Privacy policy

Personal data protection policy (Privacy policy)

 

The purpose of the personal data protection policy is to inform individuals, service users, colleagues, employees and other persons (hereinafter: "individual") who work with the company VIGROS, d.o.o. (hereinafter: the "company") about the purposes, legal bases, security measures and rights of individuals regarding the processing of personal data carried out by our company.

 

 

 

We value your privacy, so we always protect your data carefully.

 

 

 

We process personal data in accordance with European legislation {Regulation {EU) 2016/697 on the protection of individuals in the processing of personal data and on the flow of such data (hereinafter: "General Regulation")), valid Slovenian legislation in the field of personal data protection and other legislation , which gives us the legal basis for processing personal data.

 

 

 

The personal data protection policy contains information on how our company, as an administrator, processes personal data received from individuals on the basis of legal grounds.

 

 

 

1) Operator

The controller of personal data is the company:

 

V/GROS, d.o.o.

 

Puconci 10, 9201 Puconci E-mail: info@vigros.si

 

Phone: 00386{0}2 53610 70

 

 

 

2) Contact person for personal data protection

Individuals to whom personal data refer can contact the contact person for personal data protection regarding all issues related to the processing of their personal data and the exercise of their rights in accordance with the General Regulation:

 

by e-mail: info@vigros.si

 

on phone: 00386{0)2 53610 70

 

 

 

3) Personal data

Personal data means any information relating to a specific or identifiable individual; an identifiable individual is one who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more factors that characterize the physical, physiological, genetic , mental, economic, cultural or social identity of that individual.

 

4) Processing purposes and basis for data processing

The company collects and processes your personal data on the following legal bases:

 

processing is necessary to fulfill a legal obligation applicable to the controller;

 

the processing is necessary for the performance of a contract to which the individual to whom personal data relates is a contracting party, or for the implementation of measures at the request of such an individual prior to the conclusion of the contract;

 

processing is necessary due to the legitimate interests pursued by the controller or a third party;

 

 

 

 

 

 

the individual to whom the personal data relates has consented to the processing of his personal data for one or more specified purposes;

 

processing is necessary to protect the vital interests of the data subject or other natural person.

 

 

 

4.1) Fulfillment of legal obligations

Based on the provisions of the law, the company processes data about its employees, which is made possible by labor law and social welfare legislation. Based on the legal obligation, the company mainly processes the following types of personal data for employment purposes: first and last name, gender, date of birth, EMŠO, tax number, city, municipality and country of birth, citizenship, residence, etc.

 

 

 

4.2) Execution of the contract

In the event that an individual enters into a contract with the company, this constitutes the legal basis for the processing of personal data. Personal data may be processed for the purpose of concluding and implementing a contract, such as e.g. sale of goods and services, membership in benefit clubs, participation in events, trainings, promotions, etc. If the individual does not provide personal data, the company cannot conclude a contract, nor can the company perform the service or deliver the goods in accordance with the concluded contract. The company can inform individuals and users of its services about its offers, services, events, trainings and other contents to their e-mail address based on the performance of a legal activity. An individual can at any time request the termination of this type of communication and processing of personal data and cancel receiving messages via the unsubscribe link in the received message, or as a request by e-mail to info@vigros.si or by regular mail to the company's address.

 

 

 

4.3) Legitimate interest

The company may also process personal data on the basis of the legitimate interest it pursues. The latter is not permissible when such interests prevail over the interests or fundamental rights and freedoms of the individual to whom the personal data relate, which require the protection of personal data. In case of use of legitimate interest, the company always conducts an assessment in accordance with the General Regulation. The processing of personal data of individuals for the purposes of direct marketing is considered to be carried out in a legitimate interest. The company can process the personal data of individuals that it has collected from publicly available sources or within the framework of the legal performance of activities, also for the purposes of offering goods, services, employment, informing about benefits, events and p.d. To achieve these purposes, the company may use regular mail, telephone calls, e-mail and other means of telecommunications. For the purposes of direct marketing, the company may process the following personal data of individuals: first and last name of the individual, address of permanent or temporary residence, telephone number and e-mail address. For the purposes of direct marketing, the company may process the specified personal data even without the express consent of the individual. An individual can at any time request the termination of this type of communication and processing of personal data and cancel receiving messages via the unsubscribe link in the received message, or as a request by e-mail to info@vigros.si or by regular mail to the company's address.

