Sign in
Choose languageLanguage

Spica's Privacy Policy

Last modified: 14 June 2024

This Privacy Policy outlines the manner in which Špica International, sistemi za avtomatsko identifikacijo d.o.o., Pot k sejmišču 33, Ljubljana, 1231 Ljubljana-Črnuče, Slovenia (hereinafter referred to as Špica) obtains, stores and uses your personal data. This Privacy Policy enters into effect on 1 July 2024.

This Privacy Policy applies to (i) the use of the following websites managed by Špica:

  • www.spica.si
  • www.spica.hr
  • www.spica.rs
  • www.spica.me
  • www.spica.com.mk
  • www.spica.com
  • katalog.spica.si
  • katalog.spica.hr
  • support.spica.com
  • forpartners.spica.com

(hereinafter: the Website or Websites), (ii) the organization of Špica’s events and registration for such events, (iii) signing up to receive newsletters and information about Špica’s services, (iv) receiving information via Špica’s social channels and apps, (v) filling in the various contact forms available on Špica’s Website, (vi) downloading online catalogues, white papers, and other information from Špica’s Website, (vii) using the E-Learning Portal, (viii) using the Support Portal, (ix) using Špica’s online store, (x) conducting e-marketing campaigns, and (xi) using any other online or offline service, whether current or future (points “i” to “xi” collectively referred to as the Services).

Be sure to read our Privacy Policy thoroughly.

About us

The Controller of your Personal Data is Špica International, sistemi za avtomatsko identifikacijo d.o.o., Pot k sejmišču 33, Ljubljana, 1231 Ljubljana-Črnuče, Slovenia.

Should you have any questions, please contact us by sending an e-mail to gdpr@spica.com or by calling us at +386 1 568 08 00.

How we obtain, use and otherwise process your Personal Data

We obtain your Personal Data when you provide such Personal Data to us, for example, by means of your using our Website and its functions, by contacting us directly by e-mail, telephone, in writing or via social media, by ordering Services, by using any of our websites or by any other means by which you provide us with Personal Data.

What types of Personal Data we collect or obtain about you

The types of information we collect about you may include information such as:

  • your name and surname;
  • your business e-mail address or any other e-mail address you provide to us;
  • the company you work for or have worked for;
  • your professional position at work;
  • your telephone number;
  • information about your computer or mobile device (e.g. your IP address and browser type, device type);
  • information about how you use our Website (e.g. which pages you have viewed, the time you viewed them and the elements that you clicked).

We may also obtain your Personal Data from certain publicly available sources, including (but not limited to) public online databases, business directories, media publications, social media, websites and other publicly available sources.

How we use your Personal Data (purposes of processing)

We may use your Personal Data for one or more of the following purposes:

A)

