Right to privacy is one of the most important human rights. In LEP d.o.o. hereinafter referred to as the Company, we are very well aware of this and we, therefore, respect the privacy of our customers and treat their personal data responsibly, carefully and according to the applicable legislation. The access to personal data is permitted only to authorised Company personnel and contracted processors, to the extent and with the purpose strictly necessary for the smooth implementation, assurance and fulfilment of rights and obligations arising from concluded contractual relations.
Z ustreznimi ukrepi zagotavljamo, da nepooblaščene osebe nimajo dostopa do osebnih podatkov, varujemo njihovo zaupnost in celovitost ter preprečujemo njihovo izgubo ali nenamerno uničenje ves čas obdelave. Za morebitne "vdore" v računalniški sistem ne odgovarjamo!
Družba in njeni obdelovalci v celoti spoštujejo splošna načela glede obdelave osebnih podatkov, ki so:
Osebne podatke uporabnikov obdelujemo zakonito, pošteno in pregledno.Osebne podatke zbiramo za vnaprej določene, izrecne in zakonite namene; osebnih podatkov ne obdelujemo za noben drug namen, razen v primeru obdelave v znanstveno- ali zgodovinskoraziskovalne namene in pod določenimi pogoji v statistične namene.Osebni podatki se obdelujejo v minimalnem obsegu za namene, za katere se obdelujejo.Zagotavljamo, da so osebni podatki, ki jih obdelujemo, točni in se redno posodabljajo; napačne podatke popravimo ali izbrišemo.Osebne podatke hranimo le toliko časa, kolikor je potrebno za namene, za katere jih obdelujemo.Z ustreznimi tehničnimi in organizacijskimi ukrepi zagotavljamo ustrezno varnost osebnih podatkov, ki vključuje preprečevanje nepooblaščene ali nezakonite obdelave ter nenamerne izgube, uničenja ali poškodovanja.
For questions related to the processing and use of personal data, information, corrections, blocking, deletion of personal data or cancellation of notification consent, cancellation of consent, please contact us on our official email address stated on our webpage.
– Basic personal data (e.g. name and surname);– communication data (e.g. address, mail, telephone no.);– information on communication between the Company and you; payments data;– any other data obtained based on the consent.
Z osebnimi podatki lahko ravnamo v skladu z veljavno zakonodajo s področja varstva osebnih podatkov: – if this is necessary for the conclusion and/or fulfilment of a contract (application on an event, workshop, etc.) – if required by law; – if consent is given (which can be cancelled at any time); – if the processing is necessary for the legitimate interests pursued by the Company or a third party.
Družba obdeluje osebne podatke posameznikov za izpolnjevanje obveznosti iz pogodbenega razmerja za organizacijo dogodkov, delavnic ali drugih storitev, dogovorjenih med pogodbenima strankama. V okviru uveljavljanja pravic in izpolnjevanja pogodbenih obveznosti družba obdeluje osebne podatke posameznikov za naslednje namene: – identification of an individual; – preparation of the offer and conclusion of the contract; – providing services, whereby Company can give the data to contract partners that will implement an individual service (e.g. a provider of overnight stays, etc.) – sending notifications to individuals regarding the implementation of the contractual relationship; – informing about changes in legislation in a particular field or changes in terms of sale; – invoicing services; – resolving objections or complaints; – implementation of any recovery procedures, a sale of receivables; – for other purposes, necessary for the conclusion or implementation of a contractual relationship.Družba obdeluje podatke v obsegu, ki je nujno potreben za avtentikacijo in identifikacijo transakcij, za pripravo poročil in načrtovanje nadaljnjih dejavnosti.Družba za namene organizacije dogodkov in z njimi povezanih storitev ali drugih storitev, ki jih naroči posameznik, obdeluje vse potrebne informacije. To vključuje zlasti, vendar ne izključno: ime, priimek, datum rojstva, naslov, kraj, državo, telefonsko številko, e-pošto itd.Za pogodbeno obdelavo osebnih podatkov ne potrebujemo izrecne privolitve.Na dogodkih ali delavnicah, ki so strogo povezani s fotografiranjem in objavo slik (na Facebooku, Twitterju, YouTubu in Instagramu), je treba upoštevati, da sta fotografiranje in objava slik del dogodka ali delavnice. Kljub temu, da sta fotografiranje in objava slik pogodbeno razmerje, bo družba še vedno pridobila izrecno soglasje posameznika. Če izrecno soglasje za fotografiranje in objavo slik ne bo podano in družba ne bo mogla zagotoviti, da posameznik ne bo na fotografiji, lahko upravičeno zavrne prijavo na tak dogodek ali delavnico.If the individual does not provide all personal data that the Company needs to fulfil the contractual relationship, the Company cannot execute the individual's order. Hereby, Company always acquires and further processes only the personal data that is needed to fulfil the contractual relationship.
