Privacy policy

Privacy Statement

At Vizija Accounting Ltd., we are aware of the responsibility of handling personal data and respect your privacy. Therefore, we process personal data carefully in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), the Personal Data Protection Act (hereinafter: ZVOP-1), and our company’s internal Personal Data Protection Policy. All personal data obtained by our company is treated confidentially and used exclusively for the purposes stated in the processing purpose.
The purpose of our company’s Personal Data Protection Policy is to inform our customers, website users, and other individuals (hereinafter: individuals) about the scope and nature of personal data we collect, use, and process, the purposes and legal basis of personal data processing, and to inform individuals about their rights in this area.

The protection of individuals with regard to the processing of personal data is a fundamental right, so our company implements appropriate technical and organizational security measures to ensure the best protection of the personal data we possess. Personal data is processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, damage, unauthorized disclosure of personal data, or unauthorized access to personal data that have been transmitted, stored, or otherwise processed.

In Vizija Accounting, we ensure that:

  • personal data are processed lawfully, fairly, and in a transparent manner in relation to the individual to whom the personal data relate (principle of lawfulness, fairness, and transparency);
  • personal data are collected for specified, explicit, and legitimate purposes and are not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
  • only personal data that are adequate, relevant, and limited to what is necessary for the purposes of processing are processed by default; this obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage, and their accessibility (principle of data minimization and storage limitation);
  • personal data are accurate and, where necessary, kept up to date (principle of accuracy);
  • the rights and freedoms of individuals to whom personal data relate are respected and protected;
  • appropriate technical or organizational measures are taken to ensure the security of personal data (principle of integrity and confidentiality);
  • the company can demonstrate compliance with the legislation on the protection of personal data (principle of accountability).

Definitions

In this Personal Data Protection Policy, the terms used have the following meanings:

Personal Data

“Personal data” means any information relating to an identified or identifiable individual (hereinafter: individual to whom personal data relate); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

Individual

“Individual to whom data relate” means any identified or identifiable natural person whose personal data are processed by the controller responsible for processing.

Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller

“Controller” means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing.

Processor

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

User

“User” of personal data means a natural or legal person or other entity of the public or private sector to whom personal data are disclosed or made available.

Consent

“Consent of the individual to whom the personal data relate” means any freely given, specific, informed, and unambiguous indication of the individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller of Personal Data

The controller of personal data is:
Vizija Accounting Ltd.
Bratislavska cesta 5
1000 Ljubljana
Telephone: +386 1 560 03 40
Website: www.vizija-racunovodstvo.si
Email: info@vizija-racunovodstvo.si

Purposes of Processing and Legal Bases for Processing Personal Data

In our company or for the purposes of our company (with the help of processors), only those personal data may be processed for which there is an appropriate legal basis according to the provisions of the General Data Protection Regulation or other applicable and current legislation in the field of personal data protection. Data processing is lawful only if and to the extent that at least one of the following conditions is met:

  • the individual to whom the personal data relate has consented to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the individual to whom the personal data relate is a party or in order to take steps at the request of such individual prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relate, which require protection of personal data.

Processing Based on Contract

In the event that an individual enters into a specific contract with the company Vizija Accounting Ltd., such contract constitutes the legal basis for the processing of personal data. Our company processes personal data within the scope of contract conclusion, execution of contractual rights, and fulfillment of contractual obligations. Personal data are processed for the purposes of individual identification, preparation of offers, contract conclusion, informing customers about any changes, resolution of any issues, objections or complaints, service billing, and other purposes necessary for the implementation or conclusion of a contractual relationship between the company and the individual.

Processing Based on Law and Legitimate Interest

In accordance with legal grounds, we may collect and process personal data of individuals necessary for fulfilling legal obligations. Therefore, we process personal data of individuals based on regulations that require us to disclose personal data of individuals to state authorities and other controllers in certain cases for fulfilling our or their legal obligations or authorities. Based on this, we process personal data and for the purposes dictated by valid regulations.
Your personal data may also be used for the purpose of legitimate interest pursued by our company as the controller and when these legitimate interests clearly outweigh the interests of the individual to whom the personal data relate. However, we always assess whether our legitimate interest is justified, consider your interests in each processing, and process your personal data only to the extent necessary and proportionate to ensure our legitimate interest. In accordance with applicable data protection regulations, direct marketing, including profiling of customers for tailored content offerings via email and websites, displaying customized ads on advertising platforms (Google, Facebook), and boosting sales, fall within our company’s legitimate interests. Our company’s legitimate interests also include ensuring the security of our website or ensuring the stable and secure operation of our system and services, implementing information security measures, meeting service quality requirements, detecting technical failures of systems and services, etc. Based on legitimate interest, we process personal data of individuals with whom we have established contact in various situations for the purpose of informing about our services. In case of suspected abuses, we may, to a reasonable and proportionate extent, process individuals’ data for the purpose of identification and prevention of potential fraud or abuses and, if appropriate, disclose such data to the police, public prosecutor’s office, or other competent authorities.