  1. Relating to your use of the Services.
  2. Managing and improving our Websites, including customizing the user experience of our Website. This is necessary to serve our legitimate interest to better understand the preferences of our customers and potential customers and to tailor our Websites, products and services to your needs and preferences.
  3. Direct marketing and management of Špica’s relationships with current and potential customers. We achieve this by analyzing the data about our customers and by analyzing the data about the history of our relationship with our customers in order to tailor our services and products to the needs of our customers, and to improve the business relationship with our customers, with a focus on customer retention and ultimately the growth of sales. This is in the pursuit of our legitimate interest to better understand our customers’ preferences and run and manage our business efficiently.
  4. Segmenting the information about you based on your activities and interests on our Websites in order to provide you with tailored (personalized) content and offers.
  5. Communicating directly with you regarding updates to our Websites, purchases of our Services and responding to enquiries we receive from you. This may be necessary either to keep you informed of changes to our Website from time to time, to execute a contract we have entered into with you, to prepare a quotation, or for our legitimate interest in fulfilling and confirming your requests, to provide you with our products or Services, and to respond to enquiries we receive from you.
  6. Concluding a contract and preparing an offer. Should you choose not to provide us with your Personal Data where it is necessary for such purpose, we will not be able to enter into or perform a contract with you or provide you with the products or Services that you have requested. We may also suspend or cancel any orders you place and enforce our legal rights against you (for example, should we incur costs or expenses in preparing or fulfilling any orders you have placed).
  7. Protecting our business and our business interests, including credit and background checks, fraud prevention and debt collection. This is necessary to protect our legitimate interests in preventing criminal activity such as fraud or money laundering, to ensure that our Website and Services are not misused and to protect our business. We will only carry out such checks if the applicable laws allow us to do so.
  8. Communicating with our business advisers and legal representatives. This is necessary for us to pursue our legitimate interests in obtaining legal or professional business advice, and we will only provide your Personal Data where necessary, to the minimum extent necessary and anonymized whenever possible.
  9. Sharing of Personal Data with third parties (hereinafter referred to as Data Recipients) related to us in the context of our provision of the Services, such as: (i) business partners in our sales chain, (ii) capital related companies, a list of which is available at https://www.spica.si/kontakt, (iii) suppliers or providers of e-mail, and (iv) suppliers or providers of various information and communication technology services. This may be necessary either to perform a contract we have entered into with you (or to prepare a quotation), to pursue our legitimate interest in the efficient conduct and management of our business, to comply with legal obligations to which we are subject, or for our own direct marketing purposes. Whenever we may share your personal data, we will do so strictly on a need-to-know basis, in accordance with appropriate confidentiality restrictions, and only to the extent strictly necessary for any of such purposes.
  10. Enforcing our legal rights and complying with applicable laws, regulations and other legal requirements. This is necessary to pursue our legitimate interest in protecting our business and enforcing our contractual and other legal rights. Ensuring physical, network and information security and integrity. This is necessary to pursue our legitimate interest in ensuring that our IT systems and networks are secure and uncompromised, including creating backup copies and archiving, preventing malware, viruses, bugs or other harmful codes, preventing unauthorized access to our systems and preventing any form of attack or damage to our IT systems and networks. We may need to use and process your Personal Data in order to comply with legal obligations we are subject to. For instance, we may require you to provide specific details of your Personal Data for the purposes of complying with a legal obligation to prevent money laundering, or to disclose your information to a court following a court order. We may also need your personal data to comply with applicable legal obligations, such as tax laws and other regulations which we are subject to.
  11. Relating to disclosure requirements and in the event of a sale or purchase of the company and/or assets, whether actual or potential. This is necessary to pursue our legitimate interests of selling and/or ensuring and promoting the success of our business.
  12. For statistical and research purposes. The data will be anonymized and used for the legitimate interests of processing Personal Data for research purposes, including market research, better understanding our customers and tailoring our products and Services to your needs.
  13. Identifying potential crimes or threats to public safety before the competent authority. This is necessary to pursue our legitimate interests in promoting the success of our business, preventing crime, complying with legal obligations, and serving the general public interest or the legitimate interests of government authorities and competent authorities in preventing crime.
  14. Related to any legal dispute or proceeding, or prospective legal dispute or proceeding. This is necessary to pursue our legitimate interest in promoting and ensuring the success of our business, resolving disputes and making any disclosures we are required to make by law or which we consider to be reasonable under the law.

B)

Based on your explicit consent for the purposes of e-advertising, to inform you about our Services, news, events, to offer you our Services, and other forms of e-advertising.

Where processing of your Personal Data is based on your consent, you may withdraw your consent at any time by emailing us at gdpr@spica.com . The effective date of such cancellation shall be 30 working days from the date on which we receive your request.

Personal Data Retention and processing period

Your Personal Data is stored by Špica on Špica’s own servers or on the servers of our IT service providers located in the EU. However, your Personal Data may also be processed outside the European Economic Area.

