Privacy policy Statement

1. Introduction

The purpose of this Privacy policy Statement is to inform individuals, service users, colleagues and

employees and other persons (hereinafter: individual) who work with PROTOKORP SVETOVANJE,

D.O.O., Koseška ulica 8, 1000 Ljubljana (hereinafter: company) about the purposes and legal bases,

security measures and the rights of individuals regarding the processing of personal data carried out

by our company.

We process your personal data in accordance with European legislation (Regulation (EU) 2016/679

on the protection of natural persons with regard to the processing of personal data and on the free

movement of such data (hereinafter: the General Regulation) and current legislation in the field of

personal data protection (Personal Data Protection Act (Official Gazette 94/07)) and other legislation

that gives us a legal basis for processing personal data.

The personal data protection policy contains information for individuals, how our company as an

administrator processes personal data received from individuals based on the legal bases described


The controller of personal data is the company:


Koseška cesta 8

1000 Ljubljana


Phone: +386 01 620 33 32

Contact person for personal data protection:

Individuals to whom personal data refer, can contact the contact person for the protection of

personal data regarding all issues related to the processing of their personal data and the exercise of

their rights based on Regulation:


Koseška cesta 8

1000 Ljubljana


Phone: +386 01 620 33 32

The authorized person for the protection of personal data is Martin Šifrer

2. Types of personal data

Personal data is any information about a specific or identifiable natural person “data subject”.

An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors characteristic of a physical, physiological, genetic, mental, the economic, cultural or social identity of that natural person.

3. Methods and sources for obtaining personal data

We process personal data in particular for the purposes of advertising and campaigns. We collect personal data in accordance with the purpose for which you provided it to us. We will not use the provided personal data for any other purpose. Contract processors may only process personal data within the framework of the company’s instructions and may not use personal data for any other purposes.

We can also use the data to improve services, which includes identifying problems with existing services, planning improvements to existing services, and designing new services.

4. Legal basis for processing personal data

We collect personal data based on your consent or based on the contract.

5. Contractual processing of personal data

We only collect your personal data if it is absolutely necessary.

We collect personal data about you that you provided to us when you submitted your inquiry. The personal data we collect are first name, last name, company name and email address.

The website contains contact forms that enable quick electronic contact with the company. If an individual decides to contact via the contact form, the personal data provided on the form is automatically saved. Such personal data is stored by the data controller for the purpose of processing or establishing contact with the person to whom the data relates. This personal data is not passed on to third parties.

6. Transmission of personal data

Personal data will not be forwarded to third parties and will not be publicly disclosed, except to selected contractual partners, who are also bound by the Regulation on the Protection of Personal Data. We will not transfer personal data to a third country or organisation.

7. Cookies

The company’s website works with the help of these cookies. A cookie is a file that stores website settings. Websites store cookies on users devices with which they access the internet in order to identify individual devices and the settings that users used to access the website. Cookies allow websites to recognize if the user has already visited this website, and in the case of advanced applications, individual settings can be adjusted accordingly.

Read more about cookies at the link:

8. Rights from the protection of personal data

In accordance with the Regulation, an individual has the following personal data protection rights:

You can request information about whether we hold personal data about you and, if so, what

data we hold and on what basis we hold it and why we use it.

  • You can request access to your personal data, which allows you to receive a copy of the personal data we hold about you and to verify that we are processing it lawfully.
  • You can request corrections of personal data, such as the correction of incomplete or inaccurate personal data.
  • You can request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
  • You object to the further processing of personal data where we rely on a legitimate business interest (even in the case of a third party’s legitimate interest), when there are reasons related to your special situation; regardless of the provision of the previous sentence, you have the right to object at any time if we process your personal data for direct marketing purposes.
  • You can request the restriction of the processing of your personal data, which means stopping the processing of personal data about you, for example, if you want us to determine their accuracy or check the reasons for their further processing.
  • You can request the transfer of your personal data in a structured electronic form to another controller, as far as possible and feasible.
  • You can revoke the consent or consent you gave to the collection, processing and transfer of your personal data for a specific purpose; upon receiving notice that you have withdrawn your consent, we will stop processing your personal data for the purposes for which you originally agreed, unless we have another lawful legal basis to do so lawfully.

If you wish to exercise any of the aforementioned rights, send a request by e-mail to or by regular mail to the address PROTOKORP SVETOVANJE, D.O.O., Koseška cesta 8, 1000 Ljubljana. 

Accessing your personal data and exercising your rights is free of charge. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive, particularly if it is repeated, in which case we may also refuse the request.

In the event of exercising such rights, we may need to request certain information from you to help us confirm your identity, which is only a security measure to ensure that personal information is not disclosed to unauthorized persons. 

When exercising such rights, an individual can use the Information Commissioner’s form, which is available on their website

If an individual believes that his rights have been violated, he can turn to the supervisory authority for protection or for the assistance to the information officer

If an individual has any questions regarding the processing of their personal data, they can always contact our company by e-mail at or by regular mail to the company’s address.

9. Retention period

The company will keep personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected and processed. If the company processes data on the basis of the law, it will keep it for the period prescribed by law. Some data is kept for the duration of cooperation with the company, while some data must be kept permanently.

Personal data that the company processes on the basis of a contractual relationship with an individual is kept by the company for the period necessary for the execution of the contract and for another 6 years after its termination, except in cases where a dispute arises between the individual and the company regarding the contract. In such case, the company keeps the data for 10 years after the finality of the court decision, arbitration or court settlement or, if there was no court dispute, for 5 years from the date of the peaceful resolution of the dispute.

Those personal data that the company processes on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. After receiving the cancellation or request for deletion, the data will be deleted within 15 days at the latest. The company can delete this data even before cancellation, when the purpose of personal data processing has been achieved or if it is stipulated by law.

Exceptionally, the company may refuse a request for deletion for reasons from the Regulation, such as: exercise of the right to freedom of expression and information, fulfillment of the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defense of legal claims. After the retention period has expired, the company must effectively and permanently delete or anonymize personal data so that it can no longer be linked to a specific individual.

10. Data protection and data accuracy

The company takes care of information security and infrastructure security (premises and application system software). Our information systems are, among other things, protected by anti-virus programs and a firewall. We have implemented appropriate organizational and technical security measures aimed at protecting your personal data against accidental or illegal destruction, loss, modification, unauthorized disclosure or access, and against other illegal and unauthorized forms of processing. In the case of transmission of special types of personal data, they are transmitted in encrypted form and protected by a password.             

The individual is responsible for providing his/her personal data securely and that the data provided is accurate and authentic. The company will make every effort to ensure that the personal data we process is accurate and if necessary updated, from time to time we may contact you to confirm the accuracy of your personal data.

11. Announcement of changes

Any changes to our personal data protection policy will be published on the company’s website: 

By using the website, the individual confirms that he accepts and agrees with the entire content of this personal data protection policy.

The personal data protection policy was confirmed by director Martin Šifrer.

©2022, All Rights Reserved.