The Company is dedicated to ensuring the security of your personal data. All personal data provided to us is treated confidentially and used only for the purposes for which it was provided. We handle your personal data with the utmost care, in compliance with applicable laws and the highest standards of data processing. We take appropriate organizational measures, work procedures, and advanced technological solutions and collaborate with external experts to ensure the security of your personal data. We implement appropriate levels of protection and reasonable physical, electronic, and administrative measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data, or unauthorized access to personal data that has been transmitted, stored, or otherwise processed.
As part of fulfilling contractual rights and obligations, the Company processes your personal data for the following purposes: individual identification, preparing offers, contract conclusion, providing requested services, informing about any changes, additional details, and instructions for service usage, resolving any technical issues, objections, or complaints, invoicing services, and other purposes necessary for the performance or conclusion of a contractual relationship between the Company and the individual.
In accordance with tax legislation, we also obtain and process your address for the proper issuance of invoices.
Based on legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services. We also utilize them to ensure the stable and secure operation of our system and services, implement measures for information security, meet quality service requirements, and detect technical malfunctions in systems and services.
Based on legitimate interest, we use your personal data for potential enforcement actions, judicial and extrajudicial debt collection.
In accordance with the General Data Protection Regulation, in case of suspected abuse, we may process individuals’ data to identify and prevent potential fraud or misuse. If appropriate, we may disclose such information to other providers of similar services, business partners, law enforcement agencies, public prosecution offices, or other competent authorities. For the purpose of preventing future abuses or frauds, data on past identified abuses or frauds related to an individual, including information about the subscriber relationship and I.P. address, may be retained for up to five years after the termination of the business relationship.
Data processing may also be based on your consent provided to the Company.
The revocation or modification of consent only applies to data processed based on your consent. The most recent consent given and received is considered valid. The revocation of consent does not affect any processing that had already taken place during the period when the consent was valid. The possibility of revoking consent does not constitute a waiver of any existing business relationship between you and the Company.
Data for which consent has been given will be processed for up to two years after the termination of the business relationship unless the consent is revoked.
As necessary, we may authorize other companies and individuals to perform certain tasks that contribute to our services. In such cases, the Company may disclose personal data to selected external processors with whom it will enter into a contract for the processing of personal data or another agreement of equal content and binding nature (hereinafter referred to as the “Data Processing Agreement”). We will only disclose data to external processors to the extent necessary for the specified purpose. External processors are not allowed to use this data for any other purposes and must comply with all standards for the processing of personal data required by applicable laws. External processors are contractually obligated to maintain the confidentiality of your personal data.
Based on legitimate requests, the Company may disclose personal data to competent government authorities with the appropriate legal basis. For example, PIKA. DIGITAL d.o.o. will respond to requests from courts, law enforcement agencies, and other government authorities, including competent authorities of another E.U. member state.
The retention period for data is determined based on the category of individual data. We keep the data for as long as necessary to fulfil the purpose for which it was collected or further processed or until the expiration of the statutory limitation periods for fulfilling obligations or the legally prescribed retention period.
Accounting data and related contact details of individuals may be retained for the purpose of fulfilling contractual obligations until full payment for the service is received or for the duration of the applicable limitation periods for individual claims, which can range from one to five years according to the law. In accordance with the law governing value-added tax, invoices are retained for an additional ten years after the end of the year to which the invoice relates.
Other data obtained based on your consent is retained for the duration of the business relationship and an additional two years after its termination unless the law prescribes a longer retention period. If an individual who has given consent for the processing of personal data has not established a business relationship with us, their consent is valid for two years from the date of giving it or until it is revoked.
Upon expiration of the retention period, data is deleted, destroyed, blocked, or anonymized unless otherwise specified by law for a specific type of data.
We ensure the exercise of your rights regarding the processing of your personal data without undue delay. We will respond to your request within one month of its receipt. In case of complexity or a large number of requests, this period may be extended by a maximum of two additional months. If we extend the deadline, we will inform you within one month of receiving the request, along with the reasons for the delay.
We accept your requests regarding the exercise of your rights via email at firstname.lastname@example.org or by mail to the address PIKA. DIGITAL d.o.o., Smlednik 56, 1216 Smlednik.
When you submit a request electronically, we will, if possible, provide the information in electronic form unless you request otherwise.
If there is reasonable doubt about the identity of the individual making a request regarding their rights, we may request additional information necessary to confirm the individual’s identity to whom the personal data relates.
If the requests of the individual to whom the personal data relates are clearly unfounded or excessive, particularly due to their repetitive nature, the Company may:
charge a reasonable fee that takes into account the administrative costs of providing the information or taking the requested action, or
refuse to comply with the request.
You have the following rights regarding the processing of your personal data:
(i) Right of access to data:
You have the right to be informed whether your personal data is being processed and to access personal data and the following information:
(ii) Right to rectification:
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to erasure (“right to be forgotten”):
You have the right to obtain the erasure of your personal data without undue delay if one of the following grounds applies:
(iv) Right to restriction of processing:
You have the right to obtain the restriction of processing of your personal data if one of the following applies:
When the processing of your personal data is restricted as described above, except for storage, such data will be processed only with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person. We will inform you before lifting the restriction on the processing of your personal data.
(v) Right to data portability:
You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on your consent and is carried out by automated means. Upon your request, where technically feasible, personal data may be transmitted directly to another controller.
(vi) Right to object:
If we process your data based on our legitimate interest for marketing purposes, you may object to such processing at any time. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
If you have any complaints regarding the processing of your personal data, you can send them to the email address email@example.com or by mail to the address PIKA. DIGITAL d.o.o., Smlednik 56, 1216 Smlednik.
If we do not respond to your request within the legal timeframe or if we reject your request, you have the right to lodge a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian regulations or E.U. regulations on the protection of personal data.
If you have exercised your right of access to data and, upon receiving the decision, you believe that the received data is not what you requested or that you have not received all the requested personal data, you can submit a substantiated complaint to the Company within 15 days before lodging a complaint with the Information Commissioner. We will treat your complaint as a new request and respond to it within five working days.