Spica will process your Personal Data to the extent that is relevant and limited to what is necessary for the purposes for which the Personal Data is processed, namely the purpose(s) for which we process your Personal Data, for example, whether it is necessary to continue to retain such data in order to continue to fulfil our obligations under our contract with you or for our legitimate interests; whether we have any legal obligation to continue processing your data, such as any record keeping obligations imposed by applicable law; and whether we have a legal basis to continue processing your Personal Data, such as your consent.

For more information about where and for how long your Personal Data is stored, and for more information about your rights to erasure and portability of your Personal Data, please contact us at gdpr@spica.com .

How we protect your Personal Data

We have adopted appropriate technical and organisational measures to safeguard your Personal Data and to protect it against any unauthorized or unlawful use or processing, and against accidental loss or destruction of, or damage to, your Personal Data, including:

  • the principles of data minimization and processing on an anonymized basis whenever possible;
  • training our employees on the importance of confidentiality and maintaining the privacy and security of your data;
  • commitment to take appropriate disciplinary action to hold employees accountable for any breaches of privacy rules;
  • continuous and comprehensive updating and testing of our security technology;
  • careful and responsible selection of our subcontractors;
  • using secure servers to store your personal data;
  • appointing a Data Protection Officer;
  • requesting proof of identity from any individual requesting access to Personal Data.

Špica has a valid and regularly verified IS0 27001 certificate, which is an internationally recognized standard in the field of information security.

We would like to remind you that the transmission of information (including Personal Data) over the internet is not always completely secure and if you provide any information to us over the internet (whether by e-mail, through our Website or by any other means), you do so entirely at your own risk. We cannot be held liable for any costs, expenses, loss of profit, damage to reputation, liability or any other form of loss or damage incurred by you as a result of your submission of information over the internet.

Web plug-ins and other tools

a) Google Analytics and Google advertising tools

We use the analytics tool Google Analytics 4 from the US company Google LLC on our Websites. Google Analytics 4 processes technical information stored on your mobile device, such as device type (e.g. iPhone 6), operating system (e.g. iOS 8.4), provider name (e.g. Telekom), as well as events that occur on our Website (e.g. viewing certain pages, time spent on a page, interactions with elements of a page), by means of device identifiers, which enables us to analyze the use of the Website by individual users in order to improve the functionalities of the Website and thereby provide you with a better user experience.

Google Analytics 4 collects all data from devices located in the European Union (based on IP geolocation) via domains and servers in the EU before transmitting it to Analytics servers for processing. This ensures that EU users’ data is processed in accordance with European data protection laws and regulations. More about this: https://support.google.com/analytics/answer/12017362?hl=en

The use of Google Analytics 4 is based on GDPR Article 6(1)(f). We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships.

In addition to Google Analytics 4, we also use Google reCAPTCHA, Google AdSense, Google Remarketing, Google AdWords and Google Conversion Tracking. For more information on the use of these tools, please see our Cookie Policy.

b) Google Maps

We use the Google Maps web mapping service via API. It is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the US and stored there. The provider of this website has no influence on this data transmission. For transfers outside the EU, the following verified mechanisms apply, as described HERE .

The use of Google Maps is in the interest of making our Website attractive and to make it easier to locate the places you specify to us on the Website. This is a legitimate interest under Article 6(1)(f) GDPR. For further information on how we handle user data, please refer to the Google data protection statement at https://policies.google.com/privacy?hl=sl .

c) MS Clarity

We use the Microsoft Clarity analytics tool, provided by Microsoft Corporation, a company based in the USA, on our websites.

In addition, we use this data for website optimisation, fraud/security purposes and advertising. For more information about how Microsoft collects and uses your data, please visit the Microsoft Privacy Statement HERE .

This tool allows us to analyse user interactions on our website. It provides insights into how users navigate our website and engage with our content. MS Clarity collects data such as clicks, scrolls and form submissions to give us an overview of the user experience on our website.

Website usage data is captured using first-party and third-party cookies and other tracking technologies to determine products/services popularity and online activity.

MS Clarity uses device identifiers to process technical information stored on your mobile device, such as device type, operating system, provider name, as well as events that occur on our website (e.g. viewing certain pages, time spent on the page, interactions with page elements).

