organization processes personal data of the buyer to whom it has issued an invoice, this invoice and customer data (e.g. personal name, contact information, etc.).) is processed on the basis of the Value Added Tax Act (ZDDV-1) (see section 3.2.), etc.
1.4. Based on the legitimate interests of the organisation
We may also process certain personal data for the purpose of protecting our own legitimate interests. This is the case, for example, where the processing of your data would be necessary, for example, for the purposes of administrative, criminal or civil proceedings (e.g. when an organisation is required to provide the database as evidence in the proceedings, otherwise the organisation would suffer a penalty or the occurrence of serious and irreparable damage), in which case we will always process only those data, which are strictly necessary to pursue such legitimate objectives.
The organization may also process the individual’s personal data in cases where the processing is necessary to protect the vital interests of the individual (e.g. insight into the address of the individual facing an immediate and serious life threat).
1.5. Based on consent obtained
In principle, we do not make cooperation with us and the use of the organization’s services conditional on your consent to the processing of personal data.
However, we may also process your personal data in organisations based on your explicit consent (i.e. consent). The explicit consent of the individual is considered to be his voluntary declaration of will by which he or she consents to the processing of certain personal data for a specific purpose (e.g. your consent to receive information messages from us), whereby in such cases we process those data listed in the section of the table referred to in point 1, where it is indicated that the processing is based on consent.
Such communication can be cancelled at any time by following the link contained in each such e-mail or by contacting us at XYZ.
On the basis of your consent, our online advertising may also take place if you have consented to the installation of optional (advertising) cookies and tracking pixels of our advertising partners when visiting our website (e.g. installation of a Google Analytics cookie, which allows us to more easily advertise our services on other websites, etc.). A detailed inventory of optional cookies of our advertising partners, the data we process with them and the storage periods for this data is defined on the “Cookies” subpage.
The organization guarantees the individual the right to withdraw this explicit consent at any time in a simple way, i.e. by contacting us at XYZ at any time.
The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until the moment of withdrawal.
In the event that you do not give consent to the processing of personal data, give your consent partially or (partially) withdraw your consent, we will, if possible, cooperate with you only within the scope of the given consent or in the ways permitted by applicable law.
Consent is voluntary, and if you decide not to give it or later withdraw it, this does not in any way impair your other rights or present additional costs or aggravating circumstances for you.
2. How long do we keep or process your personal data?
The period of storage of personal data depends on the basis and purpose of processing each category of personal data. As a rule, personal data is stored for as long as it is necessary for the fulfilment of the purpose for which the data were collected, or as long as a certain regulation requires us to keep them, on which they are deleted.
Insofar as the retention period for individual data is not further specified in the table of Chapter 1, the following applies:
– Data related to the concluded contract or the provision of our services and invoicing. Until the expiration of the retention period or fulfillment of the purpose of processing individual personal data, whereby the organization can usually keep the data for 6 years after the completion of cooperation or longer (e.g. data on the invoice), whereby the personal data of subscribers on the accounts is kept for another 10 years, since such an obligation is imposed on the organization by the Value Added Tax Act (ZDDV-1),
– The data on an individual who communicates with the organization via e-mail addresses and other communication channels available on the website is stored until the expiration of the purposes of processing individual personal data for which the data were collected (e.g. until the end of communication) or until 4 years have elapsed since the last communication with the individual.
– Based on your explicit consent to marketing communications or our legitimate interest in advertising to persons who are already our customers, we keep the data until the person withdraws their consent.
– Data of individuals applying for a vacancy in the organization, whereby the data is kept until the completion of the employment procedure, if the organization has not obtained explicit consent from the individual for longer data storage.
The organization may keep the data for 15 days after the expiration of the stated retention period in order to carry out the destruction of stored data from all data carriers and servers during this period.
The deletion of data can always be requested by the individual by sending his request to the official e-mail address of the organization: XYZ.
3.Who processes your personal data (users of personal data) inside and outside the organisation?
3.1. Certain employees of the organization
Your personal data is processed by those employees of the organization who need the data to perform their work tasks. All employees are obliged to be confidential and to respect the protection of personal data.
3.2. Public authorities
In certain cases prescribed by applicable law, the organisation must forward or report on your personal data to the competent state authorities, as well as to bodies responsible for financial, tax or other supervision, for example (e.g. Office of the Information Commissioner of the Republic of Slovenia, etc.). In certain cases, the organization is obliged to forward the data to third parties if such an obligation to provide or disclose to the organization is imposed by law or the legal entitlement of the third party.
3.3. Contractual processing of personal data
In addition to employees of the organization, users of personal data may also be employees of contractual processors of the organization, who can process personal data as confidential exclusively on behalf of the organization and within the limits of the contract on external processing of personal data concluded by the organization with each such processor. Contractual processors may process personal data only within the framework of the organization’s instructions (i.e. contracts), whereby they may not use the data to pursue any of their own interests.
The contractual processors with which the organization cooperates are:
- persons who cooperate with us on the basis of work or copyright contracts (IT system maintainers, software code developers, etc.),
- accountants or accounting services,
- Provider of website build-up and hosting service (see section 3.4.).
The organization will not pass on your personal data to third unauthorized persons.
To obtain an accurate list of all contracted subprocessors of the organization, you can write to us at the address planetvida@gmail.com.
.