Pravna podlaga pomeni, da družba obdeluje osebne podatke posameznika zaradi izpolnjevanja veljavnih pravnih obveznosti, ki jih nalaga zakonodaja. V Republiki Sloveniji pravne obveznosti za obdelavo določenih osebnih podatkov določajo zlasti:Zakon o davku na dodano vrednost ZDDV-1;Zakon o davčnem postopku;Zakon o gospodarskih družbah;Zakon o računovodstvu;Pravilnik o izvajanju Zakona o davku na dodano vrednost;Slovenski računovodski standardi.If Company processes personal data of an individual who has made an online purchase or service order, it keeps the invoice for 10 years (as well as individual's/buyer's data on the account).
Družba lahko obdeluje podatke na podlagi zakonitega interesa, za katerega si prizadeva družba ali tretja oseba, razen kadar nad takimi interesi prevladajo interesi ali temeljne pravice in svoboščine posameznika, na katerega se nanašajo podatki, ki zahtevajo varstvo osebnih podatkov, zlasti kadar se podatki nanašajo na otroka. V primeru nadaljnje uporabe zbranih podatkov o posamezniku družba izvede oceno v skladu s Splošno uredbo o varstvu podatkov. Takšna nadaljnja uporaba podatkov v psevdonimizirani ali združeni obliki na primer predstavlja zakonito uporabo podatkov za trženje in druge poslovne ali tehnične analize družbe.V skladu s Splošno uredbo o varstvu podatkov spada tudi neposredno trženje med zakonite interese. Za namene neposrednega trženja lahko družba brez privolitve ustvari posamezne profile na podlagi osnovnih informacij o izbranih storitvah, kot so npr. vrsta ali posebne značilnosti izbrane storitve, čas izbire ali pretekli trženjski stiki s posameznikom, zlasti v zvezi z izraženim zanimanjem ali nezainteresiranostjo za določene storitve. Takšno osnovno profiliranje nikoli ne vključuje občutljivih podatkov. Posameznik lahko ugovarja obdelavi v skladu s pravico do omejitve (točka 7.4).Based on legitimate interest, the Company may contact the individual to improve the service or determine his satisfaction with the services, even when this is not strictly necessary for the implementation of the contract. Due to the individuals' interest, the Company does not contact those individuals who have objected to this.Družba ima zakonit interes, da podatke hrani in nadalje uporablja za analize in raziskave za trženje, poslovno načrtovanje in podobno do izteka zakonsko predpisanega obdobja hrambe.
Izrecna privolitev je podlaga za obdelavo osebnih podatkov, za katero družba nima zakonske ali pogodbene pravne podlage. Privolitev se lahko na primer nanaša na: – informing about other Company offers and services, which is implemented exclusively through the communication channel selected by the individual; – photographing and recording an event or workshop for the purpose of presenting Company activities and publishing photos, videos and sound recordings on the Company website and on Facebook, Twiter, YouTube and Instagram profiles. – The individual gives the consent for himself, in the case of a child, consent is given by one of the parents or a legal representative.In these cases, the processing of personal data is implemented to the extent and for purposes allowed by the individual's statement and through agreed communication channels, until cancellation.Če posameznik ne privoli v zbiranje in obdelavo osebnih podatkov za enega ali več namenov, določenih v individualni privolitvi, to nima nobenih posledic za podatke, katerih obdelava se izvaja na podlagi drugih pravnih podlag.Osebni podatki, zbrani na podlagi privolitve, bodo obdelani samo v okviru in za namen dane privolitve in ne bodo posredovani tretjim osebam, razen če je to izrecno navedeno v privolitvi in se posameznik strinja, da se osebni podatki lahko posredujejo obdelovalcu, ki je naveden v privolitvi.Posameznik lahko kadar koli prekliče privolitev za obdelavo osebnih podatkov, tako da se obrne na našo točko za varstvo podatkov (točka 8). Soglasje lahko prekličete z elektronskim sporočilom, poslanim na elektronski naslov iz točke 1.
