Privacy Policy

PRIVACY POLICY

At R.U.R., business consulting and research company, LLC (hereinafter referred to as: “R.U.R.” or “we” or “company”), we respect your right to privacy and strive for the highest level of protection of your personal information. In providing our services through our website, via email or by telephone contact, as well as in our business operations and provision of services, we are therefore committed to act in accordance with laws and regulations which define the protection of personal data, particularly in compliance with the applicable Personal Data Protection Act, the Electronic Communications Act and the General Data Protection Regulation of the EU (GDPR).

The purpose of this Privacy policy is to inform you about the purpose of collecting and processing your personal data, as well as with your rights regarding the data we keep about you.

Personal data controller

R.U.R., poslovno svetovanje in raziskovanje, LLC

Groharjeva 4

1230 Domžale, Slovenija

M: +386 31 650 041

E:  office@rur-svetovanje.com

W: www.rur-svetovanje.com

What is personal data?

The term “personal data” refers to such information, which directly or indirectly, may define you as an individual, where “indirectly” means in combination with other information, such as your name, postal address, email address, telephone number, identification number, location data or other identifiers.

Purposes of data collecting and processing

We need your personal data:

– to respond to the inquiry you submitted on our website  www.rur-svetovanje.com; for this purpose, we collect the following data from you: first and last name or title, e-mail address and information about the content of the request;

– for the preparation of an offer, the conclusion of a contract and the fulfillment of its obligations under the contractual relationship; for this purpose, in addition to identification and contact information, we also obtain information about the transaction account and tax number;

– to communicate (via email, post or phone), if you have registered for an event (education, conference). We process the personal data entered when registering for the event for the purpose of keeping records of the participants, communication related to the registration, course, content and location of the event, as well as for sending material and informing you about the topics that might be of interest to you based on the content of the event.

All personal data you provide to us will be treated confidentially and will be used only for the purposes for which it was provided. If there is a need for further processing of your data for another purpose, we will contact you in advance and request your consent.

If you do not want to provide us with your personal data, we cannot respond to your inquiry, prepare an offer and conclude a contract with you or perform the service.

Legal basis for the processing of personal data

The company collects and processes your personal data on the following legal bases:

• Legal obligation: processing is necessary for compliance with a legal obligation to which the controller is subject;

We process your personal data for the purpose of concluding a contract and in order to fulfill our obligations from the contractual relationship in compliance with applicable legislation (e.g. tax law, labour law …)

• Contract: the processing is necessary for a contract with the individual to whom the personal data refers or to implement measures at the request of such individual prior to the conclusion of the contract;

Within the scope of the exercise of contractual rights and performance of contractual obligations, the company processes your personal data for the following purposes: for identification of the data subject, preparation of an offer, conclusion of a contract, for the provision of ordered services, notification of any changes, additional details and instructions for the use of services, for solving possible technical problems, objections or complaints, billing services and for other purposes necessary for the implementation or conclusion of a contract between the company and the individual.

In order to ensure the proper conclusion and implementation of the contract, that you concluded with the controller, we process all the necessary data, such as: your identification and contact information, taxpayer – tax number, transaction account and similar information.

• Legitimate interests: processing is necessary for the purpose of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests of fundamental rights and freedoms of the data subject which require protection of personal data;

Thus, we can also use your personal data (residential address, email address, telephone number), which you provide to us via the filled-in contact form on our website, by phone or regular mail to inform you about services, events, educations, conferences and other contents that might be of your interest based on your past cooperation with us. You may object to the processing of your personal data for direct marketing purposes at any time.

Other legitimate interests may include fraud prevention, enforcement of claims in administrative and judicial proceedings, network and information security and similar.

• Consent: the individual to whom the personal data relates has consented to the processing of his personal data for one or more specified purposes;

We can also process your personal data on the basis of your explicit consent, which you have given us for specific purposes:

• residential address, email address and telephone number for notification and communication purposes;
• photos, videos and other contents for the purpose of documenting activities and informing the public about the company’s operation and events (e.g. publishing images on the company’s website);
• for other purposes for which you have agreed with consent.

If you have consented to the processing of your personal data and at some point you no longer want it, you can request the termination of processing your personal data by sending a request by email to office@rur-svetovanje.com or by regular mail to the company’s address.

Withdrawal or change of consent applies only to the personal data processed on the basis of your explicit consent, whereby we will take into account your most recent valid consent.

The revocation of consent does not release you from your valid contractual relationship with us.

• Vital interests: the processing is necessary in order to protect the vital interests of the data subject or of other natural person.

Users and processors of personal data

Within the controller, only those employees and contractual partners, who need it due to their function or position or work tasks have access to your personal data.

We do not transmit your personal data or provide information about it to third parties (beyond the controller), except to those who have a written contract with us, on the basis of which they perform certain tasks related to data processing and are obliged to comply with the legislation regarding the processing and protection of personal data (the so-called contractual processors). Processors to whom we provide personal data are:

• email service providers;
• accounting services;
• providers of legal and business consulting;
• private investigators;
• co-organizers of events (conferences, educations);
• payment transaction providers;
• IT equipment maintenance service providers;
• providers or administrators of tools that are used to edit websites and carry out marketing activities.

Processors shall process personal data only within the framework of our instructions and authorizations and shall not process personal data for their own purposes. They are obliged, as well as their employees, to protect the confidentiality of your personal data.

Contractual processors of personal data do not transfer data to third countries (outside the European Economic Area Member States: EU Member States and Iceland, Norway and Liechtenstein).

We may disclose your personal data to third parties, e.g. to the police or other public authorities if it relates to criminal investigations or if we are otherwise obliged to disclose such data by law or a decision of a public authority.

