Privacy Policy

The purpose of this privacy policy is to inform individuals, users of services, colleagues and employees and any other person (hereinafter: individual) who cooperate with Fin4Green d.o.o. (hereinafter: the company) about the purposes and legal bases, security measures and the rights of individuals regarding the processing of personal data carried out by our company.

We value your privacy; hence your data is always carefully protected.

We process your personal information in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (hereinafter: the General Regulation)) and the applicable legislation in the field of the protection of personal data  and other legislation that gives us the legal basis for the processing of personal data.

Privacy policy contains information for individuals, on how our company, as an Responsible authority, processes personal data received from an individual based on legal bases, described below.

Controller

The responsible authority for the collection, processing and use of personal data (controller) is:

Name: Fin4Green d.o.o.

Address: Zeleni biser 6, 6230 Postojna

Contact: info@fin4green.si

Data Protection Officer

Data subjects may contact dpo@fin4green.si, for all questions relating to the processing of their personal data and the exercise of their rights under the General Regulation.

Personal data

Personal data means any information relating to a designated or identifiable individual (hereinafter referred to as the “data subject”); an identifiable individual is the one that can be determined directly or indirectly, in particular by specifying an identifier such as a name, an identification number, a location data, a web identifier, or an indication of one or more of the factors that are characteristic of the physical, physiological, genetic , mental, economic, cultural or social identity of this individual.

The purpose and the basis of data processing

The company collects and processes your personal information on the following legal bases:

  • processing is necessary to fulfil the legal obligation applicable to the controller;
  • processing is necessary for the performance of a contract, to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

processing is necessary to protect the vital interests of the data subject or other natural persons.

Fulfillment of a legal obligation

Based on the provisions in the law, the company mainly processes information about its employees, which is provided for by labour legislation. Thus, based on a legal obligation for employment purposes, the company processes mainly the following types of personal data: name and surname, gender, date of birth, unique citizen registration number or social security number, tax number, place, municipality and country of birth, citizenship, residence, etc.

Performance of a contract

In the case where you enter into a contract with the company as an individual, this constitutes the legal basis for the processing of personal data. We may therefore process your personal information for the conclusion and implementation of a contract, such as, for example, sale of goods and services, membership in clubs of benefits, participation in events, education, promotions, etc. If an individual does not provide personal data, the company cannot conclude a contract, nor can the company provide services or deliver goods in accordance with the concluded contract, as it does not have the necessary data for the implementation. Based on the lawful activity, the company can inform individuals and users of its services to their e-mail address about their services, events, education, offers and other content. An individual can at any time request termination of such communication and processing of personal data and cancel the receipt of messages via the connection link to unsubscribe from the received message, or as a request by e-mail to dpo@fin4green.si or by regular mail to the company address.

A legitimate interest

An entity may also process personal data based on the legitimate interest it is pursuing. The latter is inadmissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal data protection. In the case of the application of legitimate interest, the firm always makes an assessment in accordance with the General Regulation.

The processing of personal data of individuals for the purposes of direct marketing is deemed to have been performed in a legitimate interest. The company can thus process the personal data of individuals collected from publicly available sources or within the framework of lawful activity, including for the purpose of offering goods, services, employment, information on benefits, events, etc. To achieve these purposes, the company can use ordinary mail, telephone calls, e-mail and other telecommunication resources. For the purposes of direct marketing, an entity may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number and e-mail address. For the purposes of direct marketing, the personal data may also be processed without the explicit consent of the individual. An individual can at any time request termination of such communication and processing of personal data and cancels the receipt of messages via the un-subscription link in the received message or as a request by e-mail to dpo@fin4green.si or by regular mail to the company address.

Processing based on consent given by data subject

If the company does not have a legal basis (presented based on a law, contractual obligation or legitimate interest) it may ask individual for consent. Hence, it can process certain personal data of the individual for the following purposes, when the individual gives consent:

  • residence address and e-mail address for information and communication purposes,
  • Tax number or unique citizen registration number or social security number, for the purposes of possible enforcement in case of default (e.g. past due invoice),
  • photographs, video clips and other content related to the individual (for example, the publication of images of individuals on the company’s website) for the purpose of documenting activities and informing the public about the activities and events of the company;
  • other purposes for which an individual agrees with the consent.

If an individual gives consent to the processing of personal data and at some point, he no longer wishes to do so, he may request to discontinue the processing of personal data with request by e-mail to dpo@fin4green.si or by regular mail to the address of the company. Revocation of consent does not affect the legality of the processing based on given consent prior to its cancellation.

Processing is necessary to protect the vital interests of the individual

The company may process the personal data of the data subject insofar as this is necessary for the protection of his or her vital interests. Hence, a company can search for a personal document of an individual, check whether that person exists in its database, examine data subject’s history or contact his or her relatives for which it does not need consent. This applies in the case where it is indispensable to protect the vital interests of the individual.

Retention and deletion of personal data

The company will store personal data only for as long as this is necessary to achieve the purpose for which personal data have been collected and processed. Insofar as the company processes the data based on the law, they will be kept for the period prescribed by law. In doing so, some of the information is retained during the cooperation with the company, and some data must be kept permanently.

The personal data processed by the company on the basis of a contractual relationship with an individual shall be kept by the company for the period necessary for the execution of the contract and for a further 6 years after its termination, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company keeps the data for another 10 years after the final decision, arbitration or judicial settlement has become final, or, if no dispute has been made, 5 years from the date of peaceful settlement of the dispute.

