In this privacy statement, we want to tell you what personal information we may process, why we process it, and how we ensure that your rights and privacy are respected.
Protecting your privacy is extremely important to us, so read this notice carefully.
Definition of terms used
For a term not explicitly explained in this paragraph, its meaning shall apply directly as derived from the GDPR and the applicable Personal Data Protection Act.
In accordance with the General Data Protection Regulation (Regulation (EC) No 2016/679) the entity responsible to determine the purpose and method of processing your personal data is the controller:
Name: Hidria d.o.o.
Registered office: Nazorjeva ulica 6A, 1000 Ljubljana
Company ID no.: 5045398000
Telephone no.: 05 3756000
E-mail address: firstname.lastname@example.org
You can contact Data Protection officer via e-mail: email@example.com.
We process your personal data in accordance with the provisions of General Data Protection Regulation, Personal Data Protection Act, Employment Relationships Act, Rules on the reporting of the vacancy or the type of work to the Employment Service of the Republic of Slovenia, public announcement and the process of job placements, Obligations Act and internal Rules on Video Surveillance.
We collect data for the following purposes:
We process data in accordance with the following legal bases:
The processing of your personal data is based on Article 6(1)(b) of the General Data Protection Regulation.
Personal data that you provide to us in the context of an application for employment or as potential business partners who, on the basis of an individual’s initiative, are at the stage of negotiations for the conclusion of a contract, are data that are strictly necessary for the conclusion of a business relationship or the execution of an individual contractual business relationship. Without the data provided, we cannot conclude the contract and later fulfil the rights and obligations arising from this contractual relationship. In this case, we process the data for the purpose of performance of the contract.
The processing of your personal data is based on Article 6(1)(a) of the General Data Protection Regulation.
The cases where we process your personal data on the basis of the given consent are: when a job seeker sends a job application and personal data to us on their own initiative, the data we collect to inform us about any events of the controller or promotional event and when registering an individual for the event, information about potential business partners and the information you provide to us through the Contact form on the website. Therefore, we also inform you that you have the right to withdraw your consent at any time in the manner described below among your rights.
The processing of your personal data is based on Article 6(1)(c) of the General Data Protection Regulation.
Hidria also processes personal data for the purpose of complying with legal and other regulations in force in the territory of the Republic of Slovenia and it is bound by it. On a legal basis, we process data that we obtain from you through video surveillance, which is required by Articles 74 and 77 of the Personal Data Protection Act and the records of entries and exits from the premises under Article 82 of the Personal Data Protection Act.
The processing of your personal data is based on Article 6(1)(f) of the General Data Protection Regulation.
The controller processes your personal data on the basis of its legitimate interests pursued by the company, in cases where the interests or fundamental rights and freedoms of recipient do not prevail over these interests. Based on a legitimate interest, Hidria processes data on contact persons with business partners who are legal entities for the execution of the cooperation agreement between the controller and the business partner pursuant to Article 10(2) of the Personal Data Protection Act.
If we further process your personal data for a purpose other than that for which we have collected them, we will provide you with all the prescribed information on this other purpose before further processing, in accordance with Article 13 of the GDPR.
The company strives to minimise the processing of personal data (minimisation) and endeavours to collect from its customers or individuals only the data that are strictly necessary for the implementation of legal provisions and legitimate interests of clients in a contractual relationship.
In order to achieve the purpose of the processing set out in this statement, the controller shall process the following categories of personal data:
If it is necessary to achieve the above-mentioned purpose of processing or if required by regulations, we may disclose your personal data to natural and legal persons, public authorities or other bodies (external users). Regardless of the external users to whom we provide your personal data, we will provide only those data that are necessary to achieve a specific purpose of processing.
We may share the data with the following external users:
When, in accordance with the regulations for the processing of your personal data, we hire other natural or legal persons who will process your personal data exclusively on our behalf and in accordance with our instructions (processors), we will only hire those processors who can ensure the implementation of appropriate technical and organisational measures that comply with the requirements of the General Data Protection Regulation and personal data protection regulations and ensure adequate protection of your rights.
Your personal data are processed only within the European Economic Area (EEA).
In case there is a need to share your personal data with recipients in third countries, we will only do so if the European Commission decides that these are countries that ensure an adequate level of protection of personal data as required by the GDPR or if there are appropriate safeguards (e.g. Standard Contractual Clauses). For information on the security measures taken, please contact our Data Protection Officer mentioned above.
The storage period of personal data depends on the basis and purpose of processing of each category of personal data. Personal data may be stored only for as long as it is necessary to achieve the purpose for which they were collected or further processed. Personal data shall be erased, destroyed, blocked or anonymised after the purpose of the processing has been fulfilled, unless there is no other legal basis or if this is necessary for the assertion, implementation or defence of legal claims.
