These rules on privacy determine how AGILCON, informacijske tehnologije, d.o.o. (hereinafter: Agilcon) acquires, stores, and uses your personal data. The date of the enforcement of these rules on privacy is 26th April 2018.
These rules on privacy are in force for:
- Our web pages https://www.agilcon.si/ and https://www.geckohrm.com (hereinafter together: webpage)
- Performance of the Agilcon organization and the report for such events
- Registration for receiving information on novelties and our offer of services
- Inquiries for the Salesforce and Gecko HRM solutions and services through email, telephone, and forms on our web pages, social channels, and applications
- Transfers of the documents which are at the disposal on our web pages and
- Your use of any other, present or future web on non-web service, technical support or offer of the Agilcon (hereinafter altogether from (i) – (vii): Services)
We ask you to thoroughly read our rules on privacy. We recommend you to print or properly save a copy of these rules on privacy and all the following versions which are in force for our records of consents which you gave us.
1 About us
The controller of personal data is the company AGILCON, informacijske tehnologije, d.o.o., whose headquarters are at Bravničarjeva 13, SI-1000 Ljubljana.
In case of questions, please, contact us by sending an email to firstname.lastname@example.org or call +386 59 015 373.
2 How we acquire, use, and process in other ways your personal data
We acquire your personal data when you pass them to us, e.g. through your use of our webpage and its functions, when you contact us directly through e-mail, telephone, in a written form or through the social media, when you order our services or in any other way by which you pass your personal data to us (hereinafter: “Service”).
When this is permitted by law, we can acquire information about you also from other public sources.
3 Which types of personal data do we collect or acquire about you?
Types of information we collect about you can include information, such as:
- Your name and last name
- Your business email address or any other email address you passed to us
- The company you work for or you worked for
- Your business position in the company
- You telephone number
- Information on your computer or mobile device (e.g. your IP address and the type of the browser, type of the device)
- Information on that how you use our webpage (e.g. what pages you checked, the time when you were checking them, and what you clicked on
We can also acquire your personal data from certain publicly accessible sources, including with (but not limited to) public online databases, business directories, media publications, social media, web pages, and other publicly accessible sources.
Agilcon does not process special types of personal data.
4 How we use your personal data (purposes of the processing)
Your personal data can be used for one or several of the following purposes:
1) V povezavi z vašo uporabo Storitev in s prilagajanjem uporabniške izkušnje vašim potrebam in ciljem:
- Management and improvement of our websites, including with the adaptation of the user experience of our website. This is necessary for our legitimate interest to better understand the desires of our customers and potential buyers and adapt our websites, products, and services with regards to your needs and desires.
- Management of relations of Agilcon with the current and potential customers. We do this by the analysis of the data on the history of the relationship of our buyers with the intention to improve business relationships with the customers with the emphasis on preserving the customers and the final growth of the sales. This is necessary for our legitimate interest to better understand the desires of our customers and for the efficient management and administration of our business conduct.
- Segmenting the data about you which enables us the offer of our services which is adapted to you and for the purpose of internal statistical reports on the use of our Services.
- Communicating directly with you in connection with the updates on our website, purchases of our services and responding to inquiries which we receive from you. This will be necessary to inform you on the changes of our websites occasionally to perform the contract which we concluded with you, to prepare the offer, or, for our legitimate interest of fulfilling and confirming your demands, to ensure you our services and respond to the questions which we receive from you.
- Concluding the contract and preparation of the offer. If you do not pass your personal data, if this is necessary for such a purpose, we will not be able to conclude or perform the contract with you or to offer you products and services which you demanded. We can also postpone or revoke all the orders which you set and enforce our legal rights against you (e.g. if we had costs or expenditures in preparation or fulfilling any kinds of orders you gave).
- Protection of our business conduct and our business interests, including the purpose of checking the credit and previous experiences, preventing frauds, and debt collection. This is necessary for the protection of our legal interests of preventing criminal activities, such as frauds or money laundering to ensure that our website and Services are not misused and to protect our business conduct. Such checking will be performed only if this is allowed by the legislation.
- Communicating with our business advisors and legal counselors. This is necessary for our legitimate interests of acquiring legal or professional business advice. We will only pass your personal data if this is necessary, to the least extent which is necessary and anonymized whenever this is possible and with the condition of concluding contracts on non-disclosure.