Osebni podatki se hranijo v skladu z veljavnimi predpisi, ki urejajo varstvo osebnih podatkov. Hranijo se le toliko časa, kolikor je potrebno za namene, za katere se obdelujejo, ali v skladu z zakonom. Osebne podatke, ki jih obdelujemo na podlagi osebne privolitve posameznika, hranimo trajno, do preklica. Osebne podatke, ki jih obdelujemo na podlagi zakona ali pogodbenega razmerja, hranimo tako dolgo, kot določa zakon.If the data is processed based on an individual's consent due to the marketing of Company, the data may be processed to the necessary extent for as long as necessary for such marketing or services.Po izteku obdobja hrambe se osebni podatki dejansko in trajno izbrišejo ali anonimizirajo, tako da jih ni več mogoče povezati s posameznikom.
We use technical and organisational security measures to protect personal data against unlawful or unauthorised access or use and also against unintentional loss or impairment of their integrity. We have designed these measures with regard to our IT infrastructure, possible impact on an individual's privacy and costs and according to current industry standards and practices. Our contractual processors shall process your personal data only if they comply with these technical and organisational security measures.Zagotavljanje varnosti podatkov pomeni varovanje zaupnosti, celovitosti in razpoložljivosti osebnih podatkov: – confidentiality and integrity: individuals' personal data shall be protected against unauthorised or illegal processing and against unintentional loss, destruction or injury; – availability: we shall ensure that authorised processors can access personal data only when necessary.Naši varnostni postopki vključujejo varnost dostopa, varnostne kopije, spremljanje, revizijo in vzdrževanje, upravljanje varnostnih incidentov itd.
Depending on the purposes for which we process individuals' personal data, we can disclose this data to the following categories of processors:a) Within Company an employee.b) Our business partners of which we demand to comply with the applicable laws and personal data protection policy and to pay great attention to the confidentiality of the personal data: – advertising, marketing and promotional agencies and providers, e.g. MailChimp, Google (Google – only cookie identifier for remarketing, e-mail address for displaying ads in Google AdWords, cookie identifier for analysis in Google Analytics; Facebook – only cookie identifier for remarketing, e-mail address for displaying ads in Facebook Custom Audiences), that help us implement and analyse the effectiveness of our campaigns and promotions. – companies that perform services for Company, i.e. accounting service provider – natural and legal entities who are our contractual partners and provide consulting or individual services for Company with the purpose of executing a contractual relationship between Company and an individual (e.g. partner agencies, hotels, airlines, carriers, etc.);c) Other third persons when required by law or legally required for the protection of: – Company (compliance with laws, authority requirements, court orders, legal procedures, reporting obligations and obligations to inform the authorities, etc.), verification or enforcement of compliance with Company policy and agreements; – rights, property or security of Company and/or its clients in relation to corporate transactions: in the context of transfer or disposal of all or part of its business or otherwise in connection with mergers, consolidations, changes of control, reorganisation of Company.Our business partners listed above under item b), may only process individuals' personal data in the framework of our instructions and may not use personal data to pursue any of their own interests. Each individual must bear in mind that the processors listed in items b) and c) above, in particular, service providers that offer services within the framework of applications and/or through their own channels may separately collect your personal data. In this case, they are solely responsible for its control and their cooperation with individuals must take place according to their terms.
Vsak posameznik se lahko obrne na nas na e-poštni naslov E-naslov pod točko 1., da bi izvedel, katere osebne podatke obdelujemo. Vsak posameznik ima pravico do dostopa do osebnih podatkov in dodatnih informacij v zvezi z obdelavo osebnih podatkov, vključno z – the purpose of the processing; – the categories of personal data; – users and legal entities, to whom personal data have been or will be disclosed; – when possible, the estimated retention period of personal data or, if that is not possible, the criteria used to determine the retention period; – the existence of the right to require from the administrator to correct or delete personal data or to restrict personal data in relation to the – – – – – – individual, to whom the personal data relates, or the existence of the right to object to such processing; – the right to lodge a complaint with a supervisory body; – when personal data is not collected from an individual, all available information related to its source.
