Privacy Policy
These privacy rules (Rules) determine how AGILCON, information technologies, d.o.o. (hereinafter: Agilcon or we) obtains, stores, and uses your personal data. Agilcon is part of a group which is made up of a number of legal entities, including:
- Agilcon d.o.o., Letališka 32, 1000 Ljubljana, Slovenia
- Agilcon d.o.o., Ul. Roberta Frangeša Mihanovića 9, 10000, Zagreb, Hrvaška
- Agilcon d.o.o., Cara Lazara 5, Beograd – Stari Grad, Republika Srbija.
Any regulatory specifics in relation to a jurisdiction where Agilcon entity has been incorporated are stated in the Regional Specific Provisions at the end of this Privacy Policy.
Data controllers that are part of a group of undertakings or institutions affiliated to a central body have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ personal data. The Agilcon group utilized various centrally managed information technology systems and solutions for managing its relationship with customers and sales leads as well as suppliers.
Where legal entities within Agilcon group jointly determine the purpose and means of data processing their respective responsibilities as joint controllers for compliance with the obligations under the respective data privacy laws, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to (for example: in Articles 13 and 14 of the GDPR) are regulated by means of an intra-group data processing contract. A summary of such an arrangement may be provided to you by way of a written request sent to privacy@agilcon.com
Where this Privacy Policy refers to “Agilcon”, “we”, “us” or “our”, it is referring to the relevant Agilcon group entity.
The original date of entry into force of the Rules is 26 April 2018.
The rules were amended on 21.8.2021 and 01.10.2023.
These rules on privacy are in force for:
- Our web pages https://www.agilcon.si/ and https://www.geckohrm.com (hereinafter together: webpage) and our social media,
- Organisation and execution of Agilcon corporate and business events (webinars included)
- Registration for receiving information on novelties and our offer of services
- Acquisition of our products and solutions including our professional services
- Inquiries for the Salesforce and Gecko HRM solutions and services through email, telephone, and forms on our web pages, social channels, and applications
- Transfers of the documents which are at the disposal on our web pages and
- Your use of any other, present or future web on non-web service, technical support or offer of the Agilcon (hereinafter altogether from (i) – (vii): Services)
We ask you to thoroughly read our rules on privacy.
-
1 About us
The controller of personal data is a company AGILCON, informacijske tehnologije, d.o.o., whose headquarters is at Letališka 32, SI-1000 Ljubljana.
In case of questions or queries please, contact us by sending an email to privacy@agilcon.scom or call +386 59 015 373.
-
2 How we acquire, use, and process in other ways your personal data
Agilcon processes your personal data when required or permitted by law, when you have provided us with personal data yourself or we have obtained it to exercise our legitimate interest or to perform a contract (e.g. purchase of our products or professional services).
Legislation allows us to collect certain personal data for clearly defined purposes, it also determines the retention period, the method of handling this data and the fulfillment of other security requirements (e.g. video surveillance in our premises).
You gave us your consent to the processing of personal data by agreeing on our websites, through one of the forms or via e-mail, that we can provide you with the service for the stated purpose. For example, if you sign up to receive content such as an e-newsletter or e-magazine, invitations to events, publications and services, or register to use certain services. We also obtain consent for certain other business contacts when we cannot assert a legitimate interest. Any consent we seek from you must be express and unequivocal. In the case of children’s participation in programs and in the provision of other services, we require consent, which must also be signed by the holder of parental responsibility for the child. In our database, we will document information about the revocation of consent (for example, about your registration and unsubscribing from the e-newsletter). The retention period, the separate purpose(s) and the possibility of revocation are always clearly defined with each consent. Before consent is given, the individual is informed in writing or in another appropriate way about the purpose of processing his personal data. A possible withdrawal of consent does not affect the legality of the processing of your personal data at the time before the withdrawal was given.
A contract with you is created when you submit a purchase order via the website or when binding contracts are signed and during negotiations on the conclusion of contracts. We process your stated personal data in order to fulfill the concluded contract.
Legitimate (legitimate) interest is the legal basis on which we process personal data of individuals, mostly in connection with our legitimate interests in information security, fraud prevention or when individuals legitimately expect that their personal data will be processed. We also inform individuals about this. We always consider whether our legal (legitimate) interest is justified and take your interests into account in every processing.