Processing Based on Consent to Personal Data Processing

Data processing may also be based on your consent to the processing of personal data. Personal consent of an individual is a voluntary expression of the individual’s will allowing their personal data to be processed for a specific purpose and is given based on information provided by the controller. Personal consent of an individual may be written, oral, or other appropriate consent of the individual. We keep your consent together with its content and the content of the form through which it was obtained.
Consent may relate, for example, to informing about offers, benefits, and improvements to the services provided by our company. The purpose of such communication is to tailor services to your needs and desires as much as possible and thereby increase their utility value for you. Communication is carried out through channels chosen by you with your consent.

Personal data obtained with consent are stored and processed for the purpose of maintaining contact with customers, (marketing) communication via email (sending newsletters, notices, articles, etc.), profiling customers for tailored content offerings via email and websites, displaying customized ads on advertising platforms (Google, Facebook), boosting sales, sending offers via email, postal mail, phone calls, and websites, etc. When sending electronic messages, we record views of received messages and clicks on links in received messages. For better and more targeted offerings and customization of further messages, recorded data are automatically processed, analyzed, profiled, and evaluated for the interest of our customers in sent messages. We do not make automated decisions based on recorded data and created profiles.

An individual to whom personal data relate may withdraw or modify their consent to the same extent as the consent was given, or by any other means defined by Vizija Accounting Ltd. in the Personal Data Protection Policy, with the company reserving the right to identify the customer. The withdrawal or modification of consent relates only to data processed based on your consent. The last valid consent received by us applies. The possibility of revoking consent does not constitute a derogation right in the business relationship between the individual and the company. Change of consent can also be arranged, among other things, via email to: info@vizija-racunovodstvo.si or by a written request sent to the company’s registered office.

Personal Data We Collect

If you are only a visitor to our website, we collect data about you using cookies.
For the purposes of direct marketing (via email communication) and other legitimate interests of our company pursued by our sales, marketing, customer support, and information technology departments, we store the following data:

  • first and last name
  • contact email address
  • log file data (IP address, access time, browser version, visited page address).

The mentioned personal data are stored exclusively in electronic form and are secured in the information system.
Based on the contractual legal basis, we also collect and process other personal data used exclusively for the purpose of exercising contractual rights and fulfilling contractual obligations, as well as for the purpose of concluding a contract, in the negotiation phase, after receiving an offer or inquiry from the individual. These personal data include:

  • first and last name
  • date of birth
  • personal identification number
  • address
  • tax identification number
  • transaction account number
  • contact email address
  • contact phone number

For the purpose of fulfilling legal obligations, which require us to disclose personal data of individuals to state authorities and other controllers in certain cases to fulfill their or our legal obligations or powers, we process those personal data and for those purposes as prescribed by applicable regulations.

Job Application Form

Our website contains a job application form that enables quick application for advertised job positions. If an individual decides to apply via the job application form, the personal data provided in the form is automatically stored. The data controller stores such personal data solely for the purpose of internal processing of personal data for receiving job applications, verifying compliance with prescribed employment conditions, and/or establishing contact with the individual to whom the data relates. These personal data are not disclosed to third parties. The personal data collected through the job application form include:

  • First and last name
  • Date of birth
  • Address
  • Contact email address
  • Contact phone number
  • Level of education, accounting experience, and knowledge
  • Other data voluntarily provided by the individual under remarks

Contact Inquiry Form

Our website contains an inquiry form intended for quick quotation calculation by our company. The data collected solely for the purpose of preparing a quotation and establishing contact include:

  • Company name
  • Contact phone number
  • Contact email address
  • Contact person
  • Number of received invoices
  • Number of issued invoices
  • Other data voluntarily provided by the individual under remarks

Vizija Business Club

As part of the enrollment in the Vizija Business Club, for the purpose of establishing contacts between business partners of our company, mutual networking, creating new business opportunities, and thus effectively networking the business of our enrolled clients, mutual acquisition of personal data of all enrolled partners of our company is enabled. The personal data collected and shared mutually with all members of the Vizija Business Club include:

– First and last name
– Address
– Contact email address
– Contact phone number

Limitation of Personal Data Disclosure/Data Storage Area

The collected personal data obtained with consent, contract, or based on legitimate interest or legal basis are stored in the EU area and are not transferred to third countries.

