Datenschutzerklärung

1. About the »Privacy Policy«

With this privacy policy, the company Zavod Heristate, zavod za varovanje kulturne dediščine in digitalno transformacijo, Bratovševa ploščad 8, SI-1000 Ljubljana, Slovenia (hereinafter Zavod Heristate) determines the rights and obligations of website users (hereinafter "the individual"), where it is important that the Zavod Heristate respects and protects all acquired personal data of users in accordance with applicable legislation and undertakes to all personal data obtained through or using the website will be carefully protected and used exclusively for the purpose for which it was provided.

Zavod Heristate reserves the right to change the Privacy Policy at any time, without prior notice. The user is bound by this Privacy Policy and the Personal Data Protection Act, which is valid at the time of visiting or using the website.

The Privacy Policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC ( hereinafter: General Data Protection Regulation), the following information is covered:

  • contact information of the controller of personal data,
  • what personal data is collected,
  • purposes of processing and basis for data processing,
  • restrictions on the transmission of personal data,
  • period of retention of personal data,
  • the rights of individuals in relation to the processing of personal data,
  • validity of the Privacy Policy.

2. Controller of personal data

The manager of personal data processed in accordance with this Privacy Policy is the company Zavod Heristate, Bratovševa poščad 8, SI-1000 Ljubljana, Slovenia, e-mail: info@ heristate.com

3. Personal data collected by company

As part of the provision of services and fulfillment of contractual obligations, the company processes the following personal data of Individuals:

  • name and surname
  • email address
  • phone
  • title
  • company information

4. Categories of individuals whose personal data are processed

This Privacy Policy is intended for all individuals who have ordered and/or used the company's services, submitted an inquiry, downloaded free content, registered for various events via online forms, as well as those who visited our website .

5. Purposes of processing and basis for data processing

 

5.1. Processing based on consent to the processing of personal data:

Data processing may be based on the consent given by the Individual to the company.

For example,

Consent may refer to:

  • information and education,
  • information about the offer and services,
  • preparation of an offer adapted to individual user habits
  • or provision of value-added services.

Notification is carried out through the channels chosen by the individual in their consent (e.g. by e-mail, SMS messages, by post...).

Notification using an e-mail address includes the transmission of an individual's personal data to the provider of the notification system (e-mail, SMS) and for the purpose of displaying the company's advertising messages while browsing the web.

The data subject may withdraw or change their consent at any time in the same way as the consent was given or in another way as defined by the company, whereby the company reserves the right to identify the customer.

Amendment of consent can also be arranged via e-mail to the address info@heristate.comor by written request sent to the address of the company headquarters

Withdrawal or change of consent only applies to data processed on the basis of consent. The last given consent of the individual received by the company is valid. The possibility of revocation of consent does not constitute a right of withdrawal in the business relationship of an individual with a company.

5.2. Processing based on contract:

As part of exercising contractual rights and fulfilling contractual obligations, the company processes your personal data for the following purposes:

  • identification of the individual,
  • preparation of the offer,
  • conclusion of the contract,
  • to provide the ordered services,
  • notification of possible changes,
  • additional details and instructions for using the services,
  • to solve possible technical problems,
  • objections or complaints,
  • billing for services
  • and for other purposes necessary for the implementation or conclusion of a contractual relationship between a company and an individual.

When billing services, based on tax regulations, we also obtain and process your address for the correct issuance of the invoice.

5.3. Processing based on the law:

On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further within the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services and detection of technical malfunctions of systems and services.

Based on a legitimate interest, we also use your personal data for the purposes of possible executions, judicial and extrajudicial recovery.

In accordance with the General Regulation, in case of suspicion of abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of possible fraud or abuse, and may, if appropriate, pass this data on to other providers of such services, business partners, the police, the state prosecutor's office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.

