The company offers special care for the security of your personal data. All personal data provided is treated confidentially and is used only for the purpose for which it was provided. We manage your personal data with the utmost care, considering the applicable legislation and the highest standards of their treatment. We take care of the security of your personal data, among other things, with appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the data collected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data that has been transferred, stored or otherwise processed.
contact information of the company,
purposes, bases, and types of processing of various types of personal data of individuals,
retention time of individual types of personal data,
the rights of individuals regarding the processing of personal data,
the right to lodge a complaint regarding the processing of personal data,
2. Personal data collected by the company
If you are only a visitor to the website, we only collect information about you using cookies. If you are a user of services or a subscriber of services provided by the company, we also collect other personal data about you that we need to perform the services that you have ordered or are using. This personal information is:
Name and surname
Date of birth
Credit/debit card number
3. Personal data controller
4. Categories of individuals whose personal data are processed
5. Purposes of processing and bases for data processing
5.1. Contract processing:
As part of the exercise of contractual rights and fulfilment of contractual obligations, the company processes your personal data for the following purposes: identification of the individual, preparation of an offer, conclusion of a contract, provision of ordered services, notification of possible changes, additional details and instructions for using services, objections or complaints, billing for services and for other purposes necessary for the implementation or conclusion of a contractual relationship between the company and the individual.
When billing for services, on the basis of tax regulations, we obtain and process your address for the correct issuance of the invoice.
5.2. Processing by law:
On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and misuse of services, further to ensure the stable and secure operation of our system and services, as well as to implement information security measures, meet service quality requirements and detect technical system and service failures.
Based on a legitimate interest, we also use your personal data for the purposes of possible enforcement, judicial and extrajudicial recovery.
In accordance with the General Regulation, in the event of suspected abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, pass this information on to other service providers, business partners and the police, the public prosecutor's office or other competent authorities. For the purpose of preventing future abuses or frauds, data on the history of identified abuses or frauds in connection with an individual, which includes data on the subscription relationship and, for example, IP address, may be kept for five years after the termination of the business relationship.
5.3. Processing based on consent for the processing of personal data:
The processing of data may also be based on your consent given to the company.
Withdrawal or change of consent only applies to data processed based on your consent. Your last consent given to us is valid. The possibility of revoking the consent does not constitute a right of withdrawal in the business relationship of the individual with the company.
Data for which your consent has been given is processed until revoked. Upon receipt of the cancellation, we shall delete the personal data under the conditions, in the manner and within the time explained in point 8.
6. Restrictions on the transmission of personal data
If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also provide personal data to such carefully selected external processors who will conclude a contract with the company for the processing of personal data or the same agreement or other binding document (hereinafter: "Processing contract"). We will provide or make available to external processors such data only to the extent required for a specific purpose. This data may not be used by the external processor for any other purpose, if it meets at least all the standards for the processing of personal data provided for by the applicable legislation. External processors are contractually obliged by the company to respect the confidentiality of your personal data.
Based on a reasoned request, companies also provide personal data to the competent state authorities, which have a legal basis for this. Ornamentico Group d.o.o. will e.g. respond to requests from courts, law enforcement and other national authorities, which may include national authorities from another EU Member State.
7. Period of retention of personal data
The data retention period is determined by the category of the individual data. The data shall be kept for a maximum period of time necessary to achieve the purpose for which they were collected or further processed, or until the expiry of the limitation periods for the fulfilment of obligations or the legally prescribed retention period.
Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until the full payment of the service or until the expiration of the statute of limitations in relation to an individual claim, which may amount to one to five years. Invoices are kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other data obtained based on your consent are kept for the duration of the business relationship and for 2 years after the termination unless the law provides for a longer retention period. If the individual who gave consent for the processing of personal data has not entered a business relationship with us, his consent is valid for 2 years from its submission or until its revocation.
At the end of the retention period, the data shall be deleted, destroyed, blocked, or anonymised, unless otherwise provided by law for each type of data.
8. Rights of Individuals in relation to the processing of personal data
We guarantee the exercise of your rights in relation to the processing of your personal data without undue delay. We will decide on your request within one month of receiving your request. In case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, together with the reasons for the delay.
Requests regarding the exercise of your rights are accepted by e-mail email@example.com or by mail to Ornamentico Group d.o.o., Koprivnik v Bohinju, 5 4264 Bohinjska Bistrica.
Where you submit your request by electronic means, we will provide you with the information by electronic means whenever possible, unless you request otherwise.
Where there is a legitimate doubt as to the identity of the data subject, we may request the provision of additional information necessary to confirm the identity of the data subject.
We grant you the following rights in relation to the processing of your personal data:
the right of access to data
the right of rectification
the right to erasure (the “right to be forgotten”)
the right to restrict processing
the right to data portability
the right to object
1. the right of access to data
You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information:
the types of personal data being processed,
users or categories of users to whom personal data have been or will be disclosed,
the envisaged retention period of personal data or, if this is not possible, the criteria used to determine this period,
the existence of a right to require the controller to rectify or delete personal data or to restrict the processing of your personal data, or the existence of a right to object to such processing,
the right to lodge a complaint with the supervisory authority,
when personal data is not collected from you, all available information regarding its source.
2. the right of rectification
You have the right to rectify inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to supplement incomplete personal data, including the submission of a supplementary statement.
3. the right to erasure (the “right to be forgotten”)
You have the right to have our personal data deleted without undue delay when one of the following reasons applies:
where personal data are no longer needed for the purposes for which they were collected or otherwise processed,
when you revoke the consent on the basis of which the processing takes place, but there is no other legal basis for the processing,
when you object to the processing of data and there are no overriding legitimate reasons for processing it,
where personal data have been processed unlawfully,
when personal data must be deleted to fulfil a legal obligation in accordance with EU law or the Slovenian legal order.
4. the right to restrict processing
You have the right to limit the processing of your personal data when one of the following cases applies:
when you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the personal data,
the processing is illegal, and you oppose the deletion of personal data and instead request a restriction on their use,
we no longer need your personal data for the purposes of processing, but you need it to assert, enforce or defend legal claims,
if you have filed an objection regarding processing based on the legitimate interests of the company until it is verified that our legitimate reasons outweigh your reasons.
Where the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with your consent, either to assert, enforce or defend legal claims or to protect the rights of another natural or legal person.
We are obliged to inform you before the restriction on the processing of your personal data is lifted.
5. the right to data portability
You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable form, and the right to pass this data on to another controller without being hindered by the company when processing is based on your consent. and processing is performed by automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
6. the right to object
When we process your data based on a legitimate interest for marketing purposes, you may object to such processing at any time.
We stop processing your personal data unless we prove compelling reasons for the processing that outweigh your interests, rights, and freedoms, or for asserting, enforcing, or defending legal claims.
9. The right to lodge a complaint regarding the processing of personal data
Any complaint regarding the processing of your personal data can be sent to the e-mail address firstname.lastname@example.org or by mail to the address Ornamentico Group d.o.o., Koprivnik v Bohinju, 5 4264 Bohinjska Bistrica.
If we do not decide on your request within the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.
If you have exercised your right of access to data and after receiving the decision you believe that the personal data you have received is not the personal data you have requested or that you have not received all the requested personal data, you can lodge a reasoned complaint with the Information Commissioner. at the company within 15 days. We need to decide on your appeal as a new request within five business days.
10. Final provisions