Urban InformaticsUrban InformaticsUrban Informatics

GDPR

The purpose of this privacy policy is to inform individuals, customers, product or service users, colleagues, employees and other persons (hereinafter: individuals), who cooperate with the company Tenzor, d. o. o. (hereinafter: company), about the purposes, legal bases, security measures and rights of individuals regarding the processing of personal data carried out by the company.

We value your privacy, so we always carefully protect your data. 

We process personal data in accordance with the applicable legislation on personal data protection and other legislation that provides us with a legal basis for personal data processing.

Any change to this document will be published on our website. By using the website, you confirm that you are familiar with the entire content of the privacy policy.

 

Personal data controller:

TENZOR, d. o. o.

Mariborska cesta 13

SI-2250 PTUJ 

email: gdpr@tenzor.si

phone: +386 (0)2 788 01 10

Website: https://www.tenzor.si      

 

1) Personal data

Personal data means any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

 

2) Purposes of and bases for data processing

The company collects and processes personal data on the following legal bases:

·        processing is necessary for compliance with a legal obligation to which the controller is subject;

·        processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

·        processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;

·        the data subject has given consent to the processing of their personal data for one or more specific purposes;

·        processing is necessary in order to protect the vital interests of the data subject or of another natural person. 

 

The company may, based on the pursuit of its legitimate activities, inform its customers and service users about its services, events, training, offers and other content via email. An individual may at any time request that such communication and processing of personal data be stopped, and unsubscribe from the messages via the unsubscribe link in the received message or submit a request by email or mail to the company’s address.

 

The legal bases for data processing are legitimate interest and consent. The data will be processed until the data subject unsubscribes or withdraws the consent or until the purpose of processing is fulfilled. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal.

 

Video surveillance 

Tenzor, d. o. o., carries out video surveillance. We use video surveillance (cameras are located near the entrances to the organization) to monitor entries into and exits from the premises (based on Article 77 of the ZVOP-2). We also carry out video surveillance for the purpose of protecting individuals (users, employees and visitors) and the property of the organization (based on a legitimate interest, as defined in point (f) of paragraph 1 of Article 6 of the General Regulation). Recordings are stored for 90 days. We do not carry out video surveillance in a way that would have a special impact on processing. Video surveillance also does not enable unusual further processing, such as transfers to entities in third countries or the possibility of audio interventions when monitoring the events live. Video surveillance allows for live monitoring of events. All information regarding video surveillance can be obtained at the organization’s telephone number or email address. The rights of individuals are described in this Privacy Policy. 

 

Performance of a concluded contract

When an individual concludes a contract with the company, this represents a legal basis for processing the personal data. The company may process personal data to conclude and perform contracts such as the sale of goods and services, preparation of offers, participation in various programs, etc. If an individual does not provide personal data, the company cannot conclude a contract, nor can the company perform the service or deliver goods or other products in accordance with the concluded contract, as it does not have the data necessary for its performance. On this basis, the company processes only and exclusively the personal data necessary to conclude the contract and properly fulfil contractual obligations. 

 

The legal basis for data processing is a contract. The data is stored until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract, except in cases where a dispute arises between the individual and the company in relation to the contract. In this case, the company shall keep the data for another 10 years after the court decision, arbitration or court settlement becomes final or, if the dispute is not taken to court, 5 years from the day of amicable dispute resolution. 

 

Legitimate interest

The company may also process personal data on the basis of a legitimate interest it pursues. Such processing is not permitted when such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. When applying legitimate interest, the company carries out an assessment in accordance with the law. The processing of data subject’s personal data for direct marketing purposes is considered to be carried out for a legitimate interest. 

