Personal Data Protection Policy

Privacy notice, terms of use, cookies
  1. INTRODUCTORY INFORMATION

Datalab respects your privacy and thoroughly protects your personal data.

In this Personal Data Protection Policy (henceforth ‘Policy’), we define the methods of personal data collection, their purpose, security measures, with which personal data are protected, persons, with whom we share them, and your rights concerning the protection of your personal data.

This Policy affects:

  • All users of our website datalab.eu (henceforth ‘website’)
  • Ordering and performing subscription contracts for services provided by Datalab
  • Organization and execution of events by Datalab Academy, including processing registrations for such events
  • Registration to webinars by Datalab Academy, including processing registrations to such webinars
  • Registration to blog news
  • Registration to notifications about product news and organized events
  • Requests for quotes about our offers over the phone, e-mail, printed forms or online forms
  • Downloads of any documents published on the website
  • The use of social media
  • The use of any technical support or services offered by Datalab on its websites
  • The use of the online shop.

 

 

 

  1. DATA CONTROLLER

This Policy is used for all personal data that Datalab Tehnologije, d.d., Hajdrihova ulica 28c, 1000 Ljubljana, Slovenia (henceforth ‘Datalab’, ‘we’, ‘us’) collects.

As a data controller, Datalab is responsible for the processing and storage of your personal data.

If you have any questions about the use of this Policy or about the rights you can exercise arising from this Policy, contact us in any of the following ways:

  • info@datalab.si
  • +386 12 52 89 00
  • Datalab Tehnologije, d.d., Hajdrihova ulica 28c, 1000 Ljubljana, Slovenia, with the addendum ‘Personal data protection’

In relation to users of the services that it provides (e.g. the PANTHEON software), Datalab is a contractual controller. For all questions regarding the protection of personal data, users are asked to contact their employer.

  1. DEFINITION OF TERMS

A list of terms from this Policy and their explanations can be found in this section.

The purpose of each term listed below is defined in this Chapter.

Personal data means any information relating to an individual that can be used to identify that individual (e.g. first name, last name, e-mail, telephone number).

Controller means the legal person which determines the purposes and means of the processing of your personal data.

Processor means a natural or legal person which processes personal data on behalf of the controller.

Processing means the collection, storage, access to, and all other forms of use of personal data.

EEA means the European Economic Area, which includes all member states of the European Union, Iceland, Norway, and Liechtenstein.

 

  1. PERSONAL DATA PROCESSING

Datalab processes your personal data only for clearly defined purposes, in a secure manner, and transparently.

We acquire your personal data when you provide them (such as when you use our website, order our services, register for our events or webinars, request quotes over e-mail, the phone or in writing to are physical address, or in any other way with which you provide your personal data).

Additionally, we acquire your personal data through publicly available data records (e.g. state institutions).

Additionally, we acquire your personal data through the use of cookies on our website. You can read more about the use of cookies in Chapter 7 of this Policy.

 

4.1 Types of Personal Data Collected

Datalab can collect the following information or types of information:

  • Basic personal data (first and last name)
  • Basic contact data (telephone number, e-mail address)
  • Basic data about the company you work for (company name, your role in the company, No. of employees)
  • Basic data about subscriptions for Datalab services (license type, date of purchase)
  • Information about your computer (IP address, type of device, type of browser), data about your usage of our website (the content you’ve consumed, the time spent on the website, what you clicked) and data about the response to our e-mail messages
  • Data about the Datalab partner company with which you cooperate (you can find out more about partner companies in Chapter 6 of this Policy)
  • Data we need to deliver ordered goods (address, postal code, city)

Datalab follows the principle of data minimization as provided by legislation, which is why we collect only data appropriate, relevant, and limited to what is required for purposes for which they are collected. The purposes for which we collect personal data are defined in chapter 4.3 of this Policy.

4.2 Legal Basis for the Collection and Processing of Personal Data

In accordance with personal data protection legislation, we may process your personal data on the following legal bases:

  • Where the processing of your personal data is necessary to perform a contract you’ve entered into
  • Where you’ve given your consent to the processing of your personal data for a particular processing purpose. You always have the right to withdraw your consent.
  • Where Datalab has a legitimate interest to process your personal data (when we’re processing data based on a legitimate interest, we’ll specify that explicitly in this Policy)
  • Where processing is necessary for compliance with legal obligations (such as data we store for tax-related obligations).

