General Data Protection Regulation (GDPR) - Privacy Policy

General provisions

Controller data
It is the controller who manages your personal data and determines the purposes and means of processing your personal data.
The user personal data controller is:
Name of Legal Entity: Inverse, business services, Severin Jarh s.p.
Address: Brezje pri Grosupljem 80
Post office and town, country: 1290 Grosuplje, Slovenia
VAT ID: SI 37509349
Registration number: 8644772000
IBAN: SI56 6100 0002 4044 028 (BIC /SWIFT: HDELSI22)
Contact email: info@indigoenergizer.com
Contact telephone number: +386 (0)70 451 516
Information on entry in the register or other public record: The company is registered in AJPES, Grosuplje branch on 22.05.2020

Processor data
A personal data processor is one who processes personal data on behalf of the controller. The processor may only process personal data and for the purposes for which it has documented instructions from the controller.

Our processors process personal data of users in accordance with applicable law, based on the contractual relationship that exists and governs all areas of processing.

The personal data processors of users who process personal data on behalf of the controller are:
1. Processor: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103.
2. Processor: DPD d.o.o. COURIER AND PACKAGE DISTRIBUTION, Celovška cesta 492 1210 Ljubljana, Slovenia. Registration number: 1966812000
3. Processor: POŠTA SLOVENIJE d.o.o. Slomškov trg 10, 2000 Maribor, Slovenia. Registration number 5881447000

Legislation
Slovenian law and European law are used to evaluate these privacy conditions.
The privacy terms are drawn up in accordance with the Personal Data Protection Act (ZVOP-1, Official Gazette of the RS, No. 94/2007 and amended), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, GDPR), Electronic Communications Act (Official Gazette RS, No. 109/12 and other Slovenian and European legislation governing particular fields.

Web site
This privacy statement is for users of the site: indigoenergizer.com 

Legal principles
The controller and his processors respect the general principles regarding the processing of personal data of users:
1.     We process personal data of users in a lawful, fair and transparent manner.
2.     We collect personal data for purposes that are predetermined, explicit and legal and do not further process personal data for purposes other than processing for scientific or historical research purposes and for statistical purposes, subject to certain conditions.
3.     We process personal data to the minimum extent possible for the purposes for which they are processed.
4.     We keep the personal information we process accurate and up-to-date, and we correct or delete inaccurate information.
5.     We keep personal information only for as long as is necessary for the purposes for which it is processed.
6.     We maintain appropriate personal data security, including unauthorized or unlawful processing and unintentional loss, destruction or damage through appropriate technical and organizational measures.

Additional operator alerts:
The management and processing of personal data is fully subject to European and Slovenian legislation.

The meaning of concepts

Privacy Policy
The privacy policy are the internal act of the controller and apply to all legal relationships between him, processors and users. The act defines the rights and obligations of the controller and the processors in the management and processing of personal data of users.

Personal data
Personal data means any information relating to an identified or identifiable individual. An individual is one whose personal data is determined and processed in accordance with the purposes specified by the controller.

An identifiable individual is one who can be directly or indirectly identified and his or her personal data processed in accordance with the purposes specified by the controller.

User
User is an individual whose personal data are processed on a legal or contractual basis between the controller and that individual, or on the basis of the explicit consent given by the individual to the controller. 

Operator
The operator determines the purposes and means of processing in the context of his registered activity and / or legal authority. The user is aware in advance who is the controller of personal data and who is the processor of his personal data.

Processor
The processor processes personal data of individuals on behalf of the controller, according to his instructions, within the legitimate purposes and methods of processing. The controller provides the user with information about the processors of their personal data under these privacy terms.

Sub-processor
The sub-processor processes the personal data of individuals on behalf and on the instructions of the processor, within the legitimate purposes and methods of processing. The sub-contractor is directly responsible to the processor, the processor to the controller. 

P
Processing of personal data means any act or series of actions performed in connection with or without personal data or sets of personal data, such as the collection, recording, editing, structuring, storage, adaptation or modification, retrieval, insight, use , disclosure by means of mediation, distribution or otherwise making available, adapting or combining, limiting, deleting or destroying it.

Personal data

Processing of personal data
The Operator may process the personal data of the site users, service subscribers and individuals in the legal entities with which he or she cooperates with the business.

