The purpose of the privacy policy is to inform individuals, service users, employees and other persons (hereinafter: individual) who are working with CAAP, so.p. (hereinafter: the company) on the purposes and legal bases, security measures and the rights of individuals regarding the processing of personal data carried out by our company.
We appreciate your privacy, so we always carefully protect your information.
We process your personal information in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data (hereinafter: the General Regulation)) and the applicable legislation in the field of the protection of personal data (Personal Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/07)) and other legislation that gives us the legal basis for the processing of personal data.
Privacy policy contains information for individuals, how our company as an operator processes personal data received from an individual on the basis of legal bases which we describe below.
The personal data controller is the company:
Združenje CAAP, so.p.
Tkalski prehod 4
2000 Maribor
Contact: info@caap.si
In accordance with the provision of Article 37 of the General Regulation, we have not appointed an authorized person, but if you have any questions regarding the processing of your personal data, you can always contact us at info@caap.si
Personal information means any information relating to a designated or identifiable individual (hereinafter referred to as the "data subject"); an identifiable individual is the one that can be determined directly or indirectly, in particular by specifying an identifier such as a name, an identification number, a location data, a web identifier, or an indication of one or more of the factors that are characteristic of the physical, physiological, genetic , the mental, economic, cultural or social identity of this individual.
The company collects and processes your personal information on the following legal bases:
- processing is necessary to fulfill the legal obligation applicable to the controller;
- processing is necessary for the performance of a contract, the contracting party being the data subject or for the implementation of measures at the request of such an individual before the conclusion of the contract;
- processing is necessary due to the legitimate interests pursued by the operator or by a third party;
- the data subject has consented to the processing of his personal data for one or more specified purposes;
- processing is necessary to protect the vital interests of the data subject or other natural persons.
Fulfillment of a legal obligation
Legislation regulating employment or participation in the company, regulates the rights and obligations of employees and other employees of the company, i.e. The Labor and Social Security Records Act (ZEPDSV) or the Labor Relations Act (ZDR-1). On this basis, our company processes personal data of employees and other employees of the company. In limited cases, the company may also process personal data on the basis of public interest.
Implementation of the contract
In the case where you enter into a contract with an enterprise as an individual, this constitutes the legal basis for the processing of personal data. We may therefore process your personal information for the conclusion and implementation of a contract, such as, for example, sale of goods and services, membership of the association, participation in events and education, etc. If an individual does not mediate personal data, the company can not conclude a contract, nor can the company provide services or deliver goods in accordance with the concluded contract, as it does not have the necessary data for the implementation. On the basis of the lawful activity, the company can send information about its services, events, training, offers and other contents to individuals and users of its services to individuals. An individual can at any time request termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscription link in the received message or as a request by e-mail to info@caap.si or by regular mail to the address of the company.
A legitimate interest
An entity may also process personal data on the basis of the legitimate interest it is seeking. The latter is inadmissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal data protection. In the case of the application of legitimate interest, the firm always makes an assessment in accordance with the General Regulation.
The processing of personal data of individuals for the purposes of direct marketing is deemed to have been performed in a legitimate interest. The company can thus process the personal data of individuals collected from publicly available sources or within the framework of lawful activity, including for the purpose of offering goods, services, employment, information on benefits, events, etc. To achieve these purposes, the company can use ordinary mail, telephone calls, e-mail and other telecommunication resources. For the purposes of direct marketing, an entity may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number and e-mail address. For the purposes of direct marketing, the personal data may also be processed without the explicit consent of the individual. An individual can at any time request termination of such communication and processing of personal data and cancel the receipt of messages through the connection to unsubscribe in the received message, or as a request by e-mail to info@caap.si or by regular mail to the company address.