 

 

 

4.4) Processing based on consent or consent

Insofar as the company does not have a legal basis demonstrated on the basis of law, contractual obligation or legitimate interest, it may ask the individual for consent or consensus. Thus, it can process certain personal data of an individual also for the following purposes, when the individual gives his consent:

 

residential address and email address for notification and communication purposes; photos, video recordings and other content relating to individuals (e.g. publication of images of individuals on the company's website) for the purposes of documenting activities and informing the public about the company's work and events;

 

other purposes for which the individual agrees with consent.

 

 

 

 

 

 

If an individual gives his consent to the processing of personal data and at some point no longer wishes to do so, he can request the termination of the processing of personal data by sending a request by e-mail to info@vigros.si or by regular mail to the company's address. Revocation of consent does not affect the lawfulness of processing based on consent prior to its revocation.

 

 

 

4.5) Processing is necessary to protect the vital interests of the individual

The company can process the personal data of the individual to whom the personal data relates, insofar as this is necessary to protect his vital interests. In urgent cases, the company can search for an individual's personal document, check whether this person exists in its database, examine his medical history or establish contact with his relatives, for which the company does not need the individual's consent. The above applies in cases where this is absolutely necessary to protect the vital interests of the individual.

 

 

 

4.6) Video surveillance

In order to ensure the safety of employees and visitors and to ensure the protection of property, we process the personal data of individuals in the company area where video surveillance is carried out (picture of the individual). With the help of video surveillance (cameras are installed around the main and side entrances and warehouse premises), we monitor entrances and exits to the company's premises and protect property. Video surveillance is carried out on the basis of a legitimate interest, as determined by point (f) l. paragraph 6 of the General Regulation. Recordings are kept for up to 9 months. All information regarding the implementation of video surveillance can be obtained by phone: 00386 (0)2 536 10 70 or e-mail: info@vigros.si company. The rights of individuals are described in this Policy.

 

 

 

5) Storage and deletion of personal data

The company will keep personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected and processed. If the company processes data on the basis of the law, it will keep it for the period prescribed by law. Here, some data is kept for the duration of cooperation with the company, while some data must be kept permanently. Personal data that the company processes on the basis of a contractual relationship with an individual is kept by the company for the period necessary for the execution of the contract and for another 6 years after its termination, except in cases where a dispute arises between the individual and the company regarding the contract. In such a case, the company keeps the data for another 10 years after the finality of the court decision, arbitration or court settlement or, if there was no court dispute, S years from the date of the peaceful resolution of the dispute. Those personal data that the company processes on the basis of the individual's personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of a cancellation or deletion request, the data will be deleted without undue delay. The company can delete this data even before cancellation, when the purpose of personal data processing has been achieved or if it is stipulated by law.

 

Exceptionally, the company may refuse a request for deletion for reasons from the General Regulation, such as: exercise of the right to freedom of expression and information, fulfillment of the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defense of legal claims. After the retention period has expired, the company must effectively and permanently delete or anonymize personal data so that it can no longer be linked to a specific individual.

 

6) Contractual processing of persons

of data and data export

The company can entrust individual processing of personal data to a contractual processor on the basis of a contractual processing agreement. Contractual processors can process confidential data exclusively on behalf of the controller, within the limits of his authority, which is written in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.

 

 

 

 

 

 

The contractual processors with whom the company cooperates are mainly:

 

accounting services and other providers of legal and business advice; infrastructure maintainers (security services);

 

maintainers of information systems;

 

e-mail service providers and software providers, cloud services providers of social networks and online advertising (Google, Facebook, Instagram, etc.).

 

 

 

For the purposes of better inspection and control over contract processors and regulation of the mutual contractual relationship, the company also maintains a list of contract processors, which lists all specific contract processors with which the company cooperates.

 

 

 

Under no circumstances will the company provide personal data of an individual to unauthorized third parties. Contract processors may only process personal data within the framework of the company's instructions and may not use personal data for any other purposes.

 

 

 

As a controller, the company and its employees do not export personal data to third countries (outside the member states of the European Economic Area - EU members and Iceland, Norway and Liechtenstein) and to international organizations, except in the USA, whereby relations with contract processors from the USA are regulated on on the basis of standard contractual clauses (standard contracts adopted by the European Commission) and/or binding business rules (adopted by the company and approved by supervisory authorities in the EU).

 

7) Cookies

The company's websites work with the help of the so-called cookies. A cookie is a file that stores website settings. Websites store cookies on users' devices with which they access the Internet in order to identify individual devices and the settings that users used to access the website. Cookies allow websites to recognize if the user has already visited the website. In the case of advanced applications, individual settings can be adjusted accordingly. Their storage is under the full control of the browser used by the individual, which can limit or completely disable the storage of cookies as desired.

