PRIVACY AND PERSONAL DATA PROTECTION POLICY
At Paloma, higienski papirji, d.d., Sladki Vrh 1, 2214 Sladki Vrh, registration no.: 5034639000, VAT No.: SI 45280312 (hereinafter Paloma), we appreciate your privacy and are aware of the importance of the right to protection of personal data of the individual, so we strive to handle this data carefully and responsibly.
We would like to inform you that, as the manager of your personal data, we comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and we would also like to inform you about the annulment of Directive 95/46/EC (hereinafter referred to as: General Data Protection Regulation) and the applicable Personal Data Protection Act. With the technical and organisational measures established, we ensure an appropriate level of security, and prevent accidental or intentional unauthorised destruction of your personal data, its alteration or loss, and unauthorised processing.
In the following, in accordance with the provisions of Articles 13 and 14 of the General Data Protection Regulation (GDPR), we provide the necessary information regarding the protection of personal data, striving to make this information concise, easy to understand and expressly laid out in clear and simple language.
The manager of the personal data is the company Paloma.
For all questions, necessary explanations and possible complaints in the field of personal data processing and in the field of exercising your rights under the regulations governing the protection of personal data, you can contact the authorised person for personal data protection:
- via the telephone number: +386 2 6457 100;
- via the e-mail address: firstname.lastname@example.org, with the annotation "for the authorised person for the protection of personal data",
- to the address: Sladki Vrh 1, 2214 Sladki Vrh, with the annotation "for the authorised person for the protection of personal data".
We undertake to respond to your request without undue delay and within the relevant statutory deadlines. In case of doubt about the identity of the sender, Paloma may, with the goal of protecting personal data, request additional information from the sender that would be required to confirm the sender's identity. In the case of repeated unsubstantiated and excessive enquiries, we are entitled to charge the sender administrative costs, or reject individual claims.
Personal data is any information relating to the individual data subject, e.g. name and surname, address, date of birth, EMŠO number, tax number, e-mail address, telephone number and all other data relating to the individual on the basis of which the individual can be directly or indirectly identified.
Processing of personal data means any act or series of actions carried out in relation to personal data, such as the collection, recording, editing, structuring, storage, adaptation or modification, retrieval, access, use, disclosure, dissemination or other enabling of access, adapting or combining, limiting, deleting or destroying of such data. Processing can be manual or automated. Processing is carried out by automated means, when this is necessary for the conclusion of a contractual relationship, when the explicit consent of the data subject is given, and when permitted by EU or Slovenian law, always ensuring the implementation of appropriate measures to protect the data subject's rights, freedoms and legitimate interests.
Profiling means any form of automated processing of personal data involving the use of personal data to assess certain personal aspects of an individual, in particular for analysis or business performance prediction, economic situation, health, personal taste, interests, reliability, behaviour, location or movements of that individual. Profiling is used on the basis of the law, in the case of the implementation of individual legitimate interests of Paloma and on the basis of explicit consent to such processing.
A database pertains to any structured set of personal data that is accessible according to specific criteria. A database can be centralised, decentralised or dispersed on a functional or geographical basis.
A manager means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of processing data.
A processor means a natural or legal person, public authority, agency or any other body which processes data on behalf of the manager.
The user means a natural or legal person, public authority, agency or any other body to whom personal data has been disclosed, not pertaining to whether that entity is a third party or not (public bodies which may receive personal data in the context of an individual enquiry in accordance with EU law or the law of the Republic of Slovenia are not considered as users).
A third party means a natural or legal person, public authority, agency or body other than the data subject, manager, processor and persons authorised to process personal data under the direct supervision of the manager or processor.
Consent means any voluntary, explicit, informed and unambiguous statement of the will of the data subject by which he or she expresses consent to the processing of personal data concerning him or her with a statement or clear affirmative action.