The personal data processed by the company based on personal consent of the individual or on the legitimate interest will be kept by the company until the cancellation of the consent or the request to delete the data. After receiving the cancellation or request for deletion, the data is deleted within 15 days at the latest. An entity may also delete this information before consent is cancelled when the purpose of the processing of personal data has been achieved or if the law so provides.

Exceptionally, the company may refuse the request for deletion for the reasons set out in the General Regulation, such as: exercise of the right to freedom of expression and information, compliance with legal processing obligations, reasons of public interest in the field of public health, the purpose of archiving in the public interest, scientific or historical research purposes or statistical purposes, implementation or defence of legal claims.

After the expiry of the retention period, the company must erase or anonymise the personal data effectively and permanently so that it can no longer be associated with a individual.

 

Contractual processing of personal data and the export of data

The company may entrust to the contracted processor for individual processing of personal data based on the processing contract. Contractors may process the data entrusted solely on behalf of the controller, within the limits of his / her authority, which is specified in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.

The contractual processors with which the company is involved are in particular:

  • accounting services and other providers of legal and business consulting;
  • Infrastructure maintenance (video surveillance, security, cleaning services);
  • information system maintainers;
  • providers of e-mail services and software providers, cloud services (eg Arnes, Microsoft, Google);
  • social network providers and online advertising (Google, Facebook, Instagram, etc.).

In any case, the company will not provide individual personal data to unauthorized third parties.

Contractual processors may process personal data only in the context of company instructions and may not use personal data for any other purpose.

The company as the operator and its employees, do not transfer personal data to third countries (outside the Member States of the European Economic Area – EU Member States and Iceland, Norway and Liechtenstein) and to international organizations other than the United States, with US contract processors included in the Privacy Program EU-US Shield.

Cookies

The company’s website works with the help of so-called cookies. A cookie is a file that stores the settings of a web page. Websites store cookies in user devices that access the Internet in order to identify the individual devices and settings that users have used in accessing. Cookies allow web pages to recognize if a user has already visited this site, and with advanced applications, they can adjust their individual settings accordingly. Their storage is under the complete control of a browser used by an individual – which can be used to restrict or disable cookie storage.

Cookies are fundamental to providing individually friendly online services. They are used to store information about the status of each site, help collect user statistics, and site visits, etc. Using cookies, we can therefore evaluate the effectiveness of our website design.

The company’s website uses the following cookies:

Cookie name

_ga

_gid

_gat

_moove_gdpr_popup

Duration

2 years

24 hours

1 minute

24 hours

Function

Used to differentiate between users.

Used to differentiate between users.

It is used to control access to the website.

Intended for storing user preferences for third-party cookies (i.e. Google Analytics)

Storing and managing cookies is under the complete control of a browser used by an individual. The browser can limit or disable cookie storage as desired. You can also delete the cookies your browser has stored, with instructions found on the web pages of each browser.

Data protection and data accuracy

The company takes care of information security and security of the infrastructure (premises and application system software). Our information systems are protected, inter alia, with antivirus programs and a firewall. We have implemented appropriate organizational and technical security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other illegal and unauthorized forms of processing. In the case of the provision of specific types of personal data, they are transmitted in encrypted form and password protected.

The individual is solely responsible for providing his personal information securely and that the information provided is accurate and credible. The company will endeavour that your personal information, which it processes, is accurate and if necessary updated. Hence, we can contact you from time to time to verify the accuracy of your personal information.

Rights of Individual regarding data processing

According to the General Regulation, you as the individual have the following rights from the personal data protection.

  • You may require information about whether we have your personal information and, if so, what information we have and on what basis do we have them and why we use them.
  • You may request access to your personal data, which allows you to receive a copy of the personal data held by the company and verify that the company processes it legally.
  • You may require personal data corrections, such as a correction of incomplete or inaccurate personal information.
  • You may request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
  • You may object to the further processing of personal data where the company relies on a legitimate business interest (even in the case of a third party’s legitimate interest) when there are reasons relating to the your particular situation; you have the right to object at any time if the company processes personal data for direct marketing purposes.
  • You may require limitation of the processing of your personal data, which means that the processing of personal data is cancelled, for example, when you require the company to determine the accuracy or to verify the reasons for the further processing of personal data.
  • You may request the transfer of your personal data in a structured electronic form to another controller, to the extent possible and feasible.
  • You can revoke the consent or consensus you have given for the collection, processing and transfer of your personal data for a specific purpose; upon receipt of the notice that you have withdrawn your consent, the company will cease processing personal data for the purposes it originally accepted, unless the company has other legal bases for doing so legally.

If an individual wish to exercise any of the aforementioned rights, he can send the application by e-mail to dpo@fin4green.si or by regular mail to the company’s address.

Access to individual’s personal data and established rights is free for the individual. However, a company may charge a reasonable fee, insofar as the data subject’s request is manifestly unfounded or excessive, in particular when it is repeated. In such a case, the company may also reject the request.

In case of exercising the rights in this title, the company may need to request certain information that will help it to confirm the identity of the individual, which is only a security measure that ensures that personal data are not disclosed to unauthorized persons.

When exercising rights under this heading, an individual may use the Information Commissioner’s form, which can be accessed on their website.

If an individual believes that his rights have been violated, he or she can contact the supervisory authority for protection or assistance to the Information Commissioner.

If an individual has any questions regarding the processing of his personal information, you can always contact our company by e-mail at dpo@fin4green.si or by regular mail to the company address.

Publishing changes of privacy policy

Any change to our privacy policy will be published on the company website: fin4green.si. By using the website, the individual confirms that he accepts and agrees with the entire content of this personal data protection policy.

The personal data protection policy was adopted by the responsible person of the company on 01.03.2019