- Sharing personal data with the third parties (hereinafter: our sub-processors) which are connected with us in the connection with our ensuring the services, such as our business partners, email providers, web hosting providers, and the providers of various services of information and communication technologies. This will be necessary for the performance of the contract which we concluded with you (or for the preparation of the offer), for our legitimate interest of the efficient management and the administration of our business conduct, for the compliance with legal obligations which bind us or for our own purposes of direct marketing. When we share your personal data we will do this consistently on the basis of the need for familiarization in compliance with the appropriate limitations of confidentiality on the anonymized basis as much as possible and only to the extent which is essential for any of these purposes.
- Enforcing our legal rights and respecting the laws, regulations and other legal demands. This is necessary for our legitimate interest in protecting our business conduct and enforcing our contract and other legal rights. To ensure physical, network, and information security and integrity. This is necessary for our legal interest to ensure a safe and non-compromised IT system and networks, including with the backup copying and filing, preventing malevolent programming equipment, viruses, errors, and other harmful codes, preventing the unauthorized access to our systems, and all the forms of the attacks or damages of our IT systems and networks. Perhaps, we will have to use and process your personal data to be in compliance with the legal obligations which we have to respect. For example, we can demand that you pass your particular personal data for the purposes of performing the legal obligation of preventing money laundering or that you reveal your data to the court after receiving the court order. Your personal data will be maybe needed also for fulfilling the applicable legal obligations, such as tax legislature and other regulations which bind us.
- In connection with the demands for disclosure in the case of the sales of purchase of the company and/or assets – actual or potential. This is necessary for our legitimate interests of sales and/or preserving and ensuring the success of our business conduct.
- For the statistical and research purposes. We will anonymize the data and use them for the legitimate interests of processing personal data for the research purposes, including the market research, better understanding of our customers and adapting our products and services to your needs.
- Identification of possible criminal activities or threats for the public safety to the prosecuting authority. This is necessary for our legal interest of encouraging the success of our business conduct, preventing the crime, for the fulfillment of legal obligations, for the general public interest or for the legal interests of governmental bodies and prosecuting authorities which prevent the criminal activities.
- In the connection with any legal or possible legal action or procedure. This is necessary for our legitimate interest of encouraging and assuring the success of our business conduct, solving disputes, and giving such disclosures as the laws require or for which we believe that they act reasonably, according to the law.
2) For the purposes of direct marketing and with your explicit consent for the purposes of e-marketing to inform you about our services, novelties, event organization, to offer you our services, and other forms of e-marketing.
When we process your personal data on the basis of your consent you can anytime withdraw the given consent if you send us an email to the e-address email@example.com. The date of enforcing such withdrawal is 30 working days since the day we received your request.
5 Storage of personal data and the period of the processing
Agilcon stores your personal data on the servers of the IT providers of services in the cloud which are located in the member states of the EU and in the USA. Occasionally, processing of your personal data can occur also outside of the European Union. Outside of the EU, there can be occasional processing of your personal data by the Salesforce providers in connection with the CRM System of the Salesforce and the application Pardot of the Salesforce.
Agilcon will process your personal data within the scope which is relevant and limited to what is necessary for the purposes for which they are processed, i.e. the purpose(s) for which we process your personal data, e.g. whether it is still necessary to store these data in order to fulfill our obligations according to the contract with you or for our legitimate interests, whether we have any legal obligation to proceed with the processing of your data, such as any obligations of keeping records which are determined by the legislation in force, and whether we have a legal foundation to further process your personal data, such as your consent.
If you wish more information on that where and how long your personal data are stored and for more information on your right to deletion and transferability of the personal data, contact us on firstname.lastname@example.org.
6 How we protect your personal data
We have taken appropriate technical and organizational measures for the protection of your personal data and their protection against unauthorized use or processing and against coincidental loss or destruction or damaging your personal data, including with:
- The principle of the minimal scope of data and processing on the anonymized basis whenever this is possible
- Training of our employees on the significance of confidentiality and preserving privacy and security of your data
- Commitment to the adoption of the appropriate disciplinary measures for the assertion of responsibility of the employees in connection with the privacy
- Standing and comprehensive updating and testing our security technology
- Thorough and responsible selection of our sub-processors
- Using safe servers for storing your personal data
- Naming an authorized person for the protection of the personal data
- Demanding the proof on the identity from every individual who demands access to personal data.
We wish to notify you that the transfer of information (including with the personal data) through the internet is not always entirely safe. If you pass us any information through the internet (through an email or through our webpage or in any other way), you do this entirely at your own risk. We cannot be held responsible for any costs, expenditures, loss of profit, damage to reputation, responsibility or any other form of loss or damage you suffered because of your passing data through the internet.
7 Web plug-ins
We use Salesforce.com, Inc, USA, solution for the customer relationship management (CRM).