Personal data gathering
Paloma gathers personal data directly from customers or individuals to whom the personal data relates. In accordance with the purposes defined in the continuation of this policy, the following personal data is collected and processed:
- contact details and information about your communication with Paloma (name and surname, position and company, e-mail address, telephone number, date, time and content of postal or electronic communication);
- data on users of the Paloma website (IP address, dates, times and durations of website visits, data on the location or entry point of Internet access, data on visited sub-pages, data on settings made, etc.);
- information on entries in online forms (e.g. registrations for birthday parties, applications for prize games, applications for receiving advertising messages);
- data of candidates for employment (workers, students, pensioners) entered by candidates in job application forms (e.g. name and surname, address, contact details such as e-mail address and telephone number, year of birth, year of study) and other information that potential candidates send us via our contact details (information provided in the cover letter and CV, such as information on education, past work experience, competencies and abilities, education and courses, etc.);
- other information that individuals voluntarily provide to Paloma at one of the contact addresses on our website.
By providing data, the individual gives consent for the processing of such data, and at the same time confirms the truthfulness of all the provided personal data.
Purpose and legal basis of personal data processing
Paloma collects and processes your personal data in accordance with the requirements and provisions of the General Data Protection Regulation (GDPR), the applicable law governing the protection of personal data, and other applicable regulations.
We collect and process your personal data on the basis of a contractual relationship, as well as for the protection of our direct legitimate interests, the interests of third parties or the public interest, and to meet our legal obligations. Paloma protects your privacy and collects and processes only personal information that is strictly necessary to fulfil the purpose for which it was collected. If there is a need to further process your data for another purpose, we will contact you in advance and ask for your prior written consent. We collect and process personal data legally and transparently, and take care that the data is accurate, complete, up-to-date and secure. Sensitive personal data and other special types of personal data is processed with the express consent of the data subject or based on any other reason laid out in Article 9 of the General Data Protection Regulation (GDPR).
We may also process your personal data on the basis of your consent, most often for the purpose of direct marketing, such as sending offers, promotional materials, invitations to events and communications and surveys via telephone, mail and electronic means. In these cases, the data is processed within the scope and purpose covered by the consent, and through agreed information channels. Paloma processes personal data for the purpose of direct marketing, even if there is a legitimate interest in processing in accordance with the General Data Protection Regulation.
Any transfer of personal data processed or intended for processing after transfer to a third country or international organisation will be carried out in accordance with the General Data Protection Regulation (GDPR).
In the event that our own website publishes links to other websites, of which the owner or operator is not Paloma, we do not assume any responsibility for the protection of your personal data when visiting such websites.
Sending enquiries and other communication
When you send an enquiry about our services and/or products to our contact information (address, e-mail address, or telephone number) published on our website, we process your personal data exclusively for the purpose of preparing a response to your enquiry or other question, for possible preparation and conclusion of a contract, or to perform the agreed contract.
For this purpose, we only collect the personal data that you provide to us voluntarily. All information collected through our website or otherwise communicated to us (e.g. by telecommunication means) is collected for the purpose of providing services, and for the purpose of our internal administration and the management of our business.
Based on our legitimate interest, we may also process the provided contact information for basic personalised communication with you via e-mail, and try to present you with relevant services or products that may be of interest to you based on your past interactions with us. While doing this, we do not use any kind of (automatic) profiling; we merely select the appropriate sets of recipients for individual messages.
Signing up to our electronic newsletter
You can also subscribe to receive current notifications and information about our promotions and news on our website, or via a reply to the received e-mail. For the purpose of direct marketing, we can therefore inform you about news of our offer via e-mail. We will inform you about news occasionally and if necessary.
By subscribing to the electronic newsletter, you agree that we use your e-mail address for the purpose of notifying you of new products, offers and services. You can unsubscribe from the system at any time by clicking on the unsubscribe link provided in the email messages.
Participation in prize games and promotions
We process personal data that you provide to us when participating in a prize game or registering for promotions, solely for the purposes of conducting that particular prize game or promotional campaign. Your personal data will be deleted after the prize game or promotion that you have applied for has concluded, unless you have given your explicit consent to receive our advertising messages via the contact details provided when applying for the prize game or promotion.