The data you provide to us through our website (e.g. in connection with communication via the contact form on the site, etc.) is stored on servers via the Shopamine service and shared with other subprocessors inside and outside the EU for the purpose of operating the service, as can be seen in Appendix No. 2 of the document (in English) at the following link: https://www.shopamine.com/sl/data-processing-agreement.
3.4. Transfer of personal data to third countries and international organisations and measures to protect the transferred data
As a rule, our organization does not transfer personal data to third countries (i.e. outside the territory of the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and to international organisations.
Exceptions to the above are occasional transfers of certain technical and personal data to the servers of the aforementioned processors whose headquarters or servers are located in the USA (e.g. automatic transmission of some data collected by cookies from Alphabet Inc., entering e-mail addresses in the Commercial Messaging Tool, etc.), whereby the contractual processors concerned are former members of the Privacy Sheild Program (https://www.privacyshield.gov/) and after 12 July 2020 comply with and have adopted security measures regarding the receipt or transmission of data (e.g. standard contractual clauses) or have properly completed and achieved full self-certification in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on an adequate level of protection personal data in the context of data privacy between the EU and the US (i.e. within the meaning of the new EU-US data transfer framework under that adequacy decision as of 10 July 2023).
4. Processing and protection of special categories of personal data
We do not direct individuals in connection with our website or services to provide specific personal data (i.e. information revealing racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, genetic or biometric data, health or data related to an individual’s sex life or sexual orientation).
If the organization becomes aware of the occurrence of a situation in which such information would be disclosed to it, protection or other appropriate action will be taken care of the received data.
5. What are your rights regarding your personal data and how can you exercise them?
In connection with this notice on the processing of personal data or regarding the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without reservation via the e-mail address XYZ.
You can also use the address provided to send your requests and exercise other rights related to personal data and the GDPR.
As a data subject, the GDPR gives you the opportunity to exercise the following rights with our organisation:
Right to information: Individuals have the right to be informed about the collection and processing of their personal data.
Right of access: Individuals have the right to access their personal data and obtain information on how the data is processed, as well as a copy of the data itself.
Right to erasure (right to be forgotten): Individuals have the right to request the deletion of their personal data in certain circumstances.
Right to withdraw consent: If the processing of personal data is based on consent, individuals have the right to withdraw their consent at any time without suffering any negative consequences.
Right to rectification: Individuals have the right to request the rectification of inaccurate or incomplete personal data. If the data has been transferred to third parties, we will, to the extent possible, inform those third parties of the implementation of the correction.
Right to restriction of processing: Data subjects have the right to request restriction of the processing of their personal data. This right applies in certain cases, for example when the accuracy of the data is disputed or the data subject has objected to its processing.
Right to data portability: In certain cases, individuals have the right to receive their personal data in a structured, commonly used and machine-readable format. They may also require that their data be transferred to another controller if the processing is based on consent or a contract and if the processing is carried out by automated means.
Right to object: Individuals have the right to object to the processing of their personal data on the basis of legitimate interests or public interest/the exercise of official authority. In such cases, we will cease such processing, unless we can demonstrate compelling legitimate grounds that override the individual’s interests, rights and freedoms.
Rights related to automated decision-making and profiling: Individuals have the right not to be subject to exclusively automated decisions, including profiling, which substantially affect them. They also have the right to intervene humanly, express their point of view and complain about such decisions.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other judicial remedy, if you believe that the processing of personal data concerning you by our organisation violates the regulations on the protection of personal data, you may, without prejudice to any other judicial remedy (administrative or other), lodge a complaint with a supervisory authority, in particular in the country where you have your habitual residence, where your place of work is situated, or in which the violation allegedly occurred (in Slovenia, the Information Commissioner):
– Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.com, phone: 012309730, website: www.ip-rs.com.
A list of other EU supervisory authorities and their contact details can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#.edoms.
6. The existence of automated decision-making and profiling |
The processing carried out by our organization does not involve automated decision-making and profiling based on your personal data.
7. Processing of personal data of persons under the age of 15
Our organization has focused the development and provision of its services on collecting personal data of persons over the age of 15. In cases where an organization’s services would be used by a younger person, if the organization became aware of such a case, it will obtain the consent of a parent or guardian of such a person.
If the organization itself subsequently determines that personal data of a person under the age of 15 are processed in connection with the service but their parent or guardian has not consented to this, it will do everything necessary to delete all captured personal data.
To planetvida@gmail.com
superscript persons or their parents or guardians may at any time submit their requests to delete the data in question.
8. Who can you contact regarding further clarifications regarding the processing of personal data and your rights?
You can contact us at any time regarding the processing of your personal data at the e-mail address:
planetvida@gmail.com
9. Protection of your personal data
The organization carefully stores and protects personal data through organizational, technical and logical-technical procedures and measures to protect data against accidental or intentional unauthorized insight, destruction, alteration or loss, as well as unauthorized disclosure or other form of processing to which you have not expressly consented.
For this purpose, the organization has also adopted appropriate internal processes and established various measures (e.g. assigning, using and changing passwords, locking premises, offices, and locations of servers and workstations, regular updating of support software and upgrading security controversial components, physical protection of material containing personal data at specially designated places, training of employees, etc.). The organization demands the same security requirements from its contractual processors.
10. Version and date of last update of this Notice
The text of this notice represents version 1.0 of this document. This announcement was last updated on 25/02/2024.
PLANETVIDA education, consulting, design and supervision d.o.o.