We concluded the data processing agreement with the company Salesforce.com, Inc. According to the contract, the Salesforce.com is obliged to respect the EU rules of personal data protection. International transfer of personal data Salesforce.com, Inc proceeds on the basis of the Binding Corporate Rules.
The use of CRM services is performed on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest to optimize our services and for better management of our relations with the customers.
Our website uses plug-ins from YouTube managed by Google. The administrator of the page is You Tube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website which contains plug-in for YouTube, the connection is made with YouTube’s servers. YouTube is informed about our webpage which you visited.
If you are registered in the account for YouTube, YouTube enables you that you connect your behavior of browsing directly to your personal profile. You can prevent this by signing out from your YouTube account.
YouTube assists us that our website is attractive. This is a legitimate interest in compliance with the Article 6 (1) (f) of the General Data Protection Regulation (hereinafter: GDPR).
Additional information on handling the user data is available in the statement on data protection in YouTube.
Our website uses cartographic service Google Maps through the API. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
If you wish to use Google Maps, it is necessary to save your IP address. This information is usually transferred to the Google server in the USA and is saved there. The provider of this page has no influence on the data transfer.
The use of Google Maps is in the interest for our webpage to attract and relieve the location of the places which you determine on the website. This is a legitimate interest in compliance with the Article 6 (1) (f) of the GDPR. Additional information on handling the user data is available in the statement on data protection in Google.
We use the service GoToMeeting of the Irish provider LogMeIn Ireland Limited (hereinafter: LogMeIn) to perform meetings and webinars. LogMeIn and the connected companies manage the global server infrastructure. Data which are processed within the framework of the performance of individual webinars can be transferred outside the European Economic Area and are thus subject to legislation of the country where individual servers of LogMeIn are located, as LogMeIn processes the data of the participants of the webinars within the framework of the performance of the webinars in the dependence of the type of the participation.
LogMeIn and its American subsidiary LogMeIn USA, Inc. are registered for the Privacy Shield EU-USA regarding the international data transfers.
We concluded a contract on data processing with the LogMeIn. According to the contract, the LogMeIn is obliged to respect the EU rules of personal data protection.
More on LogMeIn rules of privacy on https://www.logmeininc.com/legal/privacy.
The use of GoToMeeting services is performed on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest to optimize our services and for better management of our relations with the customers.
We use a communication tool Slack of the company Slack Technologies, 500 Howard Street, San Francisco, CA 94105, USA (hereinafter: Slack Technologies) for the internal communication. For this reason, personal data of the customers, users, and coworkers or contractual partners can be transferred to the servers of the Slack Technologies, which are located outside the European Economic Area.
We concluded the contract on data processing with the Slack Technologies. According to the contract, the Slack Technologies is obliged to respect the EU law on data protection. With regards to the international data transfer, we concluded the contract on the data transfer with the so-called Standard Contracting Clauses. According to the contract, the Slack Technologies is obliged that international data transfers of personal data will proceed in compliance with the EU rules of personal data protection.
Slack Technologies is registered for the Privacy Shield EU-USA regarding the international data transfers.
The processing of personal data through the Slack tools is performed on the basis of our legitimate interest according to the Article 6 (1) (f) of the GDPR.
Jira Service Desk
For the support services, we use the SaaS solution Jira Service desk, of the company Atlassian from the USA, which is registered according to the Privacy Shield between the USA and the EU regarding the personal data transfer. Thus, the company is obliged to respect the EU rules of data protection
More on Jira Service Desk rules of privacy on https://www.atlassian.com/trust/privacy.
The use of programming solution Jira Service Desk is performed on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest to select the technologic providers which offer us tools which help optimize our business conduct.
Google G Suite
We use Google Drive service for the storage of and editing documents. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The use of Google Drive is our legitimate interest in compliance with the Article 6 (1) (f) of the GDPR for the optimized business conduct of our company. Additional information on handling the user data is available in the statement on the data protection in Google at the address https://policies.google.com/privacy
You can reject some or all the cookies we use on our websites by changing the settings of the browser. However, this can reduce your ability to use our websites or some or all their functions. For additional information on cookies, including with that how to change the settings of the browser, visit www.allaboutcookies.org.
On our websites, we use Google Analytics and Salesforce Pardot to understand you better.
Pardot Marketing Automation System
We use Pardot Marketing Automation System (“Pardot MAS”) Pardot LLC, 950 East Paces Ferry Road, Suite 3300 Atlanta, GA 30326, USA. Pardot MAS is special programming equipment for capturing and the analysis of moving profiles of the visitors of our websites.
