PRIVACY POLICY OF ZZI D.O.O.
Content
This document contains all the information concerning the processing of personal data carried out by ZZI d.o.o. (hereinafter referred to as ZZI or ˝we˝, ˝us˝). Here you will find information on the purposes of processing, the legal basis, the types of personal data, the retention period and your rights in relation to processing.
Table of contents
2. Who processes your personal data
ZZI acts as the controller of the personal data. However, we may also act as a processor of personal data in the course of our business. When ZZI acts as a processor of personal data is further defined in the section “When we process personal data as a processor of personal data”.
In this privacy policy you will find information about what personal data we collect, why we process it, how long we keep it and what rights you have when we process your personal data.
Information about the controller of the personal data:
ZZI d.o.o., Pot k sejmišču 33, 1231 Ljubljana – Črnuče, Slovenia
Contact: dr. Rok Bojanc, e-mail: gdpr(at)zzi.si
3. How do we process personal data?
At ZZI, we process personal data on the basis of predefined and legitimate purposes. We only process personal data for these purposes – should there be additional purposes for which we process personal data, we will inform you in advance.
Any processing of personal data is only carried out on the basis of an appropriate legal basis, we use different legal bases, namely: contractual relationship, law, legitimate interest or your consent.
We only keep personal data for as long as is necessary to fulfil the purpose for which we collected it. After the retention period has expired, we delete or destroy the personal data so that reconstruction of the personal data is no longer possible.
4. Who is covered by this privacy policy?
This privacy policy is addressed to all individuals whose personal data is processed by ZZI as a personal data controller.
This includes the following categories:
- subscribers (contact persons, users),
- business partners,
- potential clients (online enquiries, contacts from events)
- the interested public:
- Website visitors
- Recipients of our newsletter
5. How do you obtain my personal data?
We may obtain personal data directly from you (e.g. when you contact us with an enquiry) or indirectly (e.g. by visiting our website, through our partner companies).
The provision of personal data is optional, except where the provision of personal data is required by law. If you choose not to provide us with personal data, there is a possibility that we may not be able to provide you with certain services (e.g. we may not be able to respond to your enquiry if you do not provide us with contact information). Also, without certain personal data, it is not possible to conclude a contract.
6. On the basis of which purposes do we process personal data?
In this section you will find information about the purposes of the processing and the legal basis we use to process your personal data.
You have certain rights in relation to the processing of your personal data, which are set out in more detail below.
Where the processing of your personal data is based on a legitimate interest, you have the possibility to object to the processing of your personal data.
If you have given your consent to the processing of your personal data, you always have the possibility to withdraw your consent.
6.1. Processing carried out by us in the performance of our services
This section contains information about the processing of our subscribers’ personal data that we carry out for the purposes of providing our services.
| Purpose of processing | Legal basis | Types of personal data | Retention period |
|---|---|---|---|
| Conclusion of the contract and performance of the obligations under the contract | Contractual relationship | Name of the signatory/representative, full name, email address, telephone number of the contact person. | 5 years from the end of the contract. Invoices are kept for 10 years, in accordance with the requirements of tax legislation. |
| Providing assistance to users | Contractual relationship | Email address, telephone number, name and surname of contact person. In the case of technical assistance, access to data held by the Customer with the Controller may be possible. | 5 years from the end of the contract |
| Setting up and providing a user account | Contractual relationship | Name and surname, email address of the user | 5 years from termination of contract |
| Sending notifications regarding the operation/maintenance of the System and subscription changes | Contractual relationship | Name and surname, email address of the User | 5 years from termination of contract |
6.2. Processing we carry out when communicating with subscribers and potential subscribers
This section defines the purposes of processing relating to communications with subscribers and potential subscribers outside the subscription relationship.
| Purpose of processing | Legal basis | Types of personal data | Retention period |
|---|---|---|---|
| Sending newsletters to our subscribers | Law | Name, surname, email address | Until cancellation |
| Sending newsletters to other recipients | Consent | Name, surname, email address | Until cancellation |
| Sending newsletters to publicly accessible email addresses | Legitimate interest in attracting new subscribers | Email address, company | Until revoked |
| Performing mild segmentation when sending newsletters (regardless of the recipient) | Legitimate interest in providing relevant news to subscribers | Name, surname, email address, details of services used, location of business premises | Until cancellation |
| Monitoring the effectiveness of sent newsletters | Legitimate interest in providing interesting content to newsletter recipients | Name, surname, email address, details of services used, location of business premises, details of who opened the email and what content was viewed | Until cancellation |
| Enquiry processing (regardless of communication channel) | Legitimate interest in providing effective and efficient communication with potential clients | Tax number, company, address, contact person, e-mail address, telephone number, content of enquiry | 1 year from the preparation of the response to the enquiry |
6.3. Processing of personal data in connection with the organisation of events or training
| Purpose of processing | Legal basis | Types of personal data | Retention period |
|---|---|---|---|
| Organisation and delivery of webinars | Contractual relationship | Name, email address, data required for the operation of the webinar tool | 1 year from the webinar |
6.4. Processing of personal data for marketing purposes
This section provides information on the marketing activities we carry out at ZZI.