Sending job applications
On our website, you can fill in an application for enrolment in the database of people interested in regular employment, student work or the work of retirees. For the purpose of processing your application, we may ask you for more information and personal data, or we may obtain additional personal data from you in the event that we invite you for an interview. If you, however, send your job application to our e-mail address email@example.com on your own initiative, we collect and process only the data that you have provided us (e.g. motivational letter and CV, proof of eligibility).
We commit to processing your personal data only for the purpose of conducting job candidate selection for particular positions, contacting rejected candidates, sending invitations to possible interviews, preparation of draft employment contracts, and to defend our claims in case of alleged discrimination in conducting the selection process.
Your consent to be entered into the database of interested parties serves as the legal basis for the processing of your information, which we may also request from you on the basis of law, as it is also necessary for the implementation of measures that precede the signing of a possible employment contract. We will keep your application, either sent to us directly or registered in the database of interested parties, for up to 6 (six) months, in case we decide to invite you for an interview, as well as throughout the employment procedure and 30 (thirty) days after you receive a notification of acceptance or rejection, or for the duration of possible court proceedings.
If we estimate that your application may be of interest to us for another position and would like to keep your application for a longer period of time, we will inform you in advance and ask for your consent.
Contractual processing of personal data
In addition to authorised employees of Paloma, personal data is also accessed and processed by carefully selected external service providers who have entered into a contract with Paloma for the processing of personal data and are obliged to comply with applicable legal regulations on personal data processing and must implement organisational, technical and logistic-technical procedures and measures to protect personal data. Contractual processors may process confidential data exclusively on our behalf and within the limits of our authority, and in accordance with the purposes set out in this policy. The contractual processors do not store personal data, nor do they use it for their own purposes.
Paloma may also entrust individual activities in the processing of personal data for the purposes of fulfilling contractual obligations to processors and controllers outside the EU and the European Economic Area, while guaranteeing that, in these cases, the same level of personal data protection will be ensured as that of Paloma itself, and all regulatory requirements relating to the transfer of personal data to third countries will be complied with.
Within the framework of legal competences, your personal data may be disclosed to the following data users or third parties:
- information technology service providers in the field of software servicing and maintenance;
- administrator and website administrator.
Personal data may also be disclosed when processing is necessary to comply with Paloma's legal obligations in the field of consumer protection, prevention of money laundering and terrorist financing, tax compliance, etc. Paloma may provide data to the Market Inspectorate of the Republic of Slovenia, the Office for Money Laundering Prevention, the Financial Administration of the Republic of Slovenia, the Information Commissioner of the Republic of Slovenia, law enforcement agencies and the like.
Personal data retention period
Paloma undertakes to process personal data only to the extent necessary to achieve the purposes of the processing and for as long as is necessary to achieve the objective pursued. After the retention period, we will permanently delete or anonymise your personal data so that your identification will no longer be possible.
We store personal data in compliance with the applicable legal regulations regarding data retention, and as long as it is possible to assert legal claims under the contractual relationship, or until the purpose for which the data was collected has been fulfilled, and all contractual rights and obligations are fulfilled, namely:
- five years from the termination of the contract or the fulfilment of all contractual obligations, and in any case until the expiry of the limitation period under the contractual relationship;
- in the event of litigation, five years after the final conclusion of the legal proceedings.
Personal data that we process based on your consent or legitimate interest is kept permanently, until you revoke consent or until you request us to stop processing it. We also undertake to check the existence of a purpose for processing personal data at regular intervals. We will only delete data before revocation if the purpose of the processing of personal data has already been achieved or if so provided by law.
If there is a different legal retention period for certain data that is processed for the realisation of contracts (e.g. accounting or tax data), the retention period is up to 10 years. During this time, data processing is limited.
An individual's rights
Paloma consistently guarantees the exercise of all your rights in connection with the processing of your personal data on the basis of applicable legal regulations.