When this is permitted by law, we can acquire information about you also from other public sources.
We also collect information about your use of our webpage with cookies and similar technologies. Our policy on cookies which is described below determines more information about that how we use cookies and similar technologies for collecting information about you.
-
3 Which types of personal data do we collect or acquire about you?
Types of information we collect about you can include information, such as:
- Your name and last name
- Your business email address or any other email address you passed to us
- The company you work for or you worked for
- Your business position in the company
- You telephone number
- Information on your computer or mobile device (e.g. your IP address and the type of the browser, type of the device)
- Information on that how you use our webpage (e.g. what pages you checked, the time when you were checking them, and what you clicked on
- Photography or promotional video
We can also acquire your personal data from certain publicly accessible sources, including with (but not limited to) public online databases, business directories, media publications, social media, web pages, and other publicly and legitimately accessible sources.
Agilcon does not process special types of personal data.
-
4 How we use your personal data (purposes of the processing)
Your personal data can be used for one or several of the following purposes:
1) In connection with the use of Services and by adapting the user experience to your needs and goals:
- Management and improvement of our websites, including with the adaptation of the user experience of our website. This is necessary for our legitimate interest to better understand the desires of our customers and potential buyers and adapt our websites, products, and services with regards to your needs and desires.
- Management of relations of Agilcon with the current and potential customers. We do this by the analysis of the data on the history of the relationship of our buyers with the intention to improve business relationships with the customers with the emphasis on preserving the customers and the final growth of the sales. This is necessary for our legitimate interest to better understand the desires of our customers and for the efficient management and administration of our business conduct.
- Segmenting the data about you which enables us the offer of our services which is adapted to you and for the purpose of internal statistical reports on the use of our Services.
- Communicating directly with you in connection with the updates on our website, purchases of our services and responding to inquiries which we receive from you. This will be necessary to inform you on the changes of our websites occasionally to perform the contract which we concluded with you, to prepare the offer, or, for our legitimate interest of fulfilling and confirming your demands, to ensure you our services and respond to the questions which we receive from you.
- Concluding the contract and preparation of the offer. If you do not pass your personal data, if this is necessary for such a purpose, we will not be able to conclude or perform the contract with you or to offer you products and services which you demanded. We can also postpone or revoke all the orders which you set and enforce our legal rights against you (e.g. if we had costs or expenditures in preparation or fulfilling any kinds of orders you gave).
- Protection of our business conduct and our business interests, including the purpose of checking the credit and previous experiences, preventing frauds, and debt collection. This is necessary for the protection of our legal interests of preventing criminal activities, such as frauds or money laundering to ensure that our website and Services are not misused and to protect our business conduct. Such checking will be performed only if this is allowed by the legislation.
- Communicating with our business advisors and legal counselors. This is necessary for our legitimate interests of acquiring legal or professional business advice. We will only pass your personal data if this is necessary, to the least extent which is necessary and anonymized whenever this is possible and with the condition of concluding contracts on non-disclosure.
- Sharing personal data with the third parties (hereinafter: our sub-processors) which are connected with us in the connection with our ensuring the services, such as our business partners, other Agilcon entity within Agilcon group, email providers, web hosting providers, and the providers of various services of information and communication technologies. This will be necessary for the performance of the contract which we concluded with you (or for the preparation of the offer), for our legitimate interest of the efficient management and the administration of our business conduct, for the compliance with legal obligations which bind us or for our own purposes of direct marketing. When we share your personal data we will do this consistently on the basis of the need for familiarization in compliance with the appropriate limitations of confidentiality on the anonymized basis as much as possible and only to the extent which is essential for any of these purposes.
- Enforcing our legal rights and respecting the laws, regulations and other legal demands. This is necessary for our legitimate interest in protecting our business conduct and enforcing our contract and other legal rights. To ensure physical, network, and information security and integrity. This is necessary for our legal interest to ensure a safe and non-compromised IT system and networks, including with the backup copying and filing, preventing malevolent programming equipment, viruses, errors, and other harmful codes, preventing the unauthorized access to our systems, and all the forms of the attacks or damages of our IT systems and networks. Perhaps, we will have to use and process your personal data to be in compliance with the legal obligations which we have to respect. For example, we can demand that you pass your particular personal data for the purposes of performing the legal obligation of preventing money laundering or that you reveal your data to the court after receiving the court order. Your personal data will be maybe needed also for fulfilling the applicable legal obligations, such as tax legislature and other regulations which bind us.