The Privacy Policy define the manner in which the personal data of such individuals who have contracted or ordered the services are processed, if the processing of personal data is necessary and appropriate for the conclusion of the contract or order or for the fulfillment of the contract.

The Privacy Policy also defines how personal data is processed for which the controller has a basis in law or for which he has obtained the written consent of the user, insofar as the personal data are entered directly on the controller's website.

Legal basis for processing
A legitimate legal basis means that the controller processes personal data of users because it is required by law to fulfill the legal obligations applicable to the controller.

In the Republic of Slovenia, the legal obligations to process certain personal data are determined in particular by:
1. Value Added Tax Act ZDDV-1;
2. Rules on the Implementation of the Value Added Law;
3. Tax Procedure Act;
4. Companies Act;
5. Slovenian Accounting Standards;
6. Accounting Law;

The operator, insofar as he or she processes personal data of the user because he / she has made an online purchase or ordered services from the manager, shall keep this account for another 10 years (as well as the user / buyer data in the account). 

Contractual basis for processing
The contractual legal basis for the processing of personal data of users implies that the processing is necessary for:
1. performance of a contract to which the data subject is a party to the contract, or
2. taking action at the request of such a user prior to the conclusion of the contract.

The controller provides the user with information about the processing of his personal data under these privacy terms and, where necessary, through notices on his website.

The controller does not require explicit consent for the contractual processing of personal data of the user.

Unless the user provides all the personal information that the operator needs to fulfill the contractual relationship, the operator cannot execute the user's order. In doing so, the controller always takes care to obtain and further process from the user only as much personal information as is necessary to fulfill the contractual relationship.

Explicit consent as a legal basis
The explicit consent is the basis for the processing of personal data for which the controller has no legal or contractual legal basis for processing.

The operator shall provide the user with the explicit consent of the user, where necessary, without the pre-filled check box. The personal consent of the user is his voluntary declaration of willingness that his personal data may be processed for a specific purpose, and is given on the basis of information provided by the operator with these privacy conditions and directly on the website before the user explicitly consents to the processing.

Specific purposes for such processing of personal data are specifically stated by the controller on the website where the user has the possibility to give such consent. The operator informs the user of the purposes in an understandable and easily accessible form and in clear and simple language and gives the user explicit consent for each different purpose.

The operator guarantees the user the right to withdraw his explicit consent at any time in an easy way. Revocation of consent shall not affect the lawfulness of the processing on the basis of consent prior to its revocation.

Public interest
The controller may process personal data of users, insofar as processing is necessary for:
1. performing tasks in the public interest or
2. to exercise the public authority conferred on the controller.

Legitimate interest
To the extent that processing is necessary for the legitimate interests pursued by the controller or a third party, the controller may process the personal data of users to the extent strictly necessary for the exercise of those legitimate interests, except where such interests outweigh the interests or fundamental rights and freedoms of the user to which this information relates, in particular when it concerns the processing of personal data of persons under the age of 16.

Protection of interests of individuals
The controller may process the personal data of the user, insofar as the processing is necessary to protect the vital interests of the user or another individual.

Types of personal information
Types of personal information of users that we process for predefined purposes:
• name and surname
• permanent or temporary residence address
• post name and city
• email address
• Phone Number
• transaction account number
• tax number
• credit card number
• IP address

The purpose of collecting personal information
The controller processes the personal data of the users for the purposes stated, defining the legal basis on which it processes the data and determines whether or not the express consent of the user is required or not:
• fulfillment of a contractual obligation (ordering a product or service by a user), contractual basis, explicit consent NOT required
• sending information and notices arising from a contractual obligation (subscription to newsletters that have no marketable content), contractual basis and legitimate interest, explicit consent NOT required
• submitting responses to user inquiries (filling in the inquiry form and / or contact form), contractual basis and legitimate interest, explicit consent NOT required
• sending advertising messages, advertisements, campaigns that do not result from a contractual obligation (subscription to newsletters having marketable content), explicit consent is required
• profiling users for targeted advertising purposes, including re-marketing (non-anonymous profiling, use of Google Analytics, Facebook tools, etc.), explicit consent to upload cookies that enable profiling, explicit consent is required
• user registration for the purposes of using the services of the operator (online store, application, commenting, giving opinions), contractual basis, explicit consent NOT required
• market research and statistics for the purposes of performing the activities of the controller (anonymously, without processing personal data of users), legitimate interest, explicit consent NOT required

New intentions for processing personal data

The controller may process personal data for new purposes for which he has no proper legal basis and no explicit consent, provided that he provides the user with all the necessary information to process his personal data for new purposes and obtains new explicit consent for the processing of personal data.

