Privacy policy

As a personal data controller, SETCCE d.o.o., of Tehnološki park 21, 1000 Ljubljana (hereinafter: SETCCE or the company) undertakes to treat all collected personal data with care and to process it solely for the purposes for which it was originally obtained. The company processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation or GDPR), and other applicable legislation in the area of personal data protection.


About the Privacy Policy

The purpose of the Privacy Policy is to inform users of the company's online services and other persons (hereinafter: data subjects) of the purpose and basis for the processing of personal data by the company, and their rights in this area. At the same time the Privacy Policy also provides further clarification of consent to personal data processing.

The company has particular concern for the security of your personal data. All personal data submitted is treated as confidential. We manage your personal data with the greatest care, having regard for applicable legislation and the highest standards of data handling. Our careful attention to the security of your personal data includes appropriate organisational measures, work procedures and advanced technological solutions, and we also take account of recognised best practices for the purpose of ensuring that the protection of your personal data is as effective as possible. In so doing we use an appropriate level of protection and reasonable physical, electronic and administrative measures by which personal data is protected against accidental or unlawful destruction, loss, alteration or unauthorised disclosure, and personal data that has been transmitted, stored or otherwise processed is protected against unauthorised access.

In accordance with Article 13 of the GDPR, the following information is covered by the Privacy Policy:

  • the company's contact information,
  • the purpose, basis and type of processing of various categories of data subjects' personal data,
  • the storage periods of individual categories of personal data,
  • data subjects' rights in connection with personal data processing,
  • the right to lodge a complaint in connection with personal data processing,
  • the validity of the Privacy Policy.

1) Personal data collected by the company

If you are merely visiting the website, we collect data about you solely through the use of cookies.

For the purposes of responding to a question that you submitted in the Ask Us form (on the website) and conducting commercial communications, we process the following personal data:

  • First name and surname
  • Email address
  • Business name
  • Telephone number

For the purposes of receiving developers' packages and installation packages of the proXSign digital signing component located on the website and conducting commercial communications, we process the following personal data:

  • Email address
  • Business name

For the purposes of registering on the SETCCE partner portal, we process the following personal data:

  • Email address
  • First name and surname
  • Address
  • Postcode
  • City
  • Country
  • Telephone number
  • Business name

For the purposes of online shopping via the SETCCE online store and conducting commercial communications, we process the following personal data:

  • Email addresses
  • First name and surname
  • Address
  • Postcode
  • City
  • Country
  • Telephone number
  • Business name

The processing of the aforementioned personal data is based on your personal consent. Personal data is stored until the intended purpose comes to an end. Collected personal data is not disclosed to third parties or to other organisations.

The company may forward personal data to the relevant government bodies, on the basis of a justifiable request, when there is a legal basis for so doing. For example, the company will respond to requests from courts, prosecution authorities and other government bodies that could include the government bodies of other EU member states.

You can withdraw your consent to personal data processing at any time by sending a request to info@setcce.com or by submitting a written request to the company's address (SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana).

The withdrawal of consent to personal data processing relates solely to personal data being processed on the basis of your consent to personal data processing. Your most recent consent to personal data processing that we have received is valid. The optional withdrawal of consent to personal data processing does not entail any waiver of entitlements in the data subject's business relationship with the company.


2) Categories of data subjects

The Privacy Policy is intended for all those who visit our website or submit a question in the Ask Us form, who make a purchase via the SETCCE online store, and who register on the SETCCE partner portal.


3) Data subjects' rights in connection with personal data processing

We guarantee that you can exercise your rights in connection with the processing of your personal data without any undue delay. We will decide on your request within one month of receiving it. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If we extend the deadline, we will inform you of any such extension within one month of receiving the request, together with the reasons for the delay.

Requests in connection with the exercise of your rights may be sent by email to info@setcce.com, or by post to SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana.

If you submit a request by email, we will endeavour where possible to provide the information electronically, unless you request otherwise.

