All our activities are in accordance with the European legislation (Regulation 2016/697 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and conventions of the Council of Europe (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189)), and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, OG RS, No. 94/07), Electronic Commerce Market Act (ZEPT, OG RS, Nos. 96/09 and 19/15), etc.).
A personal data is a piece of information which identifies you as a defined or identifiable individual.
- basic user data (name and surname, address, date of birth);
- contact information and data about your communication with the administrator (e-mail address; telephone number; date, time, and contents of your email or mail communication);
- data about the user’s demands and invoices issued (date, price of the attendance fees, payment method, number and date of the invoice issued);
- data about the user’s use of the administrator’s website (dates and times of website visits, pages or URLs visited, duration of a visit to an individual page, number of pages visited, total time of a website visit, settings enabled at the website);
* other data provided voluntarily by the user to the administrator of personal data upon a demand for certain services demanding these data.
The provider does not collect and process your personal data, except when you enable it or agree to it specifically, i.e. upon the sending of a request or payment of an event’s participation fee, when you subscribe to the e-newsletter or to the magazine, or when there is legal basis for the collection of personal data or the provider has a legal interest in the processing.
The time frame in which the provider can keep the collected data is defined in detail in the chapter Retention of Personal Data of this Policy.
Purpose of Processing and Bases for Data Processing
The provider collects and processes your personal data based on the following legal bases:
- the law and contractual relations,
- individual’s consent, and
- legal interest.
Data Processing Based on Law and Contractual Relations
In the event that the provision of personal data is a contractual obligation necessary for the conclusion and implementation of the contract with the provider or a legal obligation, you must provide your personal data; if you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider perform the services or deliver products pursuant to the contract, since it does not have the data necessary for the execution of the contract.
Data Processing Based on Legal Interest
The provider can also process data on the basis of legal interest for which the provider strives, except when interests or fundamental rights and freedoms of an individual, to which personal data that demand the protection of personal data refer, outweigh such interest. In the case of the use of legal interest, the provider always performs an assessment in accordance with the General Data Protection Regulation.
Processing Based on Your Consent
The provider also collects and processes (uses) your personal data for the following purposes, when you consent to it:
- transmission of commercial offers (especially event invitations) and other content via e-mail,
- all other purposes to which you specifically agree when collaborating with the provider.
Retention of Personal Data
The provider will retain your personal data only for as long as necessary for the realisation of the purpose for which the personal data was collected and further processed (e.g. for the provider to fulfil your order, verification of your payment, and the fulfilment of other obligations of the provider and/or your obligations, to ensure that you have access to special information available to you, for the sending of the provider’s e-news, etc.).
Those personal data which the provider processes on the basis of the law, the provider retains for the period provided by the law.
Those personal data which are processed by the provider for the execution of the contractual relationship with the individual, are kept by the provider for as long as it takes to enforce the contract and 5 more years after its cessation, except in cases when there is a dispute between you and the provider in connection with the contract; in such case, the provider retains the data for 5 more years after the finality of a court or arbitration decision or settlement or, if there was no legal proceedings, for 5 years from the day of the amicable settlement.
Those personal data which the provider processes on the basis of the individual’s personal consent or legal interest, the provider retains permanently, until the revocation of this consent from the individual, or until the request for the suspension of processing.
After the expiry of the retention period, the administrator efficiently and permanently deletes or anonymises personal data, so that they can no longer be connected to a certain individual.
Contractual Processing of Personal Data
Contractual data processors with whom the provider collaborates are:
- service providers (e.g. providers that carry out a certain event or training in the name of the SBC);
- accounting service; law firms and other providers of legal advice;
- data processing and analytics providers;
- maintenance of IT systems;
- providers of e-mail sending (e.g. Mailchimp and others);
- payment system providers;
- web marketing solutions providers (e.g. Google, Facebook).
The provider will not disclose your personal data to unauthorised third parties.
Contractual data processors may process personal data solely within the limits of the administrator’s instructions and may not use personal data to pursue any type of their own interests.
Freedom of Choice
Individuals who want to unsubscribe from receiving e-news can write to us at: firstname.lastname@example.org. If your personal data change (postal code, e-mail address, permanent address, telephone number), we politely ask that you inform us of the change to: email@example.com.
Automatic data recording (non-personal data)
Any time you visit a website, general, non-personal data (number of visits, average duration of the visit to a website, sites visited) are automatically recorded (not as part of registration). This information is used to measure the attractiveness of our website, and for the improvement of content and usefulness. Your data are not the subject of further processing and are not communicated to a third party.
Ljubljana, 21. 5. 2018