The Controller is the one who manages the personal data and determines the purposes and means for the processing of personal data. Insofar as these terms and conditions specify several controllers, it means that they jointly determine the purposes and methods of processing your personal data (joint controllers).
The Controller of the users’ personal data is: Name of the legal entity: GO TO, trgovina in storitve, d.o.o. Address of the legal entity: Brezovce 6 Postcode and place: 1236 Trzin, Slovenija VAT number: SI 64342786, taxpayer Registration number: 5460905000 Contact e-mail: goto@goto-automation.com Contact telephone number: + 386 (0)1 51 90 853 Data on the entry in the register or any other public records: 14.02.1991, application number: 11109600. Contact person and contact for providing information related to user’s personal data: Franci Turk, info@goto.si
Data of the Processor
The Processor of personal data is the one who processes personal data on behalf of the Controller. The Processor may process only personal data only for the purposes determined in documented instructions by the Controller. Our Processors process users’ personal data in accordance with the applicable legislation, based on an existing contractual relationship which regulates all areas of processing.
Processor: The list of processors is available on the basis of a written request to the e-mail address: goto@goto-automation.com.
Website
The Privacy Policy is intended for users or customers via the Controller’s or Provider's website or websites: goto-automation.com
Legislation
Slovenian and European legislations are used for the evaluation of this Privacy policy.
This Privacy policy is prepared according to the Personal Data Protection Act (ZVOP-2, Official Gazette of the RS, no. 163/22 and amend.), the Regulation (EU) 2016/679 of the European Parliament and the Council from 27/04/2016 regarding the protection of individuals in personal information processing and the free flow of such information and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), the Electronic Communications Act (ZEKom-2, Official Gazette of the RS, no. 133/22 and amend.), and other Slovenian and European legislation regulating these fields.
Legal principles
The Controller and their Processors respect the general principles related to the processing of the users’ personal data: 1. We process users’ personal data in a legal, fair, and transparent manner. 2. We collect personal data for purposes which are determined in advance, explicit, and legal, and we do not further process the data for other purposes, except for the purposes of scientific or historical research or statistics under certain conditions. 3. We process personal data in the smallest extent possible and for the purposes of processing. 4. We make sure that the processed personal data are accurate and regularly updated, whereby we rectify or erase the inaccurate data. 5. We only keep personal data for as long as it is necessary for the purposes of processing. 6. We ensure adequate protection of personal data, which includes the prevention of unauthorised or unlawful processing and unintentional loss, destruction, or damage of data, by implementing adequate technical and organisational measures.
Definitions of Terms
The Privacy Policy applies to contracts concluded via distance communication, when personal data is entered directly on the controller’s website or obtained through email exchanges or other comparable communication channels of the provider. It also applies to other forms of website use where the user enters personal data (e.g., newsletter subscriptions, public postings) on the controller’s website.
Personal data refers to any information related to an identified or identifiable individual who is a natural person. Identified individual is someone whose personal data are identified and processed according to the purposes determined by the Controller. Identifiable individual is someone who can be directly or indirectly identified and whose personal data can be processed according to the purposes determined by the Controller.
A user is an individual who is a natural person whose personal data are processed based on a legal or contractual basis which exists between the controller and that individual, or based on explicit consent provided by the individual to the controller, or on the legitimate interests of the controller.
The Controller determines the purposes and means of processing within the framework of their registered activity and/or legal authorisations. The user is informed in advance on who the Controller and the Processor of their personal data are.
The Processor processes personal data of individuals on behalf of the Controller, according to their instructions, and within the framework of legitimate purposes and means of processing. The Controller provides the user with data on the Processors of their personal data in this Privacy Policy.
The Subrocessor processes personal data of individuals on behalf of and according to the instructions of the Processor within the framework of legitimate purposes and means of processing. The Subprocessor is directly responsible to the Processor and the Processor is directly responsible to the Controller.
Processing of Users’ Personal Data
The processing of personal data refers to any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
The controller may process personal data only if there is an appropriate legal basis for the processing. The controller processes users’ personal data exclusively for purposes that are clearly defined and compliant with applicable legislation. For each purpose of processing, the controller ensures transparency and informs users about:
1. the content of the processing purpose, 2. the type of personal data being processed, 3. the legal basis for processing, and
4. the retention periods.