We use Pardot MAS also for recording user interactions and for communicating with our users of the website. We use SalesForce for the user support and performing live chats within the framework of the supporting work of our website. Unless otherwise revealed, these confidential third companies have no rights to use your personal data which exceed that what is necessary for the help in ensuring the best possible service. If we share personal data with these third parties, we demand from them to fulfill the requests of the data processor within the GDPR.
The cookies Pardot MAS are saved on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of the user behavior in order to optimize our website and our advertising.
This website uses the service Google Analytics, the web analysis. It is managed by the Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses the so-called “cookies”. The data acquired by cookies on your use of this website is usually transferred to the Google server in the USA and saved there.
The cookies of the Google Analytics service are stored on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of the user behavior in order to optimize our website and our advertising.
9 International transfers of personal data
If we transfer your personal data outside the European Economic Area, we will do this after a careful review of the appropriate legal grounds and protective measures, such as:
- Policies of data protection known as the “Binding Corporate Rules” or “BCR”
- Standard Contractualing Clauses, adopted by the European Commission or accepted by the Information Commissioner and approved by the European Commission in compliance with the corresponding law
- Code or codes of practice, prepared by the association or another institution approved by the Information Commissioner;
- Approved certification mechanisms (such as e.g. the Privacy Shield EU-USA)
- Or when this is allowed by the Information Commissioner, contractual clauses between the administrator or the data processor, and the data administrator, processor or recipient of the personal data in the third country or in the international organization.
10 Rights of an individual the personal data are connected with
We notify you about the following rights in connection with your personal data which you can perform so that you send an email to email@example.com and:
- Demand access to your personal data and information in connection with our use and processing of your personal data
- Demand the correction or deleting of your personal data
- Demand that we restrict your personal data
- Demand your personal data which you passed to us and which we will pass to you in the structured and machine-readable form (e.g. MS Excel table) and the right that you transfer these personal data to the other personal data processor
- Object to the processing of your personal data for certain purposes (for further information with regards to the bottom section titled “Your right to objection for the processing of your personal data for certain purposes”) and
- Demand the withdrawal of the consent to our use of your personal data where we rely on your consent. If you withdraw your consent, this will not influence the legality of our use and processing of your personal data on the basis of your consent before the day when you will withdraw your consent.
You also have the right to file a complaint at the monitoring authority, which is the Information Commissioner for the purposes of the Republic of Slovenia, whose contact information is available here.
For the additional information regarding your rights in connection with your personal data, including the certain limitations, in force for some of these rights, see the Articles 12 to 23 of the GDPR which is available here.
11 Your right to objection for the processing of your personal data for certain purposes
You have the following rights in connection with your personal data which you can perform in the same way as they are exercised in the previous chapter (your rights in connection with your personal data):
- Object the use or processing of your personal data when we use them or process them in order to perform the task in public interest if we process your personal data for our legal interests, including with the “profiling” (e.g. predicting your behavior on the basis of your personal data) on the basis of any of the purposes and
- To object processing of your personal data for the purposes of the direct marketing (including every automatized evaluation which is performed about you or any of your characteristics as a person if this is connected with such direct marketing).
At the same time, you can exercise your right to object the use or processing of your personal data for the purposes of the direct advertising so that:
- You click the connection for the cancellation which is at the bottom of any marketing email which we sent to you and follow the instructions which emerge in the browser after the click to this connection or
- Send an email to firstname.lastname@example.org where you demand that we stop sending marketing emails or with the words “OPT OUT”.
Every time when you oppose to the direct marketing from us with a different method as in the case of marketing messages which you received from us you have to pass your name and sufficient data which enable us to identify you in the connection with the messages you received (e.g. if you received an SMS and wish to unsubscribe through an email you will perhaps have to send also your telephone number in this email).
12 Changes of our rules on privacy
From time to time we can change our rules on privacy. We will notify you about that. If you continue with the access to our website on that date or after that date you agree that you are obliged by the new version of the rules on privacy.
Where we intend to use your personal data for the new purpose we will pass you some information about the purpose and any other important information before we use your personal data for this new intention.
13 Changes of your personal data
We ask you to let us know about any changes in your personal data which we have about you so that the data we have about you are accurate and up-to-date.
14 The authorized person for the protection of personal data
The data protection officer data in Agilcon is Vesna Stanković Juričić, Bachelor of Laws, Zemljemerska 12, SI-1000 Ljubljana. You can contact her on email@example.com or on the telephone +386 59 015 373.