Afront pays great attention to the protection of personal data. This document provides information about the purposes and legal bases for data processing, data security measures and the rights of individuals regarding processing of personal data carried out by our company.
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) as well as in accordance with valid Slovenian legislation in the field of personal data protection and privacy in electronic communications and other regulations governing the protection of personal data.
This policy describes for what purposes and in what manner we process the personal data we receive from you based on the legal bases described below.
1. Data controller
2. Categories of personal data and types of processes
a. Depending on the nature of your interaction with us, categories of personal data processed include:
- Identification data (name and surname, age, sex, birth date)
- Contact data (address, e-mail address, phone number)
- Details of qualification (education, experience, licenses, etc.)
- Other (data necessary for fulfilment of specific purposes, described in detail to data subjects before such processing occurs)
b. Depending on the nature of your interaction with us, types of processes include:
- communication with clients;
- event organisation and management;
- management of different national and EU projects;
- compliance with applicable laws and regulations;
- marketing and advertising activities.
3. Legal bases for data processing
When processing personal data, we rely on the legal basis for the legality of processing from Article 6(1) of the GDPR, namely:
For marketing and sales activities (including events) based on your consent where so indicated on our sites or forms at the time your personal information was collected.
b. Execution of a contract
In order to engage in transactions with our clients and business partners.
c. Fulfilment of a legal obligation
In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal processes.
d. Legitimate interest
To keep you updated on our events and services which may be of interest to you.
Cookies are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet. We use only those cookies that enable you to have the best possible experience within our website (the so-called “essential cookies” without which our website cannot function) for the use of which no user consent is needed. We use no additional cookies or other marketing, analytic or tracking functionalities.
Essential cookies in use
|PHPSESSID||Afront||To identify a user’s session on a website.||till end of session|
|wp-wpml_current_language||Afront||Localisation of website||till end of session|
5. Data storage and deletion
We will only process your personal data as long as it is necessary to fulfil the purpose for which the personal data was collected and processed. Insofar as the data is collected on the basis of the law, we will keep it for as long as the individual law prescribes.
We will keep the personal data we need for the execution of the contract for as long as is necessary for the execution of the contract and for five years after the end of the calendar year in which the contract was terminated, except in the event that a longer retention period would be required due to a dispute in connection with a contract. In such a case, we will keep your personal data for 10 years after the end of the calendar year of the finality of the court decision, arbitration or court settlement, or – if there was no legal dispute – 5 years after the end of the calendar year from the date of consensual resolution of the dispute.
Personal data processed on the basis of personal consent or legitimate interest will be kept for a maximum of five years after the end of the calendar year of the conclusion of our business cooperation unless applicable legislation stipulates otherwise.
In case of withdrawal of consent, we will delete your personal data within 30 days at the latest. We can delete this data even before cancellation, when the purpose of personal data processing has
been achieved or if it is stipulated by law. Revocation of consent does not affect the legality of data processing that was carried out on the basis of consent until its revocation.
Exceptionally, we can refuse a request for deletion for reasons from the General Regulation (EU), such as: exercise of the right to freedom of expression and information, fulfilment of the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical -research purposes or statistical purposes, exercise or defence of legal claims.
6. Contractual processing and export of personal data
For some services, we may also forward your personal data to potential partners in projects, supervisory authorities or based on the request of the judicial branch of government. In no case will we pass on your personal data to unauthorized third parties or to any entity outside of the EU/EEA region (third country).
In order to better manage and control individual processors and to ensure that mutual contractual relations are regulated, we also maintain a list of contractual processors with whom we cooperate.
7. Concern for data security and accuracy
As the data controller, we take care of information security and the security of the infrastructure (premises and application system software).
We have implemented appropriate organizational and technical security measures aimed at protecting personal data against accidental or illegal destruction, loss, modification, unauthorized disclosure or access, as well as against other illegal and unauthorized forms of processing.
As an individual, you are responsible for providing us with your personal information securely and that the information provided is accurate and authentic. We, as the controller, will also do our best to ensure that the personal data we process is accurate and, if necessary, updated. Therefore, from time to time it may happen that we contact you to confirm the accuracy of the processed personal data.
8. Your rights in connection with personal data
In accordance with the GDPR (EU), you as an individual have the following rights from the protection of personal data:
- You can request information about whether we process your personal data and, if so, what data we process and on what basis we process it and why we use it.
- You can request access to your personal data, which allows you to receive a copy of the personal data we are processing and to check whether we are processing it lawfully.
- You can request corrections to your personal data, such as the correction of incomplete or inaccurate personal data.
- You can request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
- You can object to the further processing of personal data where the organization refers to a legitimate interest (even in the case of a legitimate interest of a third party) when there are reasons related to your special situation; you have the right to object at any time if we process personal data for direct marketing purposes.
- You can request the restriction of the processing of your personal data, which means the termination of the processing of personal data, for example, if you want us to establish the accuracy or to check the reasons for further processing of personal data.
- For data processed on the basis of a contract or consent, you can request the transfer of your personal data in a structured electronic form to another controller, insofar as this is possible and feasible.
- You can revoke the consent you have given to the collection, processing and transfer of your personal data for a specific purpose; upon receipt of notification that you have withdrawn your consent, we will stop processing personal data for the original purpose, unless we have another lawful legal basis for carrying out the processing.
If you wish to exercise any of the aforementioned rights, you can send a request by e-mail to firstname.lastname@example.org or by regular mail to our address.
We will respond to a request relating to individual rights without undue delay and in any case within one month of receiving the request. In the event that this deadline is extended (by a maximum of two additional months) taking into account the complexity and number of requests, you will be notified. Access to an individual’s personal data and asserted rights is free of charge to the individual, but we may charge you a reasonable fee to the extent that your request is excessive, manifestly unfounded or excessive, particularly if it is repeated. In such a case, we may also reject your request.
In the case of exercising rights under this title, we may need to request certain information from you to help it confirm your identity, which is a security measure to ensure that your personal information is not disclosed to unauthorized persons.
You also have the right to file a complaint with a competent data protection authority, which in Slovenia is the Information Commissioner of the Republic of Slovenia, Dunajska 22, 1000 Ljubljana, https://www. ip-rs.si/.
We try to ensure that this policy is always in accordance with the law and our actual operation in the field of personal data processing. Therefore, we will update this policy from time to time and publish it on this website.
Last revision of policy: 01.01.2023