Privacy policy

Afront pays great attention to the protection of personal data. This document provides information about the purposes and legal bases for data processing, data security measures and the rights of individuals regarding processing of personal data carried out by our company.

As used in this privacy policy, ‘personal data’ means information that relates to an identified individual or to an identifiable individual. For example, this could include among other things your name, address, email address, business contact details, or information gathered through your interactions with us via our websites or at events.

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) as well as in accordance with valid Slovenian legislation in the field of personal data protection and privacy in electronic communications and other regulations governing the protection of personal data.

This policy describes for what purposes and in what manner we process the personal data we receive from you based on the legal bases described below.

1. Data controller

The data controller of personal data as specified in this privacy policy is Afront, Barjanska cesta 16, 1000 Ljubljana,

2. Categories of personal data and types of processes

a. Depending on the nature of your interaction with us, categories of personal data processed include:

  • Identification data (name and surname, age, sex, birth date)
  • Contact data (address, e-mail address, phone number)
  • Details of qualification (education, experience, licenses, etc.)
  • Other (data necessary for fulfilment of specific purposes, described in detail to data subjects before such processing occurs)

b. Depending on the nature of your interaction with us, types of processes include:

  • communication with clients;
  • event organisation and management;
  • management of different national and EU projects;
  • compliance with applicable laws and regulations;
  • marketing and advertising activities.

3. Legal bases for data processing

When processing personal data, we rely on the legal basis for the legality of processing from Article 6(1) of the GDPR, namely:

a. Consent

For marketing and sales activities (including events) based on your consent where so indicated on our sites or forms at the time your personal information was collected.

b. Execution of a contract

In order to engage in transactions with our clients and business partners.

c. Fulfilment of a legal obligation

In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal processes.

d. Legitimate interest

To keep you updated on our events and services which may be of interest to you.

4. Websites

I. Cookies

Cookies are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet. We use only those cookies that enable you to have the best possible experience within our website (the so-called “essential cookies” without which our website cannot function) for the use of which no user consent is needed. We use no additional cookies or other marketing, analytic or tracking functionalities.

Essential cookies in use

Name Affiliate Purpose Expiry
PHPSESSID Afront To identify a user’s session on a website. till end of session
wp-wpml_current_language Afront Localisation of website till end of session

5. Data storage and deletion

We will only process your personal data as long as it is necessary to fulfil the purpose for which the personal data was collected and processed. Insofar as the data is collected on the basis of the law, we will keep it for as long as the individual law prescribes.

We will keep the personal data we need for the execution of the contract for as long as is necessary for the execution of the contract and for five years after the end of the calendar year in which the contract was terminated, except in the event that a longer retention period would be required due to a dispute in connection with a contract. In such a case, we will keep your personal data for 10 years after the end of the calendar year of the finality of the court decision, arbitration or court settlement, or – if there was no legal dispute – 5 years after the end of the calendar year from the date of consensual resolution of the dispute.

Personal data processed on the basis of personal consent or legitimate interest will be kept for a maximum of five years after the end of the calendar year of the conclusion of our business cooperation unless applicable legislation stipulates otherwise.

In case of withdrawal of consent, we will delete your personal data within 30 days at the latest. We can delete this data even before cancellation, when the purpose of personal data processing has

been achieved or if it is stipulated by law. Revocation of consent does not affect the legality of data processing that was carried out on the basis of consent until its revocation.

Exceptionally, we can refuse a request for deletion for reasons from the General Regulation (EU), such as: exercise of the right to freedom of expression and information, fulfilment of the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical -research purposes or statistical purposes, exercise or defence of legal claims.

6. Contractual processing and export of personal data

For some services, we may also forward your personal data to potential partners in projects, supervisory authorities or based on the request of the judicial branch of government. In no case will we pass on your personal data to unauthorized third parties or to any entity outside of the EU/EEA region (third country).

When authorised third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

In order to better manage and control individual processors and to ensure that mutual contractual relations are regulated, we also maintain a list of contractual processors with whom we cooperate.

7. Concern for data security and accuracy

As the data controller, we take care of information security and the security of the infrastructure (premises and application system software).

We have implemented appropriate organizational and technical security measures aimed at protecting personal data against accidental or illegal destruction, loss, modification, unauthorized disclosure or access, as well as against other illegal and unauthorized forms of processing.

As an individual, you are responsible for providing us with your personal information securely and that the information provided is accurate and authentic. We, as the controller, will also do our best to ensure that the personal data we process is accurate and, if necessary, updated. Therefore, from time to time it may happen that we contact you to confirm the accuracy of the processed personal data.

8. Your rights in connection with personal data

In accordance with the GDPR (EU), you as an individual have the following rights from the protection of personal data:

  • You can request information about whether we process your personal data and, if so, what data we process and on what basis we process it and why we use it.
  • You can request access to your personal data, which allows you to receive a copy of the personal data we are processing and to check whether we are processing it lawfully.
  • You can request corrections to your personal data, such as the correction of incomplete or inaccurate personal data.
  • You can request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
  • You can object to the further processing of personal data where the organization refers to a legitimate interest (even in the case of a legitimate interest of a third party) when there are reasons related to your special situation; you have the right to object at any time if we process personal data for direct marketing purposes.
  • You can request the restriction of the processing of your personal data, which means the termination of the processing of personal data, for example, if you want us to establish the accuracy or to check the reasons for further processing of personal data.
  • For data processed on the basis of a contract or consent, you can request the transfer of your personal data in a structured electronic form to another controller, insofar as this is possible and feasible.
  • You can revoke the consent you have given to the collection, processing and transfer of your personal data for a specific purpose; upon receipt of notification that you have withdrawn your consent, we will stop processing personal data for the original purpose, unless we have another lawful legal basis for carrying out the processing.

If you wish to exercise any of the aforementioned rights, you can send a request by e-mail to or by regular mail to our address.

We will respond to a request relating to individual rights without undue delay and in any case within one month of receiving the request. In the event that this deadline is extended (by a maximum of two additional months) taking into account the complexity and number of requests, you will be notified. Access to an individual’s personal data and asserted rights is free of charge to the individual, but we may charge you a reasonable fee to the extent that your request is excessive, manifestly unfounded or excessive, particularly if it is repeated. In such a case, we may also reject your request.

In the case of exercising rights under this title, we may need to request certain information from you to help it confirm your identity, which is a security measure to ensure that your personal information is not disclosed to unauthorized persons.

If you have any complaints regarding our compliance with this Privacy Policy, please contact us at any time by e-mail We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy and in accordance with applicable law.

You also have the right to file a complaint with a competent data protection authority, which in Slovenia is the Information Commissioner of the Republic of Slovenia, Dunajska 22, 1000 Ljubljana, https://www.

9. Changes to this privacy policy

We try to ensure that this policy is always in accordance with the law and our actual operation in the field of personal data processing. Therefore, we will update this policy from time to time and publish it on this website.

Last revision of policy: 01.01.2023