If the controller processes personal data for new purposes that are not compatible with the existing legal basis or are not based on explicit consent:
1. the controller provides all necessary information to the user in advance, and
2. obtains new explicit consent if processing is based on such consent.
The controller ensures that all purposes of processing comply with the principles of data minimization, security, and privacy and that personal data is processed solely to the extent necessary to achieve the specified purpose.
Retention Periods for Personal Data
The controller retains users’ personal data in a form that allows identification of users only for as long as necessary to fulfill the purposes for which the data was collected or further processed, or to comply with legal obligations. After the retention period expires, the controller deletes, anonymizes, or archives the data, unless there are other legal grounds for further processing.
Retention periods for personal data are specified for each processing purpose, along with the legal basis for processing and the type of personal data being processed.
Disclosure and Transfer of Personal Data
The controller discloses users’ personal data in the following cases:
1. Disclosure Required by Law: The controller may disclose personal data to third parties only when required by law (e.g., court orders, requests from inspection bodies, or other governmental authorities). Disclosure is performed solely to the extent necessary to fulfill legal obligations.
2. Transfer of Data to Third Countries: The controller ensures that data is transferred to third countries only if they provide an adequate level of personal data protection in accordance with legislation or if appropriate safeguards are in place (e.g., standard contractual clauses or binding corporate rules).
3. Disclosure to Contractual Processors: The controller may disclose personal data to contractual processors providing services to the controller (e.g., IT support, marketing agencies, accounting). Such processors act only under the controller’s instructions, and appropriate security measures are ensured to protect users’ data.
Use of Cookies
The controller provides users with a clear and visible notice regarding the use of cookies upon visiting the website. This notice is available via a dedicated link in a prominent location on the website, where users can find all necessary information, including options for managing cookie preferences. The controller ensures users have a clear option to modify their consent later through a visible notice or link on the website. Users are also able to customize or reject cookies during their first visit and are informed about the consequences of rejecting cookies, such as potential limitations in functionality or user experience (e.g., restricted operation of certain features).
The controller may use cookies without the user's explicit consent if they are strictly necessary, required for the transmission of communications over an electronic communications network, or cookies essential for providing an information society service explicitly requested by the user (e.g., login to a user account, product purchase).
In all other cases, the controller provides a notice with the user's consent and informs the user of available options for managing cookie settings. The notice includes the following information:
1. The types and names of cookies (e.g., analytical, advertising, functional).
2. The purpose of each cookie (e.g., traffic monitoring, enabling a shopping cart, ad targeting).
3. The storage duration of each cookie (e.g., session cookies, persistent cookies).
User Responsibilities
1. Accuracy and Truthfulness of Data: Users are obligated to ensure that any data they provide (e.g., during registration, ordering products or services, subscribing to newsletters, participating in contests, or filling out contact forms) is accurate, truthful, and complete. The use of false or third-party personal data without authorization is strictly prohibited.
2. Confidentiality of Access Credentials: Users must carefully safeguard their access credentials, such as usernames, passwords, or other identification details, and must not share them with third parties. Users are responsible for all activities performed using their access credentials.
3. Prohibition of Misuse: The misuse of personal data, such as using false or third-party data without authorization, impersonation, or providing false information, is strictly prohibited. The controller reserves the right to initiate legal proceedings against users who violate this provision.
4. Consequences of Violations: In the event of violations, the controller may disable the user's access to services, delete their account, and initiate legal proceedings against the offending user.
Additional warnings
The Controller specifically warns the users of the following content: Outside Slovenia, we sell only to legal entities. In cases where we also process the personal data of individuals in a legal entity, this privacy policy applies.
LEGISLATIVE BASIS
Contractual Basis
Contractual basis for processing of personal data of users means that the processing is necessary for:
1. fulfilling the contract whose contracting party is the user to whom the personal data relate; or
2. implementing measures at the request of such user before concluding the contract.
The Controller provides the user with information on the processing of their personal data in this Privacy Policy and, when needed, with notifications on their website.
The Controller does not require an explicit consent for contractual processing of the user’s personal data.
If the user fails to provide all the personal data that the Controller needs to fulfil the contractual obligation, the Controller is unable to complete the user’s order. The Controller undertakes to only collect and process personal data from the user in the scope needed to fulfil the contract.
Legal basis
The controller processes users' personal data based on a legitimate legal basis when processing is necessary for the fulfillment of legal obligations applicable to the controller. Personal data is processed exclusively for the purpose of fulfilling legal obligations and is not subject to further processing for other purposes that are inconsistent with the law.
