In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), this Policy contains the following information:
- contact information of the company and of the data protection officer,
- purposes, grounds, and types of processing of different types of personal data provided by data subjects, including profiling personal data of data subjects,
- transmission of data to third persons and into third countries,
- time of storage of individual types of personal data,
- rights of data subjects in regard to personal data processing,
- rights of filing a complaint in regard to personal data processing.
Whenever applicable, the provisions related to data subjects are also used to address questions of confidentiality of communications of users who are legal persons.
OLB can collect data in the context of the following purposes:
- Registering and activating an account
- Providing technical support and user support
- Processing orders
- Upgrading products and services
- Marketing activities
- Access to OLB services on third-party websites
- Other purposes needed to perform services
- Job applications
The company is processing personal data of data subjects for the purpose of direct marketing.
In accordance with the GDPR, OLB processes the data based on several potential legal bases:
The company processes personal data of data subjects for the purposes of concluding, implementing, monitoring, and terminating contractual relationships.
Processing on grounds of legitimate interest pursued by the company
The company can also process data on grounds of legitimate interest pursued by the company or by a third party, unless such interests are overrun by interests or basic rights and freedoms of a data subject, requiring the protection of personal data, especially when such personal data is the personal data of a child. In terms of further use of data collected on a data subject, the company shall undertake an assessment based on the GDPR.
Such further use in pseudonymised or aggregated form for example represents lawful use of data for marketing and other business or technical analyses of the company.
As an additional measure for some forms of further processing of traffic data, deletion of certain information is also possible.
The data subject has the possibility to object to data processing.
On grounds of a legitimate interest, the company can get in touch with the data subject with the purpose of improving its services and finding out whether they have been satisfied with their services or with the user experience; this is also possible if it is not imperatively urgent for the implementation of the contract. Due to the consideration of such interest in comparison to the interests of a data subject, the company shall not attempt to recontact individuals who have objected to it.
Other legitimate interests can constitute prevention of abuse, assertion of claims, or defence from claims asserted in administrative and legal procedures. A legitimate interest also entails legal verification of financial solvency of an individual.
In case of a suspected abuse, the company can process data of the data subject to an appropriate and reasonable extent for the purpose of identification and prevention of potential fraud or abuse; if it is appropriate, it can transfer such data to certain other persons, such as business partners, the police, the public prosecutor’s office or other competent authorities. For the purpose of preventing future abuse or fraud, the information on the history of discovered frauds.
The company reserves itself the right to process information on meeting contractual obligations of data subjects (information on paying the invoices) in order to ensure a higher level of quality of its services.
Processing on grounds of consent given for the processing of personal information:
Data processing can be based on consent provided to the company by an individual. Such consent can, for example, be related to being informed of the offer and services, preparation of offers tailored to the habits of each individual, or performing value-added services. Such informing is performed through channels chosen by the data subject in his consent. Informing via e-mail address includes forwarding the e-mail address to an external processor with the purpose of displaying advertising messages of the company while browsing online.
The data subject can withdraw his consent at any time or change it in the same way that the consent was given, or using another method determined by the company, wherein the company reserves itself the right to identify the customer. Withdrawal or modification of the consent is only related to information that is being processed based on the consent. The last given consent of the data subject received by the company applies. The possibility of withdrawing the consent does not constitute entitlement of the data subject to retire from the business relationship he is maintaining with the company.
In accordance with applicable legislation, the consent for a minor can be given by one of the parents, the foster parents, or the legal guardian of said minor. Such consent shall remain valid until one of the parents, the foster parents, or the legal guardians withdraws or modifies it; furthermore, it can also be withdrawn by the minor himself when he is granted such right in accordance with applicable legislation.
In the absence of a withdrawal, the information for which the consent has been given are being processed for three years after the termination of the business relationship with the company.
OLB shall transfer all data exclusively to third parties who must be in possession of said data in order to process orders and provide their services; third parties who are bound to secrecy; and only its employees, server technicians, outsources dealing with forwarding e-mails, and other capital companies and/or third persons who have a basis to obtain, process, transfer, or keep personal data in accordance with applicable provisions in this Policy, a personal consent of a user, or a contractual relationship. The user consents that OLB transfers all data to its business partners, server technicians, outsources dealing with forwarding e-mails, and other capital companies and/or third persons who have a basis to obtain, process, transfer, or keep personal data in accordance with applicable provisions in this Policy, a personal consent of a user, or a contractual relationship. Some of said business partners and connected entities can be established outside of the country of residence of the user; by visiting the website, the user agrees that his information be transferred to these persons and to these countries. The same applies in case of acquisition of OLB: the data can be transferred to new owners. The data shall be kept exclusively for the duration allowed by the legislation; in case of a negative answer provided to a job application, the information shall be kept in the base of candidates for 2 years, unless the user explicitly requires the data to be deleted before such deadline expires.
If you are transferring credit card information to OLB, such information shall be encrypted via SSL technology and kept with AES-256 encryption. Even though no methods of data transfer are 100% safe, OLB is trying to comply with requests of PCI-DDS.
