Notice to individuals under Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data
INFORMATION ON THE CONTROLLER OF YOUR PERSONAL DATA
NOISWEB, računalniške storitve, Vasja Novak s.p.
Ulica 7. maja 14
6250 Ilirska Bistrica
Company Reg. no.: 8883181000
VAT ID number: SI 70828059
(hereinafter: the company)
The company is the owner and provider of the website https://e-learning.site/ (hereinafter: the website or online store).
A data protection officer has not yet been appointed by the company. You can send your inquiries regarding the processing and protection of personal data to firstname.lastname@example.org.
1. The legal bases and purposes of personal data processing and what data we process:
1.1. Based on negotiations for the conclusion of a contract or a concluded contract:
We process personal data in order to carry out concluded contracts (e.g. for the performance of web development services) between the company and our customers:
a) communication with you when you contact us (e.g. when you file out a questionnaire, contact us via e-mail, telephone or the built-in dialog box on the website), whereby mainly process: - the contact details of the website visitor (e-mail address and possibly also telephone number) who contacted us.
b) for the purposes of performing the service in respect of which we have reached an agreement / concluded a contract (e.g. when we create your website we process certain personal data for this purpose), in particular, we process: - the contact details of the client (e-mail address and possibly also telephone number) and any other information that is specifically agreed upon in the framework of a concluded personal data processing agreement.
If in the cases described above, you provided us with personal information as part of your contractual obligations or through contract negotiations (e.g. concluding a distance contract for the purchase of our products or requesting information about our products, etc.), we are not required to obtain your explicit consent for processing your personal data in such situations.
If in certain cases where the processing of personal data is based on a contractual relationship we have with you (or which you desire to enter into), you do not provide us with the required data, this will in principle have no consequences for you. However, such situations may make our cooperation more difficult or even impossible (e.g. we cannot sell our products without processing your delivery details or the necessary data for issuing the invoice), whereby we shall try to duly notify you prior to or after the occurrence of such situations.
1.2. Based on our requirement to comply with a legal obligation:
- when possible legal requirements exist under which we might be required to forward personal data to a duly appointed public authority or third party citing relevant parts of the applicable legislation and based on their explicit request (e.g. in the context of the implementation of inspections under the provisions of the Slovenian Consumer Protection Act (ZVPOT) and the Slovenian Inspection Control Act (ZIN),
- when the company processes the personal data of a customer to whom it had issued an invoice, the company processes these data (e.g. personal name, contact details, etc.) on the basis of the Slovenian Value Added Tax Act (ZDDV-1) (see section 3.2.), etc.
1.3. Based on your explicit consent:
The company may also process your personal data on the basis of your explicit consent. The explicit consent of the visitor of the website or the buyer is considered to be his voluntary declaration of will, with which he agrees to the processing of certain personal data for a certain purpose, e.g.:
- marketing communication with people who are not yet our customers * (if we have obtained your explicit consent for this purpose on our website, etc.), whereby we process the information on the person who gave their consent, namely their contact details (email address) for the purposes of sending customized advertising messages or "newsletters".
*Receiving this kind of communication can be canceled at any time by following the link contained in each email message, or by contacting us at email@example.com.
- Showing online ads to visitors who have agreed with the installation of optional (advertising) cookies which are provided by our advertising partners (e.g. installation of the Google Analytics cookie, which makes it easier for us to advertise our products on other websites, etc.) (see section 3.4.1.). The exact list of optional cookies which are provided by our advertising partners, the data that is processed, as well as their retention periods, is available on the subpage "Cookies" - https://noisweb.com/cookies
Cooperating with us and using the services of our company are not, in principle, conditioned on your consent for the processing of personal data, insofar as this is not logically required for the performance of such services or required for cooperation (see section 1.1. of this chapter).
The company guarantees each individual the right to easily revoke his express consent at any time i.e. by contacting us at firstname.lastname@example.org (see section 5.1.).
The withdrawal of consent does not affect the lawfulness of the processing that had been carried out on the basis of such consent until the moment of its withdrawal.
In the event that you do not give consent for the processing of personal data, give it in part or revoke the consent (as a whole or in part), we will, where possible, cooperate with you only to the extent of your consent or in the ways permitted by applicable law.
Consent is voluntary and if you choose not to give it, or revoke it later, this in no way interferes with your other rights that might arise from the business relationship you have with our company, or constitutes additional costs or aggravating circumstances for you.
1.4. Based on the legitimate interests of the company
Certain personal data may be processed for the purpose of securing our legitimate interests, e.g.:
- for example, where the processing of your data would be necessary in order for us to secure our operations e.g. protect our business against potential fraud or required in inspection procedures that are carried out by duly appointed public authorities or litigious and other procedures, we will process only those data that are strictly necessary to pursue these legitimate interests of our company,
The company may also process the personal data of an individual in cases where the processing is necessary in order to protect the vital interests of such individual or other natural persons (e.g. reviewing the address of an individual who is in imminent and serious danger in connection with the purchased product).
