This website uses cookies. By using the site, you agree to the use of cookies.

OK

Privacy Policy

The purpose of the privacy policy is to inform individuals, customers, users of products or services, colleagues, employees and other persons (hereinafter: "individual") who cooperate with Lemon Squeeze, doo (hereinafter: "company") about the purposes, legal bases, security measures and rights of individuals regarding the processing of personal data carried out by the company.

We value your privacy, so we always carefully protect your data.

We process personal data in accordance with applicable personal data protection legislation and other legislation that provides us with a legal basis for processing personal data.

Any changes to this document will be posted on our website. By using the website, you confirm that you are familiar with the full content of the privacy policy.

Personal data controller:
Lemon Squeeze d.o.o.
Ljubljanska cesta 27
4260 Bled
Slovenia

info@lemon-squeeze.tech
+386 31 311 100 
https://www.lemon-squeeze.tech/

1) Personal data

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The website collects some general data and information when an individual visits the website.

2) Purposes of processing and grounds for data processing

The company collects and processes personal data on the following legal bases:

  • the processing is necessary for compliance with a legal obligation to which the controller is subject;
  • the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of such a data subject prior to entering into a contract;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party;
  • the data subject has consented to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary to protect the vital interests of the data subject or another natural person.

Implementation of the concluded contract

In cases where an individual concludes a contract with a company, this constitutes the legal basis for the processing of personal data. The company may process personal data for the purpose of concluding and performing the contract, such as selling goods and services, preparing an offer, participating in various programs, etc. If the individual does not provide personal data, the company cannot conclude the contract, nor can the company perform the service or deliver goods or other products in accordance with the concluded contract, as it does not have the necessary data for the performance. On this basis, the company processes only and exclusively those personal data that are necessary for the conclusion and proper performance of contractual obligations. 

The legal basis for data processing is a contract. The retention period is until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract, except in cases where a dispute arises between the individual and the company in relation to the contract. In such a case, the company stores the data for 10 years after the finality of the court decision, arbitration or court settlement or, if there was no court dispute, for 6 years from the date of a peaceful resolution of the dispute. 

Legitimate interest

The company may also process personal data on the basis of a legitimate interest pursued by it. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In the case of the use of a legitimate interest, the company shall carry out an assessment in accordance with the law. The processing of personal data of individuals for the purposes of direct marketing shall be deemed to be carried out in a legitimate interest. 

The company may process personal data of individuals that it has collected from publicly available sources or within the framework of the lawful performance of its activities, including for the purposes of offering goods, services, employment, informing about benefits, events, etc. To achieve these purposes, the company may use regular mail, telephone calls, e-mail and other means of telecommunication. For the purposes of direct marketing, the company may process the following personal data of individuals: name and surname of the individual, permanent or temporary address, telephone number and e-mail address. The company may process the aforementioned personal data for the purposes of direct marketing even without the express consent of the individual. The individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message or send a request by e-mail or regular mail to the company's address.

The legal basis for data processing is legitimate interest. The data will be processed until you cancel your subscription or until the purpose of the processing has been fulfilled. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Processing based on consent or agreement

If the company does not have a legal basis based on law, contractual obligation, legitimate interest or protection of the life of the individual, it may ask the individual for consent or consent. Thus, it may also process certain personal data of the individual for the following purposes, when the individual provides consent for this:

  • residential address and email address (for notification and communication purposes);
  • photographs, videos and other content relating to an individual (e.g. publishing images of individuals on a website for the purposes of documenting activities and informing the public about the company's work and events;
  • other purposes for which the individual agrees to consent.

If an individual gives consent to the processing of personal data and at some point no longer wishes to do so, they may request the termination of the processing of personal data by sending a request by e-mail or regular mail to the company's address. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. After receiving the withdrawal or request for deletion, the data will be deleted no later than 15 days. The company may also delete this data before the withdrawal, when the purpose of the processing of personal data has been achieved or if so required by law.

Exceptionally, the company may refuse a request for deletion for reasons set out in the General Regulation in cases of exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, and the exercise or defence of legal claims. 

The legal basis for data processing is consent. The data will be processed until the consent is revoked or withdrawn or until the purpose of the processing is fulfilled. The withdrawal of consent does not affect the lawfulness of processing based on consent before its revocation.

