Privacy Policy

Privacy Policy

Company privacy terms of Excel Olympics, poslovno svetovanje, Gašper Kamenšek s.p.

 

MEANING OF TERMS

Privacy Policy

The conditions of privacy are the internal act of the company Excel Olympics, business consulting, Gašper Kamenšek s.p. (hereinafter: the processor) and apply to all legal relations between him and the service subscribers (hereinafter: the controller). The act determines the rights and obligations of the processor and the controller in the management and processing of personal data of individuals.

Personal information

Personal data means any information relating to an identified or identifiable individual who is a natural person. A designated individual is one whose personal data is determined and processed in accordance with the purposes set by the controller. An identifiable individual is one who can be identified, directly or indirectly, and whose personal data can be processed in accordance with the purposes set by the controller.

Individual

An individual is any natural person whose personal data is processed on a legal or contractual basis between the controller and that individual or on the basis of the explicit consent given by the individual to the controller.

The manager

The controller determines the purposes and means of processing within the scope of its registered activity and / or legal powers. The individual is informed in advance who is the controller of personal data and who is the processor of his personal data.

Processor

The processor processes the personal data of individuals on behalf of the controller, according to his instructions, within the framework of lawful purposes and methods of processing.

Subprocessor

The sub-processor processes the personal data of individuals in the name and on the instructions of the processor, within the framework of lawful purposes and methods of processing.

Processing

Processing of personal data means any act or set of actions carried out in relation to personal data or sets of personal data with or without automated means, such as collecting, recording, editing, structuring, storing, adapting or modifying, retrieving, viewing, using , disclosure by brokering, disseminating or otherwise making available, adapting or combining, restricting, deleting or destroying.

Processing restriction

Restriction of processing means marking of stored personal data in order to limit their processing in the future.

Profile design

Profiling means any form of automated processing of personal data involving the use of personal data to assess certain personal aspects relating to an individual, in particular to analyze or predict performance, economic status, health, personal taste, interests, reliability, behavior, location or movements of that individual.

Pseudonymization

Pseudonymisation means the processing of personal data in such a way that personal data can no longer be attributed to the specific data subject without additional information, provided that such information is kept separate and subject to technical and organizational measures to ensure that personal data is not disclosed. attributed to a particular or identifiable individual.

Consent of the individual

Consent of the data subject means any voluntary, explicit, informed and unambiguous statement of the will of the data subject expressing consent to the processing of personal data concerning him or her by means of a statement or clear affirmative action.

Violation of personal data protection

Violation of the protection of personal data means a breach of security which results in the intentional or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.

PROCESSING OF PERSONAL DATA

Processor data

Excel Olympics, poslovno svetovanje, Gašper Kamenšek s.p. Ziherlova ulica 4, 1000 Ljubljana, Slovenija
Registration number: 8184356000
Tax number: 39486141
The company has been entered in the Court Register of the Republic of Slovenia since 11.4.2018.
The person responsible for providing information regarding this act and the protection of personal data is:
Gašper Kamenšek, gasper@excelolympics.com

Subprocessors

The processor has concluded contracts on further processing of personal data of individuals of a certain controller in cases when it has external processors for the provision of its services, who are its sub-processors in relation to the controller. The processor is responsible for the selection of sub-processors and ensures that they are committed to the same or higher level of protection of personal data as stipulated by Slovenian and European Union regulations. The processor shall inform the controller of its existing processors and of any change of processors or hire of new processors. It shall do so by announcing the publication of new privacy terms, listing new processors and making available to the controller for thirty days,
to rule on, approve or oppose changes.

Legal basis for the processing of personal data

The processor has a legal basis for the processing of personal data of individuals of a particular controller in a previously concluded contract between the controller and the processor or on the basis of another service contract.

The processor is responsible for the fact that the controllers are acquainted with this act and other acts of the processor, insofar as they regulate the field of processing personal data of individuals and / or business conditions for
implementation of ordered services.

The controller is responsible for providing the appropriate legal basis for the processing of personal data (legitimate interest, contractual interest and / or explicit consent of the individual).

Types of personal data

The processor processes the personal data provided to it by the controller. The processor never processes other personal data of individuals of a particular controller.

Purposes of personal data processing

The processor processes the personal data of the individuals of a particular controller only for the purposes for which the controller gave him instructions. The processor never processes the personal data of individuals designated operator for other purposes.