Only those personal data have to be provided that we collect based on legal requirements.

Providing personal data that we require to perform a contract is voluntary. We would like to remind you that in case you do not provide your personal data that we require to provide our services (e.g. entering into a contract, registering for a webinar), we will not be able to provide that service.

Giving consent is always voluntary and without any adverse consequences. We would like to remind you that certain services (e.g. e-notifications, targeted advertising) cannot be provided without your consent or after you withdraw your consent.

 

4.3 Purposes of Processing

Datalab will process your data only for specific, explicit, and legitimate purposes. We undertake to not use your personal data in ways that are incompatible with the purposes defined in this Policy.

The purposes for which we may use your personal data are defined below. Datalab may use your personal data for one or more of the defined purposes.

The purposes for which we will use your personal data are the following:

  • Communicating with your regarding the performance of our services and responding to your requests (especially notifications pertaining to the PANTHEON software, responding to your requests for quotes made through online or physical forms, filling out satisfaction questionnaires)
  • Entering into a contract and performing obligations from that contract. Specifically, the provision of services such as registrations and orders made through our website (thereby ensuring that you can successfully register to our events, webinars, and that you can order e-business services or goods through the online shop). All personal data processed in relation to orders in our online shop is processed with the purpose of entering into and performing contracts that you entered into with us. If you do not provide all data required to complete an order, we reserve the right to delay or cancel the order.
  • For marketing communications (such as notifications about new services or upgrades of existing services, and events organized by Datalab, registration to our blog news)
  • For marketing communications, based on targeted or individualized offers. The use of some personal data helps us to personalized communication with you so that it’s as interesting and useful to you as possible. Based on certain personal data, we can divide individuals into groups, enabling us to tailor the content of messages to each group. We monitor individuals’ activities when categorizing them. Marketing communication with targeted or individual offers will be conducted only with your explicit consent.
  • Transmission of personal data to third parties. We will transmit personal data only to those third parties defined in chapter 6. Your data will be transmitted only when justified by our legitimate interest of ensuring a safe and legitimate business and the performance of legal obligations (such as tax-related obligations, which may include transmitting your personal data to tax authorities). An exception is our contractual partners used for the purpose of remarketing. In this case, we will transmit your personal data only with your explicit consent.
  • In relation to any legal claims or for the resolution of disputes. During the course of protecting our business and exercising and/or protecting our rights, personal data may be disclosed. Your personal data will be disclosed only in the manner and under circumstances defined by the law.
  • For statistical analyses. To improve the user experience, we conduct analyses of the use of our website, which is our legitimate interest of maintaining and/or improving our business success.

You have the right to withdraw your consent for any processing of your personal data at any time. You can communicate the withdrawal of your consent to any of the contacts listed in Chapter 2 of this Policy.

4.4 How Long We Store Your Personal Data

We store your personal data in accordance with applicable legislation and (i) only for as long as it is necessary to achieve the purpose for which the data is processed, or (ii) for a period prescribed by law (such as 10 years for storing issued invoices), or (iii) for a period that is necessary to complete a contract, which includes warranty periods and periods during which any claims can be made based on the concluded contract (e.g. 5 years after the end of the contractual obligations).

Personal data acquired based on your consent is stored permanently or until you withdraw your consent (you can read more about how to withdraw your consent in Chapter 9 of this Policy). Data collected based on your consent will be deleted even before you withdraw your consent if the purpose for which the data were collected has been achieved.

Personal data for which the storage period has expired (e.g. because the purpose for which they were collected has been achieved, or because the legal deadline has been reached) will be erased, destroyed, or rendered anonymous to prevent the personal data from being reconstructed.

If you need more information about the storage periods of your personal data, please use one of the contacts listed in Chapter 2 of this Policy.

 

  1. PERSONAL DATA PROTECTION

Datalab has taken the appropriate technical and organizational measures to protect your personal data, especially:

  • Regular and effective upgrades to software and hardware where your personal data are stored
  • Securing access to personal data
  • Backup creation
  • Training of employees who are responsible for the processing of personal data
  • Informed and thorough decision-making when selecting the processors of your personal data
  • Monitoring employees and other processors of your personal data, including conducting audits
  • Control and adequate action in the event of a security breach, with which we prevent or limit the damage to personal data

Datalab protects your personal data from illegal or unauthorized processing and/or access, and from unintentional loss, destruction, or damage. All measures we take are within our technical capacities (including the costs of taking certain measures) and at the discretion of the effects they have on your privacy.

