Data controller:
DOBA Business School
Prešernova ulica 1
2000 Maribor
www.doba.si
Contact person
Data Protection Officer
Zvezdana Strmšek
zvezdana.strmsek@doba.si
02 228 38 94
PRIVACY POLICY
DOBA Business Group, comprising DOBA Business School Maribor and DOBA EPIS d.o.o. (hereinafter DOBA), is aware that the protection of personal data is very important to users. The Declaration on the Protection of Personal Data contains information about the collection of users’ personal data in the context of the DOBA website, which includes all web pages and subpages of DOBA (http://www.doba.si) and DOBA Business School (https://www.dobabusiness-school.eu/) and all included services (hereinafter the DOBA website), which are managed by DOBA, as well as information about the processing and protection of thus collected personal data of users of the DOBA website. The Privacy Policy also contains information on the implementation of video surveillance.
We value your privacy, so we always carefully protect your data.
We process personal data in accordance with the applicable data protection legislation and other legislation that provides us with a legal basis for the processing of personal data. Any changes to this document will be published on our website. By using the website, you acknowledge that you have read and understood the entirety of this Privacy Policy.
Personal data
Personal data means any information that relates to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to that individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
Purpose and basis of processing
The company collects and processes personal data on the following legal bases:
Registration with online forms on the DOBA website
When you register for events and activities or request more information about a specific topic on the DOBA website, your personal data (name, surname and contact details), which you enter in the online form, are collected in addition to your IP address.
In accordance with the applicable data protection legislation, the data controller may process personal data if the data subject has given their consent. In the case of using the DOBA website, personal consent of the data subject shall be deemed obtained with the data subject entering their personal data in the online form and submitting the data, therefore confirming that they agree with the Privacy Policy. The data controller assumes no responsibility for the authenticity, accuracy and timeliness of personal data and contact details provided by the user. As the user of the DOBA website, it is your responsibility to ensure that all data that you provide on the DOBA website are accurate and up-to-date.
DOBA shall process the personal data, which were collected with the user entering them in the online form, for the purposes for which users of the DOBA website submit these data (conventional, electronic and telephone communication and notification, sending of information, materials and invitations to DOBA events, actual applications for enrolment, internal statistical processing, segmentation, analyses, and preparations of reports). The data on your registration are stored and processed until you unsubscribe in writing from the email notification service via the DOBA website or by email at info@doba.si.
If the data subject has given their consent to the processing of personal data and at some point no longer wishes the data to be processed, they may request the processing of personal data to be terminated by sending a request by email or by regular mail to the company’s address. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Upon receipt of a withdrawal or a request for deletion, the data shall be deleted within 15 days at the latest. The company may also delete these data before withdrawal, where the purpose of the processing of personal data has been achieved or where required by law.
Exceptionally, the company may refuse a request for deletion on the grounds set out in the General Data Protection Regulation: in cases of exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, the exercise or defence of legal claims.
The legal bases for the processing of data are legitimate interest and consent. The data shall be processed until the cancellation of the subscription to notifications or the withdrawal of consent or until the purpose of the processing has been achieved. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Withdrawing your consent for the processing of personal data and information
As the user of the DOBA website, you may at any time request in writing (by unsubscribing on the DOBA website or directly by email at info@doba.si) that DOBA permanently or temporarily, in part or in full, ceases processing your personal data. DOBA undertakes to prevent the processing and/or to delete the user’s personal data no later than within fifteen days after receiving the written request.
Please email all your questions related to the protection of your personal data, which are collected through the DOBA website (e.g. collection, processing, protection, additional information), to info@doba.si. Your questions will be answered by the person responsible for the processing of personal data.
Video surveillance
The company carries out video surveillance. Video surveillance (cameras are installed around the entrances to the organisation) is used to monitor entrances and exits to and from the premises (on the basis of Article 77 of the Personal Data Protection Act (the ZVOP-2)). Video surveillance is also carried out for the purpose of protecting individuals (users, employees and visitors) and company property (based on legitimate interest as defined by point (f) of the first paragraph of Article 6 of the General Data Protection Regulation, in conjunction with Articles 76 et seq. of the ZVOP-2). Video surveillance is carried out within certain premises where this is strictly necessary for the security of persons or property or the protection of confidential information or trade secrets. Video surveillance will assist us in detecting, dealing with or resolving incidents, criminal offences, claims for damages or other claims. The recordings are kept for 30 days. We do not carry out video surveillance in a way that would have a particular processing impact. Video surveillance also does not enable unusual further processing, such as transfers to third country entities or the possibility of audio intervention in the event of live surveillance. Video surveillance allows live surveillance by an authorised person. All information regarding the implementation of video surveillance can be obtained from the organisation by phone or email. The rights of individuals are described in this Privacy Policy. If you have further questions, you can also contact the Data Protection Officer.
