Privacy policy

The aim of this Privacy Policy is to inform individuals, services users, co-workers, business partners, employees and other persons (hereinafter: “individuals”), which cooperate with the company Algoritmik d.o.o. (hereinafter: “company”) in any way and legal form, about the purposes, legal basis and security measures and rights of individuals with regard to the processing of personal data, which is performed by the company.

We diligently protect your personal data since we appreciate your privacy.

We process your personal data in accordance with the European legislation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”)) and applicable legislation in the field of personal data protection (Slovenian Personal Data Protection Act (“ZVOP-1”, Official Gazette RS, no. 94/07 as amended)) and other applicable legislation, which gives us the legal base for the processing of personal data.

This Privacy Policy includes information for individuals how the company, as a controller, processes the personal data it receives from an individual based on the legal basis provided below.

Data Controller

The controller is the company:

Algoritmik d.o.o

Tomšičeva ulica 1, 1000 Ljubljana

info@typless.com

Contact person for the protection of personal data

The individuals, to whom the personal data relate, may contact us at info@typless.com or in writing to our address regarding any issues related to the processing of their personal data and the exercising of their rights under the GDPR.

Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing purposes and legal basis for the processing

The company collects and processes your personal data based on the following legal basis:

processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Fulfillment of a legal obligations

Based on the provisions of the applicable law, the company primarily processes personal data of its employees, which is permitted by labor law. Thus, on the basis of the applicable law, the company processes for the purposes of employment relationship mainly the following types of personal data: first and last name, gender, date of birth, PIN, tax number, place, municipality and country of birth, citizenship, residence, etc.

Performance of the contract

In case where you as an individual conclude a contract with the company such a contract represents legal basis for the processing of your personal data. We can process your personal data for the conclusion and performance of the contract, e.g. sale of goods and services, ensuring support services, attendance at the events, education, promotions, etc. If in individual does not share its personal data with the company, the company cannot conclude a contract or deliver the goods or perform the services in accordance with the concluded agreement since it does not possess the required data for the performance. The company may based on the performance of the legitimate activities inform the individuals and service users to their electronic addresses about its services, events, educational events, offers and other contents. An individual may at any time request the termination of such communication and processing of its personal data and recalls receiving of the messages via the unsubscribe link in the inbox or as a request via email to info@typless.com or by regular mail to the company’s business address.

Legitimate interest

The company may process personal data also based on legitimate interest, which the company pursues. The latter is not permissible where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject who requires the protection of personal data. In case of use of legitimate interest, the company shall always conduct the assessment in accordance with GDPR. Processing of personal data of individuals for the direct marketing purposes shall be deemed to have been done in the legitimate interest. Therefore the company may process personal data of individuals, which the company collected from publicly accessible sources or based on legal performance of its activities, also for the purposes of offering goods, services, employment, notifications about the benefits, events, etc. For achieving these purposes the company may use regular mail, telephone calls, e-mail and other telecommunication means. For the direct marketing purposes the company may process the following personal data of individuals: name and surname, permanent or temporary residence, telephone number and e-mail address. The aforementioned personal data may also be processed by the company for direct marketing purposes without the express consent of the individual. An individual may at any time request the termination of such communication and processing of its personal data and recalls receiving of the messages via the unsubscribe link in the inbox or as a request via email to info@typless.com or by regular mail to the company’s business address.

Processing on the basis of consent

If the company has no legal basis in the law, contractual obligation or legitimate interest, it may ask the individual for the consent. If an individual gives its consent, the company may process certain personal data also for the following purposes:

processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
the data subject has given consent to the processing of his or her personal data for one or more specific purpose;
processing is necessary in order to protect the vital interests of the data subject or of another natural person.

If an individual gives its consent for the processing of its personal data and at some point later wishes to withdraw its consent, it may request the termination of the processing of personal data by sending the request via email to info@typless.com or by regular mail to the company’s business address. The withdrawal of the consent shall not affect the lawfulness of the processing on the basis of consent prior to its withdrawal.