In the event of a personal data breach, Datalab will inform the competent supervisory authority about the breach without hesitation. The supervisory authority in the Republic of Slovenia is the Data Protection Officer.

In the event a suspicion that a criminal act was committed, Datalab will also report the breach to the police and the competent state prosecutor’s office.

In the event a personal data breach occurs that could pose a great risk to the rights and freedoms of data subjects, Datalab will inform you of such breach immediately.

  1. TRANSFERRING PERSONAL DATA

Your personal data – for the expressed purpose for which the were collected – can be transferred, consulted or access to certain third parties listed below. Each user with whom we share the personal data may process the data only for the purposes for which they were collected. Additionally, all users are required to follow applicable legislation and the provisions of the Personal Data Protection Policy.

Your personal data can be transferred to:

  1. Datalab’s subsidiaries
  2. Business partners that help us provide certain services, such as advertising and marketing agencies, and the companies LogMeIn Inc. and ISL Group, who help us organize registrations to our webinars. For remarketing purposes we use Google AdWords and Google Analytics, and Facebook Ads, which help us to show you relevant advertisements. We use the application Moodle of the University in Maribor for certification purposes.
  3. Other contractual partners that provide services to Datalab (e.g. accounting firms, law firms).
  4. Partner companies that help us provide our services.
  5. Where we are required to do so by law (e.g. tax authorities, courts)

Your personal data may be transferred to third parties (listed above) outside of the European Economic Area (EEA), where these data can be processed by us or third parties. For each transfer outside of the EEA, we’ll take additional steps to ensure the security of your personal data.

Such steps include agreements with third parties about creating binding personal data protection rules, verification of the existence of approved certification mechanisms in line with our personal data protection standards, and defining contractual provisions that cover personal data protection.

 

  1. COOKIE POLICY

 COOKIES

WHAT ARE COOKIES

Cookies are small text files that most websites store on devices with which users access the Internet. They are designed to recognized individual devices that users used to access a website. Their storage is completely controlled by the user’s web browser. Users can freely restrict or block the storage of cookies. Cookies are not harmful and always expire.

We use cookies to ensure user-friendly web services, a pleasant user experience, and to track site visits. Thanks to cookies, the interaction between the user and website is easier and simpler. With their help, a website can remember the user’s preferences and experiences, which saves time, and makes for a more effective and user-friendly browsing experience. Cookies are not harmful and expire.

WHY ARE THEY USED

They are of key importance to ensure user-friendly website services. Thanks to cookies, the interaction between the user and website is easier and simpler. With their help, a website can remember the user’s preferences and experiences, which saves time, and makes for a more effective and user-friendly browsing experience.

Some concrete examples on how cookies are used:

  • Improving the user experience of a website by adjusting the way content of the website is displayed based on past visits
  • Storing choices the user made when displaying a selection of devices and offers, and displaying comparisons
  • Recognizing your device (computer, tablet, smartphone), which allows us to adjust how the content is displayed to fit the device.
  • Tracking visits, which allows us to check how effective the content we display is, to make sure ads are relevant, and to continuously improve our websites.

 

COOKIE TYPES

1 STRICTLY NECESSARY COOKIES

Necessary cookies enable the use of components necessary for the website to function correctly. Without these cookies, the services that you’d like to use on this website wouldn’t work correctly.

2 PERFORMANCE COOKIES

These cookies collect data on how users behave on the website in order to improve the performance component of a website (e.g. which content on our website you visit most often). These cookies do not collect information which could identify the users. They ensure that using the website is a pleasant experience.

3 FUNCTIONALITY COOKIES

These cookies enable the website to remember some of your settings and choices (e.g. language, region) and enable advanced, personalized functions. These cookies may allow your actions on the website to be tracked.

4 ADVERTISING OR TARGETED COOKIES

These cookies are most commonly used by advertising and social networks (third parties) with the goal to show you more targeted ads, reduce repetition of ads, or measure the effectiveness of advertising campaigns. These cookies enable your actions on the Internet to be tracked.