The company may process personal data of individuals that it has collected from publicly accessible sources or in the course of legitimate business activities, also for the purposes of offering goods, services, employment, informing about benefits, events, etc. To achieve these purposes, the company may use mail, telephone calls, email and other communication means. For direct marketing purposes, the company may process the following personal data: individual’s name and surname, address of permanent or temporary residence, telephone number and email address. The company may also process these personal data for direct marketing purposes without the individual’s explicit consent. An individual may at any time request that such communication and processing of personal data be stopped, and unsubscribe from the messages via the unsubscribe link in the received message or submit a request by email or mail to the company’s address.

 

The legal basis for data processing is legitimate interest. The data will be processed until the data subject unsubscribes or until the purpose of processing is fulfilled. The withdrawal does not affect the lawfulness of processing based on consent prior to the withdrawal.

 

Processing based on consent or agreement

If the company does not have a legal basis for processing in the law, contractual obligation, legitimate interest or protection of individual’s life, it may ask the individual for consent or agreement. Thus, it can also process certain personal data for the following purposes, when the individual has given consent:

·  residential and email address (for the purpose of informing and communicating);

·photos, videos and other content relating to the individual (e.g. posting photos of individuals on the website for the purposes of documenting activities and informing the public about company’s work and events);

·other purposes that the individual has agreed to with the consent.

 

If an individual who gave their consent for personal data processing no longer wants their data to be processed, they may request that the processing of their personal data is terminated by sending a request via email or mail to the company’s address. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal. Upon receiving the withdrawal or request for erasure, the data shall be deleted within 15 days. The company may also delete this data before the withdrawal, when the purpose of personal data processing is achieved or if so determined by law.

 

The company may in exceptional cases refuse a request for erasure for reasons laid down in the General Regulation when exercising the right to freedom of expression and information, fulfilling a legal obligation of processing, on the grounds of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or when exercising or defending legal claims. 

 

The legal basis for data processing is consent. The data will be processed until the data subject revokes or withdraws the consent or until the purpose of processing is fulfilled. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal.

 

Protection of data subject’s vital interests

The company may process the data subject’s personal data, if this is necessary to protect their vital interests. In emergencies, the company may search for an individual’s ID document, check whether they are in its database, examine their medical history or contact their relatives, for which the company does not need the individual’s consent. This applies when such actions are urgently necessary to protect the vital interests of the individual.

 

3) Storage and erasure of personal data

The company will keep personal data only for as long as necessary to fulfil the purpose for which the personal data were collected and processed. If the company processes data based on a law, it will keep them for the period prescribed by the law. In such cases, some data are kept for the duration of cooperation with the company, while some data must be kept permanently. The company shall keep the personal data processed based on a contractual relationship with an individual for the period necessary to perform the contract and another 6 years after its termination, except in cases where a dispute arises between the individual and the company in relation to the contract. In this case, the company shall keep the data for another 10 years after the court decision, arbitration or court settlement becomes final or, if the dispute is not taken to court, 5 years from the day of amicable dispute resolution. The company shall keep the personal data processed based on the individual’s consent or legitimate interest until the consent is withdrawn or a request for deletion of data is made. Upon receiving the withdrawal or request for erasure, the data shall be deleted without undue delay. The company may also delete this data before the withdrawal, when the purpose of personal data processing is achieved or if so determined by law. When an individual exercises their rights, the company shall keep their personal data until the matter is finally decided, and after the final decision in accordance with the final decision in the matter.

 

The company may in exceptional cases refuse a request for erasure for reasons such as: exercising the right to freedom of expression and information, fulfilling a legal obligation of processing, reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, exercise or defense of legal claims. After the storage period expires, the company must effectively and permanently delete or anonymize the personal data so that they can no longer be linked to a specific individual.

 

4) Contractual personal data processing and data transfer

The company may entrust individual processing of personal data to a contractor based on a contract on contractual processing. The contractor may process entrusted data exclusively on behalf of the controller, within the limits of the authorization, laid down in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.

The contractual processors with whom the company works are primarily:

·        providers of auditing, and other legal and business consultancy services;

·        providers of information system maintenance;

·        providers of email services, software, cloud services (Microsoft, Google).