Treatment on the basis of consent
If the company does not have a legal basis disclosed on the basis of a law, contractual obligation or legitimate interest, the individual may apply for consent or consent. consensus. Thus, it can process certain personal data of the individual for the following purposes, when an individual gives this consent:
- contact details: username, title, address, email address
- name, surname, telephone, address of residence and e-mail address for information and communication purposes,
- Tax number or EMŠO for the purposes of possible enforcement in case of default (eg non-payment of the invoice),
- photographs, video clips and other content related to the individual (for example, the publication of images of individuals on the company's website) for the purpose of documenting activities and informing the public about the work and events of the company;
- other purposes for which an individual agrees with the consent.
If an individual gives consent to the processing of personal data and at some point he no longer wishes to do so, he may request the interruption of the processing of personal data by request by e-mail to info@caap.si or by regular mail to the address of the company. Revocation of consent does not affect the legality of the processing on the basis of consent prior to its cancellation.
Treatment is necessary to protect the vital interests of the individual
An enterprise may process the personal data of the data subject insofar as this is necessary for the protection of his or her vital interests. Thus a company can search for a personal document of an individual, check whether that person exists in his database, examine his history or contact his relatives for which you do not need his consent. This applies in the case where this is indispensable to protect the vital interests of the individual.
The company will store personal data only for as long as this is necessary to achieve the purpose for which personal data have been collected and processed. Insofar as the company processes the data on the basis of the law, they will be kept for the period prescribed by law. In doing so, some of the information is retained during the cooperation with the company, and some data must be kept permanently.
The personal data processed by the company on the basis of a contractual relationship with an individual shall be kept by the company for the period necessary for the execution of the contract and for a further 6 years after its termination, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company keeps the data for another 10 years after the final decision, arbitration or judicial settlement has become final, or, if no dispute has been made, 5 years from the date of peaceful settlement of the dispute.
The personal data processed by the company on the basis of personal consent of the individual or of the legitimate interest will be kept by the company until the cancellation of the consent or the request to delete the data. After receiving the cancellation or request for deletion, the data is deleted within 15 days at the latest. An entity may also delete this information prior to cancellation when the purpose of the processing of personal data has been achieved or if the law so provides.
Exceptionally, an entity may refuse the request for cancellation for the reasons set out in the General Regulation, such as: exercise of the right to freedom of expression and information, compliance with legal processing obligations, reasons of public interest in the field of public health, the purpose of archiving in the public interest, scientific or historical research purposes or statistical purposes, implementation or defense of legal claims.
After the expiry of the retention period, the entity must erase or anonymise the personal data effectively and permanently, so that it can no longer be linked to a particular individual.
The company may entrust to the contracted processor for individual processing of personal data on the basis of the contract processing contract. Contractors may process the data entrusted exclusively on behalf of the controller, within the limits of his / her authority, which is specified in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.
The contractual processors with which the company is involved are in particular:
- accounting services and other providers of legal and business consulting;
- infrastructure maintenance (video surveillance, security, cleaning services);
- information system maintainers;
- providers of e-mail services and software providers, cloud services (eg Arnes, Microsoft, Google);
- social network providers and online advertising (Google, Facebook, Instagram, etc.).
In any case, the company will not provide individual personal data to third parties unauthorized.
Contractors may process personal data only in the context of company instructions and may not use personal data for any other purpose.
The company does not, as the operator and its employees, transfer personal data to third countries (outside the Member States of the European Economic Area - EU Member States and Iceland, Norway and Liechtenstein) and to international organizations other than the United States, with US contract processors included in the Privacy Program EU-US Shield. More about Privacy EU-US Privacy Policy writes Information Commissioner: https://www.ip-rs.si/varstvo-osebnih-podatkov/obveznosti-upravljavcev/iznos-osebnih-podatkov-v-tretje-drzave/iznos-osebnih-podatkov-v-zda/.
The company's website works with the help of so-called. cookies. A cookie is a file that stores the settings of a web page. Websites store cookies in user devices that access the Internet in order to identify the individual devices and settings that users have used in accessing. Cookies allow web pages to recognize if a user has already visited this site, and with advanced applications, they can adjust their individual settings accordingly. Their storage is under the complete control of a browser used by an individual - which can be used to restrict or disable cookie storage.
