Privacy and personal data protection
One of the main principles and also the most important values of the company Kimi GTSK d.o.o., Kamna gorca 17, 3241 Podplat (hereinafter: Kimi GTSK) is the consistent respect for rights and legislation.
We recognize the responsibility in handling the personal data of our customers, potential subscribers, visitors to Kimi GTSK websites, and all individuals who disclose their personal data to us (hereinafter: users), and we guarantee and undertake to use the personal data of users exclusively for the purposes stated in this document (Privacy and Personal Data Protection Policy).
In this Privacy and Personal Data Protection Policy (hereinafter: Policy), we define the methods of collecting users' personal data, the purposes for which we collect them, the security measures by which we protect them, the individuals with whom we share them, and your rights regarding personal data protection.
The protection and handling of users' personal data are fully in line with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter: GDPR), and other legal regulations governing the protection of personal data. Our activities comply with European legislation and conventions of the Council of Europe (ETS No. 108, ETS No.181, ETS No. 185, ETS No. 189)) as well as the legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/07) and the Electronic Commerce Market Act (ZEPT, Official Gazette of the Republic of Slovenia, No. 96/09 and 19/15)).
Personal data
A personal data is any information relating to an identified or identifiable natural person, known as the data subject, where the identity of the individual can be directly or indirectly determined, particularly by reference to identifiers such as identification numbers (e.g., national identification number, tax identification number, health insurance number, phone number, vehicle registration number) or by reference to factors specific to their physical, physiological, mental, economic, cultural, or social identity (e.g., employment, address, function, position, or status within a specific entity, etc.).
In accordance with the purposes outlined in the privacy policy, the website owner collects the following personal data:
-
Basic user information (name and surname, address)
-
Contact details and communication data between the user and the website owner (email address, phone number, date, time, and content of postal or email communications)
-
Data on the user's use of the website (dates and times of website visits, visited pages or URLs)
-
Other data voluntarily provided by the user to the website owner in connection with requests for specific services that require such data.
Processing purposes and legal bases for data processing
Processing of personal data means any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction; processing can be manual or automated.
The website owner collects and processes users' personal data based on the following legal grounds:
-
Consent of the individual,
-
Legal and contractual basis,
-
Legitimate interest.
The website owner does not collect or process users' personal data unless users provide consent or where legally permitted, such as when:
-
Subscribing to receive newsletters,
-
Providing personal data via email,
-
Submitting personal data in the form of business cards,
-
Where there is a legal basis or legitimate interest for data collection.
The period for which the website owner retains collected data is further defined in the section on Data Retention.
Kimi GTSK collects and processes users' personal data for the following purposes:
-
Sending newsletters,
-
Informing about services, offers, and business opportunities, and
-
Inviting users to events.
Processing of personal data based on consent
Processing based on laws and contractual agreements
In cases where the provision of personal data is a contractual obligation, necessary for the conclusion and performance of a contract with the provider, or a legal obligation, we will need to ask for the provision of your personal data. If you do not provide the personal data, you will not be able to enter into a contract with the provider, and the provider will not be able to perform services or deliver products under the contract.
Data Controller and Data Protection Officer
The data controller of personal data is Kimi GTSK d.o.o., located at Kamna gorca 17, 3241 Podplat. We process data in accordance with the General Data Protection Regulation.
The authorized person for data protection at Kimi GTSK d.o.o. is Jernej Drofenik, reachable at the email address (kimi@kimigt.com).
Sharing Personal Data with Third Parties or Third Countries
The company Kimi GTSK d.o.o. does not disclose collected personal data of users to third parties or to third countries, except in exceptional cases.
Exceptions include sending newsletters: for sending newsletters, Kimi GTSK d.o.o. uses the Mailchimp online platform, where personal data for sending such notifications are stored (name, surname, email address, company name, country/location, if known). The Mailerlite online platform ensures compliance with the rules of the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) in its Terms of Use and Privacy Policy.
Storage of personal data
Personal data provided to Kimi GTSK d.o.o. through personal and explicit consent during registration, newsletter sign-up, e-publication downloads, or inquiry submissions are retained until your withdrawal.
You can withdraw your consent for the collection and processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of data collection and processing before the withdrawal.
All other personal data collected within the framework of contractual cooperation are stored in accordance with applicable law.
To ensure the protection of personal data, we employ multiple layers of security. Personal data is stored in digital form, and our computer systems are protected by technical and organizational measures that prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access to your personal data.
Retention period of personal data
Personal data of an individual obtained based on consent may be processed and stored until the purpose exists or until the individual revokes the given consent.
Personal data of an individual processed based on a contract may be processed and stored for an additional 5 years after fulfilling the contractual obligations of both parties. Invoices are kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value-added tax.
The company Kimi GTSK d.o.o. may process personal data of an individual for its own needs until consent is revoked by requesting the removal of personal data from the database. Otherwise, the data is retained only for as long as necessary to achieve the purpose for which the data was collected, i.e., 10 years for registered users and 5 years after fulfilling the contractual obligations of both parties or for all other users, and until the subscriber unsubscribes from newsletters or until the controller ceases its business activities in the market.
During the management of personal data, individuals have the opportunity to request access to and update their data in the database upon request. In accordance with the Value Added Tax Act, the company retains invoices for 10 years after the end of the year of invoice issuance.
The retention period of personal data
Individual rights
In accordance with applicable legislation, individuals have the right to withdraw consent at any time, request access, rectification, restriction of processing, or deletion of personal data.
Consent for the processing of personal data can be withdrawn at any time. To do so, you can send your request to the email address kimi@kimigt.com or by regular mail to Kimi GTSK d.o.o., Kamna gorca 17, 3241 Podplat.
At the aforementioned address, individuals can also lodge a complaint regarding the processing of their personal data.
Additionally, individuals have the right to lodge a complaint regarding the processing of their personal data directly with the competent supervisory authority, namely the Information Commissioner of the Republic of Slovenia.