Transfer of data to third countries and international organizations

We store personal data collections in the territory of the European Union and do not generally transfer them to third countries. If we transfer your personal data to third countries, we will do so after carefully reviewing the legal bases and safeguards applied by that third country (binding rules, codes of conduct, standard contractual clauses and other similar mechanisms).

In accordance with the principle of responsibility, every transfer of personal data to third countries will be carried out by the controller after careful consideration and with the requisite level of prudence.

Retention period of personal data

The company R.U.R. will retain your personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected and processed.

When personal data is processed on the basis of law, it will be retained for the period prescribed by law. In this case, some data is kept for the duration of cooperation with the company, while some data must be kept permanently.

Personal data processed on the basis of the conclusion or execution of a contract may be stored for the purpose of fulfilling contractual obligations until required for the conclusion and execution of the contract and the exercise of rights and obligations from the concluded contract or until the expiration of the statutory deadline for the enforcement of legal protection of contracting parties (from one to five years).

Issued invoices are stored for 10 years after the end of the year to which the invoice refers, which is in compliance with the provisions of the law governing value added tax.

The personal data that the company processes on the basis of personal consent or legitimate interest will be retained until the consent is revoked or until the data deletion request. After receiving the revocation of consent or the deletion request, the data will be deleted within one month at the latest. The company can delete this data even before revocation, when the purpose of personal data processing has been achieved or if required by law.

After the retention period, we effectively delete or anonymize personal data, which means that it is processed in such a way that it can no longer be linked to you.

Manner of personal data protection

Company R.U.R. carefully safeguards your personal data and has to this end introduced appropriate technical and organizational security measures to protect it from accidental or unlawful destruction, loss, amendment and unauthorized disclosure or access to your personal data that has been transferred, retained or otherwise processed.

Automated decision making

In our company, all decisions in connection with contractual relationships and other decisions with legal or similar effects are made by our employees with appropriate information support.

Your rights regarding personal data

The Constitution of the Republic of Slovenia, and valid European and Slovenian regulations provide you with numerous rights regarding privacy and the protection of personal data, in particular the following:

• the right to information regarding the processing of your personal data (the text you are reading is part of the exercising of that right);
• the right to access to personal data, which means that you have the right to obtain from R.U.R., LLC, as the controller, confirmation as to whether personal data that relates to you is being processed. Whenever that is the case, you have the right to access your personal data and additional information (the purposes of processing, types of data, data users, the existence of rights and information regarding potential claims, data sources, potential automated decision-making and special profiling);
• the right to receive a copy of personal data that is subject to processing, if a legitimate interest for that exists;
• the right to rectification, which means that you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by means of the provision of a supplementary statement;
• the right to erasure (known as the ‘right to be forgotten’), which means that you have the right to demand from us to erase personal data concerning you without undue delay, if the prescribed conditions are met (when processing is no longer necessary, in the event of the revocation of consent and when there is no other legal basis for processing, in the event of justified objection and unlawful processing, erasure is required in accordance with valid regulations, etc.);
• the right to the restriction of processing, which means the right to demand that we restrict the processing of personal data, if you contest the accuracy of data, if you have filed an objection, if processing is unlawful, and when we no longer need the data for processing, but they are required for the establishment, exercise or defence of legal claims;
• the right to notification regarding the rectification or erasure of your personal data, or restrictions on the processing thereof, if that data was provided to another user, unless this proves impossible or involves disproportionate effort;
• the right to portability, which means the right to receive personal data concerning you that you provided to us, in a structured, commonly used and machine-readable form, and the right to transmit data to another controller without any hindrance whatsoever (applies to data processed automatically based on consent or a contractual relationship);
• the right to object, which means that you have the right to object at any time to certain types of processing of your personal data (public interests, the legitimate interests of the controller, marketing purposes, etc.). The controller must prove the existence of legitimate interests for the processing or the cessation of processing (you may always object in the case of direct marketing, including profiling if it is connected with direct marketing, about which you will be clearly and unambiguously informed), except in rare cases of justified exceptions, if we can prove that we have urgent legitimate reasons for data processing that outweigh your interests, rights and freedoms, or we require such data to establish, exercise or defend legal claims;
• the right regarding automated processing and profiling, which means that you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similar effects concerning you, if this is not urgently necessary or prescribed, or you do not give your consent;
• the right to temporarily or permanently revoke previously given consent whenever we process your personal data based on your consent. In such cases, your revocation applies prospectively and does not affect processing that was carried out until that revocation.

We will provide information regarding measures in connection with the processing of your personal data that were adopted at your request in accordance with Articles 15 to 22 of the GDPR without undue delay and in any event within one month of receiving such a request. That period may be extended exceptionally for a maximum of two additional months taking into account the complexity and number of requests. We will inform you in such cases within one month from the receipt of a request, and state the reasons for a delay. If you submit your request by electronic means, we will provide information by electronic means, unless you request otherwise.

Whenever a breach of the protection of personal data occurs and whenever it is likely that a breach will result in a high risk to your rights and freedoms, the controller will inform you without undue delay that such a breach has occurred.

The state body responsible for handling breaches of personal data protection regulations is the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, telefon:  01 230 97 30, email: gp.ip@ip-rs.si.

When exercising all your rights or when obtaining additional information, we are available to you via email: office@rur-svetovanje.com or telephone: +386 31 650 041.

These terms and conditions of personal data protection are continuously accessible at the controller’s registered office and on its website www.rur-svetovanje.com, last updated on December 20, 2022. Changes to the terms and conditions will be published on our website.

R.U.R., LLC