6. Restrictions on the transmission of personal data

If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also forward personal data to such carefully selected external processors who will conclude a contract with the company on the processing of personal data, or an agreement or other binding document of the same content (hereinafter: "Processing Agreement"). We will forward this type of data to external processors or make them accessible only to the extent required for a specific purpose. This data may not be used by the external processor for any other purposes, while meeting at least all personal data processing standards provided for by applicable legislation. External processors are contractually obligated to the company to respect the confidentiality of your personal data.

7. Personal data retention period

The data retention period is determined according to the category of individual data. We keep the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for fulfilling obligations or the statutory retention period.

  • Personal data, which we process on the basis of the individual's consent, are stored permanently or until revocation of this consent by the individual.
  • Data on issued invoices are kept for 10 years from the date of issue.
  • The data required for the conclusion and fulfillment of the contract are kept for another 5 years from the fulfillment of the contract

After the retention period expires, the data is deleted, destroyed, blocked or anonymized, unless the law provides otherwise for the individual type of data.

8. Individual rights in relation to the processing of personal data

We grant you the following rights in relation to the processing of your personal data:

  • the right to access data
  • right to correction
  • right to erasure ("right to be forgotten")
  • the right to restriction of processing
  • the right to data portability
  • right to object

8.1 right of access to data

You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information:

  • processing purposes,
  • types of personal data processed,
  • users or categories of users to whom personal data has been or will be disclosed,
  • the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period,
  • the existence of the right to request the controller to correct or delete personal data or to limit the processing of your personal data, or the existence of the right to object to such processing,
  • rights to lodge a complaint with the supervisory authority,
  • where personal data is not collected from you, all available information regarding its source.

8.2 Right to Correction

You have the right to obtain that we correct inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement.

8.3 right to erasure ("right to be forgotten")

You have the right to have your personal data deleted without undue delay when one of the following reasons applies:

  • when personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • when you revoke the consent on the basis of which the processing takes place, there is no other legal basis for the processing,
  • when you object to the processing of data and there are no overriding legitimate reasons for processing them,
  • when personal data has been processed illegally,
  • when personal data must be deleted to fulfill a legal obligation in accordance with EU law or Slovenian legal order.

8.4 right to restriction of processing

You have the right to obtain that we restrict the processing of your personal data when one of the following cases applies:

  • when you dispute the accuracy of the data, namely for the period that allows us to verify the accuracy of the personal data,
  • the processing is illegal and you object to the deletion of personal data and instead request the restriction of their use,
  • we no longer need your personal data for processing purposes, but you need them to assert, implement or defend legal claims,
  • if you have objected to processing based on the company's legitimate interests, until it is verified that our legitimate reasons override your reasons.

When the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, with the exception of their storage, is processed only with your consent, or for the assertion, implementation or defense of legal claims or for the protection of the rights of another natural or legal person.

Before canceling the restriction of processing your personal data, we are obliged to inform you about it.

8.5 right to data portability

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without hindrance from the company when the processing is based based on your consent and the processing is carried out by automated means At your request, when technically feasible, personal data may be directly transferred to another controller.

8.6 right to object

When we process your data on the basis of a legitimate interest for marketing purposes, you can object to such processing at any time.

We stop processing your personal data, unless we demonstrate compelling reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

9. Procedure for asserting rights

We guarantee the exercise of your rights in relation to the processing of your personal data without undue delay.

Requests regarding the exercise of your rights are accepted at the email address info@heristate.com or by mail at the address Zavod Heristate, Bratovševa ploščad 8, SI-1000 Ljubljana, Slovenia.

When you submit a request by electronic means, we will provide the information to you by electronic means whenever possible, unless you request otherwise.

When there is a legitimate doubt regarding the identity of an individual who submits a request in relation to one of his rights, we may request the provision of additional information that is necessary to confirm the identity of the individual to whom personal data refer.

10. Final Provisions

For everything that is not regulated by this Privacy Policy, the current legislation applies.

The company reserves the right to change this Privacy Policy and it will be published on this page.

The privacy policy published on the heristate.com website is in effect from January 1, 2023.

.