- In connection with the demands for disclosure in the case of the sale of Agilcon or any other corporate restructuring. This is necessary for our legitimate interests of sales and/or preserving and ensuring the success of our business conduct.
- For the statistical and research purposes. We will anonymize the data and use them for the legitimate interests of processing personal data for the research purposes, including the market research, better understanding of our customers and adapting our products and services to your needs.
- Identification of possible criminal activities or threats for the public safety to the prosecuting authority. This is necessary for our legal interest of encouraging the success of our business conduct, preventing the crime, for the fulfillment of legal obligations, for the general public interest or for the legal interests of governmental bodies and prosecuting authorities which prevent the criminal activities.
- In the connection with any legal or possible legal action or procedure. This is necessary for our legitimate interest of encouraging and assuring the success of our business conduct, solving disputes, and giving such disclosures as the laws require or for which we believe that they act reasonably, according to the law.
2) For the purposes of direct marketing and with your explicit consent for the purposes of e-marketing to inform you about our services, novelties, event organization, to offer you our services, and other forms of e-marketing.
When we process your personal data on the basis of your consent you can anytime withdraw the given consent if you send us an email to the e-address privacy@agilcon.com. The date of enforcing such withdrawal is 30 working days since the day we received your request.
-
5 Storage of personal data and the period of the processing
Agilcon stores your personal data on the servers of the IT providers of services in the cloud which are located in the member states of the EU. Occasionally, processing of your personal data can occur also outside of the European Union. Outside of the EU, there can be occasional processing of your personal data by the Salesforce in connection with the CRM System of the Salesforce and Pardot,
Agilcon will process your personal data within the scope which is relevant and limited to what is necessary for the purposes for which they are processed, i.e. the purpose(s) for which we process your personal data, e.g. whether it is still necessary to store these data in order to fulfill our obligations according to the contract with you or for our legitimate interests, whether we have any legal obligation to proceed with the processing of your data, such as any obligations of keeping records which are determined by the legislation in force, and whether we have a legal foundation to further process your personal data, such as your consent.
If you wish more information on that where and how long your personal data are stored and for more information on your right to deletion and transferability of the personal data, contact us on privacy@agilcon.com.
-
6 How we protect your personal data
We have taken appropriate technical and organizational measures for the protection of your personal data and their protection against unauthorized use or processing and against coincidental loss or destruction or damaging your personal data, including with:
- The principle of the minimal scope of data and processing on the anonymized basis whenever this is possible
- Training of our employees on the significance of confidentiality and preserving privacy and security of your data
- Commitment to the adoption of the appropriate disciplinary measures for the assertion of responsibility of the employees in connection with the privacy
- Standing and comprehensive updating and testing our security technology
- Thorough and responsible selection of our sub-processors
- Using safe servers for storing your personal data
- Naming an authorized person for the protection of the personal data
- Demanding the proof on the identity from every individual who demands access to personal data.
Agilcon has been certified and holds ISO 27001 certification which is annually renewed and audited yearly by the independent institution.
We wish to notify you that the transfer of information (including with the personal data) through the internet is not always entirely safe. If you pass us any information through the internet (through an email or through our webpage or in any other way), you do this entirely at your own risk. We cannot be held responsible for any costs, expenditures, loss of profit, damage to reputation, responsibility or any other form of loss or damage you suffered because of your passing data through the internet.
-
7 Web plug-ins
- Salesforce CRM
We use Salesforce.com, Inc, USA, solution for the customer relationship management (CRM).
We concluded the data processing agreement with the company Salesforce.com, Inc. According to the contract, the Salesforce.com is obliged to respect the EU rules of personal data protection. International transfer of personal data Salesforce.com, Inc proceeds on the basis of the Binding Corporate Rules.
The use of CRM services is performed on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest to optimize our services and for better management of our relations with the customers.
YouTube
Our website uses plug-ins from YouTube managed by Google. The administrator of the page is You Tube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website which contains plug-in for YouTube, the connection is made with YouTube’s servers. YouTube is informed about our webpage which you visited.