In the Republic of Slovenia, legal obligations for the processing of certain personal data are primarily defined in:
1. The Value Added Tax Act (ZDDV-1), which prescribes the obligation to issue and retain invoices;
2. The Rules on the Implementation of the Value Added Tax Act, which further regulate the content and retention of invoices;
3. The Tax Procedure Act (ZDavP-2), which governs obligations regarding the maintenance of records for tax purposes, stipulating that the controller must retain data from issued invoices (including users' personal data on the invoices) for at least 10 years after the end of the fiscal year to which the invoice pertains;
4. The Companies Act (ZGD-1), which specifies requirements for business books and reporting;
5. The Slovenian Accounting Standards (SRS), which regulate obligations for maintaining accounting records;
6. The Accounting Act (ZR), which outlines rules on the retention of business documents and records.
The controller does not require the user's explicit consent for the processing of personal data based on legal grounds.
Explicit Consent
Explicit consent serves as the legal basis for processing personal data when the controller does not have a legitimate or contractual legal basis or legitimate interest for processing.
User consent is valid when it meets the following criteria:
1. it is voluntary, specific, informed, and an unambiguous declaration of intent, whereby the user agrees to the processing of their personal data for a specific purpose;
2. it is provided through clear confirmation, such as clicking a checkbox (not pre-checked), signing, verbal confirmation, or another appropriate method;
3. it is always separate from other terms or provisions, where technically feasible.
The controller ensures appropriate user information prior to obtaining consent through the following methods:
1. Purpose description: A legal notice preceding the confirmation checkbox specifies the purpose of consent (e.g., “I would like to subscribe to the newsletter to receive additional information, advice, promotions, and other useful news.”).
2. Right to withdraw consent: Clearly stated in the legal notice preceding the checkbox, while additional rights are elaborated in these privacy terms (e.g., “You can unsubscribe from the newsletter at any time.”).
3. Direct link to privacy terms: The legal notice preceding the checkbox provides a direct link to these privacy terms (e.g., “I have read and agree to these Privacy Terms.”).
The controller maintains a record of given consents, including information on when and how consent was provided, to ensure proof of its validity in case of verification.
Legitimate interest
The controller may process users' personal data if it is necessary for legitimate interests pursued by the controller. Such processing is restricted to the scope required to achieve these legitimate interests while respecting the rights and interests of users.
In determining legitimate interests, the controller conducts a balancing test to verify whether:
1. he processing serves a legitimate purpose, such as service improvement, abuse prevention, legal claims enforcement, or direct marketing;
2. the personal data is processed in the minimum extent necessary to achieve the purpose;
3. the rights, freedoms, and interests of the user do not override the controller’s legitimate interests.
Examples of legitimate interests pursued by the controller include, but are not limited to:
1. enforcing legal claims;
2. improving user experience through behavior analysis to optimize the website, provided that the data is anonymized or processed with minimal impact on users;
3. direct marketing by sending tailored offers for similar products or services to existing customers, ensuring users can always opt out of such communications and that the data is not used for incompatible purposes.
Parental or Guardian Consent
For processing personal data of children under the age of 18 based on the child's consent, prior approval from parents or legal guardians is required. The controller does not process personal data without such consent.
The controller may request additional verification to ensure that the consent was genuinely provided by the parent or guardian, when technically feasible and proportionate to the risks involved in processing personal data:
1. the controller requests an email address or phone number of the parent/guardian to send a consent request; or
2. The controller requires direct confirmation via an email containing a link, through which the parent/guardian confirms consent, or via a phone call to verify identity and consent.
The controller processes children's personal data exclusively for specific, clearly defined, and necessary purposes, ensuring adherence to the data minimization principle.
Parents or guardians are responsible for the accuracy of the data provided and for giving consent when children enter data themselves. The controller is not liable for incorrect or false data provided by users.
PERSONAL DATA AND PURPOSES OF PROCESSING
Fulfillment of Contractual Obligations
The controller processes the user's personal data for the purpose of fulfilling obligations arising from the concluded contract, which includes processing orders, delivering products or services, issuing invoices, resolving potential complaints or claims, and performing other necessary actions to fulfill the contract. This processing is essential for the successful execution of the contractual relationship between the controller and the user; therefore, explicit consent from the user is not required.
