Privacy Policy

The conditions of privacy are an internal act of the company SIMONA BOŽIČ – HOLDER OF SUPPLEMENTARY ACTIVITY ON THE FARM (hereinafter: the processor) and apply to all
the legal relationship between him and the service subscribers (‘the operator’).
The act determines the rights and obligations of the processor and the controller in the management and processing of personal files
data of individuals.

Personal information

Personal data means any information relating to an identified or identifiable individual that is
natural person. A specific individual is one whose personal data is determined and processed in accordance
for purposes specified by the operator. An identifiable individual is one who can be directly or
indirectly determine and process his personal data in accordance with the purposes set by the controller.


An individual is any natural person whose personal data is processed legally or on a contractual basis
on the basis of the controller and that individual or on the basis of the explicit consent of the individual
given to the manager.

The manager

The controller determines the purposes and means of processing within its registered activity and / or legal
powers. The individual is informed in advance who is the controller of personal data and who is
the processor of his personal data.


The processor processes the personal data of individuals on behalf of the controller, under his instructions, v
within the framework of lawful purposes and methods of processing.


The sub-processor processes the personal data of individuals in the name and under the instructions of the processor, within
lawful purposes and methods of processing.


Processing of personal data means any act or series of actions carried out in relation to personal data
or sets of personal data with or without automated means, such as collection, recording, editing,
structuring, storing, adapting or modifying, retrieving, inspecting, using, disclosing
mediating, disseminating or otherwise making available, adapting or combining,
restriction, deletion or destruction.

Processing restriction

Restriction of processing means marking of stored personal data in order to restrict their
processing in the future.

Profile design

Profiling means any form of automated processing of personal data that involves
use of personal data to assess certain personal aspects relating to an individual, in particular for
analysis or prediction of job performance, economic situation, health, personal taste,
interests, reliability, behavior, location or movement of that individual.


Pseudonymization means the processing of personal data in such a way that personal data without additional
the information can no longer be attributed to the specific data subject,
provided that such information is kept separate and subject to technical and organizational measures to ensure,
that personal data is not attributed to a specific or identifiable individual.

Consent of the individual

The consent of the data subject means any voluntary, explicit,
an informed and unambiguous statement of the will of the data subject by which
express his consent to the processing of personal data concerning him by a statement or a clear affirmative action

Violation of personal data protection

Violation of the protection of personal data means a breach of security which results in intentional or unlawful destruction,
loss, alteration, unauthorized disclosure or access to personal data sent, stored
or otherwise processed.

Processor data

Dolnja Bistrica 140A, 9232 Črenšovci, Slovenia
Registration number: 2093740000
Tax number: 90201981
The company has been entered in the Court Register of the Republic of Slovenia since 17 February 2005
The person responsible for providing information regarding this act and the protection of personal data is:

Simona Božič,


The processor has concluded contracts for further processing of personal data of individuals of a particular
the operator in cases where he has external processors in relation to the provision of his services in relation to
operator by its sub-processors. The processor is responsible for selecting subprocessors and takes care of that
are obliged to the same or higher level of protection of personal data as stipulated by Slovenian regulations and
European Union regulations. The processor shall inform the controller of its existing processors and of
changing processors each time or hiring new processors. It does so by announcing the publication of new ones
conditions of privacy in which he lists the new processors and makes thirty days available to the controller,
to rule on, approve or oppose changes.

Legal basis for the processing of personal data

The processor has a legal basis for processing the personal data of certain individuals
the controller in a previously concluded contract between the controller and the processor or on the basis of another
service contract agreement.

The processor is responsible for ensuring that controllers are aware of this act and other acts of the processor,
insofar as they regulate the field of personal data processing of individuals and / or business conditions for
implementation of ordered services.

The controller is responsible for providing the appropriate legal basis for the processing of personal data
(legitimate interest, contractual interest and / or explicit consent of the individual).

Types of personal data

The processor processes the personal data provided to it by the controller. Processor never
processes other personal data of individuals of a particular controller.

Purposes of personal data processing

The processor processes the personal data of the individuals of a particular controller only for the purposes for which
the manager gave him instructions. The processor never processes the personal data of individuals
designated operator for other purposes.

The role of the manager

The controller is obliged to give the processor instructions for the processing of those personal data of individuals, s
which it manages. The controller must provide the processor with clear and unambiguous information on the type
personal data and for what purposes it may be processed.

