Personal Data Protection Policy
DEFINITION OF TERMS
PERSONAL DATA PROCESSING
Types of Personal Data Collected
Purposes of Processing
How Long We Store Your Personal Data
PERSONAL DATA PROTECTION
TRANSFERRING PERSONAL DATA
WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS
RIGHTS OF DATA SUBJECTS
Datalab Tehnologije, d.d.
Hajdrihova ulica 28c
T (01) 252 89 00
F (01) 252 89 10
Datalab respects your privacy and thoroughly protects your personal data.
In this Personal Data Protection Policy (henceforth ‘Policy’), we define the methods of personal data collection, their purpose, security measures, with which personal data are protected, persons, with whom we share them, and your rights concerning the protection of your personal data.
This Policy affects:
- All users of our website datalab.eu (henceforth ‘website’)
- Ordering and performing subscription contracts for services provided by Datalab
- Organization and execution of events by Datalab Academy, including processing registrations for such events
- Registration to webinars by Datalab Academy, including processing registrations to such webinars
- Registration to blog news
- Registration to notifications about product news and organized events
- Requests for quotes about our offers over the phone, e-mail, printed forms or online forms
- Downloads of any documents published on the website
- The use of social media
- The use of any technical support or services offered by Datalab on its websites
- The use of the online shop.
This Policy is used for all personal data that Datalab Tehnologije, d.d., Hajdrihova ulica 28c, 1000 Ljubljana, Slovenia (henceforth ‘Datalab’, ‘we’, ‘us’) collects.
As a data controller, Datalab is responsible for the processing and storage of your personal data.
If you have any questions about the use of this Policy or about the rights you can exercise arising from this Policy, contact us in any of the following ways:
- +386 12 52 89 00
- Datalab Tehnologije, d.d., Hajdrihova ulica 28c, 1000 Ljubljana, Slovenia, with the addendum ‘Personal data protection’
In relation to users of the services that it provides (e.g. the PANTHEON software), Datalab is a contractual controller. For all questions regarding the protection of personal data, users are asked to contact their employer.
Datalab v razmerju do uporabnikov storitev, ki jih ponuja (npr. programska oprema PANTHEON), nastopa kot pogodbeni obdelovalec. Za vsa vprašanja v zvezi z varstvom osebnih podatkov naj se uporabniki storitev obrnejo na svojega delodajalca.
DEFINITION OF TERMS
A list of terms from this Policy and their explanations can be found in this section.
The purpose of each term listed below is defined in this Chapter.
Personal data means any information relating to an individual that can be used to identify that individual (e.g. first name, last name, e-mail, telephone number).
Controller means the legal person which determines the purposes and means of the processing of your personal data.
Processor means a natural or legal person which processes personal data on behalf of the controller.
Processing means the collection, storage, access to, and all other forms of use of personal data.
EEA means the European Economic Area, which includes all member states of the European Union, Iceland, Norway, and Liechtenstein.
PERSONAL DATA PROCESSING
Datalab processes your personal data only for clearly defined purposes, in a secure manner, and transparently.
We acquire your personal data when you provide them (such as when you use our website, order our services, register for our events or webinars, request quotes over e-mail, the phone or in writing to are physical address, or in any other way with which you provide your personal data).
Additionally, we acquire your personal data through publicly available data records (e.g. state institutions).
4.1 Types of Personal Data Collected
Datalab can collect the following information or types of information:
- Basic personal data (first and last name)
- Basic contact data (telephone number, e-mail address)
- Basic data about the company you work for (company name, your role in the company, No. of employees)
- Basic data about subscriptions for Datalab services (license type, date of purchase)
- Information about your computer (IP address, type of device, type of browser), data about your usage of our website (the content you’ve consumed, the time spent on the website, what you clicked) and data about the response to our e-mail messages
- Data about the Datalab partner company with which you cooperate (you can find out more about partner companies in Chapter 6 of this Policy)
- Data we need to deliver ordered goods (address, postal code, city)
Datalab follows the principle of data minimization as provided by legislation, which is why we collect only data appropriate, relevant, and limited to what is required for purposes for which they are collected. The purposes for which we collect personal data are defined in chapter 4.3 of this Policy.
4.2 Legal Basis for the Collection and Processing of Personal Data
In accordance with personal data protection legislation, we may process your personal data on the following legal bases:
- Where the processing of your personal data is necessary to perform a contract you’ve entered into
- Where you’ve given your consent to the processing of your personal data for a particular processing purpose. You always have the right to withdraw your consent.