LEGAL BASIS: Contractual basis
DATA RETENTION: 10 years from the issuance of the invoice
PERSONAL DATA:
Name and Surname
Address of permanent and/or temporary residence, postal code, city, and country
Email address
Telephone number
Transaction account number
Credit card number
Sending information and notifications related to contract execution
The controller processes the user's personal data for sending important information related to the order or contract, including order confirmation, order status notifications, and other critical information necessary for the user's information. Such communication is essential for providing proper support to the users. Explicit consent is not required, as the processing is based on the legitimate interest of the controller and the performance of the contract.
LEGAL BASIS: Contractual basis and legitimate interest
DATA RETENTION: Until the end of the contractual relationship and then for an additional 5 years for compliance proof
PERSONAL DATA:
Name and Surname
Email address
Telephone number
Responding to user inquiries
The controller processes the personal data provided by the user through contact forms or inquiries (including via email) for the purpose of responding to the user and providing relevant information about products, services, or other business matters. This processing is based on the legitimate interest of the controller to provide quality customer support and assistance, and consent is not required.
LEGAL BASIS: Contractual basis and legitimate interest
DATA RETENTION: Until the completion of the communication, or up to 1 year after the last contact, unless a contractis concluded
PERSONAL DATA:
Name and Surname
Email address
Telephone number
User registration
For the use of certain features of the website or application, including logging into the online store, signing up for education, events, or services, commenting, submitting reviews, or similar actions, registration is required. The controller processes personal data for the purpose of enabling these features, and explicit consent is not required as the processing is based on the contractual basis.
LEGAL BASIS: Contractual basis
DATA RETENTION: Until the user account is revoked, unless the legislation requires longer retention (e.g., purchase data is retained for 10 years)
PERSONAL DATA:
Name and Surname
Permanent and/or temporary residence address, postal code, city, and country
Email address
Phone number
Fulfilling legal obligations
The controller processes personal data of users in accordance with legal requirements, including maintaining accounting records, providing data to competent authorities, and other forms of processing required by legislation. This processing is based on the fulfillment of legal obligations and does not require the user's consent.
LEGAL BASIS: Legal basis
DATA RETENTION: In accordance with legal retention periods (e.g., 10 years for accounting data)
PERSONAL DATA:
Name and Surname
Permanent and/or temporary residence address, postal code, city, and country
Email address
Phone number
Transaction account number
Credit card number
IP address
Cookie ID
Access logs
Content of communication
Protection of legitimate interests of the data controller or third parties
The controller processes personal data to protect its legitimate interests, such as preventing abuse, ensuring system security, or resolving legal disputes. This processing is carried out to the extent necessary to protect these interests, unless fundamental rights of users prevail.
LEGAL BASIS: legitimate interest and legal basis
DATA RETENTION: As long as there is a legitimate interest for processing (e.g., the duration of a legal dispute or the period necessary to investigate abuse), or in cases of legal proceedings, data is retained in accordance with statutory retention periods for enforcing or defending legal claims (e.g., limitation periods)
PERSONAL DATA:
Name and Surname
Permanent and/or temporary residence address, postal code, city, and country
Email address
Phone number
Transaction account number
Credit card number
IP address
Cookie ID
Access logs
Content of communication
Direct marketing without explicit consent
The controller may send notifications related to the direct marketing of its products or services without the explicit consent of the user, when:
1. the notifications are about products or services similar to those the user has already ordered or used,
2. the controller sends notifications based on legitimate interest, provided that the user is given a clear option to refuse such processing (right to object), and
3. the controller ensures that the messages are clear, non-intrusive, and compliant with the law, and that the user can easily and free of charge object to the processing at any time, in accordance with the rights that are more specifically defined in these privacy terms.
LEGAL BASIS: legitimate interest
DATA RETENTION: Up to 3 years after the last contact, unless the user unsubscribes from receiving notifications
PERSONAL DATA:
Name and Surname
Email address
Direct marketing with explicit consent
For all notifications that go beyond the scope of legitimate interest, the controller must obtain the explicit consent of the user. This includes sending promotional emails, SMS messages, or other marketing materials related to new products, services, or special offers that are not connected to past purchases or a contractual relationship, or for which the user has not yet expressed interest.