 

CONTROLLING COOKIES

​You decide if you want to use cookies. You can always delete cookies, thereby removing your visibility on the Internet. You can set up most browsers so that they don’t store cookies.

For more information about the options available for each browser, we recommend you to check their settings.

Our website uses cookies which enable us to improve and optimize our website, giving you a better user experience.

Cookies are simple text files that some website store on your computer through your browser, and save some non-personal data.

Using cookies allows us to adapt online content to make it more attractive to individuals. Additionally, we conduct website use analyses which allow us to improve and edit our website to make it more user-friendly.

Some cookies are strictly necessary, because our website couldn’t work without them, whereas you can refuse all other cookies. We use strictly necessary cookies to store statistical data about the use of our website and to store information necessary for contact forms available on our website.

In addition to strictly necessary cookies, we use other cookies that allow us to get to know our users better and to provide you with targeted advertising on the basis of the data we collect. Refusing cookies can cause certain content or functions of the website to not function properly (especially features that allow the website to adapt to the interests of the user).

You can find an overview of all cookies in a table at the end of this chapter.

In addition to first-party cookies, we use the following third-party cookies: Google Analytics, Google AdWords, Display Advertising extension for Google Analytics (all listed cookies by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Hotjar, ActiveCampaign (by ActiveCampaign, LLC, North Dearborn Street, 5th Floor, Chicago, IL 60602), AdRoll (by AdRoll Inc. 972 Mission Street, San Francisco, CA 94103), Facebook Custom Audience in Facebook remarketing (by Facebook Inc, 1 Hacker Way, Menlo Park, CA 9420).

You can refuse all third-party cookies listed above or delete them from your browser at any time.

  • To delete the Google Analytics cookies, set your browser to refuse cookies with the domain ‘pum’.
  • To delete the Google AdWords cookies, set your browser to refuse cookies with the domain ‘www.datalab.si’.
  • To delete the Display Advertising extension for Google Analytics cookies, set your browser to refuse cookies with the domain ‘__ar_v4’.
  • To delete the Hotjar cookies, set your browser to refuse cookies with the domain ‘_hjIncludedInSample’.
  • To delete the ActiveCampaign cookies, set your browser to refuse cookies with the domain ‘_form_’.
  • To delete the AdRoll cookies, set your browser to refuse cookies with the domain ‘_te_’.
  • To delete the Facebook Custom Audience and Facebook remarketing cookies, set your browser to refuse cookies with the domain ‘facebook’.

 

We want to remind users that the service providers listed above may collect certain personal data, which is not connected to the data collection done by Datalab. Any such independent personal data collection is not covered by this Policy, but is covered by the privacy policies of each cookie provider.

You can read more about personal data protection for third-party cookies in the privacy policies of each third-party cookie provider:

Datalab uses certain elements of other providers on its website, namely Facebook and LinkedIn. Both providers use cookies that you can refuse in your browser. The terms of use for these elements are defined in the security policies of each provider, which you can find in the links listed above.

  1. WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS

Our website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA), while YouTube is controlled by Google. If you visit our website’s content that contains a YouTube plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of your visit to our website.

More about how YouTube handles user data can be found on their website.

Datalab also uses social media, such as Facebook and LinkedIn. Facebook and LinkedIn operate in accordance with their own terms of use and policies that govern the handling of user data. We want to remind users that they are themselves responsible for any posts on social media and that each user is responsible to direct any questions or the exercise of their rights to the appropriate social network.

Datalab assumes no responsibility for any activities related to social media.

  1. RIGHTS OF DATA SUBJECTS

You have the following rights in relation to the processing of personal data:

  • Access to personal data: You can request information from Datalab about whether they process your personal data. If they do, you can request access to your personal data and information about the processing (which data is being processed and where the data come from).
  • Rectification of personal data: You can request that Datalab rectifies or amends imperfect or inaccurate data about you which is being processed.
  • Restriction of processing of personal data: You can request that Datalab limits the processing of your personal data (e.g. when the accuracy or completeness of your personal data is being verified)
  • Erasure of personal data: You can request from Datalab that they erase your personal data (we cannot erase those personal data that we control due to legal obligations or based on a contractual relationship).
  • Copy of personal data: You can request from Datalab that they provide a copy of the personal data that you sent in a structured, commonly used, and machine readable format.
  • Withdrawing consent: You have the right to withdraw your consent about the use of personal data that we collect and process with your consent at any time. You can withdraw consent in any way listed in Chapter 2 of this Policy. Withdrawing consent has no drawbacks, but it is possible that Datalab will not be able to provide certain services to you after you withdraw consent.
  • Objecting to processing of personal data: You have the right to object the processing of your personal data when the purpose of the processing is direct marketing or transferring your personal data to third parties with the purpose of direct marketing. Additionally, you can object the processing when your data is being used with the purpose of indirect marketing with the use of personalized or individual offers (profiling). You can communicate your objection in any way listed in Chapter 2 of this Policy.

