Our Policies

Please carefully review this document, as it contains all information regarding the processing of personal data carried out by Kiroptera Consulting, Robert Babić, s.p.

This Privacy Policy applies to all business processes managed by or involving Kiroptera Consulting, Robert Babić, s.p. This includes your use of: the https://kiroptera.com/ website and all its subpages, including any additional language versions, profiles, and content on social media platforms (collectively referred to as the "Website"), newsletters, free consultations, and other free services provided by us (collectively referred to as "Free Services"), as well as our paid services (all together referred to as "Services").

Processing of Personal Data

"Processing of personal data" refers to any operation or set of operations performed on personal data or sets of personal data, whether by automated means or otherwise, such as collection, modification, use, access, storage, or deletion of personal data.

"Personal data" means any information relating to an identified or identifiable individual who can be directly or indirectly identified, particularly by reference to an identifier (e.g., name, location data, identification number, or similar). We process personal data when we have an appropriate legal basis for doing so (e.g., law, pre-contractual relationship, legitimate interest, or consent). The retention periods for personal data are determined in such a way that we delete or anonymize personal data as soon as they are no longer needed for the purpose of processing.

"Controller" means the legal entity that determines the purposes and means of processing your personal data.

"Processor" means a legal or natural person that processes personal data on behalf of the Controller.

1. Who Manages My Personal Data?

The processing of personal data is carried out by the Controller of personal data:

Kiroptera Consulting, pravno svetovanje, Robert Babić, s.p., Vojkova cesta 63, 1000 Ljubljana, Registration number: 9770712000, Tax number: 76242943, Email: info@kiroptera.com ("Controller").

2. How Do We Obtain Your Data?

We obtain your data when you provide it to us, for example, when you contact us via the contact form on our Website, inquire about our Services via email, phone, or the Website, subscribe to our newsletters, book an appointment for a consultation, or similar. The Website uses cookies and similar technologies to ensure its proper functioning and to enhance your user experience. These data are, in certain cases (where necessary), collected automatically, while in other cases, we request your consent prior to processing. These data primarily include technical information, such as the browser and operating system you use or the time of your access to the Website. For more information about cookies and other technologies we use, please refer to our Cookie Policy.

3. Is the Provision of Personal Data Mandatory?

The provision of personal data is voluntary, except when required by law. In such cases, providing personal data is mandatory. In all other cases, the decision to provide personal data is voluntary. Please note that if you choose not to provide personal data, we may not be able to offer certain Services or functionalities due to technical limitations.

4. On What Basis Do We Process Your Personal Data?

The Controller processes personal data when there is an appropriate legal basis. Based on applicable data protection legislation, the following legal bases are available:

• Contract: We process your data when necessary for the conclusion and performance of a contract or during the process of entering into a contract.
• Consent: When you provide explicit consent.
• Legitimate Interest: Based on legitimate interest.
• Law: When processing is required by legislation.
• Vital Interests: Processing is justified if it protects the vital interests of an individual.
• Public Tasks: Processing of personal data in the public sector is permitted only if explicitly provided for by law or if necessary for the performance of lawful tasks, without prejudice to the legitimate interests of the individual.

5. Which Personal Data Do We Process?

The data processed are those collected by the Controller in the context of providing Services. These personal data include, for example:

• Basic personal information (e.g., first and last name, company name, residential address, etc.);
• Basic contact information (e.g., email address, phone number, first and last name, etc.);
• Data regarding the use of the Website (e.g., clicks on links, time spent);
• Data regarding responses to emails (e.g., whether the email was opened, which links were clicked);
• Data necessary for fulfilling a contract and delivering the ordered Service (e.g., subject of the Service, price, delivery time, payment method, payment date, data regarding Service complaints, data on issued invoices, etc.).

We will use the personal data you provide solely for predetermined, specified, and lawful purposes.

All personal data collected by the Controller are processed for specific purposes, as outlined in the table below. All personal data are processed based on an appropriate legal basis, as specified below:

if the table is not fully visible, change the display to desktop

6. Do We Share Data with Third Parties or Transfer Data to Third Countries?

For the purposes of fulfilling contracts concluded with you and ensuring the proper functioning of the Controller, we may share your data with our contractual processors. The contractual processors to whom we transfer personal data include:

• Providers of email delivery services;
• Providers of virtual meeting services;
• Providers of appointment booking services;
• Providers of marketing services;
• Providers of software and IT solutions;
• Providers of delivery services;
• Providers of payment services;
• Providers of professional services, such as accounting or similar services.

Contractual processors may process personal data only in accordance with our instructions and may not process personal data for their own purposes. They, along with their employees, are obliged to maintain the confidentiality of your personal data.

Our servers are located within the European Union. Nevertheless, your personal data may be transferred, stored, and processed outside your country of residence. When transferring data outside the EU, we use recognized transfer mechanisms, such as the European Commission's Standard Contractual Clauses or equivalent agreements, unless the recipient country has been deemed to provide an adequate level of data protection.

We are obliged to share your data if required by law or a competent authority based on an appropriate legal basis.