We have signed the EU Standard Contractual Clauses (SCC) with the company, which provide specific safeguards for the transfer of personal data outside the EU. You can read more about it at: https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

The processing of your data for the purposes of managing the labels is based on your consent (Article 6(1)(a) of the GDPR).

d) Segment

We use the Segment analytics tool provided by Segment.io, Inc.

Segment collects data from a variety of sources, such as device identifiers, i.e. unique identifiers associated with your device, including IDFA (Identifier for Advertisers) for Apple devices or AAID (Google Advertising ID) for Android devices; technical details about your device, such as device type (e.g. iPhone 6), operating system (e.g. iOS 8.4), and the name of your mobile service provider (e.g. Vodafone); and app usage data, which includes information on how you interact with apps (My Hours, All Hours and others), including events such as starting and stopping timekeeping, generating reports, and utilizing other app functionalities.

We use the data collected by Segment to analyse how users use our apps, to identify areas for improvement and develop new features, to personalise the user experience, and to send targeted ads and promotions.

We have entered into EU Standard Contractual Clauses with Segment.io, Inc. concerning the transfer of personal data outside the EU. You can read more about the international transfers HERE .

You can learn more about the Segment Privacy Policy at https://segment.com/docs/legal/privacy/ . By using our services, you consent to the processing of data by Segment in the manner described above.

The use of Segment services is carried out on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships. We need your consent to collect your personal data through cookies.

e) Hotjar

On our websites, we use the Hotjar online marketing tool provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta ("Hotjar"). It is an analytical tool that helps us monitor your use of our website, e.g. to see how you navigate our website. The aim is to optimise your experience as a guest of our website and make our offer even more attractive. Hotjar uses cookies. For further information regarding the cookies used by Hotjar, please visit: www.hotjar.com/cookies .

In addition, we have implemented a Hotjar-tracking-code on our website that allows us to collect the following information: (i) device-specific data (IP address of your device - which is collected and stored in an anonymous way, device screen size, device type (unique device identifiers) and browser information, country as a geographic location, selected language for displaying the website and (ii) login data (relating to the domain, pages visited, country as a geographic location, selected language for displaying the website, date and time of website visits). In general, your data will only be collected in an anonymous form, no personal associations will be made. If you register with our services, your Hotjar data will not be associated with your personal data. Hotjar also uses third-party services such as Google Analytics and Optimizely.

For further information regarding the Hotjar Privacy Policy, please visit: www.hotjar.com/privacy . In the future, you can opt-out of any collection and storage of your data by Hotjar at: www.hotjar.com/opt-out .

Hotjar cookies are stored on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in analysing user behaviour on our website in order to optimise both our offer and our advertising.

f) Intercom

We use the Intercom tool provided by Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111, USA to send email messages and for Live-Chat functionality regarding our Cloud Services and to manage customer relationships on websites. We transmit the following data:

your email address,

your name and surname,

your phone number,

contact details of technical contacts.

We have concluded EU Standard Contractual Clauses with Intercom Inc. for international data transfers from outside the EU to the USA. For more information, please click HERE .

You can learn more about data processing at: https://www.intercom.com/help/en/articles/1385437-how-intercom-complies-with-gdpr .

You can learn more about the Intercom Privacy Policy at: https://www.intercom.com/terms-and-policies#privacy .

Intercom also uses cookies stored on your computer that enable user analysis. The cookie-based data about your last visit to our cloud platform is transferred to Intercom's servers in the USA and stored there. Intercom will not combine your IP address with other data stored about you.

The data of interested parties who contact us via Live-Chat is completely deleted after 9 months. Any interested party who contacts us after their data has been deleted is considered a new interested party.

You can disable the use of these cookies by using a setting on your browser software. This may interfere with some of our website services (e.g. Live-Chat).