LEGAL BASIS: user consent
DATA RETENTION: Up to 3 years after the last contact, unless the user unsubscribes from receiving notifications
PERSONAL DATA:
Name and Surname
Email address
Improving user experience
Improving user experience involves adapting the website or service to make it easier for users to navigate, improving page load speed, providing personalized content, integrating social media, storing user choices, using video and audio content, storing shopping cart information, adjusting user profiles, or providing live chat support. This can be achieved by tracking user activities, providing recommendations, and customizing content based on their past interactions.
LEGAL BASIS: user consent
DATA RETENTION: As specified in the cookie notice for each individual cookie used, but no longer than two years
PERSONAL DATA:
IP address
Cookie ID
Behavioral data (view history, content clicks, interactions)
Purchase data (past purchases and interests)
Monitoring statistical data
The data controller may collect and analyze data for anonymous statistical purposes to improve the functioning of the website, optimize the user experience, or develop new services. Since this processing does not involve personal data, consent is not required, and the processing is based on the legitimate interest of the controller.
However, if the controller uses analytical cookies such as Google Analytics, Hotjar, Matomo, Adobe Analytics, Mixpanel, Crazy Egg, Heap Analytics, Amplitude, Kissmetrics, or Yandex Metrica to monitor visits and user behavior on the website for statistical data and analysis, prior consent from the individual is required.
LEGAL BASIS: legitimate interest and user consent
DATA RETENTION: As specified in the cookie notice for each individual cookie used, session cookies are deleted when the browser is closed, while others are not retained for more than one year
PERSONAL DATA:
Device and user identifiers: IP address, Cookie ID, Advertiser ID
Website behavioral data: visited pages, ad clicks, time spent on the page, items in an unfinished cart
Interaction data with advertising content: ad clicks, interactions with other content (video views, images, etc.)
Geolocation (if enabled)
USER RIGHTS
General Information about Rights
The user may request from the controller:
1. access to personal data, 2. rectification of personal data, 3. erasure of personal data (right to be forgotten), 4. restriction of the processing of personal data, 5. objection to the processing of personal data, 6. data portability.
In addition to these six fundamental rights, the user also has the following rights:
7. the right not to be subject to solely automated processing, including profiling; 8. the right to withdraw consent for the processing of their personal data; 9. the right to lodge a complaint with the supervisory authority.
The controller will respond without undue delay, and no later than one month after receiving the request.
If the request is complex or the controller has received multiple requests, the response time may be extended by an additional two months. The controller will inform the user of the extension and the reasons for the delay within one month of receiving the request.
If the controller does not take action on the user’s request, they will inform the user of the reasons for not taking action and the possibility to lodge a complaint with the relevant supervisory authority or seek judicial remedy.
The users may address their requests directly to the controller through the contact details provided in these privacy terms. The controller ensures that the users's rights will be exercised free of charge, unless the requests are clearly unfounded or excessive, particularly due to their repetitive nature. In such cases, the controller may charge a reasonable fee or refuse to act.
Right to access data
The user has the right to receive confirmation from the Controller on whether or not personal data related to them are being processed.
The Controller shall provide the information on: 1. the purposes of processing;
2. the categories of personal data that they process;
3. the processors to whom personal data were transferred for processing or disclosed;
4. the anticipated time of retention of personal data;
5. the user rights to erasure and rectification of data, and to restriction of processing or objection to processing;
6. the right to lodge a complaint with a supervisory body;
7. the sources from which the Controller received the data, provided that they were not submitted for processing by the user; and
8. the existence of automated decision-making, including profiling.
The user may request from the Controller to without undue delay:
1. rectify inaccurate data concerning the user which are processed by the Controller (or their processors) or
2. complete incomplete personal data.
The user may request from the Controller to erase the user’s personal data without undue delay if at least one of the following conditions is met:
1. The personal data is no longer required for the purpose for which they were collected or otherwise processed.
2. The user withdraws the consent given to the Controller for the processing, whereby there is no other legal basis for the processing.
3. The user objects to the processing of their personal data for the purposes of public interest or for legitimate interests of the Controller or for the purposes of direct marketing and/or profiling.
4. The personal data have been unlawfully processed.
5. The personal data must be erased to comply with a legal obligation imposed to the Controller by the legislation.
6. The personal data was collected in connection with offering information society services to a person younger than 15.
The user may request from the Controller the restriction of processing in one of the following cases:
1. The accuracy of the personal data is contested by the user, for a period enabling the Controller to verify the accuracy of the personal data.
2. The processing of the user’s personal data is unlawful, and the user opposes the erasure of the personal data and requests the restriction of their processing or use instead.
