Legal Notice
Privacy Policy
1) Data Controller
The data controller is the company:
Quipnex, računalniške storitve d. o. o.
Koroška ulica 14, 1000 Ljubljana
luka@quipnex.com
Phone: +386 (0)69 898 365
2) Data Protection Officer
In accordance with Article 37 of the General Data Protection Regulation (GDPR), the Data Protection Officer (DPO) is:
Luka Suhadolnik
Koroška ulica 14, 1000 Ljubljana
luka@quipnex.com
Phone: +386 (0)69 898 365
3) Personal Data Collected
We may collect the following types of personal data:
- Name, surname, permanent and temporary address, date of birth, personal identification number (EMŠO), gender, home and work phone number or mobile number, and work email address.
- Employment details, duration of employment including dates, employer information, places of employment, and other work-related data.
Methods and Sources of Personal Data Collection
We obtain personal data from individuals through:
- Subscription to our newsletter (link).
- Direct inquiries for our services via the company email (luka@quipnex.com) or other company-provided employee emails.
- Requests for information or service quotes via any other information and communication technology (ICT).
- Job applications submitted via any ICT means.
- Collection of publicly available data from publicly accessible websites.
4) Purposes of Personal Data Processing
The primary purpose of processing personal data is for sending newsletters and notifications about new articles on the company’s website, as well as preparing offers based on inquiries.
Additionally, if an individual submits a job application, we may process personal data for recruitment purposes. In such cases, we may retain data about unsuccessful candidates beyond the recruitment process with their explicit consent. Unsuccessful candidates are notified of their non-selection via email.
Personal data may also be used to improve our services through surveys or other research methods.
We use email communication to provide:
- Responses to inquiries and preliminary offers.
- Updates on our services.
- Information related to software upgrades.
- News and offers from our partners
Since feedback is essential for ensuring service quality, we may request information on service satisfaction through surveys. Participation in surveys is voluntary and does not require user
consent.
5) Legal Basis for Data Collection and Processing
Personal data is used based on one of the following legal grounds:
- Processing of personal data based on explicit consent, which serves as the basis for mandatory or necessary processing.
- Processing of personal data for the purpose of preparing offers or conducting a recruitment process.
- Processing necessary to fulfill a legal obligation applicable to (potential) clients.
- Processing based on legitimate business interests, including business operations and general personnel and labor procedures.
Processing of special categories of personal data is always based on lawful grounds.
6) Data Retention and Deletion
The company will retain personal data only for as long as necessary to fulfill the purpose for which the data was collected and processed. If data is processed based on legal obligations, the retention period will be as prescribed by law. Certain personal data will be retained until consent is revoked. Upon receipt of a withdrawal request, data will be deleted within 15 days. The company may also delete data before consent withdrawal if the processing purpose has been achieved or as required by law.
In exceptional cases, the company may refuse a deletion request for reasons outlined in the GDPR.
7) Withdrawal of Consent
Consent for data processing can be withdrawn at any time. Withdrawal may apply to a specific purpose or all data processing purposes for which consent was given.
Withdrawal can be submitted via:
- Clicking the "unsubscribe from this list" link at the bottom of every company email.
- Replying to an email with a clear and unambiguous request specifying the scope of withdrawal.
- Sending an email to luka@quipnex.com with the subject line: Withdrawal of Consent – GDPR.
If the request does not clearly specify the scope of withdrawal, it will be considered applicable only to the purpose related to the received email.
8) Contractual Processing of Personal Data and Data Transfers
The company may entrust specific personal data processing activities to contractual data processors under a data processing agreement. These processors may process the entrusted data exclusively on behalf of the company, within the scope of their authorization, as defined in a written contract or another legal act, and in accordance with the purposes defined in this Privacy Policy.
The company collaborates with the following data processors:
- Accounting services and legal and business consultants.
- Infrastructure maintenance services (security services).
- IT system maintenance providers.
- Email service providers and cloud software providers (e.g., Dropbox, Microsoft, Google)
- Social media and online advertising service providers (Google, Facebook, Moje delo, etc.).
9) Cookies
The company’s website uses the following cookies:
Cookie Name: _ga
Function: Tracks users in Google Analytics. Creates a unique ID for
analyzing visits and behavior on the site.
Duration: 2 years
Cookie Name: _ga_6V9LF8RFJC
Function: Extended Google Analytics 4 (GA4) cookie for tracking
specific sessions and interactions on the site.
Duration: 2 years
Individuals can delete stored cookies via browser settings (instructions can be found on the respective browser’s website).
10) Rights of Individuals Regarding Data Processing
Under the GDPR, individuals have the following data protection rights:
- Right of access: Access to personal data to ensure lawful processing.
- Right to rectification: Correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of personal data.
- Right to restriction of processing: Request limitation of data processing.
- Right to data portability: Receive personal data in a structured, commonly used format and transfer it to another controller.
- Right to object: Object to data processing based on GDPR provisions.
- Right not to be subject to automated decision-making: Not be subject to a decision based solely on automated processing, including profiling.
- Right to file a complaint with a supervisory authority: Individuals may file complaints with the EU member state’s supervisory authority where they reside, work, or where a GDPR violation occurred.
To exercise any of these rights, individuals may send a request via email to luka@quipnex.com or by postal mail to the company’s address.
Access to personal data and rights enforcement are free of charge. However, if requests are manifestly unfounded or excessive, particularly if repetitive, the company may charge a reasonable fee or refuse the request.
If an individual believes their rights have been violated, they may file a complaint with the Information Commissioner of Slovenia at Dunajska 22, 1000 Ljubljana, or via email at gp.ip@ip-rs.si.
For any inquiries regarding personal data processing, individuals can contact the company at luka@quipnex.com.