The use of the Intercom service is carried out on the basis of Art. 6(1)(f) of the GDPR. We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships. However, your consent is required to install Intercom cookies.

g) ActiveCampaign

On our websites, we use the ActiveCampaign platform provided by ActiveCampaign, 1 N, Dearborn, Chicago, IL 60607, USA, for sending newsletters, where the following data is stored: email address and first and last name. This data is stored by ActiveCampaign on its servers in the USA.

ActiveCampaign strives to ensure the highest level of security for the data we store through various physical, technical and organisational measures, such as encrypting online connections, preventing unauthorised access, using secure passwords and preventing intrusions. The ActiveCampaign service monitors the delivery performance of sent emails by collecting data on open rates, link clicks, email clients and browsers, approximate location, IP address, logins and unsubscribes, and failed email deliveries. This data will be kept for a maximum of 6 months after unsubscribing from receiving emails.

The ActiveCampaign Privacy Policy is available at: https://www.activecampaign.com/privacy-policy/ .

We have concluded EU Standard Contractual Clauses (SCC) with ActiveCampaign.

We have signed a contract with ActiveCampaign on the processing of personal data, in which the latter undertakes to process the users' data in accordance with our instructions and not to disclose it on to third parties.

The implementation of the newsletter is based on your consent in accordance with Article 6(1)(a) of the GDPR. The use of the ActiveCampaign service is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in choosing technology providers that offer tools that help us optimise our business and also offer a user-friendly way of sending newsletters that also meets your expectations.

h) Social plugins – Meta, X and LinkedIn

We have implemented social plugins from social networks so you can easily share what interests you with your colleagues and connections on social media. Our website may contain social plugins for external social networking websites such as Facebook, Instagram (collectively: "Meta"), x.com ("X") and LinkedIn.com ("LinkedIn").

Each time you visit our website containing the plugin, your browser will establish a direct connection to Meta, X and LinkedIn servers. In this process, the servers of Meta, X and LinkedIn will recognise which of our websites, apps or content you are currently visiting.

If you are a member of Meta, X and/or LinkedIn and you are logged in while visiting our website, Meta, X and/or LinkedIn will assign this information to your personal user account. By interacting with one of the plugins, e.g. by clicking the like button and/or the X button, this information will be sent directly via your browser to Meta, X and/or LinkedIn, where it will be stored in your personal user accounts.

The information you share from our website will be shared with Meta, X and LinkedIn.

We would like to emphasize that, as the provider of this website, we have no knowledge of the content of the transferred data or its use by Meta, X and Linkedin. We also have no control over the data collected by Meta or LinkedIn through the plugin, nor the extent of such data collected by Meta or LinkedIn. We also have no knowledge of the content of the data provided to Meta or LinkedIn. Please see their privacy policies for details of their data collection practices and your rights and preferences.

i) YouTube

We use plugins from YouTube, which are managed by Google. The operator of the website is You Tube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website that contains the YouTube plugin, a connection is established with the YouTube servers. YouTube is thereby informed about the website you have visited.

If you are signed in to a YouTube account, YouTube allows you to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube helps us make our website attractive. This is a legitimate interest under Article 6(1)(f) of the General Data Protection Regulation ("GDPR").

For further information on the handling of user data, please refer to the YouTube Data Protection Statement at: https://www.youtube.com/static?template=privacy_guidelines .

j) Snitcher

To track the business usage of our website, we use the Snitcher tool operated by Snitcher B.V., Deventerstraat 21, 7311 BH Apeldoorn, The Netherlands. We transmit the following data: Your IP address and information about visits to the site (pages viewed, referral source, time of visit).

Snitcher collects data about visitors to our website on its infrastructure hosted on AWS (Amazon Web Services) located in Frankfurt, Germany (eu-central-1). All data collected is encrypted both during transmission and during storage. Snitcher processes your IP address and compares it to its own database to verify the company behind the visit and their geographic location. All visitor data is then aggregated at the company level. Snitcher does not share visitor IP addresses and we only provide publicly available corporate data that complies with GDPR exemptions.