Right to revoke consent:
If the processing of your personal data is based on consent, you have the right to revoke your consent at any time, free of charge, with a written statement sent to the e-mail address: firstname.lastname@example.org. The revoking of consent does not affect the lawfulness of the data processing carried out until its withdrawal. Revocation of consent to the processing of your personal data does not have any negative consequences or sanctions.
Right of access
You have the right to obtain confirmation as to whether personal data in relation to you is being processed and, where applicable, to request access to personal data and information on the purpose of processing, types of personal data, the recipients, retention of personal data and other information in accordance with Article 15 of the General Data Protection Regulation (GDPR). Paloma will provide you with a copy of the personal data being processed, free of charge. For additional copies, however, Paloma is entitled to charge a reasonable fee, taking into account administrative costs. If you submit the request by electronic means, and unless you request otherwise, we will provide you with the information in electronic form.
Right of rectification
You have the right to request Paloma to correct your inaccurate personal data without undue delay. You also have the right to fill in incomplete personal data, taking into account the purposes of processing. For this purpose, you can provide us with a supplementary statement with up-to-date personal data.
Right to deletion (so-called right to forget)
You have the right to request Paloma to delete your personal data without undue delay. Paloma has the obligation to delete personal data without undue delay, if personal data is no longer needed for the purposes for which it was collected or otherwise processed, if personal data has been processed illegally, or any other case laid out in Article 17 of the General Data Protection Regulation (GDPR). We kindly note that you will not be able to exercise the right to deletion if the processing is necessary to assert, enforce or defend legal claims and the like.
We kindly ask you to note that the right to rectification and the right to deletion are mutually exclusive, and relate to incorrect, incomplete or unjustifiably processed data. If you are not sure whether your data is incorrect, incomplete or has been unjustifiably processed, you can request a restriction on the processing of such data until the issue has been resolved.
Right to restriction of processing
You have the right to request Paloma to restrict the processing of your data if:
- you dispute the accuracy of the data processing, namely for a period that allows Paloma to verify the accuracy of the data;
- the processing is illegal, but you oppose the deletion of your personal data and instead request a restriction on its use,
- Paloma no longer needs the personal data for the purpose of processing, and you need it to exercise, enforce or defend legal claims;
- you have lodged an objection to the processing, until it is verified that the legal reasons of Paloma outweigh your reasons.
Right to data portability
You have the right to receive your personal data provided to Paloma in a structured, commonly used and machine-readable form, and the right to pass this data on to another personal data manager, if the processing of personal data is based on consent or contract and is carried out by automated means.
Right to object
You have the right to object, at any time, to the processing of your personal data, including profiling and for the purposes of direct marketing. Paloma will stop processing your personal data, unless urgent legitimate reasons for the processing are given, which must prevail over your interests, rights and freedoms, or Paloma requires the data for the purposes of asserting, enforcing or defending legal claims. If you object to the processing of your data for direct marketing purposes, we will immediately stop processing your data for these purposes.
Right to appeal
If you believe that our processing of your personal data violates applicable law, you have the right to lodge a complaint directly with the national supervisory authority, i.e. the Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, e-mail: email@example.com, or to an intra-EU supervisory authority (European Data Protection Supervisor). You can also contact the Information Commissioner regarding all issues related to the processing of personal data and the exercise of rights under the regulations governing the protection of personal data.
Providing personal data is necessary for concluding and enforcing contractual relationships, resolving claims and communicating with you. If you choose not to provide us with your personal data or not to provide the required scope of personal data, a contractual relationship or the resolution of possible disputes will not be possible. This, however, does not present a non-fulfilment of contractual obligations by Paloma. In such cases, we will also not be able to respond to your enquiries or contact you regarding possible employment with us.
We kindly ask you to send us any changes to your personal and contact information by e-mail to firstname.lastname@example.org.
Paloma reserves the right to change or amend this policy at any time and in any way. The currently applicable version is published on the website www.paloma.si. Paloma will inform you of any changes that would significantly affect the processing of your personal data, in advance and in an appropriate way (e.g. via notification on our website or by e-mail).
The Privacy and Personal Data Protection Policy is valid from 1.4.2022 onwards.