PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy is designed to inform you about how we, at HYPEX, d.o.o., (hereinafter referred to as »controller«), process your personal data. This Policy explains for which purposes and based on which lawful basis we process, how long we retain and what are your rights related to your personal data. We value your privacy and we will safeguard your personal data. We will not share your data with third parties without your explicit consent or other lawful basis and we will not further process it in a manner that is incompatible with the purposes for which it was collected.

In order to prevent unauthorised or unlawful disclosure or access and to preserve integrity of your personal data we established adequate technical and organisational measures. Even so, we cannot fully guarantee prevention of all data breaches. As our information system contains certain links to other websites, that are not under the control of the controller, we cannot take any responsibility with regard to the protection of data on those websites.

All terms used in this Privacy Policy have the meaning as set forth in the General Data Protection Regulation (GDPR).


2. DATA CONTROLLER

Data controller under this Privacy Policy is:

HYPEX, D.O.O.
Alpska cesta 43
4248 Lesce
Slovenia

Registration n.: 5353254000
E-mail: info@hypex.si

The Controller manages the following websites: http://hypex.si and http://unimotion.eu/.


3. LAWFUL BASIS FOR PROCESSING

During the provision of our services we collect and process personal data only in accordance with the purposes for which the data was gathered. We maintain up-to-date Records of our processing activities, which contain the details of our personal data processing activities. Personal data of children under the age of 16 is only processed based on consent given or authorised by the holder of parental responsibility over the child.

3.1. Legal Obligations

The majority of our processing activities are necessary for us to comply with our legal obligations (e.g. Accounting Act, Employment Relationship Act, Value Added Tax Act).

3.2. Contracts

We process personal data in order to fulfil our contractual obligations and related steps before entering into a contract (e.g. to deliver our products to the buyers).

3.3. Consent

In certain cases, we process personal data based upon individual's consent, but only in accordance with the purposes for which the consent has been given. Based on consent we collect and process personal data for marketing purposes, such as communication about our promotions, news, event invitations, for statistical purposes, collecting usage information and customised offers.

If an individual does not give his consent or he or she (partially) withdraws consent, we will only further process personal data within the scope of the valid consent or in accordance with the applicable legislation.

Individuals may unsubscribe from receiving our messages at any time. Instructions on how to unsubscribe can be found in each of our messages.

Individuals may at any time also object to processing of personal data concerning him or her. If such an objection is filed, we will not further process personal data for such purposes. The right to object can be filed via e-mail at info@hypex.si or by sending a regular mail to HYPEX, d.o.o., Alpska cesta 43, 4248 Lesce, Slovenia. We will process an individual request without undue delay and no later than 15 days after we receive it.

3.4. Legitimate Interest

In rare cases we process personal data also based on legitimate interest, but never without having first established a business relationship or other legitimate grounds.

4. DATA USERS

The users of personal data are the employees, contractual partners and data processors of Hypex d.o.o., which are bound to safeguard and protect your personal data in accordance with the applicable legislation, non-disclosure agreements or data processor contracts. Users can only access personal data based on their authorisation and assigned access rights.

We may need to send personal data to third parties if such a requirement is prescribed by law (e.g. Court order).

More detailed information about the categories of users, contractual partners and data processors can be provided on demand by sending an e-mail to info@hypex.si.

5. DATA RETENTION

Data retention period depends on the lawful basis and the purposes for processing of personal data. We store personal data only as long as necessary to fulfil the purposes for which it was collected. Afterwards, and if no other lawful basis for processing exists, we erase, destroy, block or anonymise personal data.


6. TRANSFER OF DATA TO THIRD PARTIES

We transfer personal data to third parties only to fulfil the legal or contractual obligations or with an explicit consent of an individual.

7. PROTECTION OF PERSONAL DATA

We store personal data in physical and electronic form at our headquarters. The data is protected with security and encryption measures that ensure security and confidentially of information.

The access to personal data is limited to the employees that need to have access to certain data in order for us to be able to provide our services and products in line with our professional standards. These employees are bound by strict contractual confidentiality obligations, which, if breached, may lead to sanctions including the termination of employment contract.