Processing is necessary in order to protect the vital interests of an individual

The company may process personal data of the data subject in case it is necessary to protect its vital interests. The company may therefore search for identity document of an individual, verify that the individual exists in its database, examine its medical history or contact its relatives for which the company does not need its consent. The mentioned applies in case it is necessary to protect vital interest of an individual.

Storage and erasure of personal data

The company shall store personal data as long as it is necessary to fulfil the purpose for which the personal data have been collected and processed. If the company processes the data on the basis of the law, it will retain it for the period prescribed by the law. In doing so, some data is retained for the duration of the cooperation with the company and some data must be retained permanently in accordance with the law. Personal data processed by the company on the basis of a contractual relationship with an individual shall be retained by the company for the period necessary to execute the contract and for a further period of 6 years after its termination, unless there is a dispute between the individual and the company regarding the contract. In such a case, the company shall retain the personal data for 10 years after the court decision, arbitration or court settlement has become final or, in the absence of a court dispute, for 5 years from the date of the peaceful settlement of the dispute. Any personal data that is processed by the company based on the personal consent of the individual or a legitimate interest, will be retained by the company until the consent is withdrawn or until the request for erasure is given. After receiving the withdrawal of the consent or request for erasure, the company shall delete the data in 15 days at the latest. The company may delete such data also before the withdrawal of the consent provided that the purpose of the processing of personal data has been achieved or if so provided by the law. Only exceptionally may the company refuse a request for erase for the reasons set out in GDPR, such as: for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, for the establishment, exercise or defense of legal claims. After the retention period has elapsed, the company must effectively and permanently erase or anonymize personal data so that it can no longer be linked to a specific individual.

Contractual processing of personal data and transfer of personal data

The company may entrust a processor (pogodbeni obdelovalec) individual processing activities based on the contract. The processor may process entrusted personal data only on behalf of the controller, in the scope of its authorization, included in the written contract or other legal act and in accordance with the purposes, stated in this Privacy Policy. The processor, with which the company cooperates, are primarily:

accounting services and other providers of legal and business consulting services;
infrastructure maintainers (video surveillance, security, cleaning services);
maintainers of information systems;
email and software providers, cloud service providers (e.g. AWS, Microsoft, Google…);
providers of social networks and online advertising (Google, Facebook, Instagram etc.).

In no case will the company pass personal data of the individual to third unauthorized parties. Processors may process personal data only in accordance with the instructions of the company and shall not use the personal data for any other purpose. The company as the controller and its employees shall not transfer personal data to third countries (outside of member states of European Economic Area – members states of EU and Island, Norway and Liechtenstein) and international organization, except to USA whereas the processors from the USA are included in the program between EU-ZDA titled Privacy Shield. More about the Privacy Shield EU-ZDA on the internet page of the information Commissioner: https://www.ip-rs.si/varstvo-osebnih-podatkov/obveznosti-upravljavcev/iznos-osebnih-podatkov-v-tretje-drzave/iznos-osebnih-podatkov-v-zda/.

Cookies

The company website works with the help of the so-called cookie. Cookie is a file that saves the settings of the web page. Web sites store cookies on users’ devices with which they access the internet in order to identify individual devices and settings that users have used when accessing them. Cookies allow websites to identify if a user has already visited this website, and with advanced applications, the cookies can be used to adjust individual settings accordingly. Their storage is under the complete control of the browser used by the individual, which may limit or disable the storage of cookies. Cookies are fundamental to providing friendly online services to individuals. Cookies are used to store information about the status of each website, to help collect statistics about users and website traffic, etc.