7. Processing for Other Purposes, Automated Decision-Making, and Profiling

The Controller does NOT engage in automated decision-making or profiling. When subscribing to newsletters, you may select areas of interest to receive newsletters related to those areas. However, this does not involve automated decision-making or profiling about you. The Controller does not perform automated decision-making that would have legal consequences for an individual or significantly affect an individual. This involves only suggestions for interactive content and tailored newsletters based on previously provided Services.

8. What Are Your Rights?

In accordance with applicable legislation, you have the following rights regarding the processing of personal data:

• Right of Access to Personal Data: You may request information on whether we process your personal data and, if so, request access to your personal data and information about the processing (e.g., which data we process and their source).
• Right to Rectification of Personal Data: You may request that we correct or complete inaccurate or incomplete data we process about you.
• Right to Restriction of Processing: You may request the restriction of processing your personal data (e.g., while the accuracy or completeness of your data is being verified).
• Right to Erasure: You may request the deletion of your personal data (we cannot delete personal data processed due to legal requirements or based on a contractual relationship).
• Right to Data Extraction: You may request that we provide the personal data you have given us in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: You may withdraw your consent for the use of personal data processed based on consent at any time. Consent can be withdrawn in any manner specified in this Policy. Withdrawal of consent has no negative consequences, but it may prevent us from providing certain Services.
• Right to Object to Processing: You have the right to object to the processing of your personal data when it is based on legitimate interests or the performance of a public task or exercise of public authority.
• Right to Data Portability: You have the right to request the extraction of personal data you provided to us. We will provide the data in a structured, commonly used, and machine-readable format. You are entitled to transfer this data to another controller of your choice. Where technically feasible, you may request that your personal data be directly transferred to another controller.
• Right to Lodge a Complaint: If you believe there has been a breach of personal data protection, you may lodge a complaint with the competent supervisory authority, which in Slovenia is the Information Commissioner. You can submit a complaint to the Information Commissioner (Dunajska cesta 22, 1000 Ljubljana, email: gp-ip@ip-rs.si, website: ip-rs.si).

We undertake to process your requests as quickly as possible and no later than thirty (30) days from receipt. If we are unable to do so due to the complexity of the request or for any other reason, we will inform you in advance and provide an estimated timeframe for response.

We reserve the right to appropriately identify you when you exercise your rights. If your request does not include personal data allowing us to reliably identify you, we will request additional personal data. We will refuse to act if we can demonstrate that we cannot reliably identify you.

You may exercise your rights regarding personal data in writing by contacting: info@kiroptera.com, with the subject "Request for Personal Data Protection."

9. How Long Will We Retain Your Data?

We will retain your data only for as long as necessary to achieve the purpose for which it was collected.

Data processed by the Controller based on legal requirements will be stored in accordance with applicable legislation. Other retention periods are detailed in the table above.

After the retention period expires, the Controller will permanently and effectively delete or anonymize personal data so that they can no longer be linked to a specific individual.

10. How Do We Protect Your Personal Data?

To ensure the security of your personal data, we have implemented various technical and organizational measures, including:

• Regular updates to hardware and software;
• Protection of hardware and software with security software;
• Securing business premises;
• Restriction of access to personal data by unauthorized persons.

Despite the implemented security mechanisms, a security incident may occur. In such cases, we are prepared to respond promptly and effectively and address incidents in accordance with legislation.

If an incident occurs that could jeopardize the rights and freedoms of individuals, we will notify the competent supervisory authority within seventy-two (72) hours. If the incident poses a high risk to the rights and freedoms of individuals, we will also immediately notify the affected individuals.

11. Access to Social Media

Through our Website, you may access the following web plugins used by the Controller in its operations but not managed by it:

• YouTube,
• LinkedIn,
• Facebook,
• Instagram,
• Telegram,
• TikTok,
• X (formerly Twitter).

The above social media platforms operate in accordance with their own terms of use and privacy policies. Therefore, Kiroptera Consulting, Robert Babić, s.p. assumes no responsibility in connection with the use of these social media platforms. Questions and the exercise of rights should be directed to the respective social media platform.

Privacy Policies of Social Media Platforms:

• YouTube: https://www.youtube.com/howyoutubeworks/privacy/
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Facebook: https://www.facebook.com/privacy/policy
• Instagram: https://help.instagram.com/search/?helpref=search&query=privacy%20policy
• Telegram: https://telegram.org/privacy/eu
• TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en
• X (formerly Twitter): https://x.com/en/privacy

12. Changes to the Privacy Policy

The Controller reserves the right to amend and supplement this Privacy Policy. All changes to the Privacy Policy will be published on the Website. By using the Website, other Free Services, or other Services, the user confirms acceptance and agreement with the entire content of this Policy. For matters not regulated by this Privacy Policy, the applicable legislation of the Republic of Slovenia shall apply.

13. Where Can You Obtain Further Information?

If you have additional questions regarding the processing of personal data or your rights related thereto, you may contact us at any time via email: info@kiroptera.com.