The role of the manager

The controller is obliged to give instructions to the processor for the processing of those personal data of the individuals he manages. The controller must provide the processor with clear and unambiguous information on what types of personal data and for what purposes it may process.

Documented operator instructions

According to this act, the controller is obliged to determine the processor and the duration of the processing of personal data, the nature and purpose of the processing, the types of personal data and the categories of individuals to whom the
relate to personal data.

The controller’s instructions must be documented, and may be given in writing by ordinary or electronic mail, and in the case of oral instructions, the processor shall also request written confirmation by ordinary or electronic mail.

The processor is not responsible for the legality of the instructions received from the controller for the processing of personal data of individuals of a particular controller.

Confidentiality of data

The processor ensures that the persons authorized to process personal data are bound by confidentiality or are bound by the relevant law. The processor has adopted the internal Rules on personal data protection and obtains a written commitment from all employees and external collaborators to
confidentiality of data, acquaintance with the rules and appropriate security measures implemented by the processor to ensure an appropriate level of data security.

Rights of individuals

The processor shall technically arrange for the support and technical solutions and final information required by the controller, as required by the controller and to the lawful extent, when individuals exercise one or more rights under the controller under the controller: right of rectification, right of erasure. , the right to restrict processing, the right to data portability and the right to object.

Deletion or transfer of data

Based on the previously documented instructions of the controller, the processor deletes or returns all personal data to the controller after the completion of the service it provides for the controller and destroys existing copies, except in cases where data storage is required by law.

Access to information

The processor shall provide the controller with all the information necessary to demonstrate compliance with the obligations under this act and the legislation, and shall allow the controller or other auditor authorized by the controller to carry out audits, including inspections, and participate in them.

SECURITY OF PERSONAL DATA PROCESSING

Processing security

Processor and controller, taking into account the latest technological developments and implementation costs and the nature, scope, circumstances and purposes of processing, as well as the risks to rights and freedoms
individuals varying in likelihood and severity, the controller and the processor shall ensure an appropriate level of security in relation to the risk by implementing appropriate technical and organizational measures, including, inter alia, measures covering:

pseudonymization and encryption of personal data,

the ability to ensure the continued confidentiality and integrity, accessibility and resilience of processing systems and services,

the ability to restore the availability and access to personal data in a timely manner in the event of a physical or
technical incident,

procedures for regular testing, evaluation and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.

In determining the appropriate level of security, particular account shall be taken of the risks posed by the processing, in particular as a result of accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.

Data protection officer

The processor is not obliged to appoint a person authorized for the protection of personal data because he does not perform the processing as a public authority or body, nor does he carry out in the core business the processing that would be necessary due to their nature, scope and / or purposes. relate to personal data, be monitored regularly and systematically, and the processor’s core business does not involve extensive processing of specific types of personal data.

Security measures

The processor shall ensure appropriate security measures in the processing of personal data to ensure the protection of personal data. Security measures are regularly monitored and updated in accordance with the development of technology and the requirements of legislation.

The processor informs the controller about security measures and appropriate technical solutions in a separate document, which is an integral part of these privacy conditions governing the legal relationship between the controller and the processor and the Privacy Policy governing the legal relationship between the processor and employees processing personal data. individuals of a particular operator.

FINAL PROVISIONS

Binding nature of legal conditions

1. The conditions of privacy apply to all controllers with whom the processor has a legal relationship with the contract or in writing by e-mail and confirmed by the controllers by e-mail and is considered to have accepted an annex to the existing legal relationship or a written annex to existing written contract if requested by the operator.
2. The conditions of privacy shall be binding on all legal transactions concluded on the basis thereof.
3. The privacy conditions are an integral part of the service contract by the operator.
4. The operator confirms the acquaintance and agreement with these privacy conditions before ordering the service (in the contract or in writing via electronic communication).

Changes to the Terms of Privacy

1. The processor shall regularly update the privacy terms with legal changes.
2. The processor shall notify the controller of changes in a timely manner in writing by e-mail.
4. The processor shall provide an archive of changes to the terms of privacy, which shall be accessible to each controller upon prior written request to the contact e-mail address of the processor.

Conflict solving

The processor and the operator undertake to resolve any disagreements and disputes amicably and amicably. To the extent that an amicable solution is not possible, the court in the Republic of Slovenia at the seat of the processor is competent to resolve the dispute.