 

Cookies are of fundamental importance for providing user-friendly online services. They are used to store information about the state of the individual website, help to collect statistics about users and website visits, etc. We use cookies to evaluate the effectiveness of our website design. The websites are www.vigros.si and the online store www.svet-gastronomije.si

 

 

 

The company website uses the following cookies:

 

The name of the cookie

 

Duration 2 years

 

24 hours

 

Function

 

It is used to differentiate between users.

 

 

Mrs

 

guide

 

 

It is used to differentiate between users.

 

 

ghat

 

galli

 

1 minute

 

24 hours

 

It is used to regulate access to the website.

 

Improved connection allocation

 

 

 

 

Cookies saved by the browser can be deleted by the individual (instructions can be found on the websites of the individual browsers).

 

8) Data security and data accuracy

The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected by anti-virus programs and a firewall, among other things. We have introduced appropriate organizational and technical security measures aimed at protecting personal data against accidental or illegal destruction, loss, modification, unauthorized disclosure or access, and against other illegal and unauthorized

 

 

 

 

 

 

forms of processing. In the case of transmission of special types of personal data, they are transmitted in an encrypted form and protected by a password.

 

 

 

The individual is responsible for providing his/her personal data securely and that the data provided is accurate and authentic. The company will make every effort to ensure that the personal data it processes is accurate and, if necessary, updated, from time to time we may also contact the individual to confirm the accuracy of the personal data.

 

9) Individual rights regarding data processing

In accordance with the General Regulation, an individual has the following personal data protection rights:

 

 

 

He may request information about whether we have his personal data and, if so, what data we have and on what basis we have it and why we use it;

 

he can request access to his personal data, which allows him to receive a copy of the personal data held by the company and to check whether the company is processing it legally;

 

may request corrections of personal data, such as correction of incomplete or inaccurate personal data;

 

may request the deletion of their personal data when there is no reason for further processing or may exercise his right to object to further processing at any time;

 

may object to the further processing of personal data where the company refers to a legitimate business interest (even in the case of a third party's legitimate interest), when there are reasons related to the individual's special situation; the individual has the right to object at any time if the company processes personal data for direct marketing purposes;

 

can request the restriction of the processing of his personal data, which means the interruption of the processing of personal data, for example, if the individual wants the company to establish the accuracy or to check the reasons for the further processing of personal data;

 

may request the transfer of their personal data in a structured electronic form to another controller, insofar as this is possible and feasible;

 

can revoke the consent or consent he gave to the collection, processing and transfer of his personal data for a specific purpose; upon receiving notice that he has withdrawn his consent, the Company will cease to process the personal data for the purposes for which it was originally accepted, unless the Company has no other lawful legal basis for doing so lawfully.

 

 

 

If an individual wants to exercise any of the aforementioned rights, he can send a request by e-mail to info@vigros.si or by regular mail to the address of the company. The company will respond to a request relating to the rights of an individual without undue delay and in any case within one month of receiving the request. In the event that this deadline is extended (by a maximum of two additional months) taking into account the complexity and number of requests, you will be notified. Access to the individual's personal data and asserted rights is free for the individual. However, the company may charge a reasonable fee if the data subject's request is manifestly unfounded or excessive, especially if it is repeated. In such a case, the company can also reject the request. In the case of exercising the rights under this title, the company may have to request certain information from the individual that will help it confirm the identity of the individual, which is only a security measure to ensure that personal data is not disclosed to unauthorized persons.

 

 

 

When exercising the rights from this title, or in the event that an individual believes that his rights have been violated, he can contact the supervisory authority, i.e. the Information Commissioner, for protection or assistance, more information is available on the website: https://www. ip-rs.si/.

 

 

 

If an individual has any questions regarding the processing of their personal data, you can always contact our company by e-mail at info@vigros.si or by regular mail to the company address.

 

 

 

10} Announcement of changes

Any changes to our Personal Data Protection Policy will be published on the company's website: https://www.viqros.si By using the website, the individual confirms that they accept and agree to the entire content of this Personal Data Protection Policy.

 

 

 

 

 

The personal data protection policy was adopted by the director of Vigros d.o.o. on 20.1.2023.

 

 

 

 

 

In Puconci, on 20.1.2023

 

 

 

 

 

VIGROS, d.o.o.