Data processors of personal data include employees of the controller responsible for performing individual processing services, but may also include external processors (contracted processors) providing certain services to the controller as agreed by concluded contracts. When processing personal data on behalf of and for the account of the controller, the company has concluded an appropriate data processing agreement with them. The controller may, as needed for the performance of certain tasks contributing to the company’s services, authorize other companies and individuals. In such a case, the controller may also disclose personal data to carefully selected external processors, who will conclude a data processing agreement or a substantively equivalent agreement or other binding document with the company. External processors may process data only within the framework of the controller’s instructions and authorizations and are contractually obliged to provide an adequate level of personal data protection. The controller may disclose or make personal data available only to the extent required by a specific purpose. External processors may not use this data for any other purpose, while meeting at least all standards of personal data processing envisaged by applicable legislation. External processors are contractually bound to the company to respect the confidentiality of your personal data.

In the context of legal responsibilities, your personal data may thus be disclosed to the following data users:

  • Postal service providers, shipping service providers, and logistics/delivery services for the purpose of mail delivery;
  • Law firms and other providers of legal and business advice;
  • Providers of documentation and data carrier destruction services;
  • Information technology service providers for software servicing and maintenance;
  • Website administrator and manager;
  • Cloud computing service providers and email sending service providers.

Upon reasoned request, the company may also provide personal data to competent state authorities (e.g., upon requests from courts, law enforcement agencies, and other state authorities, which may also include state authorities of other EU Member States) having a legal basis for this. The controller may disclose personal data to digital advertising platforms (Google, Facebook, LinkedIn, etc.) and use their cookies, enabling the controller to create more accurate segments, display targeted ads, and conduct remarketing. This allows the user to receive more relevant ads from the controller on these platforms. This may involve the transfer of data to a contracted processor outside the EU.

Registered members of the Vizija Business Club are allowed to mutually acquire personal data voluntarily shared by members with other enrolled partners of our company.

Personal Data Retention Period

The data retention period is determined based on the category of individual personal data. Personal data are retained for no longer than necessary to achieve the purpose for which they were collected or further processed, or until the expiration of the statute of limitations for fulfilling obligations or the legally prescribed retention period. If the above-described purposes for which we store and process personal data in our company cease to exist, we will immediately permanently delete or destroy the databases whose purpose has ceased.

Accounting data and related contact data about individuals may be stored for the purpose of fulfilling contractual obligations until full payment for the service or for the longest time until the expiration of the limitation periods regarding individual claims, which can be from one to five years according to the law. In accordance with the law regulating value-added tax, invoices are kept for an additional 10 years after the end of the year to which the invoice relates.

Other data obtained based on your consent are kept for the duration of the business relationship and an additional 2 years after its termination, unless the law prescribes a longer retention period. If an individual who has given consent for the processing of personal data has not entered into a business relationship with us, their consent is valid for 2 years from its submission or until it is revoked. Data on views of received messages and clicks on links in received messages are kept for 12 months after the message is sent.

An individual may completely or partially revoke consent for the storage and processing of their personal data or request the deletion of personal data. If an individual revokes their consent to the processing of personal data, the controller will cease processing and permanently delete the personal data. However, this does not apply when the data is processed on a legal basis. You can send the revocation of consent for data processing to the email address: info@vizija-racunovodstvo.si.

After the expiration of the retention period or after the fulfillment of the processing purpose, the data are deleted, destroyed, blocked, or anonymized unless the law provides otherwise for a particular type of data.

Individual Rights Regarding Personal Data Processing

In accordance with the General Data Protection Regulation and the Slovenian Personal Data Protection Act (ZVOP-1), individuals have the following rights regarding the processing of their personal data:

  • Right to access data
  • Right to rectification
  • Right to erasure (“right to beforgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject to a decision based solely on automated processing, including profiling

Right to Access Data

You always have the right to be informed whether personal data about you is being processed, and if so, you have the right to access personal data and the following information:

  • the purposes of processing,
  • the types of personal data being processed,
  • recipients or categories of recipients to whom the personal data have been or will be disclosed,
  • the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period,
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of your personal data, or to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where the personal data are not collected from you, any available information as to their source,
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to Rectification

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure (“Right to be Forgotten”)

You have the right to obtain the erasure of your personal data without undue delay when one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • you withdraw consent on which the processing is based, and where there is no other legal ground for the processing,
  • you object to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the personal data have to be erased for compliance with a legal obligation in Union or Slovenian law to which the controller is subject.