3. The controller no longer needs the personal data for the purposes of the processing for which they had a legal basis or the explicit consent of the user, but they are required for the establishment, exercise, or defence of legal claims.
4. The user has submitted an objection (right to object) pending the verification whether the legitimate grounds of the Controller override those of the user to whom the personal data relate.
When the user is exercising this right, the Controller may only save their data and only process them if: 1. the user provided (subsequent) explicit consent;
2. required for the establishment, exercise, or defence of legal claims;
3. required for the protection of rights of other users (natural or legal persons); and
4. required for an important public interest of the European Union or the Republic of Slovenia.
The user has the right to receive from the Controller the personal data concerning them which are being processed by the Controller. The Controller must provide the user these data in:
1. a structured format;
2. commonly used format;
3. machine-readable format, which allows the user to read the information without any problems.
The user also has the right to transmit the obtained data to another controller without hindrance from us, the Controller, if:
1. the data was processed based on an explicit consent and
2. the processing is carried out by automated means.
The user has the right to have their data transmitted from one controller to another, where technically feasible.
The user may at any time object to the processing of personal data concerning them, when the Controller processes their personal data:
1. in public interest or
2. for legitimate interests of the Controller, including profiling of this user.
The Controller shall not cease to process the user’s personal data at the request of the user if: 1. they can prove the existence of necessary legitimate reasons for processing which overrule the interests, rights, and freedoms of the user; or
2. the data are required for the establishment, exercise, or defence of legal claims.
The Controller shall always grant the user’s request when the user objects to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that it is related to direct marketing. The Controller is obliged to stop the processing of such personal data for the purposes of direct marketing.
For this purpose, the Controller shall, at places where they ask the user to consent to processing of their data for the purposes of direct marketing, provide the user with a clear and separate information on the possibility that the user may at any time withdraw their consent and object to the processing of their data for these purposes.
Right related to automated processing and profiling
The user has the right not to be subject to a decision based solely on automated processing of their data, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The user cannot exercise the right to prevent the automated processing of their data, including profiling, if the decision (automated processing) is:
1. necessary for the conclusion or performance of a contract between the user and the controller (e.g., online shopping cart),
2. permitted by the law of the European Union or the Republic of Slovenia and provides appropriate safeguards for the rights and freedoms, as well as the legitimate interests of the user (e.g., data processing by the Tax Authority of Slovenia),
3. based on the explicit consent of the user (e.g., for direct marketing through automated systems for sending marketing messages).
Where explicit consent is required, the controller provides appropriate notifications to the user and a confirmation box for the explicit consent.
Right to withdraw explicit consent
The user has the right to withdraw their consent for the processing of personal data at any time, if the processing is based on consent. The withdrawal of consent does not affect the lawfulness of processing that was carried out before the withdrawal. The withdrawal of consent will stop the further processing of personal data for the purpose for which consent was given.
The user can withdraw:
1. general consent for processing, or
2. consent for processing for direct marketing purposes.
The general consent can be withdrawn with a simple request, e.g., via email, contact form, phone, or any other clearly provided channel offered by the controller. The controller must process the withdrawal immediately or at the latest within one month of receiving the request.
Consent for processing for direct marketing purposes can be withdrawn by the user at any time by requesting that their data no longer be used for direct marketing (regardless of the legal basis). The controller must ensure that each form of direct marketing (e.g., email, SMS, calls) provides the user with an easy and free way to exercise the right to withdraw consent. Each marketing communication must clearly include an option to opt-out, such as an "Unsubscribe" link or other suitable option that allows the user to quickly and easily opt-out.
The controller enables the withdrawal of consent for direct marketing without cost to the user and in the same easy way as the consent was given. The controller must retain proof of the withdrawal and ensure that the data is no longer used for unauthorized purposes. The controller must stop processing personal data for direct marketing purposes no later than 15 days after receiving the user's request. The controller must notify the user of the withdrawal in writing or through another agreed-upon method within 5 days of processing the withdrawal.
Right to lodge a complaint with the supervisory authority
The user has the right to file a complaint with the competent supervisory authority if they believe that the processing of their personal data violates the General Data Protection Regulation (GDPR) or the legislation of the Republic of Slovenia (ZVOP-2).