The period of retention of personal data depends on the legal basis and purpose of processing. Personal data is kept for as long as it is necessary to fulfill the purpose for which the data was collected, or as long as regulation requires that we must keep it, e.g.:
we keep personal data of customers on invoices for 10 years from the day they were issued, as this requirement is imposed on the company by the Slovenian Value Added Tax Act (ZDDV-1),
- based on a concluded contract, for example, data is processed for the duration of the contract or for another six years after the termination of the contract (if, for example, the processing is necessary because there is a dispute between the individual and the company, etc.),
- based on your explicit consent to receive market communications or our legitimate interest to advertise to people who are already our customers, we keep and process the data until such person withdraws his consent.
Personal data shall be deleted, destroyed, blocked, or anonymized after the purpose of processing has been fulfilled or consent has been withdrawn.
3. Who processes your personal data (users of personal data) inside and outside of our company?
3.1. Certain employees in the company
Your personal data is processed by individual employees of our company. Employees of the company process only those personal data that they need for their work, but they can also share them with each other if their work tasks and internal rules of the company allow them to do so. All employees are committed to confidentiality and the protection of personal data.
3.2. State authorities
In certain cases, as prescribed by applicable law, the company must provide or report your personal data to the competent state authorities as well as to the authorities responsible for financial, tax, or other control (e.g. the Slovenian Labour Inspectorate, the Financial Administration of the Republic of Slovenia, courts, the Office of the Information Commissioner of the Republic of Slovenia, the Market Inspectorate of the Republic of Slovenia, etc.). In certain cases, the company is compelled to provide data to third parties if such an obligation to provide or disclose the data is imposed on the company by law or on the basis of a valid legal right of a third party.
3.3. Contractual processing of personal data
In addition to employees of the company, employees of contractual processors of the company can also act as users of your personal data are, whereby they may only process personal data as confidential information on behalf of the company and within the scope and purposes that are laid down by the data processing agreement, which the company has entered into with any such processor. Contractual processors may only process personal data in the context of the company's instructions since the company is acting as the controller of company personal data, and may not use the data to pursue any other self-interest.
The types of contractual processors with which the Company cooperates are:
The company shall not distribute your personal data to unauthorized third parties.
To obtain an accurate list of all contractual processors of the company, please send your request to email@example.com.
3.4. Cooperation with advertising partners, hosting providers, and providers that enable us to send "newsletters" and other commercial messages.
3.4.1. Collaborating with advertising partners and the use tracking pixels
If you agree to the installation of optional cookies (see section 4. Cookies), we may share certain technical information and other information we record about visitors regarding their interaction with our website with our advertising partners:
In these cases, in addition to cookies, we may also use their tools (Google Analytics, Facebook Business Manager) and services (Google Display Network, Google Customer Match, Facebook Pixel, Facebook Lookalike Audiences, Facebook Custom Audiences) so that we may tailor our ads to your interests and the way you use social networks and other websites that also use the services of our advertising partners (e.g. Facebook, Google Search, Youtube, websites included in the »Google Display Network«, etc.). In these cases, we only share the personal information we collect through cookies and tracking pixel technologies with our advertising partners.
Also, our advertising partners may try to compare the information they receive from us with the information they already keep about you (e.g. in connection with your Facebook user profile or your Gmail email address) and consequently determine the optimal time and place (e.g. page, which you access) to display our ads. Our advertising partners also provide us with feedback on the reach and performance of our ad campaigns (i.e. aggregated data on ad clicks and purchases). If you do not want us to collect, share and process your data in the manner described above, you may not consent to the installation of cookies to your device when visiting our website, or you may delete cookies that have already been installed at any time. (see Chapter 4. Cookies). However, certain ads may still randomly appear to you while using social networks and other websites that use the services of our advertising partners.
If you agree to the installation of advertising cookies, we may also use the Google Customer Match service in order to share certain data (e.g. email addresses) with Google Inc. as (SHA256) encrypted data. Google Inc. in this case shall not receive actual email address data since the data shall be encrypted before the transfer and then compared with data Google Inc. may already have about a particular Google service user. The purpose of such transmission and comparison of data is to place certain individuals in groups based on their interests in order to better display our ads.