Snitcher uses cookies stored on your computer that enable user analysis. The cookie-based data about your last visit to a subpage of our website is transmitted to and stored on Snitcher's servers in Frankfurt. Snitcher will not combine your IP address with other data stored about you.

Our legal basis for using Snitcher is legitimate interest according to Article 6(1)(f) of GDPR. We have a legitimate interest in optimizing the performance of our Website and better managing our customer relationships.

You can disable the use of these cookies by using a setting on your browser software. This may interfere with the operation of some of our website services. Your consent is required to use Snitcher cookies.

k) Calendly

We use Calendly, a service provided by Calendly, LLC based in the USA, to conduct online meetings and arrange appointments. Calendly and its affiliated companies operate a global server infrastructure. The data processed when using the Calendly service may be transferred outside the European Economic Area and is subject to the laws of the country where Calendly servers are located. Calendly processes meeting participant data based on the type of participation and use of the service.

Calendly is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF ).

We have entered into a personal data processing agreement with Calendly, which commits Calendly to comply with EU data protection rules.

The data collected by using the services is described HERE .

The use of Calendly services is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships.

l) Stripe

Payments for products and services offered on the website are made through Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, California 94080, USA. If you purchase our products or services, your purchase will be made through an SSL encrypted website operated by Stripe and the data provided will be stored on Stripe servers in the USA.

For international transfers from outside the EU to the US, we have concluded EU standard contractual clauses with Strike. For more information, please click HERE .

You can learn more about Stripe’s privacy policy at: https://stripe.com/en-si/legal/privacy-center in https://stripe.com/legal/dpa .

The use of Stripe services is based on Article 6(1)(f) and Article 6(1)(b) of the GDPR. We have a legitimate interest in optimising the performance of our services or in making payment for our services.

m) GoToMeeting

We use the GoToWebinar service of the Irish provider LogMeIn Ireland Limited (hereinafter: LogMeIn). LogMeIn and its affiliated companies operate a global server infrastructure.

The data processed in the context of webinars may be transferred outside the European Economic Area and is therefore subject to the laws and regulations of the country in which LogMeIn servers are located, as LogMeIn processes the data of the webinar participants in the context of webinars depending on the type of participation in the webinar.

LogMeIn or its US subsidiary LogMeIn USA, Inc. We have concluded EU standard contractual clauses with LogMe. You can learn more about how we process data at: https://www.goto.com/-/media/pdfs/trust---resource-center/goto-international-data-transfers-faq-pdf.pdf

You can learn more about the LogMeIn Privacy Policy at: https://www.logmeininc.com/legal/privacy

The use of GoToMeeting services is carried out on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships.

n) Microsoft Dynamics CRM

For the purpose of effective and secure customer relationship management, we use one of the leading and more advanced Microsoft Dynamics CRM software tools from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: Microsoft).

Microsoft has received numerous certifications in information security and compliance with data protection legislation. Your data is stored exclusively on our servers, but this does not exclude the possibility that specialized experts from another country may from time to time access the stored data for the purposes of maintenance, troubleshooting, upgrades and other forms of technical support. Such access to data from other countries is based on Microsoft’s Standard Contractual Clauses. You can read more about Microsoft's Standard Contractual Clauses at:

www.microsoft.com/en-us/TrustCenter/Compliance/EU-Model-Clauses .

We have entered into a Personal Data processing agreement with Microsoft, which commits Microsoft to comply with EU data protection rules. You can read more about Microsoft’s privacy policy at: www.privacy.microsoft.com/en-us/privacystatement .

The use of Microsoft CRM services is carried out on the basis of Article 6 (1) (f) of the GDPR. We have a legitimate interest in optimising the performance of our services or in better managing our customer relationships.

o) Slack

For internal communications within ŠPICA, we use the Slack communication tool from Slack Technologies, 500 Howard Street, San Francisco, CA 94105, USA (hereinafter: Slack Technologies). For this reason, Personal Data of customers, users and employees or contractors may be transferred to Slack Technologies servers located outside the European Economic Area.