The operator may only pass on personal data of users to third parties only in the case of criminal and civil proceedings to the extent specified by law.

User registration
• The user is obliged to provide accurate and true information upon and after registration. Any misuse of foreign personal information is prohibited.
• The user is obliged to keep the received username and password carefully and not to pass it on to third parties.
• The User is aware that in case of use of untrue data or misuse of foreign personal data, the controller can initiate appropriate legal proceedings against such user.
• Users can register if they are at least 16 years old at the time of registration.

Cookies

The operator provides users with a notice about the use of cookies in a prominent place on the website when the user visits the operator's website. In the notification, the operator provides up-to-date cookie information, in particular:
1. types and names of cookies,
2. the purpose of their use and
3. the duration of each cookie.

The operator provides a notification without consent insofar as he uses these cookies:
1. cookies required solely for the purpose of transmitting a message over an electronic communications network and
2. cookies that are strictly necessary to provide the information society service explicitly requested by the subscriber or user.

The operator shall provide the notice with the user's consent in all other cases and shall inform the user accordingly of the cookie setting options. The operator does not use cookies without explicit consent without the user's consent for the installation. The operator provides the opportunity to subsequently change the user's consent by keeping the notice visible on the website.

The operator provides the notification via a special link on the website.

User rights

General about rights
The user can request from the operator:
1. access to personal information,
2. correction of personal data,
3. erasure of personal data (right to be forgotten),
4. restricting the processing of personal data,
5. objection to the processing of personal data,
6. transfer of personal data.

The operator shall respond to the user's request no later than 30 days after receiving the request.

Right of access to information
The user has the right to receive confirmation from the controller whether personal data is being processed in connection with it.

The operator shall provide the following information:
1. processing purposes,
2. the types of personal data it processes,
3. to which processors have been transferred or disclosed personal data,
4. estimated retention period of personal data,
5. acquaintance with the rights of the user: the right to delete, rectify, limit the processing or object to such processing,
6. the right to lodge a complaint with the supervisory authority,
7. if the personal data were not provided by the user for processing, information regarding the source where the controller obtained the data,
8. the existence of automated decision making, including the creation of profiles.

The user can exercise this right through the form: Exercise of user rights - Form

Right of recitification
The user may request the operator, without delay, to:
1. correct inaccurate data processed by the controller (or his processor) in relation to him or her
2. complete incomplete personal information.

The operator provides a form for submitting a supplementary statement: Exercise of user rights - Form

Right of erasure
The user may request the operator to delete their personal data without delay if at least one of the following conditions is fulfilled:
1. personal data are no longer needed for the purposes for which they were collected or otherwise processed,
2. the user revokes the consent given to the processing operator and when there is no other legal basis for processing,
3. the user objects to the processing of his personal data for the following reasons:
o the processing of personal data is in the public interest or
o the processing takes place because of the legitimate interests of the controller or
o the processing of personal data takes place for the purposes of direct marketing and / or creation of profiles.
4. if his or her personal data are processed illegally,
5. if personal data need to be deleted in order to fulfill a legal obligation imposed on the controller by law,
6. if personal data have been collected in connection with the provision of information society services to a person under 16 years of age.

The user can claim the right to delete personal data through the form: Exercise of user rights - Form

Right to processing restrictions
The user may request the operator to limit processing when one of the following cases occurs:
1. when the user disputes the accuracy of the data, for the period during which the controller can verify the accuracy of the personal data,
2. if the processing of the user's personal data is illegal and the user opposes the erasure but requires a restriction of the processing or use,
3. when the data controller no longer needs for processing purposes for which he had the legal basis or the express consent of the user, but needs them to enforce, execute and defend legal claims,
4. if the user has lodged an objection (right of objection) until it is verified that the legitimate reasons of the processing controller outweigh the reasons of the user to whom the personal data relate.

