Cvetlična ulica 20
2270 Ormož, SLOVENIA
INFORMATION OF THE PROCESSING OF PERSONAL DATA OF NATURAL PERSONS AT LEGERA D.O.O.
I. CONTROLLER DESCRIPTION
LEGERA is engaged exclusively with the organisation of conferences, seminars and other events in the field of plant protection products, biocides and industrial chemicals registration procedures.
Today, operations are inseparably connected to the processing of personal data. As a result, one of our commitments is to respect the privacy of natural persons and to protect their personal data. In this regard, we undertake to handle the collected personal data in line with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR) and national regulations governing personal data protection.
II. VISION OF PRIVACY AND PERSONAL DATA PROTECTION AT LEGERA
LEGERA is a trustworthy controller of personal data. We understand and consistently respect the trust, security and privacy of every natural person.
III. DATA PROTECTION OFFICER
LEGERA has not appointed a data protection officer because personal data is processed neither to a sufficient extent nor in the manner where the appointment of a data protection officer were necessitated by legislation. Regardless of the above, we will respond to any questions and queries by natural person within the prescribed deadlines via e-mail at firstname.lastname@example.org.
IV. PURPOSES OF DATA PROCESSING AND LEGAL BASES
Purposes of personal data processing
LEGERA processes the personal data of buyers of our services and other natural persons who engage in business with us or who at any moment collaborate with LEGERA for the following purposes:
- Provisioning of our services – event, conference, seminar organisation.
- Registration for events we organise.
- Management of contractual relations, including participation in our events, conferences, seminars, conclusion and exercising of rights and liabilities arising from employment or other contractual relationships, and the exercising of rights and liabilities from sponsorship agreements.
- Marketing activities, including advertising through various communication channels and other marketing activities, i.e. direct mail, e-mail, text messages to mobile phones, phone calls, websites, social networks etc.
- Surveys of satisfaction of users of our services with the objective of continuous improvement of services on offer.
- Mitigation of website security breach risks (providing for information security, mitigation of risk of unauthorised access to commercially relevant information, personal data and information system of LEGERA d.o.o.).
- And other purposes set out below.
Categories of processed personal data
LEGERA keeps the following categories of personal data on natural persons:
- Name and surname.
- Permanent or temporary address.
- Tax ID.
- E-mail and phone number.
- Company of employment of event participant (when registration or payment is carried out by the employer).
- Division or position in company (when registration or payment is carried out by the employer).
- Time and date of user account use, if assigned.
- Computer IP address, date and time of website access.
- Time, date, type and volume of services used, benefits, event participation and newsletter registration.
- Accounts receivable.
- Itemized bill or list of completed services.
- Other personal data submitted to LEGERA d.o.o. by a natural person on a voluntary basis.
Legal bases of processing
a) LEGERA processes the personal data of natural persons (employees, event participants and others) on the legal basis laid out by Article 6/I, Item c of the GDPR, and on the basis of international treaties, EU regulations and national legislation that require LEGERA, in specific cases, to transmit the personal data of natural persons to public authorities (e.g. Financial Administration of the Republic of Slovenia, state controls etc.) and other controllers (e.g. Health Insurance of Slovenia, Employment Service of Slovenia, Pension and Disability Insurance Institute of Slovenia etc.) for the purpose of fulfilling own legal obligations or exercising responsibilities, or fulfilling the legal obligations or exercising the responsibilities of others.
b) LEGERA also processes the personal data of natural persons for the purpose of performance of contracts (Article 6/I, Item b of the GDPR), including in particular the processing of personal data of participants at our events on the basis of the participants’ event registrations in line with the General Terms available at www.legera.eu as well as the specific conditions indicated in the registration form, as well as of other natural persons based on their use of our services, and sponsors who conclude sponsorship agreements with LEGERA. On a contractual basis, LEGERA also processes the personal data of employees, students and other collaborators who cooperate with the company on the basis of an employment relationship as necessary for the conclusion and exercising of rights and liabilities arising from employment or another contractual relationship.
c) In specific cases, LEGERA will request event participants and other natural persons to submit their consent (Article 6/I, Item a of the GDPR) for the processing of their personal data, when such processing of personal data is necessary for the purposes not set out by the legislative or contractual foundations. Similarly, LEGERA will request consent for the processing of personal data for the purpose of preparing and providing in line with the natural person’s interests personalised service quotes as well as for the purpose of providing news on upcoming events and consent for the sending of news on LEGERA business partners’ programmes. In such cases, the processing of personal data is conducted in line with the natural person’s consent to the permitted scope of processing, purpose and agreed notification channels until the moment of withdrawal of consent.
For direct marketing in line with Article 158 of the Electronic Communications Act (ZEKom-1), in the scope of which the buyers of our services are notified on upcoming events and other news, we use the e-mail address provided by the natural person, while the natural person may at the moment of submission of his or her e-mail address in line with Article 158, paragraph two of the Electronic Communications Act, require that the e-mail not be used for the purpose of direct marketing. Furthermore, for the purpose of direct marketing, our buyers are able, upon receipt of each piece of news or notification of commercial character, to opt-out of receiving commercial messages in line with Articles 72 and 73 of the Personal Data Protection Act (ZVOP-1).
d) LEGERA also processes the personal data of natural persons on the basis of legitimate interest (Article 6/I, Item f of GDPR) for the purpose of mitigation of website security breach risks (providing for information security, mitigation of risk of unauthorised access to commercially relevant information, personal data and information system). In the context of your access to our website, our servers keep track of data that could be used in the identification natural persons (computer IP address, date and time of website visit). Alongside mitigation of risk of breach and unauthorised access, these data will also be used for the purpose of analytics and statistics.
V. USERS OF PERSONAL DATA AND THE POSSIBLE TRANSMISSION TO THIRD COUNTRIES
Alongside LEGERA, personal data is also processed by processors of LEGERA in the latter’s name and behalf. Typically, processors are providers of IT support in personal data processing, while other external users, namely the Pension and Disability Insurance Institute of Slovenia, Health Insurance of Slovenia and other public authorities, will also engage in the processing of such data in line with legislation.
Personal data of natural persons are not transmitted to third countries.
VI. RIGHTS OF NATURAL PERSONS
By means of a written request sent to LEGERA d.o.o., Cvetlična ulica 20, 2270 Ormož, Slovenia, or email@example.com, a natural person may require access, completion, rectification, blocking or restriction of processing or deletion of personal data, object to the processing of data concerning him or her, or require the transfer of data.
At any moment, a natural person may withdraw his or her consent for personal data processing either permanently or temporarily by means of a written request despatched to: LEGERA d.o.o., Cvetlična ulica 20, 2270 Ormož, Slovenia, or firstname.lastname@example.org. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
The natural person may file an appeal with the Information Commissioner of the RS when he or she believes that his or her personal data are stored or processed in any other way in contradiction with the current provisions regulating the protection of personal data.
VII. PERSONAL DATA RETENTION PERIODS
LEGERA will only process personal data to the extent necessary to achieve the objective of processing and as long as necessitated by the pursuit of the objective.
This means that personal data will be processed until the fulfilment of the purpose or in line with the limitation periods for liabilities that might result from the processing of such personal data, especially when the processing of personal data is necessary in the scope of the conclusion or execution of the agreement, except in cases where the personal data retention periods are prescribed by law. In the case of the latter, LEGERA will keep data as prescribed by law.
Date: 3 January 2019