In the Republic of Slovenia, the competent authority for personal data protection is:
Information Commissioner of the Republic of Slovenia Dunajska cesta 22, 1000 Ljubljana
Email: gp.ip@ip-rs.si Website: www.ip-rs.si
The user may file a complaint if the controller: 1. has not adequately responded to a request for the exercise of rights, 2. has violated regulations regarding the protection of personal data, 3. has not taken appropriate protective measures when processing data.
The controller informs the user that they also have the right to file a lawsuit with the Administrative Court if they believe that the decision of the Information Commissioner is not appropriate.
COPYRIGHT
Contents and texts
It is prohibited to copy or otherwise use the content and texts on the Controller’s website outside the needs of the collaboration between the Controller and the user, unless otherwise stated on the website. Any copyright interference is considered as violation of intellectual property rights and may be subject to suitable legal procedures initiated by the Controller.
Photographs and audiovisual works
All photos, videos, and other audiovisual works published on the website are copyright work and property and/or in possession of the Controller and they must not be copied or otherwise used outside the needs of the collaboration between the Controller and the user, unless otherwise stated on the website. Any copyright interference is considered as violation of intellectual property rights and may be subject to suitable legal procedures initiated by the Controller.
Legal document
The text of this Privacy Policy is owned by the Controller and it is prohibited to copy, distribute, or otherwise handle this text for marketing purposes without a written consent from the owner of the information system who on behalf of the Controller maintains the Privacy Policy unless allowed by the law. Any copyright interference is considered as violation of intellectual property rights and may be subject to suitable legal procedures initiated by the owner of the information system, that is the company POGOJI.SI, Tjaša Vidic s.p. For any additional information regarding this issue, please contact: podpora(at)pogoji.si.
This provision does not affect the rights of buyers or recipients of services, who may save or reproduce the provisions of these terms and conditions for personal purposes.
FINAL PROVISIONS
Binding nature
1. The Privacy Policy applies to all those who use the websiteand provide the Controller with personal data so that the Controller can manage and further process them.
2. The Privacy Policy is binding for the Controller, the Processors, and the users in the area of submitting, managing, and processing the user’s personal data as well as in enforcing the rights of the users and the obligations of the Controller and the Processors.
3. Privacy Policy is an integral part of any processing of personal data in accordance with the priorly determined purposes, bases for processing, the user’s consent, and the categories of personal user to future processing.
4. The user is informed in advanced with this Privacy Policy, which is available at the Controller’s website and at all the forms and actions where the user may submit their personal data to processing.
Amendments
1. The Controller shall regularly update the Privacy Policy according to the changes in the legislation.
2. The Controller shall inform the users on any changes regularly and timely, in a written form with an electronic message.
3. The Controller shall provide an archive of changes to the Privacy Policy which will be made available to every user upon their prior written request submitted at the Controller’s contact e-mail address.
Dispute resolution
The Controller and the user shall strive to solve any potential disagreements and disputes peacefully and by mutual agreement. If mutual agreement is not possible, disputes shall be resolved by the competent court of the Controller’s headquarters in the Republic of Slovenia. However, a user residing in a member state of the European Union may decide to resolve the dispute also before the courts of his country of residence. Before that, the parties may also decide to use alternative dispute resolution methods, such as mediation or arbitration, in accordance with applicable law.
Territorial validity
The privacy policy applies to all users, regardless of their country of access or residence, and covers all types of personal data processing, irrespective of the geographical location of the user or the controller.
Temporal validity
The legal conditions apply from: 20.01.2025 11:39
Sign Up For Newsletter
Be the First to Know. Sign up to newsletter today
Inquiry form
Form was successfully sent.
Form not sent
Session Cookies:: Sessions Temporary cookies will be removed from your device when you close the browser. They record whether your browser has successfully run all the required scripts (providing content), changing settings during a visit (e.g., language change, font size, ...) and help us improve the performance and usability of our site.
Permanent cookies:: Permanent or stored cookies will remain stored in your device for about 6 months. On the website we use them to prevent "spam" of completed and submitted demand through the input form on our site. So you do not need to prove on every visit that you are not a "bot". We use the Google Recaptcha solution to do this.
Cookies to monitor the effectiveness of a website:: Analytical cookies are used to optimize user experience while visiting the site. They store information about page visits, helping us to create a better idea about visitors and how they use the site. Based on data analysis from Google Analytics, we can tailor the performance of the site to the desires and needs of our visitors.
The goto-automation.com website uses cookies.
By clicking on the "YES" button, you consent to their installation.