Personal data protection policy

The purpose of this personal data protection policy is to inform individuals, service users, colleagues, employees, and other persons (hereinafter referred to as “the individual”) who work with AMOMONT d.o.o. (hereinafter referred to as “the company”) about the purposes, legal bases, security measures, and individuals’ rights in relation to the processing of personal data carried out by our company.

We respect your privacy and always keep your data secure.

We process personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals in the processing of personal data and the flow of such data (hereinafter: “General Regulation”), valid Slovenian personal data protection legislation, and other legislation that provides us with a legal basis for processing personal data.

The personal data protection policy explains how our company, as a controller, handles personal data received from individuals on legal grounds.

1. CONTROLLER

The controller of personal data is the company:

  • AMOMONT d.o.o.
  • Address: Miklavška cesta 53a, Hoče
  • Email: office@amomont.si
  • Phone: 08 205 60 90

2. AUTHORISED PERSON

The authorised person for the protection of personal data in the company is Attorney Teja Godec, Ulica heroja Šlandra 13, Maribor, godec@op-lg.si.

3. PERSONAL DATA

Personal data refers to any information relating to a specific or identifiable individual; an identifiable individual is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors that characterise that individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.

4. PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING

The company collects and processes your personal data on the following legal grounds:

  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is required for the performance of a contract to which the individual to whom personal data relates is a contracting party, or for the implementation of measures requested by such an individual prior to the contract’s conclusion;
  • processing is necessary for the purposes of the legitimate interests pursued by the collector or by a third party;
  • the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary to protect the vital interests of the data subject or of another natural person.

4.1) Compliance with a legal obligation

The company processes data about its employees in accordance with the provisions of the law, as permitted by labour law and social welfare legislation. For employment purposes, the company primarily processes the following types of personal data in accordance with the law: first and last name, gender, date of birth, personal identity number, tax number, city, municipality, country of birth, citizenship, residence, etc. On the basis of tax legislation, we also process and store certain data (data on issued invoices). Personal data processing is permitted in the company in limited circumstances based on public interest. When job candidates apply for a job using an online form, the company also processes data on them (name, surname, address, phone number, etc.).

4.2) Implementation of the contract

The legal basis for the processing of personal data is established when an individual enters into a specific contract with the company. We may process personal data in this manner in order to complete and implement the contract. If the individual does not provide personal data, the company cannot enter into a contract, nor can it provide you with a service or deliver goods or other products in accordance with the contract, because it lacks the necessary information for implementation.

Based on the contract between the client and the company, the company may send the client personal data protection news (about innovations in the field, advice, and events).

4.3) Legitimate interest

The application of the legal basis of legitimate interest is restricted to processing by public authorities in the course of their duties. However, the company may process personal data in the course of pursuing a legitimate interest, which it does to a limited extent. The latter is not permissible when such interests outweigh the interests or fundamental rights and freedoms of the individual to whom the personal data pertain, which necessitate personal data protection. In the case of the use of legitimate interest, the company always carries out an assessment in accordance with the General Regulation.

4.4) Processing on the basis of consent

In the absence of a legal basis demonstrated by law, contractual obligation, or legitimate interest, the company may seek consent or consensus from the individual. When an individual gives their consent, it can process certain personal data about them for the following purposes:

  • photographs, videos and other content relating to the individual (e.g. posting pictures of individuals on the company’s website) for the purpose of documenting activities and informing the public about the work and events of the company;
  • other purposes for which the individual agrees with their consent.

If an individual gives his consent to the processing of personal data and later decides that he no longer wants to do so, he can request that the processing of personal data be terminated by sending a request to office@amomont.si or by regular mail to the company’s address. The withdrawal of consent shall not affect the lawfulness of the processing that was carried out on the basis of consent and prior to its withdrawal.

5. STORAGE AND DELETION OF PERSONAL DATA

The company will only keep personal data for as long as it is required to fulfil the purpose for which it was collected and processed. If the company processes data in accordance with the law, it will keep it for the time period specified by the law. Some data is kept for the duration of the company’s cooperation, while others must be kept indefinitely. Personal data that the company processes on the basis of a contractual relationship with an individual is kept by the company for the duration of the contract and for another 6 years after its termination, unless there is a contract dispute between the individual and the company. In such a case, the company retains the data for ten years following the finality of the court decision, arbitration, or court settlement, or for five years following the date of the peaceful resolution of the dispute if there was no court dispute. The company will retain personal data that it processes based on the individual’s personal consent or legitimate interest until the consent is revoked or the data is deleted. The data will be deleted within 15 days of receiving the cancellation or deletion request. When the purpose of personal data processing has been met or if required by law, the company may delete this data even before cancellation.

Exceptionally, the company may refuse a request for deletion for reasons specified in the General Regulation, such as exercising the right to free expression and information, fulfilling the legal obligation of processing, reasons of public interest in the field of public health, public interest archiving purposes, scientific or historical research purposes, or statistical purposes, and the exercise or defence of legal claims. After the retention period has expired, the company must delete or anonymize personal data in such a way that it can no longer be linked to a specific individual.