Right to Restriction of Processing

You have the right to obtain restriction of processing of your personal data where one of the following applies:

  • you contest the accuracy of the data, for a period enabling the controller to verify the accuracy of the personal data,
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead,
  • the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims,
  • you have objected to processing, pending the verification of whether the legitimate grounds of the controller override your grounds.

When processing of your personal data has been restricted in accordance with the above, except for storage, such personal data shall only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. We shall inform you before the restriction of processing is lifted.

Right to Data Portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on your consent and is carried out by automated means. Upon your request and where technically feasible, personal data may be transmitted directly to another controller.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on legitimate interests pursued by Vizija računovodstvo, d.d. We shall cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the processing is based on consent, the right to object may be exercised by withdrawing the consent.

Right Not to be Subject to Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into, or performance of, a contract between you and the data controller, is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.

Withdrawal of Consent

You may withdraw consent for the processing of data you have provided for the collection, processing, and transfer of personal data for a specific purpose at any time. Upon receipt of notice of withdrawal of consent for processing of your personal data, we will immediately cease processing data for the purposes originally provided, unless there is another legal basis for processing that does not allow deletion at the request of the individual. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Exercising Individuals’ Rights Regarding Personal Data Processing

Requests related to the exercise of your rights are accepted at the email address: info@vizija-racunovodstvo.si or by regular mail to the address: Vizija računovodstvo, d.d., Bratislavska cesta 5, 1000 Ljubljana.
We will decide on your request without undue delay, no later than one month after receiving your request. In case of complexity and a large number of requests, we may extend the deadline by up to two additional months. If we extend the deadline, we will inform you of such extension within one month of receiving the request, along with the reasons for the delay.

If you submit a request electronically, we will provide information, where possible, electronically, unless you request otherwise. If there is reasonable doubt concerning the identity of the individual submitting a request regarding any of their rights, we may request additional information necessary to confirm the identity of the individual to whom the personal data relate. This is a security measure to ensure that personal data are not disclosed to unauthorized persons.

If requests from the individual to whom the personal data relate are manifestly unfounded or excessive, particularly because of their repetitive character, the company may:

  • charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
  • refuse to act on the request.

Right to Lodge a Complaint Regarding Personal Data Processing

If we do not respond to your request within the legal deadline or reject your request, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner, Dunajska cesta 22, 1000 Ljubljana.

You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian regulations or EU regulations on personal data protection.
If you have exercised the right to access data and, upon receiving the decision, believe that the personal data received are not those you requested or that you have not received all the requested personal data, you may submit a reasoned complaint to Vizija računovodstvo, d.d. within 15 days before lodging a complaint with the Information Commissioner. We will decide on your complaint as a new request within five working days.

Personal Data Protection

To prevent unauthorized access to acquired data or their disclosure, maintain the accuracy of personal data, and ensure their proper use, we employ appropriate technical and organizational procedures and measures to secure the data we collect, including:

  • protecting the premises and hardware in which or with the help of which personal data are processed;
  • protecting the application and system software used to process personal data;
  • ensuring the security of the transmission and transfer of personal data;
  • preventing unauthorized access to devices on which personal data are processed and to their collections;
  • enabling retrospective determination of when individual data were entered, used, or transferred to a database and who did so, for the period for which individual data are stored;
  • providing an effective means of blocking, destroying, deleting, or anonymizing personal data.

All employees, contracted processors, and other persons who process personal data on behalf of the company are obligated through signed statements or contracts to maintain confidentiality and must not disclose personal data to unauthorized third parties. Access to personal data is permitted only to those individuals who need the data to perform their tasks or to process them on behalf of the company. In the event of breaches of confidentiality, appropriate procedures are initiated against responsible individuals.
The website www.vizija-racunovodstvo.si is hosted on a secure web server and undergoes regular security checks. We never request credit card numbers or other data that could be subject to online criminal activity from you. Personal data collected on our website are used exclusively for the purposes stated above, are not marketed, or transferred to third parties, except to business partners who help us maintain the website and are bound to protect personal data under the same conditions as Vizija računovodstvo, d.d.

Changes to the Personal Data Protection Policy

Vizija računovodstvo, d.d. reserves the right to change and supplement the Personal Data Protection Policy. All changes to the Personal Data Protection Policy will be published on our website and will apply from the date of publication. For everything not regulated by this Data Protection Policy, the applicable legislation applies.