When there is a reasonable doubt in connection with the identity of the data subject submitting a request in connection with any of his/her rights, we may request additional information necessary for establishing the identity of the data subject.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the company may:

  • charge a reasonable fee that reflects the administrative costs of sending information or messages, or carrying out the requested action, or
  • refuse to act on the request.

We grant the following rights in connection with the processing of your personal data:

(i) the right of access to data
(ii) the right to rectification
(iii) the right to erasure (right to be forgotten)
(iv) the right to restriction of processing
(v) the right to data portability
(vi) the right to object


(i) right of access to data

You always have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if it is, the right to access the personal data and the following information:

  • the purposes of the processing,
  • the categories of personal data being processed,
  • the recipients or categories of recipient to whom personal data has been or will be disclosed,
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data, and the right to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where personal data is not collected from you, any available information as to its source.

(ii) right to rectification

You have the right to the rectification of inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement.


(iii) right to erasure (right to be forgotten)

You have the right to the erasure of your personal data without undue delay, where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
  • you withdraw the consent on which the processing is based, and there are no other legal grounds for the processing,
  • you object to the data processing, and there are no overriding legitimate grounds for the processing,
  • the personal data was unlawfully processed,
  • the personal data has to be erased for compliance with a legal obligation in EU or Slovenian law.

(iv) right to restriction of processing

  • You have the right to the restriction of the processing of your personal data, where one of the following applies:
  • you are contesting the accuracy of the data, for a period that allows us to verify the accuracy of the personal data,
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead,
  • we no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims,
  • you have objected to processing based on the company's legitimate interests, pending verification of whether our legitimate grounds override yours.

Where the processing of your personal data has been restricted under the previous paragraph, with the exception of storage, the personal data may only be processed with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Before the restriction of processing of your personal data is lifted, we are obliged to inform you.


(v) right to data portability

You have the right to receive your personal data that you have sent to us, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller without hindrance from the company, when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, the personal data may be transmitted directly to another controller.


(vi) right to object

When we are processing your data on the basis of a legitimate interest for the purposes of marketing, you have the right to object at any time to this processing.

We cease processing your personal data, unless we demonstrate compelling grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.


4) Right to lodge a complaint in connection with the processing of personal data

Any complaint in connection with the processing of your personal data may be sent by email to info@setcce.com, or by post to SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana.

Should we fail to decide on your request by the legal deadline, or refuse your request, you have the right to lodge a complaint with the Information Commissioner.

You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data breaches Slovenian regulations or EU regulations in the area of personal data protection.

If you have exercised the right of access to data, and after receiving a decision you believe that the personal data that you have received is not the personal data that you requested, or that you have not received all of the requested personal data, before lodging a complaint with the Information Commissioner you may lodge an argued complaint with the company within a deadline of 15 days. We must decide on your complaint as if it were a new request, within five business days.


5) Final provisions

The applicable legislation in the area of personal data protection applies to everything that is not regulated by this Privacy Policy.

The company is not liable for damage incurred by a data subject because erroneous, false, incomplete or outdated data has been submitted about the data subject.
The controller is liable for damage caused by processing only when it fails to perform the obligations required by the GDPR or legislation governing personal data protection, or when it has acted in contravention thereto. The company is exempt from liability if it proves that in no case is it liable for the event that causes the damage.

The company reserves the right to amend this Privacy Policy. We will inform you of any amendments by means of publication on the official website (www.setcce.com) or in another suitable manner.

This Privacy Policy is published on the company's website, and enters into force on 27 September 2018, which is also the date from which it is applied.

Should you have any questions about the Privacy Policy, or about the data about you that we store, we will be happy to answer them.
All questions and requests can be sent to:


SETCCE d.o.o.
Tehnološki park 21,
1000 Ljubljana
Email: info@setcce.com
T: +386 1 6204500

 

 

Show

Call to action

Click here

Setcce

Down