______ uses the following cookies:
OLB is not responsible for the correctness and accuracy of the content of its website, which can therefore only serve for informational purposes.
Whenever a user is accessing the website, general and non-personal data (users of the web browser, number of visits, average time of the visit of the website, pages visited) are automatically recorded. This information is used by OLB in order to improve the content and the serviceability; such data are not subject to further processing and will not be forwarded to third persons.
OLB only keeps your data for as long as it is necessary. OLB can keep the data longer; however, the company can only do that in a way which makes it impossible for said data to be connected to you. The payment information is only kept by OLB for as long as it is necessary in order to ascertain the rights related to payment and complaints.
Certain services can enable the user to publish or share his own content. In such a case, the user keeps the intellectual property rights for the content published or shared by him; however, he grants OLB the right to use said content for the purpose of performing or improving its services. For each publication, the user guarantees that he is the owner of all intellectual property rights of the content published, or that he has obtained all necessary permissions to publish it.
The pages of OLB can contain dialog boxes, forums, communication among users and similar features. The user undertakes to not use or misuse said means of communication in order to publish immoral content, incite hate speech, publish content breaching any and all rights of third parties, publish content that could bear the characteristics of criminal offences, publish content containing viruses, collecting data on other users, committing acts of corruption, etc. OLB is not obliged to control such communication; the company does have the right, however, to view published materials and communication and, consequentially, limit or prevent the user from accessing said communication.
OLB reserves itself the right to disclose all communication and publications whenever it is so required by the law; in addition, it can also withdraw any publications at any time without stating the reason.
RIGHTS OF DATA SUBJECTS
Right of access to data
The data subject shall have the right to obtain from the company confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and additional personal data processing related information, including the following:
the purposes of the processing;
the categories of personal data;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for.
Based on a request from a data subject, the company shall provide for a copy of his personal data that are being processed. Additional copies required by the data subject can be provided for a reasonable fee, taking into consideration administrative costs.
Right to rectification
The data subject shall have the right to obtain from the company without undue delay the rectification of inaccurate personal data concerning him- Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (“right to be forgotten”)
The data subject shall have the right to obtain from the company the erasure of personal data concerning him or her without undue delay and the company shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
the data subject objects to the processing on grounds of legitimate interest of the company, and there are no overriding legitimate grounds for the processing;
the data subject objects to processing on grounds of direct marketing;
the personal data have to be erased for compliance with a legal obligation in European Union or Slovenian law; such data have been incorrectly collected from a child in relation to proposing the services of an IT company, wherein said child cannot provide his consent
in relation to applicable legislation.
Whenever said data are directory data or data otherwise published, the company shall take reasonable measures, including technical measures, to inform the personal data processors that the data subject requires them to delete any potential links to such personal data or copies thereof.
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the company no longer needs the personal data for the purposes of the processing, but they are
required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability
The data subject shall have the right to receive the personal data concerning him, which he has provided to the company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the company to which the personal data have been provided, where the processing is based on consent of the data subject or on a contract, and where the processing is carried out by automated means.
Right to object
The data subject shall have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning him, if such processing is based on legitimate interests pursued by the company or a third party. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where direct marketing is based on consent, the right to object can be implemented by withdrawing said personal consent.
Right of filing a complaint in regard to personal data processing
The data subject can lodge any potential complaints related to personal data processing by e-mail to firstname.lastname@example.org or by sending a letter to OSOJNIK LEGAL BOUTIQUE, UL. POHORKSEGA BATALJONA 95, 1000 LJUBLJANA.
Additionally, each data subject has the right to lodge a complaint directly with the Information Commissioner if he feels that processing of his personal data is breaching Slovenian regulations or EU regulations in the field of personal data protection.
If the data subject has exercised his right to access his personal data and believes that personal data received in accordance with the decision of the company are not the personal data he required, or thinks that he did not receive all personal data he required, he can lodge a complaint with explanation with the company within 15 days before lodging
a complaint with the Information Commissioner. The company must decide on the complaint within 5 working days, wherein they must be treating this complaint as a new request.
The company can only contact the user through remote communication means if the user is not explicitly refusing such communication. Advertisement e-mails must be clearly and unequivocally marked as such, and the sender must be clearly visible. The request of the user to no longer receive advertisement messages must be respected unconditionally.
Advertisement e-mails will contain the following:
– they shall be clearly and unequivocally marked as advertisement messages,
– the sender shall be clearly marked,
– different actions, promotions, and other marketing techniques shall be clearly marked as such and shall also state the conditions in order to be able to participate,
– the manner of unsubscribing from receiving advertisement messages must be clearly stated,
– the request of the user to no longer receive advertisement messages shall be respected unconditionally by OLB.
If your data change, you can require them to be rectified at any time at email@example.com
If you no longer wish to receive marketing and promotional materials, let us know immediately, and use the option “Unsubscribe”.
If you wish to remove your personal data from the OLB system in their entirety, send a request to firstname.lastname@example.org by stating which data you wish to delete permanently. Your request will be respected by OLB no later than within 10 working days.