Data on unselected persons applying for the vacancy may be kept for 38 days after the individual has been informed that he or she has not been selected (taking into account the deadlines referred to in Article 30 and paragraph 5 of Article 200 of the Employment Act). However, if one of the candidates makes a request for judicial redress before the Labour Court, the data on all applicants may be kept until such a proceedings have been completed.
Data on persons who submit a job application on their own initiative may be kept for as long as is normally necessary to respond to the offers received, on the basis of Article 5(1)(e) of the General Data Protection Regulation, and thereafter only if the job seeker’s consent to retain their data has been given and until such consent has been withdrawn pursuant to Article 7(3) GDPR (right to withdraw consent) in conjunction with Article 17(1)(b) of the GDPR (right to erasure).
Video data are kept on the server of the controller for up to 60 days, in accordance with Article 75(5) of the Personal Data Protection Act.
Data on visitors to Hidria may be kept for a maximum of three years from registration pursuant to Article 82(4) of the Personal Data Protection Act.
Data on relatives of employees of the controller who register for an event may be kept until the individual’s consent is revoked on the basis of Article 10(1) of the Personal Data Protection Act and Article 6(1)(a) of Regulation (EU) 2016/679 or until the end of the event on the basis of Article 21(1) of the Personal Data Protection Act, otherwise they are kept for 18 months after the event. In the case of events for which the registration fee is paid, the data may be kept for 5 years after the completion of the individual event (general limitation period) on the basis of Article 346 of the Code of Obligations.
Data on business partners who are natural persons can be kept for the duration of the contractual relationship and for 5 years after the termination on the basis of Article 346 of the Code of Obligations.
Data on contact persons at business partners may be kept for the period of validity of the concluded contract or until the change of contact person or until the expiry of limitation periods in relation to claims from the concluded contract, which could be charged to the contact person on the basis of Article 10(2) of the Personal Data Protection Act.
Data on potential business partners may be kept until the withdrawal of consent by the individual pursuant to Article 10(1) of the Personal Data Protection Act and Article 7(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
Data on persons who contact the controller via the Contact form on the website are kept for one year from the registration or until cancellation.
Your personal data are not subject to automated decision-making and profiling under Article 13(2)(f) of the GDPR.
As a person whose personal data we process, we would like to inform you that you have the following rights regarding the processing of your personal data under the conditions prescribed by the General Data Protection Regulation:
The data subject shall have the right of access to the personal data collected in connection with them in order to become acquainted with the processing and to verify its lawfulness.
You have the right to update your information and correct inaccurate data to ensure that we always have the correct information about you.
The data subject shall have the right to obtain from the controller the erasure of personal data relating to them without undue delay where one of the following grounds applies:
You can always submit an objection to the processing of your personal data for direct marketing. This means that in case of your objection, we will cease to use your personal data for direct marketing purposes. You also have the right to object to any processing that we carry out on the basis of a legitimate interest. In the event of an objection, you must specify exactly what you object to and why. Then we need to prove convincing legitimate grounds for processing which outweigh the interests, rights and freedoms of the individual, or show that our data processing is aimed at establishing, asserting or defending legal claims.
You have the right to request a temporary restriction on the processing of your personal data. Processing may be restricted in the following cases:
You have the right to obtain the information you have provided to us in order to use it elsewhere. This right applies only in cases where our processing of your personal data is based on your consent to the processing of your personal data or where you have signed a contract with us.
If you believe that the processing of personal data violates the provisions in the field of personal data protection, you have the right to lodge a complaint with the supervisory authority. In the Republic of Slovenia, this is the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, e-mail address: firstname.lastname@example.org, telephone: 01 230 97 30, website: www.ip-rs.si).
Without prejudice to your right to lodge a complaint with the supervisory authority, we suggest that you contact our Data Protection Officer before clarifying the complaint to clarify any disputes.
Hidria reserves the right to amend this General Information to ensure compliance with regulations related to personal data protection.
This General Information shall apply and be in force as of 9 August 2021.
Cookies are small text files used on websites to make the user experience more efficient.
By law, cookies may be stored on your device if they are strictly necessary for the website to work. For all other types of cookies, your consent is required.
Different types of cookies are used on this website. Some cookies are used at the request of third parties appearing on our site.
The following cookies are used to ensure that all the website functions are available:
An exact description and the expiry period of each cookie are provided in the table below.
Strictly Necessary Cookies:
Strictly necessary cookies make the website functional by allowing basic functions such as page navigation and access to secure website areas. Without these cookies, the website site is unable to work properly.
Statistics cookies help website owners understand how visitors use and interact with the website by collecting and reporting information anonymously.
The Policy is published on the website https://www.hidria.com and came into effect on 25 May 2018.