Documented operator instructions

According to this act, the controller is obliged to determine the content and duration of the processing of personal data by the processor,
the nature and purpose of the processing, the types of personal data and the categories of individuals to whom they relate
relate to personal data.

The operator ‘s instructions must be documented and may be given in writing in the ordinary or
by e – mail, and in the case of oral instructions, the processor also requests written confirmation by ordinary or
by email.

The processor is not responsible for the legality of the instructions it receives from the controller for processing personal files
data of individuals of a particular controller.

Confidentiality of data

The processor ensures that the persons authorized to process personal data are obliged to
confidentiality or are bound by the relevant law. The processor has adopted internal Rules on
protection of personal data and obtain a written commitment from all employees and external collaborators to
confidentiality of data, acquaintance with the rules and appropriate security measures taken by the processor
implemented to ensure an adequate level of data security.

Rights of individuals

The processor shall technically ensure that, on the instructions of the controller and to the lawful extent, it provides support and
technical solutions and the final data that the operator needs when individuals are with the operator
exercise one or more of the rights conferred on them by law: the right of rectification, the right of erasure,
the right to restrict processing, the right to data portability and the right to object.

Deletion or transfer of data

The processor deletes or returns everything based on the previously documented operator’s instructions
personal data to the controller after the completion of the service it provides for the controller and destroys the existing copies,
except in cases where the storage of data is required by law.

Access to information

The processor shall provide the controller with all information necessary to demonstrate compliance
from this act and legislation, and to the controller or another auditor authorized by the controller
conducting and participating in audits, including reviews.

Processing security

Processor and controller taking into account the latest technological developments and implementation costs
and the nature, extent, circumstances and purposes of the processing, as well as the risks to rights and freedoms
individuals differing in likelihood and severity, the controller and the processor by implementation
appropriate technical and organizational measures to ensure an adequate level of risk-based safety,
including, inter alia, measures covering:

pseudonymization and encryption of personal data,

the ability to ensure the continued confidentiality and integrity, accessibility and resilience of systems and services for

the ability to restore the availability and access to personal data in a timely manner in the event of a physical or
technical incident,

procedures for regular testing, evaluation and evaluation of the effectiveness of technical and organizational
measures to ensure the security of processing.

In determining the appropriate level of security, particular account shall be taken of the risks posed by the processing, in particular due to
unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or access
to personal data that is sent, stored or otherwise processed.

Data protection officer

The processor is not obliged to appoint a person authorized to protect personal data because of the processing
it does not carry out as a public authority or body, nor does it carry out the processing in which it would be
necessary because of their nature, scope and / or intentions to the individuals to whom they relate
data, regularly and systematically monitored extensively and does not cover the processor’s core business
extensive processing of specific types of personal data.

Security measures

The processor shall ensure appropriate security measures in the processing of personal data for the purpose of providing
protection of personal data. Security measures are regularly monitored and updated in line with developments
technology and legal requirements.

The processor informs the operator about security measures and appropriate technical solutions separately
a document which forms an integral part of these conditions of privacy governing the legal relationship between the controller and
processor and the Rules on Personal Data Protection, which regulate the legal relations between the processor and
employees who process the personal data of individuals of a particular controller.

Binding nature of legal conditions

1. The conditions of privacy apply to all controllers with whom the processor has regulated legal and business
relationship by contract or in writing by e-mail and confirmed by the operators by e-mail
and it is considered that an annex to the existing legal relationship or a written annex to the
existing written contract if the operator so requests.
2. The conditions of privacy shall be binding on all legal transactions concluded on the basis thereof.
3. The terms of privacy are an integral part of the service contract by the operator.
4. The operator confirms the acquaintance and agreement with these privacy conditions before ordering the service (v
contract or in writing via electronic communication).

Changes to the Terms of Privacy

1. The processor shall regularly update the privacy terms with legal changes.
2. The processor shall notify the controller of changes in a timely manner in writing by electronic means
4. The processor shall provide an archive of changes to the privacy conditions that is available to each controller
accessible by prior written request to the contact email address of the processor.

Conflict solving

The processor and the operator undertake to resolve any disagreements and disputes amicably and
by agreement. To the extent that an amicable settlement is not possible, the court in
To the Republic of Slovenia by the seat of the processor.