20 August 2018
At Eligma Ltd., we strive for continuous development and improvement of our services as we want to adapt them to your requirements as much as possible. In order to achieve this, we need to collect and process certain personal data in some cases.

The purpose of this Personal Data Protection Notification ("Notification") is to make you acquainted with what kind of personal information we collect and for what purposes, what we do with them, how we ensure their security, and what rights you can exercise in connection with the processing of your personal data. We treat the protection of your personal data with the utmost seriousness and responsibility. We fully comply with our obligations regarding lawful, fair and transparent personal data processing. We advise you to get yourself fully acquainted with the contents of this Notification.

In order to ensure the compliance of this Notification with the regulations governing personal data protection, Eligma reserves the right to modify or amend the Notification accordingly. You will be suitably notified of any changes in due course, e.g. by e-mail or through a website notification.

    The controller of the personal data processed in accordance with this Notification is Eligma Ltd. ("Eligma"), company registration number 8106452000, with business address at Letaliska cesta 33F, 1000 Ljubljana, Slovenia. If you have any questions or requirements regarding the processing of your personal data, please send them to e-mail address dpo[at]eligma.com.
    We only collect your personal data when this is absolutely necessary or when you have given your consent. We will not process your personal data if the purpose of or basis for their processing is not supported by the applicable regulations in the field of personal data protection (the Personal Data Protection Act, the Official Gazette of the Republic of Slovenia No. 94/07 – official consolidated version (ZVOP-1) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)) and our internal policies.

    Eligma's processing of your personal data will be based on the following legal basis:

    1. By visiting our website, you accept and agree with the General Terms of Use of this website and enter an agreement with Eligma, which constitutes a contractual basis for processing your personal data. The data is coded and transferred to the server in a protected format. Such system prevents your personal data to be intercepted.

    2. Eligma also processes your data for compliance with a legal obligation to which the controller is subject:

      • the national legislation, i.a. the Prevention of Money Laundering and Terrorist Financing Act (the Official Gazette of the Republic of Slovenia, No. 68/16; ZPPDFT-1), the Personal Data Protection Act (the Official Gazette of the Republic of Slovenia No. 94/07 – official consolidated version (ZVOP-1), the Copyright and Related Rights Act (the Official Gazette of the Republic of Slovenia No. 16/07 – official consolidated version, 68/08, 110/13, 56/15 in 63/16 – ZKUASP; ZASP), etc.,
      • other international agreements and EU regulations that oblige Eligma to provide personal data of individuals to state authorities and other controllers in certain cases to comply with its own or their legal obligations or competences.

    3. Eligma can process personal data for the purposes of the legitimate interests pursued by the controller regarding the implementation of the agreement laid down in Item 1, e.g.:

      • for statistical purposes and for collecting the demographic data and interests of the visitors,
      • for identifying server problems and for website editing,
      • for business analyses,
      • for offer development,
      • for information system safety,
      • for improving or adapting the services to the individual,
      • for measuring the efficiency of its promotional activities and advertising,
      • on the basis of other legitimate interests.

    4. In certain cases, Eligma can process your personal data on the basis of your personal consent to perform marketing activities like sending newsletters and general notifications on the offer, novelties, advantages, events or prize contests, and for notifications on the service offer personalised on the basis of the profiling used by Eligma for these purposes. The personal consent is completely voluntary and is not a prerequisite for entering the agreement. In such cases, the processing takes places on the basis of a declaration of intent and the agreed ways of notification until the withdrawal of consent.

    5. During one's visit, Eligma also collects one's personal data through cookies for the purpose of improving the functionalities, user experience, safety, for smooth website functioning and for counting its website visitors. All further information on the use of cookies is accessible at the following link.
    We acquire personal data from various sources. In most cases, they are supplied by you directly through visiting our website, filling out online forms and / or subscribing to our newsletter. We can also use other information and data accessible through or provided by public sources (public registers, databases, internet applications, social media).

    Eligma processes the following types of personal data:

