PRIVACY STATEMENT
MIDES NEPREMIČNINE d.o.o.
Introduction
At Studio Železna and the FotoZone platform, owned by Mides Nepremičnine, we take the protection of users' data on our services, website, and booking platform very seriously. We are committed to safeguarding the information that users provide in connection with the use of our services, website, and/or booking platform (collectively: “digital assets”). We commit to protecting and using your data in accordance with applicable legislation.
This privacy policy details the procedures regarding the collection, use, and disclosure of users' data when using our services and digital assets, accessed through their devices.
Please read the privacy policy carefully and ensure that you fully understand our practices regarding your data before using our services. If you have read, fully understood, and do not agree with our procedures, we urge you to stop using our digital assets and services immediately. By using our services, you confirm acceptance of this privacy policy. Continued use of the services implies your consent to this privacy policy and any subsequent changes.
In this privacy policy, you will learn about:
-
How we collect data
-
What data we collect
-
Why we collect this data
-
To whom we disclose data
-
Where data is stored
-
How long we retain data
-
How we protect data
-
How we handle minors
-
Updates or changes to the privacy policy
-
General
Mides Nepremičnine d.o.o. (the company and controller) and Studio Železna process and protect your personal data in accordance with current legislation on personal data protection (the General Data Protection Regulation and the applicable Personal Data Protection Act). Here, you will find concise, transparent, understandable, and easily accessible information on this, as per Articles 12 to 14 of the GDPR. The company will use personal data solely for the purposes for which it was provided and will not disclose it to unauthorized persons. Your data may only be disclosed to public authorities upon lawful request.
Identity and contact details of the controller:
Mides Nepremičnine, 1000 Ljubljana, info@zelezna.si, 051 489 018.
The controller does not have a designated data protection officer.
Types of data we collect:
Mides Nepremičnine d.o.o. maintains a database of its users, which includes:
-
Unidentified and non-identifiable information provided by users during the registration process or collected during the use of our services ("non-personal data"). Non-personal data cannot identify the person from whom it was collected. The non-personal data we collect mainly consists of technical and aggregated usage information.
-
Individually identifiable information, i.e., anything that can identify users or could identify them ("personal data"). Personal data we collect through our services may occasionally include requested information such as:
-
Basic data (name, surname, street, postal code, city, tax number, occupation, phone and email number, IP address),
-
Membership number,
-
Data about the selected studio package and additional options,
-
Data about how you found out about our studio (through a referral, online, etc.),
-
Payment data (membership start date, payment method, data from the direct debit authorization, data on issued invoices and their payments, data necessary for recovery, credit card data, validity, etc.),
-
Data on the date and time of entering and exiting the studio premises,
-
Any notes recorded by the Studio Železna team,
-
Occasional photographs or videos of events in the studio.
-
Combined personal data with non-personal data is treated as personal data as long as they are combined.
Data collection methods:
-
We collect data during the use of our services. When a user physically visits Studio Železna and physically or electronically fills out a form and/or uses digital assets and services, we may collect, record, and store information about usage, appointment duration, and other related data.
-
We collect data that you voluntarily provide to us, for example, when you contact us through a communication channel (e.g., email with comments or feedback, Viber, WhatsApp, FB Messenger).
-
We may collect data from third-party sources.
-
We collect data that you provide when users sign into our services through a third-party provider, such as Facebook or Google2.
2. DATA RETENTION
The company retains your data only as long as necessary for the purposes for which the personal data is processed unless a different retention period is specified by law.
3. RETENTION PERIOD
The company retains client data necessary for the performance of services for five years after the contract is fulfilled. The company processes your personal data for direct advertising purposes only based on the provided consent, which remains valid until you withdraw it.
The company retains personal data on issued invoices in accordance with the law for ten years after the end of the year to which the invoices relate.
You can withdraw the consent you provided to MIDES NEPREMIČNINE d.o.o. at any time. Withdrawal does not affect the legality of the processing of personal data based on consent before its withdrawal.
4. PURPOSE OF RETENTION
The purposes of processing the mentioned data and the legal basis for their processing:
-
To ensure and continuously operate and provide services;
-
To develop, customize, and improve our services;
-
To respond to user requests, provide feedback, and support users;
-
To analyze usage patterns and requests;
-
For other internal statistical and research purposes;
-
To improve data security and prevent fraud;
-
To investigate violations, enforce our terms and policies, and comply with applicable laws, regulations, or administrative orders;
-
For executing membership contracts (allowing access to and use of studio services, paying for studio services);
-
For sending updates, news, promotional materials, and other information related to our services, as well as occasional information about the company's activities and news;
-
For occasional telephone, written, and electronic surveys and notifications about prize games organized by the company;
-
For conducting internal analyses to offer better services to our members.Your rights.
-
Under the GDPR and the applicable data protection legislation, individuals have the following rights:
-
The right to request information about which data is processed about them;
-
The right to obtain confirmation of whether their personal data is being processed;
-
The right, under Article 15 of the GDPR, to obtain a copy of their personal data processed by Mides Nepremičnine d.o.o.;
-
The right to have inaccurate personal data concerning them rectified without undue delay;
-
The right to have personal data concerning them erased without undue delay unless required by law;
-
The right to restrict the processing of personal data unless required by law;
-
The right, under Article 17 of the GDPR, to request the erasure of data that is no longer necessary for the purposes for which it was collected or otherwise processed, or which was collected based on consent, where that consent has been withdrawn and there is no other legal basis for further retention;
-
The right to receive personal data provided to the company in a structured, commonly used, and machine-readable format and to transmit those data to another controller or to have them transmitted directly by the company;
-
The right to object to the processing of personal data concerning them at any time, unless required by contract or law
5. Exercising the above rights and legal remedies
Individuals can exercise the above rights free of charge with MIDES NEPREMIČNINE d.o.o. The company may request personal data to confirm an individual’s identity. The company must act on the individual's request without undue delay and no later than one month after receiving the request. This period may be extended by a maximum of two additional months considering the complexity and number of requests. The company must inform the individual of any extension, who may appeal against the extension. If the individual's requests are manifestly unfounded or excessive, especially if they are repetitive, the company may reject the request with a special explanation.
An individual may at any time request in writing or by another agreed means for the controller to permanently or temporarily cease using or otherwise processing their personal data for direct marketing purposes. The controller shall stop processing personal data for direct marketing purposes within 15 days at the latest and inform the individual of the cessation in writing or by another agreed means within the next five days.
If the individual disagrees with the controller's decision or does not receive all the requested personal data, they may submit a reasoned objection within fifteen days before lodging a complaint with the Information Commissioner. The controller must decide on the objection as a new request within five business days. If the controller does not decide on the individual's request within the deadline, the individual can lodge a complaint with the Information Commissioner due to silence.
Users have the right to judicial protection in case of silence or disagreement with the company's response to any of the requests in this section, in accordance with the provisions of the Personal Data Protection Act (ZVOP-1).
In the complaint procedure against the controller's decision, the Information Commissioner decides according to the rules of the general administrative procedure. If the case cannot be resolved otherwise, the Information Commissioner shall issue a decision on the complaint. No appeal is allowed against the decision, but administrative litigation is possible.
6. Contractual processing of personal data
The company may entrust individual tasks related to the processing of personal data to a processor by contract. The contract is in writing or an equivalent electronic form and complies with the requirements of the General Data Protection Regulation, the provisions of the law governing the protection of personal data, and other regulations governing the protection of personal data.
In Ljubljana, 1.10.2024