Protection of the vital interests of the individual

The company may process the personal data of the data subject if this is necessary to protect his vital interests. In urgent cases, the company may search for the individual's personal document, check whether this person exists in its database, examine his medical history or contact his relatives, for which the company does not need the individual's consent. The above applies if this is necessary to protect the individual's vital interests.

3) Storage and deletion of personal data

The company will store personal data only for as long as necessary to achieve the purpose for which the personal data were collected and processed. If the company processes data on the basis of the law, it will store it for the period prescribed by law. Some data is stored during the period of cooperation with the company, while some data must be stored permanently. Personal data that the company processes on the basis of a contractual relationship with an individual is stored by the company for the period necessary to perform the contract and for 6 years after its termination, except in cases where a dispute arises between the individual and the company in relation to the contract. In such a case, the company will store the data for 10 years after the finality of a court decision, arbitration or court settlement or, if there was no court dispute, for 6 years from the date of a peaceful resolution of the dispute. Personal data that the company processes on the basis of the individual's personal consent or legitimate interest will be stored by the company until the consent is revoked or until a request is made to delete the data. Upon receipt of the revocation or request for deletion, the data will be deleted without undue delay. The company may also delete this data before revocation when the purpose of processing the personal data has been achieved or if so required by law. In the event of exercising the rights of an individual, the company stores the personal data of that individual until a final decision has been made on the matter, and after the final decision has been made in accordance with the final decision in the matter.

Exceptionally, the company may refuse a request for erasure for reasons such as: exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defense of legal claims. After the retention period has expired, the company must effectively and permanently delete or anonymize the personal data so that it can no longer be associated with a specific individual.

4) Contractual processing of personal data and data export

The company may entrust individual processing of personal data to a contractual processor on the basis of a contractual processing agreement. Contractual processors may process the entrusted data exclusively on behalf of the controller, within the limits of its authorization, which is stated in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.

The contract processors with which the company cooperates are mainly:

  • accounting services;
  • information systems maintainers;
  • email service providers and software providers, cloud services (e.g. Google).

For the purposes of better oversight and control of contractual processors and the regulation of the mutual contractual relationship, the company also maintains a list of contractual processors, which lists all specific contractual processors with whom the company cooperates.

The company will not under any circumstances provide personal data of an individual to unauthorized third parties. Contractual processors may only process personal data within the framework of the company's instructions and may not use personal data for any other purposes.

The company as the controller and its employees do not transfer personal data to third countries (outside the member states of the European Economic Area - EU members and Iceland, Norway and Liechtenstein) and to international organizations.

5) Data protection and data accuracy

The company takes care of information security and the security of the infrastructure (premises and application system software). Our information systems are protected, among other things, by antivirus programs and a firewall. We have implemented appropriate organizational and technical security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful and unauthorized forms of processing. In the case of the transmission of special types of personal data, we transmit them in encrypted form and protected by a password. The individual is responsible for transmitting their personal data securely and for the accuracy and authenticity of the transmitted data.

6) Individual rights regarding data processing

The data subject has the right to request access to personal data and the rectification or erasure of personal data or restriction of processing concerning him or her, as well as the right to object to processing and the right to data portability. The individual's request will be handled in accordance with the provisions of the General Regulation and applicable personal data protection legislation.

All of the above rights and all questions can be exercised by an individual by sending a request to the company's address. The company will respond to the individual's request without undue delay, no later than one month after receiving the request. This deadline may be extended by a maximum of two additional months, taking into account the complexity and number of requests, of which the individual will be informed, together with the reasons for the delay. Exercising rights is free of charge for the individual, but the company may charge a reasonable fee if the request is clearly unfounded or excessive, in particular if it is repeated. In such a case, the company may also reject the request. In case of doubt about the identity of the individual, additional information that the company needs to establish the identity may be requested.

In the decision on the individual's request, the company will also inform the individual of the reasons for the decision and information about the right to file a complaint with the supervisory authority within 15 days of being informed of the decision. The individual may exercise the right to file a complaint with the supervisory authority at: The Information Commissioner of the Republic of Slovenia at the address: Dunajska 22, 1000 Ljubljana (e-mail: gp.ip@ip-rs.si, website: www.ip-rs.si).

 

The privacy policy is valid from 1.1.2025 onwards.