8. DATA COLLECTION AND PROCESSING

We strive to process as little of personal data as possible and we only collect data of individuals, which is needed to fulfil the legal or contractual obligations, in accordance with the purposes listed in a specific consent or legitimate interest.

8.1. Job Application Form

Our website contains a job application form, where interested individuals may enter their data and join our candidate pool. The purpose of such collection of personal data is communication with regard to possible employment and related processing activities.

Personal data we collect through the application form are name, surname, e-mail address, date of birth, gender, address, education, phone number, CV and other personal data provided by the applicants.

We will only process the collected personal data for as long as necessary to fulfil the purposes for which it was collected. If an individual has not been selected for a specific job opening, we will store his or her data no longer than 24 months. In such cases we will only process data for similar vacancies.

8.2. Registered users

Our website allows registered users to log in and access a dedicated part of the website, where they may access and manage their purchase orders. Registration of users is not publicly available and access to the dedicated part of the website is only granted by the website administrator based on business relationship and mutual agreement.

In case of such registration we process personal data of registered users in order to fulfil our contractual obligations. By doing so we process name and surname, e-mail address, job position and other contact details. With explicit consent we also send registered users promotional materials.


8.3. Website Usage Data

When you visit our website we may automatically gather certain data about the hardware and software of your device. Personal data that may be gathered this way, such as IP address, is not stored or is stored in an anonymised form. We use Google Analytics to analyse gathered data solely for the purposes of website usage statistics.

9. DATA SUBJECT'S RIGHTS

We guarantee you an option to exercise your rights as data subjects. We will enable you to exercise your rights cost-free, but in case some unexpected administrative costs arise we may have to charge you for them (e.g. repetitive requests, multiple copies requests).

In order to exercise your below listed rights you may contact us via e-mail at info@hypex.si or by regular mail at HYPEX, d.o.o., Alpska cesta 43, 4248 Lesce, Slovenia. If you believe that your rights have been violated you may contact the Slovenian Information Commissioner, Zaloška 59, 1000 Ljubljana, phone n. 00386 01 230 97 30, fax 01 230 97 78, e-mail gp.ip@ip-rs.si.

9.1. The Right to Access

An individual has the right to receive a confirmation from us on whether we process his or her personal data without undue delay. An individual can request access to his or her personal data that has been collected by the controller.

9.2 The Right to Rectification

An individual has the right to request any inaccurate or out of date personal data to be rectified or updated.

9.3 The Right to Erasure

An individual has the right to request his or her personal data to be erased if:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • an individual withdraws consent;
  • an individual objects to the processing of his or her personal data;
  • the personal data have been unlawfully processed;
  • based on a legal obligation.

The right to erasure cannot be enforced if further data processing is necessary based on legal obligations or for the establishment, exercise or defence of legal claims.

9.4 The Right to Restriction of Processing

An individual has the right to obtain restriction of processing if:
  • the accuracy of the personal data is contested by the data subject;
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.

9.5 The Right to Object

An individual has the right to object to processing of his or her personal data when such processing is based on consent or legitimate interest for marketing purposes. In case of such objection we will immediately cease the processing activities, unless processing is needed for the establishment, exercise or defence of legal claims;

10. LOST OR STOLEN DATA

If data gets stolen, lost, accessed or shared with an unauthorised third party, an individual needs to notify us accordingly without undue delay so that we may take appropriate measures within our power to protect his or her rights.

11. FINAL PROVISIONS

We reserve the right to transfer personal data we process to our legal successor in cases of merger, acquisition, bankruptcy or other form of (partial) transfer of assets. Excluding the processing of personal data ordered by the competent authority, all processing is governed by this Privacy Policy or a new document of our legal successor if you have been notified and have been given the option to object to further processing of your personal data.

We reserve the right to update, change and modify this Privacy Policy at any time in order to ensure its compliance with the applicable legislation. You may always access an up-to-date version of the Privacy Policy on our website.

All disputes arising from this Privacy Policy shall be governed by the law and shall fall under the jurisdiction of the court based on the seat of Hypex d.o.o.

Everything not included in this Privacy Policy and any contracts between Hypex d.o.o. and an individual, shall be governed by applicable legislation.

This Privacy Policy entered into force on May 25, 2018.
This page wishes to use cookies More
I AgreeI Do Not Agree