Cookies are fundamental to providing individually friendly online services. They are used to store information about the status of each site, help collect user statistics, and site visits, etc. Using cookies, we can therefore evaluate the effectiveness of our website design.
The company's website uses the following cookies:
| Cookie name | Duration | Function |
| _ga | 2 years | Used to differentiate between users. |
| _gid | 24 hours | Used to differentiate between users. |
| _gat | 1 minute | It is used to control access to a website. |
| _gali | 24 hours | Improved link assignment |
Saving and managing cookies is under the complete control of a browser used by an individual. The browser can limit or disable cookie storage as desired. You can also delete the cookies your browser has stored on the web pages of each browser.
The company takes care of information security and security of the infrastructure (premises and application system software). Our information systems are, among other things, protected by antivirus programs and firewalls. We have implemented appropriate organizational and technical security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other illegal and unauthorized forms of processing. In the case of the provision of specific types of personal data, they are transmitted in encrypted form and password protected.
The individual is solely responsible for providing his personal information securely and that the information provided is accurate and credible. The company will endeavor to contact your personal information, which is accurate and if necessary updated, from time to time, we can contact you to verify the accuracy of your personal information.
According to the General Regulation, the individual has the following rights from the protection of personal data.
- It may require information about whether we have his personal information and, if so, what information we have and on what basis do we have and why we use them.
- The request may have access to its personal data, which allows it to receive a copy of the personal data held by the company and verify that the company processes it legally.
- It may require personal data corrections, such as a correction of incomplete or inaccurate personal information.
- It may request the deletion of its personal data when there is no reason for further processing or when it exercises its right to object to further processing.
- It may object to the further processing of personal data where the undertaking relies on a legitimate business interest (even in the case of a third party's legitimate interest) when there are reasons relating to the individual's particular situation; an individual has the right to object at any time if the company processes personal data for direct marketing purposes.
- It may require limitation of the processing of its personal data, which means that the processing of personal data is interrupted, for example, if an individual wants the company to establish accuracy or to verify the reasons for the further processing of personal data.
- It may request the transfer of its personal data in a structured electronic form to another controller, to the extent feasible and feasible.
- It can revoke the consent or consent it has given for the collection, processing and transfer of its personal data for a particular purpose; upon receipt of the notice that it has withdrawn its consent, the company will cease processing personal data for the purposes it originally accepted, unless the company has other legal legal bases for doing so legally.
If an individual wishes to assert any of the aforementioned rights he can send the request by e-mail to info@caap.si or by regular mail to the company's address.
Access to individual's personal data and established rights is free for the individual. However, a company may charge a reasonable fee, insofar as the data subject's request is manifestly unfounded or excessive, in particular if it is repeated. In such a case, the company may also reject the request.
In case of exercising the rights in this title, the company may need to request certain information that will help it to confirm the identity of the individual, which is only a security measure that ensures that personal data are not disclosed to unauthorized persons.
When exercising rights under this heading, an individual may use the Information Commissioner's form, which can be accessed on their website. Link to: https://www.ip-rs.si/fileadmin/user_upload/doc/obrazci/ZVOP/Zahteva_za_seznanitev_z_lastnimi_osebnimi_podatki__Obrazec_SLOP_.doc
In case where individual believes that his rights have been violated, he or she can contact the supervisory authority or the Information Commissioner. Link to: https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/
If an individual has any questions regarding the processing of his personal information, you can always contact our company by e-mail at info@caap.si or by regular mail to the address of the company.
Any changes to our personal data protection policy will be published on the company's website: www.caap.si. By using the website, the individual confirms that he accepts and agrees with the entire content of this personal data protection policy.
The personal data protection policy was adopted by Karolina Babič, President of the Association on 30 June 2018.