Privacy Policy
Privacy and Data Protection
This Privacy Policy sets out all relevant information regarding the processing of personal data carried out by GENSYS, engineering, services and trading company, Ltd (hereinafter referred to as the Controller).
The Controller pays particular attention to the security of your personal data. All personal data provided are treated as confidential and are used solely for the purposes for which they were collected.
Who processes my personal data?
The Controller is responsible for the processing of personal data.
Controller details:
- Company name: GENSYS, engineering, services and trading company, Ltd
- Address: Žlebe 124, 1215 Medvode, Slovenia
- E-mail: info@gensys.si
Definitions
- Personal data means any information relating to an identified or identifiable individual (such as name, surname, e‑mail address, telephone number, as well as identifiers specific to the physical, physiological, genetic or mental identity of an individual, etc.).
- Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
- Processing means any operation or set of operations performed on personal data, such as collection, storage, access or any other form of use.
How do we obtain personal data?
We obtain your personal data directly from you when providing our services or when you purchase our products. Personal data may also be obtained indirectly, for example through the use of our website or other digital tools.
Which personal data do we collect and process?
The processing concerns personal data collected by the Controller through direct communication with you via various channels, enquiries, purchases and similar interactions. These data may include:
- Basic personal data (name and surname, company name, address);
- Contact details (e-mail address, telephone number);
- Information about the selected service or product;
- Data obtained by the Controller in the course of providing services;
- Payment-related information.
Purpose and legal basis of processing
This Privacy Policy applies to:
- Customers,
- Visitors of the website.
The Controller processes personal data only where there is an appropriate legal basis and solely for clearly defined purposes, as set out below. If personal data were to be processed for any purpose not defined in this Policy, you would be informed in advance.
|
Purpose |
Types of data |
Legal basis |
Retention period |
|
Provision of services/purchase of products |
Name and surname, address, e-mail address, company, company data, service-related data and data generated in the course of service provision |
Contractual relationship |
5 years after termination of the service |
|
Communication based on enquiries |
Name and surname, e-mail address, and content of the message |
Pre-contractual relationship |
12 months after completion of communication |
|
Handling complaints and claims |
Name and surname, e-mail address, and data required for refunds |
Contractual relationship |
5 years after completion of the complaint procedure; 10 years after a final decision in the event of court or official proceedings |
|
Enforcement of legal claims and protection of rights |
The scope of data depends on the case |
Legal obligation |
In accordance with applicable legislation |
Providing personal data is voluntary, except where required by law. Certain data are necessary in order to provide services. If you decide not to provide the required data, we may not be able to provide certain services.
Personal data are processed only for as long as necessary to fulfil the purpose for which they were collected. After the expiry of the retention period, the data are deleted or anonymised so that identification is no longer possible.
Do we share your personal data with third parties?
Personal data may be shared with third parties in the following cases:
- Website hosting providers,
- IT support providers,
- Accounting services.
Personal data are disclosed to third parties only where necessary to achieve the purpose of processing. Third parties may access and process personal data solely within the scope and manner defined by a contractual agreement and may not process data beyond what is necessary. All third parties are required to ensure the same level of data protection as the Controller.
Automated processing and profiling
The Controller does not carry out automated decision-making or profiling.
How do we protect your personal data?
We ensure the security of personal data through appropriate technical and organisational measures, including:
- Regular updates of hardware and software;
- Protection of systems with security software;
- Physical security of business premises;
- Regular employee training on data protection;
- Access restrictions to personal data for unauthorised persons.
Despite the implemented safeguards, security incidents may occur. We have therefore established procedures to respond to such incidents promptly, efficiently and in compliance with applicable law.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority without undue delay and no later than within 72 hours. Where a breach may result in a high risk, the affected individuals will also be informed without delay.
Your rights
In relation to the processing of your personal data, you have the following rights:
- Right of access: the right to obtain confirmation as to whether personal data concerning you are being processed and access to such data.
- Right to rectification: the right to request correction of inaccurate or incomplete personal data.
- Right to restriction of processing: the right to request restriction of processing, for example while the accuracy of data is being verified or an objection is being assessed.
- Right to erasure: the right to request deletion of personal data in certain cases. Where processing is based on legal obligation or a valid contract, data cannot be erased.
- Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal; however, certain services may no longer be available.
- Right to object: where processing is based on legitimate interests, you may object to such processing. The Controller will cease processing unless there are compelling legitimate grounds. Processing for direct marketing purposes will always cease upon objection. Objections may be submitted via e-mail to info@gensys.si.
- Right to data portability: the right to request transmission of personal data to another controller in a machine-readable format, where processing is based on consent or a contract and carried out by automated means.
If you believe that your personal data protection rights have been violated, you may lodge a complaint with the competent supervisory authority. In Slovenia, this is the Information Commissioner.
Requests relating to your rights will be processed without undue delay and no later than within 30 days of receipt. If a request is particularly complex, you will be informed accordingly and provided with an estimated timeframe.
For identification purposes, we may require additional information. If such information is not provided, the request may be rejected.
Requests may be submitted to: info@gensys.si.
Cookies
Our website uses cookies. Cookies are small text files stored on your device when you visit our website. They perform various functions described below and may be placed by us or by third parties.
Based on their function, cookies are classified as essential, functional, analytical and marketing cookies. Depending on the provider, they may be first-party or third-party cookies.
a) Types of cookies used
- Essential cookies are required for the proper functioning of the website. Deleting them may impair functionality.
- Functional cookies allow website customisation according to your preferences and are used only with your consent.
- Analytical cookies enable us to analyse website usage and improve performance; they are used only with consent.
b) Cookie list
Cookie name | Purpose | Duration | Provider |
_ga | Analytical | 13 months | |
_ga_WB2BTPNJP0 | Analytical | 13 months | First-party |
cmplz_banner-status | Functional | 1 year | First-party |
cmplz_consented_services | Functional | 1 year | First-party |
cmplz_functional | Functional | 1 year | First-party |
cmplz_marketing | Functional | 1 year | First-party |
cmplz_policy_id | Functional | 1 year | First-party |
cmplz_preferences | Functional | 1 year | First-party |
cmplz_statistics | Functional | 1 year | First-party |
PH_HPXY_CHECK | Urgent | 1 year | First-party |
c) Managing cookie settings
You may manage cookie settings in your browser. Please note that settings must be configured separately for each browser and may need to be reconfigured after updates.
Instructions are available for major browsers, including Chrome, Firefox, Internet Explorer, Safari, and Opera.
d) Cookie data retention
Data collected through cookies is stored until consent is withdrawn. Statistical data are anonymised, making identification impossible.
Changes to this Privacy Policy
Any changes to this Privacy Policy will be published on this website. Continued use of the website or services after changes have been made constitutes acceptance of the updated policy.
Contact
For any questions regarding personal data protection, please contact us at: info@gensys.si