Retention and deletion of personal data
The company shall only keep personal data for the time necessary to fulfil the purpose of collection or processing of personal data. If the company processes the data on the basis of an act, it shall keep the data for the period prescribed by the act. In this case, certain data shall be kept for the duration of the cooperation with the company, while certain data must be kept permanently. Personal data processed by the company on the basis of a contractual relationship with an individual shall be kept by the company for the period necessary for the performance of the contract and for a period of 6 years after its termination, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company shall keep the data for 10 years after the final decision of the court, arbitration or court settlement or, in the absence of litigation, for 5 years from the date of amicable settlement of the dispute. The personal data that the company processes on the basis of the individual’s personal consent or legitimate interest shall be kept by the company until the consent is withdrawn or until a request for deletion of the data is made. Upon receipt of a withdrawal or a request for deletion, the data shall be deleted without undue delay. The company may also delete these data before withdrawal, where the purpose of the processing of personal data has been achieved or where required by law. If the rights of an individual are being exercised, the company shall keep the personal data of that individual until the case has been finally decided, and, after the final decision has been made, in accordance with the final decision in the case.
The company may exceptionally refuse a request for deletion on the grounds such as: exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, the exercise or defence of legal claims. After the retention period has expired, the company must effectively and permanently erase or anonymise the personal data so that they can no longer be linked to a specific individual.
Contractual processing of personal data
The company may entrust individual processing of personal data to a contractual processor on the basis of a data processing agreement. Contractual processors may process the entrusted data exclusively on behalf of the controller, within the limits of the controller’s authorisation, as set out in a written agreement or another legal document, and in accordance with the purposes set out in this Privacy Policy.
The contractual processors with which the company cooperates are, in particular:
In order to improve the transparency and control of the contractual processors and the associated contractual relationships, the company also maintains a list of contractual processors, which specifies the contractual processors with which the company cooperates.
Under no circumstances shall the company provide any personal data to unauthorised third parties. Contractual processors may only process personal data within the scope of the instructions of the company and may not use personal data for any other purpose.
As the data controller, the company and its employees shall not transfer personal data to third countries (outside the Member States of the European Economic Area – EU Member States and Iceland, Norway and Liechtenstein) and to international organisations, except to the USA, whereby the relationships with contractual processors from the USA are governed by standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the company and approved by the supervisory authorities in the EU).
Cookies
The DOBA website uses cookies to ensure the proper functioning of the services and to optimise the user experience. DOBA respects your privacy and undertakes to protect users’ personal data in accordance with the applicable legislation. As a user of the DOBA website, you can accept or reject cookies at any time. If you do not wish to accept cookies, configure your Internet browser to delete all cookies from your computer’s hard drive, block all cookies, or to warn you before a cookie is stored.
Cookies are small data files which are placed on your computer to improve your user experience. Cookies are not harmful and are always time-limited.
Managing and disabling cookies on your computer:
You have complete control over how cookies are used, as you can restrict or disable the storage of cookies in your browser’s settings. For more information on cookie settings, please select the browser that you are using:
By disabling cookies, some of the available services may no longer be operational.
List of cookies used on this website:
NAME OF THE COOKIE: _ga
NAME OF THE COOKIE: _gid
NAME OF THE COOKIE: _gat
Data protection and data accuracy
The company ensures information security and infrastructure security (premises and application and system software). Our information systems are protected by, inter alia, antivirus and firewall protection. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful and unauthorised forms of processing. In the case of transmission of special categories of personal data, we transmit them in encrypted and password-protected form. It is the data subject’s responsibility to ensure that their personal data are provided securely and that the provided data are accurate and credible.
The company, as the owner of the website, strives to ensure that the information on the website is correct and up-to-date, but reserves the right to errors in entries on the website both in the visual and textual part and does not assume responsibility for them.
Rights of the data subject
The data subject shall have the right to request access to and rectification or erasure of their personal data, or the restriction of processing of their personal data as well as the right to object to processing, and the right to data portability. The data subject’s request shall be treated in accordance with the provisions of the General Data Protection Regulation and the applicable personal data protection legislation.
All of the above rights and any questions may be exercised by the data subject by means of a request sent to the company’s address. The company shall respond to the data subject’s request without undue delay, no later than within one month after receipt of the request. This deadline may be extended by up to two additional months, taking into account the complexity and number of requests, of which the data subject shall be informed, including of the reasons for the delay. The exercise of rights is free of charge for the data subject; however, the company may charge a reasonable fee if the request is clearly unfounded or excessive, in particular if it is repetitive. In such a case, the company may also refuse the request. In case of doubt as to the identity of the data subject, additional information may be requested which the company needs to establish the identity.
In its decision on the request, the company shall also inform the data subject of the reasons for the decision and of their right to lodge an appeal with the supervisory authority within 15 days of being informed of the decision. The right to lodge an appeal with the supervisory authority may be exercised by the data subject with: the Information Commissioner of the Republic of Slovenia at Dunajska 22, 1000 Ljubljana (email: gp.ip@ip-rs.si, website: www.ip-rs.si).
This Privacy Policy is valid as of 1 November 2023.