You can exercise all your rights by contacting us through any channel listed in Chapter 2 of this Policy. Additionally, these contacts are available to you if you need any additional information regarding your rights.

You have the right to lodge a complaint against us with a Data Protection Officer, which is the supervisory authority for personal data protection.

Datalab ensures that the personal data being processed is up to date and complete. Please communicate any changes of your personal data at info@datalab.si or +386 12 52 89 00. We will correct or amend your personal data as soon as possible.

Datalab reserves the right to request certain personal data (e.g. first name, last name, e-mail address) when you exercise any of your rights from this chapter to facilitate the identification of the data subject.

 

  1. FINAL PROVISIONS

Datalab reserves the right to change this Policy. If any changes do occur, we will notify you about that in advance. You agree to the new version of this Policy if you continue using our website and other services defined in this Policy after a new version of the Policy is published.

 

 

  1. WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS

Our website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA), while YouTube is controlled by Google. If you visit our website’s content that contains a YouTube plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of your visit to our website.

More about how YouTube handles user data can be found on their website.

Datalab also uses social media, such as Facebook and LinkedIn. Facebook and LinkedIn operate in accordance with their own terms of use and policies that govern the handling of user data. We want to remind users that they are themselves responsible for any posts on social media and that each user is responsible to direct any questions or the exercise of their rights to the appropriate social network.

Datalab assumes no responsibility for any activities related to social media.

 

  1. RIGHTS OF DATA SUBJECTS

You have the following rights in relation to the processing of personal data:

  • Access to personal data: You can request information from Datalab about whether they process your personal data. If they do, you can request access to your personal data and information about the processing (which data is being processed and where the data come from).
  • Rectification of personal data: You can request that Datalab rectifies or amends imperfect or inaccurate data about you which is being processed.
  • Restriction of processing of personal data: You can request that Datalab limits the processing of your personal data (e.g. when the accuracy or completeness of your personal data is being verified)
  • Erasure of personal data: You can request from Datalab that they erase your personal data (we cannot erase those personal data that we control due to legal obligations or based on a contractual relationship).
  • Copy of personal data: You can request from Datalab that they provide a copy of the personal data that you sent in a structured, commonly used, and machine readable format.
  • Withdrawing consent: You have the right to withdraw your consent about the use of personal data that we collect and process with your consent at any time. You can withdraw consent in any way listed in Chapter 2 of this Policy. Withdrawing consent has no drawbacks, but it is possible that Datalab will not be able to provide certain services to you after you withdraw consent.
  • Objecting to processing of personal data: You have the right to object the processing of your personal data when the purpose of the processing is direct marketing or transferring your personal data to third parties with the purpose of direct marketing. Additionally, you can object the processing when your data is being used with the purpose of indirect marketing with the use of personalized or individual offers (profiling). You can communicate your objection in any way listed in Chapter 2 of this Policy.

You can exercise all your rights by contacting us through any channel listed in Chapter 2 of this Policy. Additionally, these contacts are available to you if you need any additional information regarding your rights.

You have the right to lodge a complaint against us with a Data Protection Officer, which is the supervisory authority for personal data protection.

Datalab ensures that the personal data being processed is up to date and complete. Please communicate any changes of your personal data at info@datalab.si or +386 12 52 89 00. We will correct or amend your personal data as soon as possible.

Datalab reserves the right to request certain personal data (e.g. first name, last name, e-mail address) when you exercise any of your rights from this chapter to facilitate the identification of the data subject.

 

  1. FINAL PROVISIONS

Datalab reserves the right to change this Policy. If any changes do occur, we will notify you about that in advance. You agree to the new version of this Policy if you continue using our website and other services defined in this Policy after a new version of the Policy is published.

 

 

X