If you are registered in the account for YouTube, YouTube enables you that you connect your behavior of browsing directly to your personal profile. You can prevent this by signing out from your YouTube account.
YouTube assists us that our website is attractive. This is a legitimate interest in compliance with the Article 6 (1) (f) of the General Data Protection Regulation (hereinafter: GDPR).
Additional information on handling the user data is available in the statement on data protection in YouTube.
Google Maps
Our website uses cartographic service Google Maps through the API. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
If you wish to use Google Maps, it is necessary to save your IP address. This information is usually transferred to the Google server in the USA and is saved there. The provider of this page has no influence on the data transfer.
The use of Google Maps is in the interest for our webpage to attract and relieve the location of the places which you determine on the website. This is a legitimate interest in compliance with the Article 6 (1) (f) of the GDPR. Additional information on handling the user data is available in the statement on data protection in Google.
Slack
We use a communication tool Slack of the company Slack Technologies, 500 Howard Street, San Francisco, CA 94105, USA (hereinafter: Slack Technologies) for the internal communication. For this reason, personal data of the customers, users, and coworkers or contractual partners can be transferred to the servers of the Slack Technologies, which are located outside the European Economic Area.
We concluded the contract on data processing with the Slack Technologies. According to the contract, the Slack Technologies is obliged to respect the EU law on data protection. With regards to the international data transfer, we concluded the contract on the data transfer with the so-called Standard Contracting Clauses. According to the contract, the Slack Technologies is obliged that international data transfers of personal data is conducted in compliance with the EU rules of personal data protection.
Slack Technologies is registered for the DPF Programme regarding the international data transfers.
The processing of personal data through the Slack tools is performed on the basis of our legitimate interest according to the Article 6 (1) (f) of the GDPR.
Jira Service Desk
For the support services when you have purchased any of our products or professional services, we use the SaaS solution Jira Service desk, of the company Atlassian, which is registered for the DPF Program regarding the international data transfers. Thus, the company is obliged to respect the EU rules of data protection
More on Jira Service Desk rules of privacy on https://www.atlassian.com/trust/privacy.
The use of programming solution Jira Service Desk is performed on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest to select the technologic providers which offer us tools which help optimize our business conduct.
Google Workspace
We use Google Drive service for the storage of and editing documents. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The use of Google Drive is our legitimate interest in compliance with the Article 6 (1) (f) of the GDPR for the optimized business conduct of our company. Additional information on handling the user data is available in the statement on the data protection in Google at the address https://policies.google.com/privacy
-
8 How we use cookies and similar technology
Cookies are the data files which were sent from the website to the browser to record information on the users of the website. On our websites, we use cookies and similar technologies. For non -essential cookies your consent is required.
You can reject some or all (except the essential) cookies we use on our websites by changing the settings of the browser. However, this can reduce your ability to use our websites or some or all their functions. For additional information on cookies, including with that how to change the settings of the browser, visit www.allaboutcookies.org.
On our websites, we use Google Analytics and Salesforce Pardot to understand you better.
Pardot Marketing Automation System
We use Pardot Marketing Automation System (“Pardot MAS”) Pardot LLC, 950 East Paces Ferry Road, Suite 3300 Atlanta, GA 30326, USA. Pardot MAS is special programming equipment for capturing and the analysis of moving profiles of the visitors of our websites.
We use Pardot MAS also for recording user interactions and for communicating with our users of the website. We use Salesforce for the user support and performing live chats within the framework of the supporting work of our website. Unless otherwise revealed, these confidential third companies have no rights to use your personal data which exceed that what is necessary for the help in ensuring the best possible service. If we share personal data with these third parties, we demand from them to fulfill the requests of the data processor within the GDPR.
Pardot MAS will save the cookies on the hard drive of your computer in order to follow your operations and the use of the website. However, it will not save or collect personal data. You can stop or prevent saving cookies anytime so that you configure the internet browser so that the cookies of the domain “pardot.com” will not be accepted. However, we would like to stress that in this case, you will perhaps not be able to entirely use all the functions of this website. The privacy policy of the company Pardot is available here.
The cookies Pardot MAS are saved on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of the user behavior in order to optimize our website and our advertising.