We have entered into a Personal Data processing agreement with Slack Technologies, in which Slack Technologies commits to comply with EU data protection law. As regards international data transfers, we have concluded a data transfer agreement with the company in question, with so-called Standard Contractual Clauses, whereby Slack Technologies commits itself to ensure that international transfers of Personal Data are carried out in accordance with EU data protection rules.

The processing of Personal Data via Slack is carried out on the basis of our legitimate interest within the meaning of Article 6(1)(f) of GDPR.

How we use cookies and similar technologies

Regarding the use of Cookies, please refer to our Cookie Policy, which is available at: https://www.spica.si/piskotki .

International transfers of personal data

Should we transfer your Personal Data outside the European Economic Area, we will do so after carefully reviewing the appropriate legal bases and safeguards, such as:

  • data protection policies known as “Binding Corporate Rules” or “BCRs”;
  • Standard Contractual Clauses adopted by the European Commission or by the Information Commissioner and approved by the European Commission in accordance with the relevant law;
  • a code or codes of conduct drawn up by an association or other body approved by the Information Commissioner;
  • approved certification mechanisms (such as the EU-U.S. Data Privacy Framework ("DPF"))
  • or, where the Information Commissioner so permits, contractual clauses between the controller or processor and the data controller, processor or recipient of the Personal Data in another country or international organization.

Data Subject rights

Please note the following rights regarding your Personal Data that you may exercise by sending an e-mail to gdpr@spica.com :

  • request access to your personal data and information relating to our use and processing of your personal data;
  • request correction or deletion of your personal data;
  • request that we restrict the use of your personal data;
  • request your personal data that you have provided to us in a structured and machine-readable format (for example, an Excel spreadsheet) and the right to have this personal data transferred to another personal data controller;
  • object to the processing of your personal data for certain purposes (for further information, see the section below entitled "Your right to object to the processing of your personal data for certain purposes"); and
  • withdraw your consent to our use of your personal data where we rely on your consent. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal data based on your consent prior to the date on which you withdraw your consent.

You also have the right to file a complaint with the supervisory authority (in the Republic of Slovenia: the Information Commissioner). Their contact details are available here: www.ip-rs.si/ .

For further information on your rights in relation to your Personal Data, including certain limitations that apply to some of these rights, please see GDPR, Articles 12 to 23, available here:

www.eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX:32016R0679 .

Your right to object to the processing of your Personal Data for certain purposes:

You have the following rights in relation to your personal data, which you can exercise in the same way as in the previous section (your rights in relation to your personal data):

  • object to the use or processing of your personal data if we process your personal data for our legitimate interests, including profiling (e.g. predicting your behaviour based on your personal data) on the basis of any of those purposes; and
  • object to the processing of your personal data for direct marketing purposes (including any automated assessment we make of you or any of your characteristics as a person, if this is related to such direct marketing).

You can also exercise your right to object to the use or processing of your Personal Data for direct marketing purposes by:

  • clicking the unsubscribe link at the bottom of any marketing e-mail we send you and follow the instructions that appear in your browser when you click that link; or
  • sending an e-mail to gdpr@spica.com requesting that we stop sending you marketing messages or with the words “OPT OUT”.

Whenever you object to direct marketing from us by a method of communication other than marketing communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received (for example, if you have received a text message from us and you wish to unsubscribe by e-mail, you may be asked to provide us with your telephone number in that e-mail).

Changes to our Privacy Policy

We may change our Privacy Policy from time to time. If we make any changes, we will notify you. If you continue to access our Website on or after this date, you agree to be bound by the new version of our Privacy Policy.

Should we intend to use your Personal Data for a new purpose, we will provide you with information about that purpose and any other relevant information before we use your Personal Data for that new purpose.

Changes to your Personal Data

Please inform us of any changes to the Personal Data we hold about you so that the information we hold about you can be accurate and up-to-date.