Če posameznik v svojih osebnih podatkih ugotovi kakršno koli napako ali če ugotovi, da so nepopolni ali napačni, lahko od družbe zahteva, da brez nepotrebnega odlašanja popravi ali dopolni netočne ali nepopolne osebne podatke.
Posameznik lahko zahteva izbris svojih osebnih podatkov brez nepotrebnega odlašanja. Družba mora osebne podatke izbrisati brez nepotrebnega odlašanja: – when personal data is no longer required for the purposes for which it was collected or otherwise processed; – if the individual cancels the consent that is the basis for the processing of personal data and if there is no other legal basis for the processing; – if the individual objects to the processing on the basis of the legitimate interest of Company, while there are no prevailing legal reasons for the processing of personal data; – if the individual objects to the processing for direct marketing purposes; – when personal data should be deleted for the fulfilment of a legal obligation according to EU law or the Slovenian legal order; – in the case of data incorrectly collected from a minor for the use of information society, who, according to the applicable law, cannot provide such data.(except in some cases, for example, to prove the transaction or if required by law) – .
Vsak posameznik lahko zahteva omejitev obdelave svojih osebnih podatkov, kadar: – he challenges the correctness of the data, for the period which enables Company to verify the correctness of the personal data; – the processing is unlawful and the individual objects to the deletion of the personal data and instead requests their use to be limited; – The Company no longer needs the personal data for the purposes of the processing, but the individual, to whom the personal data relates, needs it to exercise, implement or defend legal requests; – the individual has filed an objection regarding the processing until it is verified whether legitimate reasons of Company prevail over the individual's reasons.
Vsak posameznik ima pravico prejeti osebne podatke, ki se nanašajo nanj in jih je posredoval družbi, v strukturirani, splošno uporabljani in strojno berljivi obliki ter pravico, da te podatke brez ovir družbe posreduje drugemu upravljavcu, kadar obdelava temelji na privolitvi na podlagi pogodbe ali na podlagi pogodbe in se obdelava izvaja z avtomatiziranimi sredstvi.
On the basis of reasons related to their special circumstances, each individual has the right to object at any time to the processing of their personal data based on the legal interests pursued by Company or a third person. In this case, Company ceases to process personal data, unless it proves necessary processing reasons that prevail over the individual's interests, rights and freedoms, or for the enforcement or defence of legal claims. When personal data is processed for the purpose of direct marketing, each individual has the right to object at any time to the processing of personal data related to him for the purposes of such marketing, including profiling, if it relates to such direct marketing. If direct marketing is based on consent, the right to object can be exercised by cancelling the given consent.
We have organised a contact point that will address your questions or requirements regarding your personal data (and their processing) and the exercise of your rights. You can send us an email address under point 1.Za zanesljivo identifikacijo pri uveljavljanju pravic, povezanih z osebnimi podatki, lahko od vas zahtevamo dodatne podatke, ukrepanje pa lahko zavrnemo le, če dokažemo, da vas ne moremo zanesljivo identificirati.
Vsakdo ima pravico vložiti pritožbo v zvezi z obdelavo osebnih podatkov Pritožbe je treba poslati na e-poštni naslov iz točke 1. Prav tako imate pravico vložiti pritožbo neposredno pri Informacijskem pooblaščencu, če menite, da obdelava osebnih podatkov v zvezi z vami krši slovenske predpise ali predpise EU o varstvu osebnih podatkov. Če ste uveljavljali pravico do dostopa do podatkov in po prejemu odločbe menite, da osebni podatki, ki ste jih prejeli, niso osebni podatki, ki ste jih zahtevali, ali da niste prejeli vseh zahtevanih osebnih podatkov, lahko pred vložitvijo pritožbe pri Informacijskem pooblaščencu v 15 dneh vložite obrazloženo pritožbo na Družbo. Družba bo o pritožbi odločila kot o novi zahtevi v petih delovnih dneh po prejemu.
