Privacy Policy

Choose your color.

Personal Data Protection Policy

The purpose of the personal data protection policy is to inform individuals, service users, associates, employees, and other persons (hereinafter: individual) who cooperate with i9 d.o.o., Limbuška cesta 78/b, 2000 Maribor (hereinafter: company) about the purposes, legal bases, security measures, and the rights of individuals regarding the processing of personal data carried out by our company.

We value your privacy, which is why we always carefully protect your data.

We process your personal data in accordance with European legislation (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation)) and the applicable legislation in the field of personal data protection (Personal Data Protection Act (ZVOP-1, Official Gazette of the RS, No. 94/07)) and other legislation providing us with a legal basis for processing personal data.

The personal data protection policy contains information for individuals on how our company, as a controller, processes personal data received from an individual based on the legal grounds described below.

1) The personal data controller is the company:

i9 d.o.o.

Limbuška cesta 78/b, 2000 Maribor, Slovenia

Contact: Alla Obradović

Email: alla@i9bottle.si

Personal Data

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Purposes of Processing and Legal Bases for Data Processing

The company collects and processes your personal data on the following legal bases:

  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Compliance with a Legal Obligation

Based on provisions in the law, the company primarily processes data about its employees, as enabled by labor legislation. Thus, on the basis of a legal obligation for employment purposes, the company processes the following types of personal data: first and last name, gender, date of birth, personal identification number (EMŠO), tax number, place, municipality, and country of birth, citizenship, residence, etc.

Performance of a Contract

In cases where you, as an individual, enter into a contract with the company, this contract serves as the legal basis for processing personal data. We are thus permitted to process your personal data for the conclusion and implementation of the contract, such as the sale of goods and services, participation in events, training sessions, promotions, etc. If the individual does not provide the personal data, the company cannot conclude the contract, nor can it perform the service or deliver the goods in accordance with the concluded contract, as it lacks the data necessary for execution. Based on the performance of a lawful business activity, the company may inform individuals and users of its services via their email address about its services, events, training, offers, and other content. The individual may request the cessation of such communication and data processing at any time and cancel the receipt of messages via the unsubscribe link in the received message, or by making a request via email to info@i9bottle.si or by regular mail to the company’s address.

Legitimate Interest

The company may also process personal data on the basis of a legitimate interest it pursues. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. When applying legitimate interest, the company always performs an assessment in accordance with the General Regulation.

The processing of personal data of individuals for direct marketing purposes is considered to be carried out in a legitimate interest. The company may thus process personal data of individuals collected from publicly accessible sources or within the framework of lawful business activities, also for the purposes of offering goods, services, employment, informing about benefits, events, etc. To achieve these purposes, the company may use regular mail, telephone calls, email, and other telecommunication means. For direct marketing purposes, the company may process the following personal data of individuals: the individual’s first and last name, permanent or temporary residence address, telephone number, and email address. The company may process these personal data for direct marketing purposes even without the explicit consent of the individual. The individual may request the cessation of such communication and data processing at any time and cancel the receipt of messages via the unsubscribe link in the received message, or by making a request via email to info@i9bottle.si or by regular mail to the company’s address.

Processing Based on Consent

If the company does not have a legal basis demonstrated on the basis of law, contractual obligation, or legitimate interest, it may ask the individual for consent. Thus, it may process certain personal data of the individual for the following purposes as well, provided the individual gives consent for them:

  • residential address and email address for information and communication purposes,
  • tax number or personal identification number (EMŠO) for the purposes of potential enforcement in case of non-fulfillment of obligations (e.g., unpaid invoice),
  • photographs, video recordings, and other content relating to the individual (e.g., publishing pictures of individuals on the company’s website) for the purposes of documenting activities and informing the public about the company’s work and events;
  • other purposes for which the individual agrees via consent.

If an individual gives consent for the processing of personal data and at some point no longer wishes it, they can request the cessation of personal data processing via a request sent by email to info@i9bottle.si or by regular mail to the company’s address. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Processing is Necessary to Protect the Vital Interests of the Individual

The company may process the personal data of the data subject if it is urgent to protect their vital interests. Thus, the company may search for an individual’s personal document, check if this person exists in its database, study their medical history, or establish contact with their relatives, for which the company does not require their consent. This applies in cases where it is absolutely necessary to protect the vital interests of the individual.

Retention and Deletion of Personal Data

The company will store personal data only as long as necessary to fulfill the purpose for which the personal data was collected and processed. If the company processes data based on the law, it will retain it for the period prescribed by law. In doing so, some data is stored for the duration of the cooperation with the company, while some data must be kept permanently.

Personal data processed by the company on the basis of a contractual relationship with an individual is retained for the period necessary to execute the contract and for another 6 years after its termination, except in cases where a dispute arises between the individual and the company regarding the contract. In such a case, the company retains the data for 10 years after a court decision, arbitration, or court settlement becomes final, or, if there was no court dispute, 5 years from the date of the peaceful resolution of the dispute.

Those personal data processed by the company on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is withdrawn or until a request for data deletion is made. Upon receipt of the withdrawal or deletion request, the data will be deleted within 15 days at the latest. The company may also delete this data prior to withdrawal when the purpose of processing the personal data has been achieved or if so provided by law.

Exceptionally, the company may refuse a deletion request for reasons set out in the General Regulation, such as: exercising the right of freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, or the establishment, exercise, or defense of legal claims.

After the retention period expires, the company must effectively and permanently delete or anonymize the personal data so that it can no longer be linked to a specific individual.