- Where Datalab has a legitimate interest to process your personal data (when we’re processing data based on a legitimate interest, we’ll specify that explicitly in this Policy)
- Where processing is necessary for compliance with legal obligations (such as data we store for tax-related obligations).
Only those personal data have to be provided that we collect based on legal requirements.
Providing personal data that we require to perform a contract is voluntary. We would like to remind you that in case you do not provide your personal data that we require to provide our services (e.g. entering into a contract, registering for a webinar), we will not be able to provide that service.
Giving consent is always voluntary and without any adverse consequences. We would like to remind you that certain services (e.g. e-notifications, targeted advertising) cannot be provided without your consent or after you withdraw your consent.
4.3 Purposes of Processing
Datalab will process your data only for specific, explicit, and legitimate purposes. We undertake to not use your personal data in ways that are incompatible with the purposes defined in this Policy.
The purposes for which we may use your personal data are defined below. Datalab may use your personal data for one or more of the defined purposes.
The purposes for which we will use your personal data are the following:
- Communicating with your regarding the performance of our services and responding to your requests (especially notifications pertaining to the PANTHEON software, responding to your requests for quotes made through online or physical forms, filling out satisfaction questionnaires)
- Entering into a contract and performing obligations from that contract. Specifically, the provision of services such as registrations and orders made through our website (thereby ensuring that you can successfully register to our events, webinars, and that you can order e-business services or goods through the online shop). All personal data processed in relation to orders in our online shop is processed with the purpose of entering into and performing contracts that you entered into with us. If you do not provide all data required to complete an order, we reserve the right to delay or cancel the order.
- For marketing communications (such as notifications about new services or upgrades of existing services, and events organized by Datalab, registration to our blog news)
- For marketing communications, based on targeted or individualized offers. The use of some personal data helps us to personalized communication with you so that it’s as interesting and useful to you as possible. Based on certain personal data, we can divide individuals into groups, enabling us to tailor the content of messages to each group. We monitor individuals’ activities when categorizing them. Marketing communication with targeted or individual offers will be conducted only with your explicit consent.
- Transmission of personal data to third parties. We will transmit personal data only to those third parties defined in chapter 6. Your data will be transmitted only when justified by our legitimate interest of ensuring a safe and legitimate business and the performance of legal obligations (such as tax-related obligations, which may include transmitting your personal data to tax authorities). An exception is our contractual partners used for the purpose of remarketing. In this case, we will transmit your personal data only with your explicit consent.
- In relation to any legal claims or for the resolution of disputes. During the course of protecting our business and exercising and/or protecting our rights, personal data may be disclosed. Your personal data will be disclosed only in the manner and under circumstances defined by the law.
- For statistical analyses. To improve the user experience, we conduct analyses of the use of our website, which is our legitimate interest of maintaining and/or improving our business success.
You have the right to withdraw your consent for any processing of your personal data at any time. You can communicate the withdrawal of your consent to any of the contacts listed in Chapter 2 of this Policy.
4.4 How Long We Store Your Personal Data
We store your personal data in accordance with applicable legislation and (i) only for as long as it is necessary to achieve the purpose for which the data is processed, or (ii) for a period prescribed by law (such as 10 years for storing issued invoices), or (iii) for a period that is necessary to complete a contract, which includes warranty periods and periods during which any claims can be made based on the concluded contract (e.g. 5 years after the end of the contractual obligations).
Personal data acquired based on your consent is stored permanently or until you withdraw your consent (you can read more about how to withdraw your consent in Chapter 9 of this Policy). Data collected based on your consent will be deleted even before you withdraw your consent if the purpose for which the data were collected has been achieved.
Personal data for which the storage period has expired (e.g. because the purpose for which they were collected has been achieved, or because the legal deadline has been reached) will be erased, destroyed, or rendered anonymous to prevent the personal data from being reconstructed.
If you need more information about the storage periods of your personal data, please use one of the contacts listed in Chapter 2 of this Policy.
PERSONAL DATA PROTECTION
Datalab has taken the appropriate technical and organizational measures to protect your personal data, especially:
- Regular and effective upgrades to software and hardware where your personal data are stored
- Securing access to personal data
- Backup creation
- Training of employees who are responsible for the processing of personal data
- Informed and thorough decision-making when selecting the processors of your personal data
- Monitoring employees and other processors of your personal data, including conducting audits
- Control and adequate action in the event of a security breach, with which we prevent or limit the damage to personal data
Datalab protects your personal data from illegal or unauthorized processing and/or access, and from unintentional loss, destruction, or damage. All measures we take are within our technical capacities (including the costs of taking certain measures) and at the discretion of the effects they have on your privacy.
