- About us
- How I create my bag
- Disability Quotas
- Terms of service
The company PRIMA IP invalidsko podjetje d. o. o., Brnčičeva ulica 31, 1231 Ljubljana – Črnuče, Slovenia, e-mail: firstname.lastname@example.org (hereinafter referred to as: the company PRIMA IP or Provider or Personal Data Controller), protects your personal data by ensuring its protection throughout the company’s operations.
All our activities related to personal data processing are in accordance with applicable European legislation (mainly Regulation (EU) 2016/697 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and the conventions of the Council of Europe (ETS No. 108, ETS No.181, ETS No. 185, ETS No. 189)) and the national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia [Uradni list RS], No 94/07), Electronic Commerce Market Act (ZEPT, Official Gazette of Slovenia [Uradni list RS], Nos 96/09 and 19/15) etc.).
Data protection controller and data protection officer
The data protection controller is the company PRIMA IP invalidsko podjetje d. o. o., Brnčičeva ulica 31, 1231 Ljubljana – Črnuče, Slovenia.
Personal data is any information that identifies you as an identified or identifiable individual. An individual is identifiable when they may be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The provider collects the following data pursuant to the purposes defined in this Policy:
The provider only collects the personal data that are relevant and necessary for fulfilling the purposes for which the data are processed.
The period in which the provider stores the collected data is defined in greater detail in the “Personal data storage” chapter of this Policy.
Legal basis for data processing
The provider collects and processes your personal data on the basis of the following legal grounds:
Processing on the basis of a contract
We need your data when this is required to enter into, perform, or fulfil contractual obligations. In this case, personal data are provided voluntarily. If you do not provide your personal data, you may not enter into an agreement with the provider, and the provider cannot provide you their services or deliver their products.
Processing on the basis of consent
We process your data when you provide us with an express consent to do so. When data processing takes place based on consent, we will ensure beforehand that all information that you need to make your decision is available to you. You may cancel your consent at any time. If you cancel your consent, the provider will not be able to provide some of their services.
Processing on the basis of legitimate interest
The provider may also process data on the basis of legitimate interest pursued by the provider, unless the interests or fundamental rights and freedoms of the data subject for which personal data protection is required prevail over such interest. In the event that legitimate interest applies, the provider must always carry out an assessment in accordance with the General Data Protection Regulation.
If data are processed on the basis of legitimate interest, the user has the right to object.
Read more about your rights below.
Processing on the basis of law
Your personal data are processed when such processing is required from us by the legislation which is binding for us (e.g. tax legislation stipulates that issued invoices must be stored). This personal data are processed in accordance with legislative requirements.
The purposes of personal data processing
The provider collects and processes your personal data for the following purposes:
Storing personal data
The provider will keep your personal data only as long as it is necessary to achieve the purpose for which the personal data have been collected.
The personal data which the provider processes on the basis of law will be stored by the provider for the length of the period prescribed by law.
The personal data processed by the provider for the purpose of implementing their contractual relationship with a natural person is stored by the provider for the length of the period necessary to fulfil the agreement and another five years following its expiration, with the exception of cases when a dispute arises between you and the provider regarding the agreement; in this case, the provider stores the data for another five years following a final judgement or an arbitration decision or a settlement and, if there was no litigation, for five years following the date of the amicable resolution of the dispute.
The personal data processed by the provider on the basis of the personal consent of an individual is permanently stored by the provider, until the consent is cancelled by the individual. The provider will only erase such data before the cancellation if the purposes of personal data processing has already been achieved. After the period of storage ends, the controller will effectively and permanently erase the personal data or render it anonymous, so that they can no longer be connected to any particular natural person.
Contractual personal data processing
The contractual processors with whom the provider cooperates are:
The provider will not forward your personal data to unauthorised third parties. The contractual processors may only process personal data in accordance with the instructions of the controller, and they cannot use personal data to fulfil any of their own interests. The controller and recipients of personal data do not export personal data to third countries (outside of the member states of the European Economic Area – EU member states and Iceland, Norway, and Liechtenstein) and to international organisations, with the exception of the USA – all contractual processors in the USA are included in the Privacy Shield programme.
Freedom of choice
The information that you provide about yourself is controlled by you. If you decide that you will not provide your information to the provider, particular services will not be able to be rendered.
If you wish to unsubscribe from PRIMA IP e-news, please inform us of this by writing to email@example.com.
If your personal data changes (postal code, e-mail, physical address, telephone number), please inform us of these changes by writing to firstname.lastname@example.org.
Automated data collection (non-personal data)
Whenever you access our website, general, non-personal data (number of visits, average time of a visit to the website, visited pages) is collected automatically (not within the registration procedure). This information is used to measure the attractiveness of our website and to improve its contents and relevance. Your data is not subject to any further processing and will not be forwarded to any third party.