Google Analytics
This website uses the service Google Analytics, the web analysis. It is managed by the Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses the so-called “cookies”. The data acquired by cookies on your use of this website is usually transferred to the Google server in the USA and saved there.
The cookies of the basic Google Analytics service are stored on the basis of the Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of the user behavior in order to optimize our website and our advertising.
-
9 International transfers of personal data
If we transfer your personal data outside the European Economic Area, we will do this after a careful review of the appropriate legal grounds and protective measures, such as:
- Policies of data protection known as the “Binding Corporate Rules” or “BCR”
- Standard Contractual Clauses, adopted by the European Commission or accepted by the Information Commissioner and approved by the European Commission in compliance with the corresponding law
- Code or codes of practice, prepared by the association or another institution approved by the Information Commissioner;
- Approved certification mechanisms (such as e.g. the DPF Program)
- Or when this is allowed by the Information Commissioner, contractual clauses between the administrator or the data processor, and the data administrator, processor or recipient of the personal data in the third country or in the international organization.
-
10 Rights of an individual the personal data are connected with
We notify you about the following rights in connection with your personal data which you can perform so that you send an email to privacy@agilcon.com and:
- Demand access to your personal data and information in connection with our use and processing of your personal data
- Demand the correction or deleting of your personal data
- Demand that we restrict your personal data
- Demand your personal data which you passed to us and which we will pass to you in the structured and machine-readable form (e.g. MS Excel table) and the right that you transfer these personal data to the other personal data processor
- Object to the processing of your personal data for certain purposes (for further information with regards to the bottom section titled “Your right to objection for the processing of your personal data for certain purposes”) and
- Demand the withdrawal of the consent to our use of your personal data where we rely on your consent. If you withdraw your consent, this will not influence the legality of our use and processing of your personal data on the basis of your consent before the day when you will withdraw your consent.
You also have the right to file a complaint with the supervisory authority, which is the Information Commissioner of the Republic of Slovenia, whose contact information is available here .
For the additional information regarding your rights in connection with your personal data, including the certain limitations, in force for some of these rights, see the Articles 12 to 23 of the GDPR which is available here.
-
11 Your right to objection for the processing of your personal data for certain purposes
You have the following rights in connection with your personal data which you can perform in the same way as they are exercised in the previous chapter (your rights in connection with your personal data):
- Object the use or processing of your personal data when we use them or process them in order to perform the task in public interest if we process your personal data for our legal interests, including the “profiling” (e.g. predicting your behavior on the basis of your personal data); and
- To object processing of your personal data for the purposes of direct marketing (including every automatized evaluation which is performed about you or any of your characteristics as a person if this is connected with such direct marketing).
At the same time, you can exercise your right to object the use or processing of your personal data for the purposes of the direct advertising so that:
- You click the connection for the cancellation which is at the bottom of any marketing email which we sent to you and follow the instructions which emerge in the browser after the click to this connection or
- Send an email to privacy@agilcon.com where you demand that we stop sending marketing emails or with the words “OPT OUT”.
Every time when you oppose to the direct marketing from us with a different method as in the case of marketing messages which you received from us you have to pass your name and sufficient data which enable us to identify you in the connection with the messages you received (e.g. if you received an SMS and wish to unsubscribe through an email you will perhaps have to send also your telephone number in this email).
-
12 Changes of our rules on privacy
From time to time we can change our rules on privacy. We will notify you about that. If you continue with the access to our website on that date or after that date you agree that you are obliged by the new version of the rules on privacy.
Where we intend to use your personal data for the new purpose we will pass you some information about the purpose and any other important information before we use your personal data for this new intention.
-
13 Changes of your personal data
We ask you to let us know about any changes in your personal data which we have about you so that the data we have about you are accurate and up-to-date.
-
14 The authorized person for the protection of personal data
The data protection officer data in Agilcon is Vesna Stanković, Bachelor of Laws, Ljubljana. You can contact her on vesna.stankovic@agilcon.com
-
15 Regulatory specifics
For the purposes of data subject originating from Croatia the regulatory authority is Agencija za zaštitu osobnih podataka, Selska cesta 136, HR – 10 000 Zagreb.
For the purposes of data subjects originating from Serbia the regulatory authority is Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, Beograd 11120.