Contractual Processing of Personal Data and Data Export

For individual processing tasks, the company may entrust a data processor based on a contractual processing agreement. Contractual processors may process the entrusted data exclusively on behalf of the controller, within the limits of their authorization specified in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.

The contractual processors the company works with are primarily:

  • providers of legal and business consulting;
  • infrastructure maintainers (video surveillance);
  • information system maintainers;
  • email service providers and software/cloud service providers (e.g., Telekom, Microsoft, Google);
  • social network and online advertising providers (Google, Facebook, Instagram, etc.).

For the purpose of a better overview and control over contractual processors and the regulation of mutual contractual relations, the company also maintains a list of contractual processors, specifying all the actual processors with whom the company collaborates.

Under no circumstances will the company provide the individual’s personal data to third unauthorized parties. Contractual processors are only permitted to process personal data within the framework of the company’s instructions and may not use personal data for any other purposes.

The company as a controller and its employees do not export personal data to third countries (outside the member states of the European Economic Area – EU members plus Iceland, Liechtenstein, and Norway) and to international organizations, except to the USA, whereby relationships with contractual processors from the USA are regulated on the basis of standard contractual clauses (model contracts adopted by the European Commission) and/or binding corporate rules (adopted by the company and approved by supervisory authorities in the EU).

Cookies

The company’s website operates with the help of so-called cookies. A cookie is a file that stores website settings. Websites store cookies on users’ devices used to access the internet with the purpose of recognizing individual devices and settings that users applied during access. Cookies allow websites to recognize if a user has already visited this site, and in advanced applications, individual settings can be adjusted accordingly with their help. Their storage is under the full control of the browser used by the individual – who can restrict or disable the storage of cookies as desired.

Cookies are fundamental for providing user-friendly online services. They are used to store data about the status of an individual webpage, help collect statistics about users and website visits, etc. With the help of cookies, we can therefore evaluate the effectiveness of our website design. A precise specification of which cookies are used by a specific company website is provided in the appendix.

The storage and management of cookies are under the full control of the browser used by the individual. The browser can restrict or disable cookie storage as desired. You can also delete cookies that the browser has stored; instructions can be found on the websites of the respective browser.

The cookie policy can be found here.

Data Security and Data Accuracy

The company takes care of information security and infrastructure security (premises and application/system software). Our information systems are protected, among other things, by anti-virus programs and a firewall. We have implemented appropriate organizational and technical security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful and unauthorized forms of processing. In the event of transmitting special categories of personal data, we transmit them in encrypted form and protected by a password.

The individual is solely responsible for submitting their personal data securely and ensuring that the data provided is accurate and authentic. The company will strive to ensure that the personal data it processes is accurate and updated as necessary; occasionally, we may contact you to confirm the accuracy of your personal data.

Rights of the Data Subject Regarding Data Processing

In accordance with the General Regulation, an individual has the following rights regarding personal data protection:

  • They may request information about whether we hold their personal data and, if so, what data we hold, on what basis we hold it, and why we use it.
  • They may request access to their personal data, allowing them to receive a copy of the personal data held by the company and check whether the company is processing it lawfully.
  • They may request corrections to personal data, such as the correction of incomplete or inaccurate personal data.
  • They may request the deletion of their personal data when there is no reason for further processing or when exercising their right to object to further processing.
  • They may object to further processing of personal data where the company relies on a legitimate business interest (including in the case of a third party’s legitimate interest) when there are reasons related to the individual’s specific situation; the individual has the right to object at any time if the company processes personal data for direct marketing purposes.
  • They may request the restriction of processing of their personal data, which means halting the processing of personal data, for example, if the individual wants the company to establish its accuracy or to verify the reasons for further processing of the personal data.
  • They may request the transfer of their personal data in a structured electronic format to another controller, provided this is possible and feasible.
  • They may withdraw the consent given for the collection, processing, and transfer of their personal data for a specific purpose; upon receiving notification that they have withdrawn their consent, the company will stop processing the personal data for the purposes originally accepted, unless the company has another lawful legal basis to do so legally.

If an individual wishes to exercise any of the aforementioned rights, they can send a request via email to info@i9bottle.si or by regular mail to the company’s address. Access to the individual’s personal data and the exercise of rights are free of charge for the individual. However, the company may charge a reasonable fee if the request of the data subject is manifestly unfounded or excessive, particularly if it is repetitive. In such a case, the company may also refuse the request.

In the event of exercising rights under this section, the company may need to request certain information from you to help confirm the identity of the individual, which is merely a security measure to ensure that personal data is not disclosed to unauthorized persons.

When exercising rights under this section, the individual can use the form provided by the Information Commissioner, which is accessible on their website. Link to: https://www.ip-rs.si/fileadmin/user_upload/doc/obrazci/ZVOP/Zahteva_za_seznanitev_z_lastnimi_osebnimi_podatki__Obrazec_SLOP_.doc  In the event that the individual believes their rights have been violated, they can contact the supervisory authority or the Information Commissioner for protection or assistance. Link to: https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/

If an individual has any questions regarding the processing of their personal data, they can always contact our company via email at info@i9bottle.si or by regular mail to the company’s address.

Publication of Changes

Any changes to our personal data protection policy will be published on this website. By using the website, the individual confirms that they accept and agree to the entire content of this personal data protection policy.

The personal data protection policy was adopted by Alla Obradović on February 28, 2021.

The personal data protection policy was amended on February 26, 2021. The amended personal data protection policy was adopted by Alla Obradović on February 28, 2022.