The provider is making significant efforts to ensure the security of personal data. Your data are protected against loss, destruction, counterfeiting, manipulation, and unauthorised access or unauthorised disclosure at all times.
In order to provide security of personal data, we take organisational and technical measures, such as:
Rights held by individuals regarding data processing
If you have any questions regarding our Personal Data Protection Policy or the processing of your personal data, please do not hesitate to contact us at any time. Please, e-mail us at email@example.com or call +386 (0)590 73 614. The required data will be provided to you based on your request or we will ensure that your rights are enforced (pursuant to legislation).
With regard to processing, you have the following rights:
The right to withdraw consent: if, as a natural person, you have provided consent to the processing of your personal data (for one or multiple particular purposes), you have the right to withdraw this consent at any time, without this affecting the legality of the data processing which has been carried out prior to such withdrawal.
You may withdraw your consent by way of a written statement sent to the controller using one of the contact options listed on the website https://www.prima-bags.com.
The withdrawal of your consent to personal data processing does not have any negative impacts or sanctions for the natural person. However, it is possible that the controller will no longer be able to provide their individual services or multiple services after the withdrawal of the consent to personal data processing if these are services that cannot be provided in the absence of personal data (e.g. discount club or targeted notifications).
The right to access personal data: as a natural person, you have the right to obtain a confirmation from the provider (the personal data controller) whether personal data is processed in connection with you, and, if so, to also obtain access to personal data and particular information (concerning the purposes of processing, types of personal data, data recipients, storage periods or criteria for determining such periods, the existence of the right to rectification or erasure of data, right to the restriction of processing and the right to object, and the right to file a complaint with a supervisory authority, regarding the source of data if the data has not been collected from you, regarding the existence of automatic decision-making, including creating profiles, the reasons for it, and the consequences of such processing for you, and any other information pursuant to Article 15 of the GDPR).
The right to the rectification of personal data: As a natural person, you have the right to obtain from the provider without undue delay the rectification of inaccurate personal data concerning yourself. Taking into account the purposes of the processing, as a natural person, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’): as a natural person, you have the right to obtain from the provider the erasure of personal data concerning yourself without undue delay and the provider shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
However, as a natural person, you do not have the right to erasure in particular cases described in Article 17(3) of the GDPR.
Right to restriction of processing: as a natural person, you have the right to obtain from the provider restriction of processing where one of the following applies:
The right to data portability: as a natural person, you have the right to receive the personal data concerning yourself, which you have provided to a provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising your right to data portability as a natural person, you have the right to have the personal data transmitted directly from one controller (provider) to another, where technically feasible.
The right to object: As a natural person, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (point (e) of Article 6(1)) or for the purposes of the legitimate interests pursued by the controller or by a third party (point (f) of Article 6(1)), including profiling based on those provisions. The provider shall no longer process the personal data unless the provider demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the natural person has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing; where the natural person objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes, the natural person, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you, as a natural person, shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (in Slovenia, this is the Information Commissioner) if you consider that the processing of personal data relating to you infringes personal data protection regulations.
Without prejudice to any other administrative or non-judicial remedy, you, as a natural person, shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning you; furthermore, this also applies where the supervisory authority does not handle a complaint or does not inform you within three months on the progress or outcome of the complaint. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
A natural person may address all of their request related to enforcing their rights regarding to their personal data to the controller, using one of the contact options listed on the website https://www.prima-bags.com.
For the purposes of reliable identification in the event of enforcing rights related to personal data, the controller may request additional data from a natural person, but can only refuse to take action if they prove that they are unable to reliably identify the natural person.
The controller must respond to the request of the natural person by way of which this natural person is enforcing their rights related to their personal data without any undue delays, at the latest within one month after receiving the request.
Notification sent to the supervisory authority regarding a personal data breach
In the event of a personal data breach, the provider is obliged to notify the competent supervisory authority, unless it is likely that the breach did not compromise the rights and freedoms of individuals. When it is suspected in the event of a breach that a crime has been committed, the provider is obliged to notify the police and/or the competent prosecutor’s office regarding the breach.
If this is a breach that may cause a major risk for the rights and freedoms of individuals, the provider is obliged to notify the individuals to whom the personal data refers immediately or, when this is not possible, without any undue delays. The notification must be provided to the individual using clear and plain language.
Access to social media
You may use our website to access the online plug-ins defined below, which are provided by the provider within the scope of their operation:
When providing their services, each of the following social media platforms operates pursuant to their terms and conditions and their privacy policies. PRIMA IP does not assume any responsibility for the use of social media to which it enables access through its website. If you have any questions or wish to enforce any rights, please contact the social media platform in question.
Privacy policies are available on the links below:
Publication of amendments
Any amendment to our Personal Data Protection Policy will be published on this website.
Updated: 25 Feb 2020