 

To improve the overview and control over contractors processing personal data and the administration of mutual contractual relations, the company also keeps a list of data processing contractors, which contains all specific contractors with whom the company cooperates.

 

The company will under no circumstances transfer the individual’s personal data to third unauthorized persons. Contractual processors may process the personal data only within the company’s instructions and may not use the personal data for any other purposes.

 

The company as a controller and its employees will not transfer personal data to third countries (countries outside the European Economic Area – EU member states and Iceland, Norway and Liechtenstein) or to international organizations. 

 

5) Cookies

The company’s website uses cookies, which are important for providing online services, and are used to store data about the status of individual web pages, to help collect statistics about website users and visits, etc. Upon entering the website, only those cookies that are necessary for website functioning (e.g. for the shopping cart) are downloaded to the device. Other cookies will only be downloaded with the individual’s consent. The individual may change the settings at any time and delete cookies (instructions are available on each browser’s website).

 

Types of cookies we use:


Cookie Type Description Duration
PH_HPXY_CHECK Necessary This cookie is used to save the information about the current session. session
ga* Analytics Google Analytics sets this cookie to store and count page views. 1 year
_ga Analytics The _ga cookie, installed by Google Analytics, calculates visitor, session, and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. 1 year
rc::a Necessary This cookie is used by Google Analytics to monitor statistical data. never
rc::c Necessary This cookie is set by the Google reCAPTCHA service to identify bots to protect the website against malicious spam attacks. session
wpEmojiSettingsSupports Necessary WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly. session
wp-wpml_current_language Necessary The WordPress multilingual plugin sets this cookie to store the current language/language settings. session
cmplz_policy_id Necessary Complianz sets this cookie to keep track of accepted cookie policy IDs. 1 year
cmplz_cookie_data Other Complianz cookie. session
cmplz_user_data Other Complianz cookie. session


6) Data protection and data accuracy

The company takes care of information and infrastructure security (premises and application and system software). Among other things, our information systems are protected with antivirus software and a firewall. We have implemented appropriate organizational and technical security measures aimed at protecting personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and from other unlawful and unauthorized types of processing. When transferring special categories of personal data, we send them encrypted and protected with a password. An individual is responsible for sending their personal data securely and for the accuracy and credibility of such data.

 

7) Individual’s rights regarding data processing

The data subject has the right to request access to personal data and rectification or deletion of personal data or restriction of processing concerning them, and the right to object to processing and the right to data portability. The individual’s request shall be processed in accordance with the provisions of the General Regulation and the applicable personal data protection legislation.

 

Individuals can exercise all these rights and raise any issues with a request sent to the company’s address. The company will respond to the individual’s request without undue delay, no later than within one month of receiving the request. This period may be extended by up to two additional months, taking into account the complexity and number of requests, which will be communicated to the individual together with the reasons for the delay. Individuals may exercise their rights free of charge, however, the company may charge a reasonable fee if requests are obviously unfounded or excessive, especially if they are reoccurring. In such cases, the company may also refuse the request. In case of doubt about the identity of an individual, the company may request additional information needed to establish the identity.

When informing the individual about the decision regarding their request, the company will also provide the reasoning and the information about their right to lodge a complaint with a supervisory authority within 15 days of being informed of the decision. The right to lodge a complaint with a supervisory authority can be exercised by the individual at: Information Commissioner of the Republic of Slovenia at the address: Dunajska 22, SI-1000 Ljubljana (e-mail: gp.ip@ip-rs.si, website: www.ip-rs.si). 

Iščete zanesljiv in učinkovit parkirni sistem? S tehnološko dovršenimi parkirnimi sistemi Urban Informatics vam zagotavljamo varnost, večjo pretočnost, nadzor plačil parkirnin in enostavno upravljanje parkirišč.

Are you looking for a reliable and efficient parking system? With the technologically advanced parking systems from Urban Informatics, we guarantee security, increased traffic flow, parking fee control, and easy parking lot management.