In the event of a personal data breach, Datalab will inform the competent supervisory authority about the breach without hesitation. The supervisory authority in the Republic of Slovenia is the Data Protection Officer.
In the event a suspicion that a criminal act was committed, Datalab will also report the breach to the police and the competent state prosecutor’s office.
In the event a personal data breach occurs that could pose a great risk to the rights and freedoms of data subjects, Datalab will inform you of such breach immediately.
TRANSFERRING PERSONAL DATA
Your personal data – for the expressed purpose for which the were collected – can be transferred, consulted or access to certain third parties listed below. Each user with whom we share the personal data may process the data only for the purposes for which they were collected. Additionally, all users are required to follow applicable legislation and the provisions of the Personal Data Protection Policy.
Your personal data can be transferred to:
- Datalab’s subsidiaries
- Business partners that help us provide certain services, such as advertising and marketing agencies, and the companies LogMeIn Inc. and ISL Group, who help us organize registrations to our webinars. For remarketing purposes we use Google AdWords and Google Analytics, and Facebook Ads, which help us to show you relevant advertisements. We use the application Moodle of the University in Maribor for certification purposes.
- Other contractual partners that provide services to Datalab (e.g. accounting firms, law firms).
- Partner companies that help us provide our services.
- Where we are required to do so by law (e.g. tax authorities, courts)
Your personal data may be transferred to third parties (listed above) outside of the European Economic Area (EEA), where these data can be processed by us or third parties. For each transfer outside of the EEA, we’ll take additional steps to ensure the security of your personal data.
Such steps include agreements with third parties about creating binding personal data protection rules, verification of the existence of approved certification mechanisms in line with our personal data protection standards, and defining contractual provisions that cover personal data protection.
WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS
Our website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA), while YouTube is controlled by Google. If you visit our website’s content that contains a YouTube plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of your visit to our website.
More about how YouTube handles user data can be found on their website.
Datalab assumes no responsibility for any activities related to social media.
RIGHTS OF DATA SUBJECTS
You have the following rights in relation to the processing of personal data:
- Access to personal data: You can request information from Datalab about whether they process your personal data. If they do, you can request access to your personal data and information about the processing (which data is being processed and where the data come from).
- Rectification of personal data: You can request that Datalab rectifies or amends imperfect or inaccurate data about you which is being processed.
- Restriction of processing of personal data: You can request that Datalab limits the processing of your personal data (e.g. when the accuracy or completeness of your personal data is being verified)
- Erasure of personal data: You can request from Datalab that they erase your personal data (we cannot erase those personal data that we control due to legal obligations or based on a contractual relationship).
- Copy of personal data: You can request from Datalab that they provide a copy of the personal data that you sent in a structured, commonly used, and machine readable format.
- Withdrawing consent: You have the right to withdraw your consent about the use of personal data that we collect and process with your consent at any time. You can withdraw consent in any way listed in Chapter 2 of this Policy. Withdrawing consent has no drawbacks, but it is possible that Datalab will not be able to provide certain services to you after you withdraw consent.
- Objecting to processing of personal data: You have the right to object the processing of your personal data when the purpose of the processing is direct marketing or transferring your personal data to third parties with the purpose of direct marketing. Additionally, you can object the processing when your data is being used with the purpose of indirect marketing with the use of personalized or individual offers (profiling). You can communicate your objection in any way listed in Chapter 2 of this Policy.
- Right to data portability: You have the right to receive the personal data you’ve shared with us. The data will be made available to you in a structured, commonly used and machine-readable format. You have the right to transmit those data to another data controller of your choice. Where technically feasible, you have the right to have your personal data directly transmitted from us to another controller.
You can exercise all your rights by contacting us through any channel listed in Chapter 2 of this Policy. Additionally, these contacts are available to you if you need any additional information regarding your rights.
You have the right to lodge a complaint against us with a Data Protection Officer, which is the supervisory authority for personal data protection.
Datalab ensures that the personal data being processed is up to date and complete. Please communicate any changes of your personal data at firstname.lastname@example.org or +386 12 52 89 00. We will correct or amend your personal data as soon as possible.
Datalab reserves the right to request certain personal data (e.g. first name, last name, e-mail address) when you exercise any of your rights from this chapter to facilitate the identification of the data subject.
Datalab reserves the right to change this Policy. If any changes do occur, we will notify you about that in advance. You agree to the new version of this Policy if you continue using our website and other services defined in this Policy after a new version of the Policy is published.