An accurate list of the data our partners collects for these purposes, the cookies and tracking pixels that make this possible, the advertising services which are also used in relation to this, as well as the storage time of the collected data and the procedure for removing an individual cookie can be found on https://noisweb.com/cookies
You can read more about each individual advertising service of our advertising partners and tracking pixel technology here:
3.4.2. Service providers for sending "newsletters" and other commercial messages.
Service providers for sending electronic and other commercial messages, within which the email addresses of those individuals who have explicitly agreed to such processing may also be processed by:
3.5. Exporting personal data to third countries and international organizations
As a rule, the company does not export personal data to third countries (i.e. outside of the European Union, Iceland, Norway, and Liechtenstein) and to international organizations. Exceptions to this are the occasional transfer of certain technical and personal data to the servers of the abovementioned processors, which are located in the USA (e.g. the automatic transfer of certain data collected by cookies and tracking pixels that are provided by Google Inc. or Facebook Inc. to their servers, the entry of email addresses into our tools for sending commercial messages, etc.), whereby the contractual processors concerned are former members of the Privacy Shield program (https://www.privacyshield.gov/) who after the 12th of July 2020 respect and have taken all security measures regarding the receipt or transfer of data that are considered appropriate at the time that this document has been prepared (i.e. the post privacy shield invalidation requirements).
You can obtain more detailed information on user categories, contract processors, and data transfers by sending us your request to:
For a list of cookies and to manage your cookie settings, please visit our cookies subpage (https://noisweb.com/cookies ).
Cookies are small text files that most modern websites store on the devices of visitors, i.e. people who use their devices to access a particular website on the Internet.
The popup window also reminds you that the installation of cookies which are not mandatory (e.g. which do not relate to the saving of your settings, adjusting the display dimensions of a website to your device, etc.) for the normal functioning of the website:
The exact list of optional cookies which are provided by our advertising partners, the data that is processed by them as well as the data retention periods is available on the subpage "Cookies" - https://noisweb.com/cookies
5. What rights do you have in connection with your personal data and how can you exercise them?
In connection with this general information on the processing of personal data or regarding the processing of your personal data by our company and our contractual processors, you can contact us at any time and without hesitation via firstname.lastname@example.org.
You can also contact us on the email mentioned above in order to send us your specific requests and requirements and for exercising your other rights, which relate to your personal data and applicable local legislation or the GDPR.
As a data subject, the GDPR grants you the following rights:
5.1. Right of access to personal data (Article 15 of the GDPR)
You have the right to obtain from the company as the controller of personal data confirmation, whether personal data are processed in relation to you and, where applicable, request access to the personal data concerned together with the information referred to in Article 15 (1) of the GDPR:
5.2. Right to rectification of personal data (Article 16 of the GDPR)
The data subject has the right to obtain that the company, as the controller of personal data, corrects inaccurate personal data concerning him without undue delay.
The data subject has the right to supplement incomplete personal data, including the submission of a supplementary statement, taking into account the purposes of the processing. Regarding the above, an individual can contact the company via email at email@example.com.
5.3. The right of erasure ("the right to be forgotten") (Article 17 of the GDPR)
The data subject has the right to request that the company, as the controller of personal data, corrects inaccurate personal data concerning him without undue delay.
Pursuant to Article 17 (3) of the GDPR, in certain cases, you do not have the right to have your personal data deleted by the company (e.g. when the company processes data for the purposes of asserting, enforcing, or defending legal claims).
5.4. The right to revoke consent or partially revoke consent
If, as an individual, you have consented to the processing of your personal data for one or more specific purposes (see point 1.3 of this general information on the processing of personal data), you have the right to revoke your consent (i.e. opt-out) at any time, without prejudice to the lawfulness of the processing of data carried out on the basis of the consent until its revocation.
Your consent to the processing of personal data for the purposes described in this information is voluntary. Consent to data processing can be restricted or revoked at any time by contacting us at firstname.lastname@example.org.
In the event of revocation of consent or partial consent, the company reserves the right, as far as possible, to cooperate with you only to the extent of the given consent or in the ways permitted by applicable law.
5.5. Right to limit processing (Article 18 of the GDPR)
As a data subject, you have the right to have the company, as controller, restrict the processing of your personal data when certain cases, that are mentioned in the cited Article apply.
Where the processing of personal data has been restricted, such personal data, with the exception of their storage, shall be processed only with the consent of the data subject or to assert, enforce or defend legal claims or to protect the rights of another natural or legal person due to important interests of the European Union or the Republic of Slovenia.
Where the company, as the controller, achieves a processing restriction, it shall inform the data subject before lifting the processing restriction.
5.6. The right to data portability
As an individual, you have the right to receive personal information about you that you have provided to the company in a structured, commonly used, and machine-readable form, and you have the right to pass this information on to other controllers, without being hindered by the company, when:
(a) processing is based on consent or a contract; and
(b) processing is carried out with automated means.
As a data subject, in exercising the right of portability, you have the right to have personal data transferred directly from one controller (e.g. the company) to another where technically feasible.