Name of cookie	Duration	Function
_ga	2 years	It is used for separation between users.
privacy_embeds	1 year	Acceptance of cookie creation by site visitor.
AMP_TOKEN	30 seconds – 1 year	Contains a token that can be used to obtain a client ID from the AMP Client ID service.
_gid	24 hours	Used to distinguish between users.
_gat	1 minute	Used to control access to a website.
_gac_	90 days	Contains information related to campaigns for the user.
pum-1754	Session duration	Contains information whether the user has already seen a newsletter subscription popup.
_hjIncludedInSample	1 year	Information whether the user included in the sample.
_hjid	1 year	Identification of the user.
NID	6 months	Settings.
UserMatchHistory	30 days	LinkedIn Ads ID syncing
lang	Session	Sets default locale/language
lidc	1 day	Used for routing
lissc	1 year	Pending
rdt_uuid	3 months	Remarketing on reddit.com
bcookie	2 years	Browser ID cookie
bscookie	2 years	Secure Browser Cookie
reddaid	2 years	Remarketing on reddit.com
personalization_id	2 years	Remarketing on twitter.com
fr	3 months	Advertisement on facebook.com

Storage and management of the cookies is under the complete control of the browser, used by the user which may limit or disable the storage of cookies. The cookies already stored by the browser can also be deleted. Deletion instructions can be found on the websites of individual browser.

Data protection and data accuracy

The company takes care of the information security and the infrastructure security (premises and application system software). Our information systems are protected, among other things, by anti-virus programs and a firewall. We have implemented appropriate organizational and technical security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other illegal and unauthorized forms of processing. In the case of the transfer of specific categories of personal data, we transfer it in encrypted form and password protected. It is the responsibility of the individual to provide their personal data in a secure manner and that the data provided is accurate and authentic. The company will endeavor to keep the personal data it processes accurate and, where necessary, updated. The company may periodically contact you to confirm the accuracy of your personal data.

Rights of individuals regarding the processing

An individual has the following rights in accordance with the GDPR:

It may request information as to whether we have its personal data and, if so, what data we have and on what basis we have such data and why we use the data for.
It may request access to its personal data, which enables it to receive a copy of the personal data held by the company and to verify that the company is processing its personal data lawfully.
It may require the correction of personal data, such as the correction of incomplete or inaccurate personal data.
It may request the erasure of its personal data when there is no reason for further processing or when it exercises its right to object to further processing.
It may object to the further processing of personal data where the company invokes a legitimate business interest (even in the case of a legitimate third party interest) when there are reasons related to the individual’s particular situation; an individual has the right to object at any time if the company processes personal data for direct marketing purposes.
It may require a restriction on the processing of its personal data, which means the interruption of the processing of personal data, for example, if the individual wants the company to determine the accuracy of personal data or to verify the reasons for further processing of the personal data.
It may request the transfer of its personal data in a structured electronic format to another controller, as far as possible and practicable.
It may withdraw the consent it has given for the collection, processing and transfer of its personal data for a specific purpose; upon receipt of the notice that it has withdrawn its consent, the company will cease processing personal data for the purposes originally accepted, unless the company has other legal basis to do so lawfully.

If an individual wishes to exercise any of the aforementioned rights, he or she may send a request by email to info@typless.com or by regular mail to the company’s business address. Access to an individual’s personal data and exercising of the aforementioned rights are free of charge for the individual. However, a company may charge a reasonable fee if the request of the data subject is manifestly ill-founded or excessive, especially if it is repeated. In such a case, the company may also reject the request. In the event that the aforementioned rights are exercised, the company may need to request certain information to assist it in verifying the identity of the individual, which is merely a security measure to ensure that personal data is not disclosed to unauthorized persons. In exercising the aforementioned rights, an individual may use the Information Commissioner’s form available on their website, available at: https://www.ip-rs.si/fileadmin/user_upload/doc/obrazci/ZVOP/Zahteva_za_seznanitev_z_lastnimi_osebnimi_podatki__Obrazec_SLOP_.doc V primeru, da posameznik meni, da so mu pravice kršene, se lahko za zaščito ali pomoč obrne na nadzorni organ oz. na informacijskega pooblaščenca. Povezava na: https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/. Should you have any questions regarding the processing of your personal data, you can always contact our company by email at info@typless.com or by regular mail at the company’s business address.

Publication of changes of this Privacy Policy

Any changes to this Privacy Policy will be published on the company’s website: https://typless.com. By using the website, the individual acknowledges that he or she accepts and agrees to the entire content of this Privacy Policy. This Privacy Policy was adopted by the Managing Director of the company, Rihard Jarc on 9 May 2019.