    1. contact information
      This includes all the personal data you provide when filling in online forms or communicating with us by phone, e-mail or in any other way. It also includes all the data you provide when registering on the website, subscribe to our newsletter, participate in prize contests, download the Elipay application or report any kind of problem that arises during your visits to our website. In such cases, we collect and save data which can include your name, e-mail address, phone number, address and other provided data.
    2. server data
      When you use this website, we collect various data in the server log, i.a.: the dates and times of the visits; the visited subpages; your IP address; time zone settings; the time you have spent on our website: the websites you visit immediately before or immediately after visiting our website; screenshots of clicks on this website; the information you viewed or sought; webpage response time; downloading errors; the lengths of the visits to individual webpages and data on webpage interactions.
    3. device data
      We collect data on the computer or mobile device which you use to access this website, including its model, the operating system and version of your software, the internet browser used and other identifiers of your device.
    4. data on the use of our services
      To target our services, we use data on which of our services you already use, for how long, under what conditions and whether you have kept or cancelled them. We know how frequently and for what purposes you use our individual services.
    5. data on contacts with us
      We keep records of your contacts with us, especially of the dates (sometimes also times) of the contacts and the reasons for them. This holds for all kinds of contacts (phone, SMS, regular mail, e-mail, live).
    6. data from social networks
      In our marketing campaigns, we also use social media (e.g. Facebook) and, although we do not keep the data published on your profile, we use it for targeted marketing activities, but only if you consent to this during your use of the aforementioned media. In the scope of third-party cookies, we also offer user service improvements, content dissemination through various social media and personalisation of our offer according to your wishes and requirements which are evident from your previous web browsing. Despite all of our efforts, we can not guarantee for the security of the content of the connected external websites or check such content. You therefore click external links at your own risk. We are not liable for any damages or implications resulting from visiting any aforementioned external link. If you follow a link to another website, you thereby leave our website and this Personal Data Protection Notification does not apply to your use of other websites or your activities on them.
    7. geolocation data
      Geolocation data or GPS coordinates (longitude, latitude) is acquired at your visit to our website in order to be able to help you find the most suitable end product and / or service. Eligma processes location data in a form that can not be connected to a specific or identifiable person, or on the basis of prior user consent.
    The users of your personal data are Eligma's employees authorised for processing your personal data, contracted data processors as well as public authorities, other state authorities and persons with powers conferred by public law to whom personal data is disclosed when so required by the applicable legislation. We take your privacy extremely seriously. We will only disclose it to third parties only if absolutely necessary, if they are trusted entities and have signed a non-disclosure agreement with us, or if you have given us explicit consent to do so.

    In certain cases, the performing of our activities requires and takes place through contracted data processing, e.g. by companies that ensure smooth functioning of our services (software suppliers and maintainers, IT support, printing services, technical support, contract partners performing use analysis, direct marketing and data storing services on our behalf, etc.). The contracted data processors operate in our name and on our behalf. Without a justified requirement and without Eligma's explicit written consent, they must not transfer their contracted processing upon subcontractors.

    Your personal data constitutes a business secret of Eligma. Eligma's employees process your personal data in accordance with their authorisations and our internal policies. The contracted data processors are obliged to protect confidential data and respect the rights of individuals in the same manner as Eligma's employees.

    Your personal data will not be transferred outside the EU.
    In order to protect personal data, Eligma will use all the organisational, technical and other suitable procedures and measures necessary to prevent unauthorised data destruction, modification, loss or any unauthorised processing. Among others, these measures can include internal rules on personal data protection, additional employee training, internal controls of processing activities, etc. Other possible measures can include minimalization of personal data collection, pseudonymisation, transparency, enabling individuals to monitor the processing, as well as continuous safety measure upgrades.
    The period of keeping your personal data depends on the basis and purposes of processing an individual personal data category. Personal data is only kept for as long as this is legally required or allowed and absolutely necessary to achieve the purpose for which the data has been collected or processed. After achieving the purpose, we will only keep the personal data we are legally obliged to keep or we might need for evidence or defence purposes in case of a possibility of legal claims. The rest of the data is erased, blocked or anonymised unless otherwise legally required for certain types of data.

    The personal data that we process to send offers and notifications on novelties is kept until your consent withdrawal or, in any case, for a maximum period of five years from your consent. After that period, we will again ask you for your consent.
    You can always request to view or access your personal data, or request its correction or erasure, or restrict or object to its processing. We will notify you if your request affects the possibility of further operation of the website. In certain cases, you also have the right to port your personal data to a different controller. This depends on the technical capacities and internal policies of individual controllers.

    Your consent to the processing of personal data for the purpose of sending offers and novelty notifications may be withdrawn at any time; however, the withdrawal of your consent does not affect the lawfulness of the processing of your personal data on the basis of your consent for the period prior to the withdrawal.

    Eligma does not take responsibility for the credibility, accuracy and currency of the personal data you provide. The user themselves is obliged to ensure the accuracy and currency of all the data they provide.

    In the event of a violation of protection of your personal data, we will notify you in accordance with the conditions laid down by the applicable legislation.

    Your requests will be fulfilled without undue delay, but in any case within one month of the receipt of your request unless otherwise provided by the applicable legislation. In the event of complexity and a large number of requests, this time limit may be extended by up to two months. We will notify you of any such extension within one month of receiving your request, together with the reasons for the delay.

    If you believe that we do not process your personal data in accordance with the applicable legislation, you can file a complaint with the Slovenian Information Commissioner at the e-mail address [email protected] or by regular mail to Zaloska cesta 59, 1000 Ljubljana, Slovenia.
    This Notification is published on the website and enters into force on 20 August 2018.

    In addition to this Notification, we also advise you to read the General Terms of Use, which are published on our website and form a binding agreement between you and Eligma together with this Notification.