5.7. Right to object to processing (Article 21 of the GDPR)
As a data subject, you have the right, on grounds relating to your specific situation, to object to the processing of personal data concerning you where the processing is necessary for the performance of a task in the public interest or in the exercise of an official authority which has been granted to the company or where the processing is necessary for legitimate interests pursued by the company or a third party, except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular when the data subject is a child. The above also applies to the creation of profiles in such cases of processing.
In the event that you object, the company will stop processing personal data unless it can prove that the legitimate interests for processing outweigh the interests, rights, and freedoms of you as a data subject, or that the processing is necessary for the enforcement, implementation, or defense of legal claims.
When personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data relating to them for the purposes of such marketing, including the creation of profiles insofar as such direct marketing is concerned.
Where the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for those purposes.
As part of using information society services, you, as a data subject, can exercise your right to object to processing by automated means of technical specifications.
Where data are processed for scientific or historical research purposes or for statistical purposes, you as the data subject have the right to object to the processing of data relating to you for reasons related to your particular situation, unless the processing is necessary for the performance of a task carried out by reasons of public interest.
5.8. The right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data carried out by the company in relation to you violates the rules on personal data protection, you, without prejudice to any other (administrative or other) remedy, have the right to lodge a complaint with the supervisory authority in the country in which you have your habitual residence, in which your place of work is located, or in which the violation allegedly occurred (in Slovenia the supervisory authority is the Office of the Information Commissioner of the Republic of Slovenia):
- Informacijski pooblaščenec, Dunajska 22, 1000 Ljubljana, Slovenia, EU, email: email@example.com, phone: +38612309730, website: www.ip-rs.com.
A list of other national supervisory authorities and their contact information can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The company carefully stores and protects personal data through organizational, technical, and logical
technical procedures and measures to protect data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing to which you have not expressly consented.
To this end, the company has also adopted appropriate internal processes and set up various measures (e.g. assigning, using, and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, physically protecting of materials containing personal data in specially designated places, training of employees, etc.). The company also demands these security commitments from its contractual processors.
If you visit the website and consent to the installation of analytical cookies on your device (see Chapter 4. Cookies), such cookies will automatically process certain technical and personal data (e.g. the number of website visits, average time of each visit, the pages that were visited - for a detailed list, please see the subpage on cookies).
Performing advertising activities with the help of the tools and services of our advertising partners (see section 3.4.1.) is also done in an automated way (i.e. without direct processing by our employees) and may result in the creation of user profiles on the part of our advertising partners, whereby they may collect, analyse and link certain economic, interest and behavioural indicators of individuals when placing their cookies in connection with our and other websites, so that the performance of our ads may be optimized and our marketing communications may be more relevant (e.g. linking your visit of our website to the demographical information from your Facebook profile and the interests that you share on that social network for the purpose of optimizing the performance of our Facebook ads, linking your visit of our website to your visits of other websites which have Google Analytics installed and the products you have purchased for the purpose of optimizing the performance of our Google Display ads, linking the fact that you opened a marketing message and clicked on a link and made a purchase for the purposes of adjusting the offer in our next marketing message).
You may unsubscribe from the abovementioned automated processing of your personal data at any time by deleting the relevant cookies (see our subpage on cookies) or by contacting us at firstname.lastname@example.org.
8. Processing of personal data of persons under 18 years of age and persons with limited or deprived legal capacity
The company does not accept orders from persons under the age of 18 or persons with limited or deprived legal capacity. All such persons must leave the website immediately before confirming the installation of cookies, making a purchase, or performing other interactions with the website.
The purchase process was created following the principle of personal data minimization, whereby the company does not collect the age of its visitors or customers and any data relating to their legal capacity. As a result, the company does not have the means to economically and efficiently verify whether the use of the website, the execution of the purchase contract, and the subsequent processing of the submitted personal data entail the processing of personal data of a person that is younger than 18 years of age or a person who does not have full legal capacity.
As a result, the company does not knowingly offer its products to persons under the age of 18 or persons with limited or deprived legal capacity and does not knowingly process any personal data related to them.
If the company subsequently finds out that it has processed the personal data of a person who is under the age of 18 or a person with limited or deprived legal capacity without the consent of his parent or guardian, the company shall do everything necessary to delete all provided personal data.
If the parents or guardian of the person under the age of 18 or a person with limited or deprived legal capacity find out that their child or the person in their care has used the online store of our website or has voluntarily provided his personal data to the company, they can inform the company about this and request the deletion of the relevant personal data at email@example.com.
9. Who can you contact for further clarification regarding the processing of personal data in the company and regarding your rights?
You can contact us:
NOISWEB, računalniške storitve, Vasja Novak s.p.
Ulica 7. maja 14
6250 Ilirska Bistrica
10. Final provisions
This general information on the processing of personal data may be updated from time to time in order to better reflect changes in data protection or for other operational and legal reasons.
If we change the contents of this general information on the processing of personal data significantly, we will publish a news item on our website.