When a user exercises this right, the controller can only store its data and can only process:
1. with the user's (subsequently given) explicit consent,
2. to enforce, enforce or defend legal claims,
3. to protect the rights of other users (individuals or legal entities),
4. because of the important public interest of the European Union or the Republic of Slovenia.

This right can be exercised by the user through the form: Exercise of user rights - Form

Right to data portability
The user has the right to receive from the controller personal data that he or she processes in connection with it.

The operator must provide this information to:
1. structured form,
2. commonly used format,
3. machine readable form so that the user can read the information easily.

The user also has the right to forward this acquired information to another controller without impeding it as a controller if:
1. the data were processed on the basis of explicit consent and
2. the processing is carried out by automated means.

The user has the right to transfer his data from one controller to another, where technically feasible.

The user can exercise this right through the form: Exercise of user rights - Form

Right to object
The user may at any time object to the processing of personal data relating to him / her when the controller processes his / her personal data:
1. in the public interest or
2. due to the legitimate interests of the operator, including the creation of profiles of that user.

The controller shall not stop processing the user's personal data on the basis of an objection if:
1. demonstrate compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the user, or
2. it requires them to enforce, enforce or defend legal claims.

An operator must always comply with a user's request when he or she objects that his or her personal information is processed for direct marketing purposes, including the creation of profiles insofar as it relates to direct marketing. The controller must stop processing this personal information for direct marketing purposes.

To this end, the operator shall have clear and separate information in the places where the user obtains consent from the user to process his data for direct marketing purposes, so that the user can withdraw the consent at any time and object to the processing of that data for these purposes.

The right to object can be exercised by the user through the form: Exercise of user rights - Form

Automated processing and creation of user profiles
The user has the right not to be subject to a decision based solely on the automated processing of his or her data, including the creation of profiles that have or have a significant impact on him or her in a similar way.

The user may not exercise his right not to have his data processed automatically, including the creation of profiles, if such a decision (automated processing):
1. necessary for concluding or executing a contract between the user and the operator (eg online shopping cart),
2. allowed under the law of the European Union or the Republic of Slovenia and also provides for appropriate measures to protect the rights and freedoms and legitimate interests of the user (eg processing of FURS data),
3. justified by the explicit consent of the user (eg for direct marketing via automated messaging systems).

Where explicit consent is required, the operator shall provide appropriate notices to the user and a confirmation window for explicit consent.

Revocation of explicit consent
The operator is obliged to give the user the possibility to fulfill the right of exemption provided by the legislation by means of e-mail notification in any form of direct marketing.

The controller shall prevent the use of personal data for direct marketing purposes within 15 days and shall inform the requesting user accordingly, in writing within a further five days or in another agreed manner.

Right of appeal
The User may, if he considers that his rights under these Terms of Privacy have been violated, file a complaint with the competent supervisory authority located in the Republic of Slovenia: Office of the Information Commissioner.

Final Provisions

The binding nature of the legal conditions
1. The privacy policy apply to all users who use the site and submit personal information to the operator for management and further processing.
2. The privacy conditions are binding on the controller, processors and users in the communication, management and processing of personal data of the user, and in the exercise of user rights and obligations of the controller and processors.
3. Privacy conditions are an integral part of any processing of personal data, in accordance with predefined purposes, bases for processing, user consent and types of personal data subject to further processing for all forms and actions where the user can submit personal data for processing.

Changes to Privacy Policy
1. The operator regularly updates the privacy terms in accordance with legal changes.
2. The operator shall inform users regularly and in a timely manner of changes in writing by email.
3. The operator provides an archive of changes to the privacy terms and conditions, which is accessible to any user by prior written request to the operator's contact email address.

Conflict solving
The operator and the user are obliged to resolve any disagreements and settle disputes in an amicable and consensual manner. To the extent that no amicable settlement is possible, the court in the Republic of Slovenia shall have jurisdiction over the dispute at the seat of the controller.

Local validity
The privacy terms apply to all users, regardless of country of access and to all types of processing of personal data, regardless of the user's location.

Temporal validity
Legal terms apply from: 05/25/2020 03:43