IV. PURPOSES OF DATA PROCESSING AND LEGAL BASES
Purposes of personal data processing
LEGERA processes the personal data of buyers of our services and other natural persons who engage in business with us or who at any moment collaborate with LEGERA for the following purposes:
- Provisioning of our services – event, conference, seminar organisation.
- Registration for events we organise.
- Management of contractual relations, including participation in our events, conferences, seminars, conclusion and exercising of rights and liabilities arising from employment or other contractual relationships, and the exercising of rights and liabilities from sponsorship agreements.
- Marketing activities, including advertising through various communication channels and other marketing activities, i.e. direct mail, e-mail, text messages to mobile phones, phone calls, websites, social networks etc.
- Surveys of satisfaction of users of our services with the objective of continuous improvement of services on offer.
- Mitigation of website security breach risks (providing for information security, mitigation of risk of unauthorised access to commercially relevant information, personal data and information system of LEGERA d.o.o.).
- And other purposes set out below.
Categories of processed personal data
LEGERA keeps the following categories of personal data on natural persons:
- Name and surname.
- Permanent or temporary address.
- Tax ID.
- E-mail and phone number.
- Company of employment of event participant (when registration or payment is carried out by the employer).
- Division or position in company (when registration or payment is carried out by the employer).
- Time and date of user account use, if assigned.
- Computer IP address, date and time of website access.
- Time, date, type and volume of services used, benefits, event participation and newsletter registration.
- Accounts receivable.
- Itemized bill or list of completed services.
- Other personal data submitted to LEGERA d.o.o. by a natural person on a voluntary basis.
Legal bases of processing
a) LEGERA processes the personal data of natural persons (employees, event participants and others) on the legal basis laid out by Article 6/I, Item c of the GDPR, and on the basis of international treaties, EU regulations and national legislation that require LEGERA, in specific cases, to transmit the personal data of natural persons to public authorities (e.g. Financial Administration of the Republic of Slovenia, state controls etc.) and other controllers (e.g. Health Insurance of Slovenia, Employment Service of Slovenia, Pension and Disability Insurance Institute of Slovenia etc.) for the purpose of fulfilling own legal obligations or exercising responsibilities, or fulfilling the legal obligations or exercising the responsibilities of others.
b) LEGERA also processes the personal data of natural persons for the purpose of performance of contracts (Article 6/I, Item b of the GDPR), including in particular the processing of personal data of participants at our events on the basis of the participants’ event registrations in line with the General Terms available at www.legera.eu as well as the specific conditions indicated in the registration form, as well as of other natural persons based on their use of our services, and sponsors who conclude sponsorship agreements with LEGERA. On a contractual basis, LEGERA also processes the personal data of employees, students and other collaborators who cooperate with the company on the basis of an employment relationship as necessary for the conclusion and exercising of rights and liabilities arising from employment or another contractual relationship.
c) In specific cases, LEGERA will request event participants and other natural persons to submit their consent (Article 6/I, Item a of the GDPR) for the processing of their personal data, when such processing of personal data is necessary for the purposes not set out by the legislative or contractual foundations. Similarly, LEGERA will request consent for the processing of personal data for the purpose of preparing and providing in line with the natural person’s interests personalised service quotes as well as for the purpose of providing news on upcoming events and consent for the sending of news on LEGERA business partners’ programmes. In such cases, the processing of personal data is conducted in line with the natural person’s consent to the permitted scope of processing, purpose and agreed notification channels until the moment of withdrawal of consent.
For direct marketing in line with Article 158 of the Electronic Communications Act (ZEKom-1), in the scope of which the buyers of our services are notified on upcoming events and other news, we use the e-mail address provided by the natural person, while the natural person may at the moment of submission of his or her e-mail address in line with Article 158, paragraph two of the Electronic Communications Act, require that the e-mail not be used for the purpose of direct marketing. Furthermore, for the purpose of direct marketing, our buyers are able, upon receipt of each piece of news or notification of commercial character, to opt-out of receiving commercial messages in line with Articles 72 and 73 of the Personal Data Protection Act (ZVOP-1).
d) LEGERA also processes the personal data of natural persons on the basis of legitimate interest (Article 6/I, Item f of GDPR) for the purpose of mitigation of website security breach risks (providing for information security, mitigation of risk of unauthorised access to commercially relevant information, personal data and information system). In the context of your access to our website, our servers keep track of data that could be used in the identification natural persons (computer IP address, date and time of website visit). Alongside mitigation of risk of breach and unauthorised access, these data will also be used for the purpose of analytics and statistics.