| Purpose of processing | Legal basis | Types of personal data | Retention period |
|---|---|---|---|
| Marketing communication with subscribers and potential subscribers based on expressed interest in the newsletter | Legitimate interest in making a relevant offer to newsletter recipients | Email address, telephone number, first name, last name | 1 year from the end of the communication |
| Marketing communication with potential customers after a promotional event | Legitimate interest in presenting services in order to attract new clients | Email address, telephone number, first name, last name | 1 year after the promotional event |
| Conduct a raffle | Consent | A set of personal data will be provided in the individual prize draw | 3 months from the end of the prize draw; the winner's data will be stored in accordance with tax legislation |
6.5. Other purposes of processing
This section identifies the purposes related to the Company’s business itself.
| Purpose of processing | Legal basis | Types of personal data | Retention period |
|---|---|---|---|
| Asserting your rights or seeking compliance with obligations in official proceedings | The law | Information relevant to the matter at issue | For the duration of the enforcement procedure and for 10 years after the final decision of the competent authority |
| Carrying out statistical analyses of website usage | Legitimate interest in website optimisation | Use of aggregated data where the individual cannot be identified | Use of aggregated data without a retention period |
| Performing statistical analyses of newsletter sending | Legitimate interest in optimising newsletters | Use of aggregated data where the individual cannot be identified | Use of aggregated data without a retention period |
You can read more about the purposes of the processing, which relate to the processing of personal data concerning website users, in our Cookie Policy.
7. When do we process personal data in our capacity as a personal data processor?
As a provider of services that enable the digitisation of business, ZZI acts as a processor of personal data in relation to its customers.
Our clients act as data controller with respect to the personal data they process using our technologies. Individuals whose personal data is processed in this context are obliged to contact the data controller – the service provider – for any questions regarding the processing of personal data.
In the event that we receive a request that falls within the scope of the contractual processing that we carry out for our clients, we will forward such request to the competent controller to the extent that the controller can be reliably identified from the request itself.
In the event that identification is not possible, we will inform the individual and reject the request.
8. Do you pass on my data to third parties?
We will disclose your personal data to third parties where this is strictly necessary to achieve the purpose of the processing of your personal data.
Third parties are not allowed to use your personal data for their own purposes, and we have a personal data processing agreement with all of them, which sets out the data protection and data processing.
Third parties with whom we share your personal data
- Subcontractors and partners of the ZZI,
- Accounting service,
- ZZI suppliers/contractors for the execution of the works,
- Marketing mailing tool,
- Cloud-based ticketing system provider,
- Use of chatbot and Viber and Whatsapp to provide technical assistance.
9. How do we protect personal data?
At ZZI, we ensure adequate protection of the personal data we process. To this end, we apply various technical measures and organisational measures, including in particular:
- limiting access to personal data to authorised persons,
- Careful selection of contractors,
- security of premises, hardware, software and applications
- Compliance with internal acts and policies that set out the modalities and limits of the processing of personal data.
ZZI is certified for quality management (ISO 9001:2015) and information security (ISO/IEC 27001:2013).
10. What rights do I have in relation to the processing of personal data?
You have the following rights in relation to the processing of your personal data:
- Right to access and extract personal data: you can request information about whether we are processing your personal data. You can also request information about the processing itself and request a printout of the personal data we hold about you.
- Right to rectification of personal data: if the personal data we hold about you is incomplete or incorrect, you have the right to request rectification.
- Right to restriction of processing of personal data: you have the right to request the restriction of processing – you can exercise this right in certain cases, such as when personal data is being rectified. If you request the right to restrict processing, we will temporarily stop using your personal data, but we will not delete it.
- Right to object to the processing of personal data: where we process your personal data on the basis of legitimate interest or in cases of marketing communications, you have the right to object to such processing.
- Right to erasure of personal data: you have the right to request the erasure of your personal data. Erasure of personal data is not possible where the processing is based on a contractual relationship or law, except in cases where the retention period has expired.
- Withdrawal of consent: where the processing of personal data is based on consent, you may withdraw your consent at any time. Withdrawal of consent is without any negative consequences for you, but it is possible that we may not be able to provide you with certain services as a result of your withdrawal of consent. You can give your consent by contacting us at: gdpr@zzi.si.
- Right to data portability: you can request that we transfer the personal data we process about you to another data controller. We can only do this where it is technically feasible.
If you consider that there has been a breach of the processing of your personal data, you have the right to lodge a complaint with the Information Commissioner.
In the event that we receive a request to exercise a right, but cannot reliably identify the individual, we reserve the right to ask you to provide personal data that will enable us to identify you reliably. If you do not provide this information, we will not consider your request.
11. Web plugins
We allow the use of the following plug-ins on our website: Facebook and LinkedIn.If you use these plug-ins, please note that the use of social networks is entirely under the control of the respective social network. Each social network is subject to separate rules and conditions which are not related to ours; the same applies to the processing of personal data handled by each social network.
We remind you that you are solely responsible for any posts and interactions with social networks and that you are obliged to address any questions or exercise your rights to the respective social network.
To make it easier for you to access the information, we provide links to the privacy policies of each social network:
12. Policy changes
We reserve the right to change this privacy policy. The latest version of the policy will be posted at: https://www.zzi.si/politikazasebnosti.html and www.bizbox.eu/politikazasebnosti.
Version: 2.0
Valid from: 05.08.2022