6. CONTRACTUAL PROCESSING OF PERSONAL DATA AND REMOVAL

On the basis of a contractual processing agreement, the company can rely on a contractual processor for individual processing of personal data. Contractual processors can only process confidential data on behalf of the controller, within the limits of his authority as specified in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.

The contractual processors with which the company cooperates are in particular:

  • accounting services and other providers of legal and business consultancy services;
  • maintainers of information systems;
  • email service providers and software, cloud services providers;
  • et al.

The company also maintains a list of contract processors, which lists all specific contract processors with whom it collaborates, for the purposes of better inspection and control over contract processors and regulation of the mutual contractual relationship.

Under no circumstances will the company disclose an individual’s personal information to unauthorised third parties. Contract processors may only process personal data in accordance with the instructions of the company and may not use personal data for any other purpose.

As a controller, the company and its employees do not export personal data to third countries (other than EU member states and Iceland, Norway, and Liechtenstein).

7. COOKIES

The company’s website operates with the assistance of so-called cookies. Cookies are text files that store the website’s preferences. Websites store cookies on users’ devices which they use to access the internet, in order to identify individual devices and the settings users have used to access them. Cookies enable websites to recognise if a user has previously visited the site. Individual settings in advanced applications can be adjusted accordingly. Their storage is completely under the control of the individual’s browser, which can limit or completely disable the storage of cookies as desired.

Cookies are essential for providing user-friendly online services. They are used to store information about the status of individual websites, collect statistics about users and website visits, etc. Cookies can therefore be used to evaluate the effectiveness of our website design.

Our website uses the following cookies:

Cookie Description Duration
PH_HPXY_CHECK A cookie is required for the operation of the site Browser session
_ga The main cookie used by Google Analytics allows the service to distinguish one visitor from another 2 years

Cookies stored by the browser can be deleted by the individual (instructions can be found on the websites of each browser).

8. DATA PROTECTION AND ACCURACY

The company is responsible for information security as well as infrastructure security (premises and application system software).  Anti-virus software and a firewall, among other things, protect our information systems. We have put in place appropriate organisational and technical security measures to protect personal data from accidental or illegal destruction, loss, modification, unauthorised disclosure or access, and other illegal and unauthorised forms of processing. When special types of personal data are transmitted, they are encrypted and password-protected.

The individual is responsible for securely providing personal data and ensuring that the data provided is accurate and authentic. The company will make every effort to ensure that the personal data it processes is accurate and, if necessary, updated; it may contact the individual from time to time to confirm the accuracy of the personal data.

9. RIGHTS OF THE INDIVIDUAL WITH REGARD TO DATA PROCESSING

In accordance with the General Regulation, an individual has the following rights regarding the protection of personal data:

  • May request information on whether we have his personal data and, if so, what data we have, why we have it, and on what basis we have it.
  • request access to his personal data, which allows him to obtain a copy of the personal data held by the company and determine whether it is being processed lawfully;
  • may request personal data corrections, such as the correction of incomplete or inaccurate personal data;
  • may request that his personal data be deleted if there is no need for further processing or if he exercises his right to object to further processing;
  • may object to the further processing of personal data where the company relies on a legitimate business interest (including a third party’s legitimate interest) and there are reasons related to the individual’s special situation;
  • may request the restriction of his personal data processing, which means the interruption of personal data processing, for example, if the individual wants the company to establish the accuracy or to investigate the reasons for the continued processing of personal data;
  • may request that their personal data be transferred to another controller in structured electronic form, if this is possible and feasible;
  • may revoke the consent he gave to the collection, processing, and transfer of his personal data for a specific purpose; upon receipt of notice that he has withdrawn his consent, the company will cease processing the personal data for the purposes for which it was originally accepted, unless the company has no other lawful legal basis for doing so.

When exercising his rights under this title, or if he believes his rights have been violated, he can contact the supervisory authority, i.e. the Information Commissioner, via the website: https://www.ip-rs.si/.

If an individual wishes to exercise any of the aforementioned rights, he can send a request by e-mail to office@amomont.si or by regular mail to the address of the company. The company will respond to the request regarding the rights of the individual without undue delay and, in any case, within one month after receiving the request. In the event that this deadline, taking into account the complexity and number of requests, is extended (by a maximum of two additional months), you will be notified. Access to the individual’s personal data and established rights is free of charge for the individual. However, the company may charge a reasonable fee if the data subject’s request is manifestly unfounded or excessive, in particular, if it is repeated. In such a case, the company may also reject the request. In order to exercise the rights granted by this title, the company may need to request certain information from the individual in order to confirm the individual’s identity, which is only a precaution to ensure that personal data is not disclosed to unauthorised parties.

If a person has any questions about how their personal data is being processed, they can always contact our company via e-mail at office@amomont.si or by regular mail to the company address.

10. PUBLICATION OF CHANGES

Any updates to our Personal Data Protection Policy will be posted on our website, www.amomont.si. The individual confirms that he accepts and agrees with the entire content of this personal data protection policy by using the website.

The responsible person adopted the personal data protection policy on June 19, 2023.