Who we are
Our website address is: https://klimalab.si. You can read more about us on the About us subpage.
Comments
When visitors leave comments on the website, we collect the information displayed in the comments form.
Cookies
Information about cookies is provided on the web subpage of this website https://klimalab.si/cookies/.
Notice to individuals pursuant to Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data
Our organization has not yet appointed a Data Protection Officer. All questions, requests, inquiries and other communications related to the area of personal data protection in our organization can be addressed to: barbara@klimalab.si.
Our organization collects, stores and otherwise processes certain information and data, including personal data, as provided for in the Personal Data Protection Act (ZVOP-2) or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the General Data Protection Regulation or GDPR ).
Purpose and use of this notice
This notice describes how our organization processes the personal data of individuals who have entrusted their personal data to it directly as a personal data controller in connection with the website klimalab.si (e.g. when loading cookies when visiting the website, when filling out and submitting a contact form, etc.).
Use of terms and changes to this notice
Unless otherwise stated, the terms used in this notice (e.g. personal data, processing, controller, processor, etc.) have the same meaning as in the GDPR.
The phrase website or web page means klimalab.si and also includes all associated subpages and connected servers and systems.
We may update or change the information and statements in this notice from time to time, and notice of any major changes will be posted on our website.
In the event of significant changes (e.g. regarding the legal bases and purposes of processing already collected data), we will notify individuals of the proposed changes via email or other appropriate means.
- Overview of collections and types of personal data, categories of individuals to whom personal data refer, envisaged deadlines for the deletion of personal data, and legal bases for processing and purposes and types of processing
1.1. Processing table
|
NAME OF THE CONTROLLER’S PERSONAL DATA COLLECTION |
TYPES OF DATA IN THE PERSONAL DATA COLLECTION |
CATEGORIES OF INDIVIDUALS TO WHOM THE PERSONAL DATA RELATES |
EXPECTED DEADLINES FOR DELETING PERSONAL DATA* |
LEGAL BASIS FOR PROCESSING, PURPOSES OF PROCESSING AND TYPES OF PROCESSING OF PERSONAL DATA ** |
|
Information about an individual who communicates with the organization via email addresses and other communication channels available on the website |
First and/or last name of the individual communicating with our organization
Any email address of an individual communicating with our organization
Any telephone number of an individual communicating with our organization
Any personal data that is included in communication with an individual |
Personal data of an individual who voluntarily communicates with the organization (e.g. inquires about the organization’s services, arranges to visit the branch via a published email address or contact form, etc.). |
Until the purpose of processing individual personal data for which the data was collected has expired (e.g. until the end of communication) .
|
Based on negotiations for the conclusion of a contract ( i.e. obtaining information about or ordering a service or other voluntary communication of an individual with the organization in this regard), the organization may process data in ways that are logically related to negotiations regarding the implementation of the subject of the service or preparation of a response (e.g. storage in the electronic messaging system for the purposes of response and possible further communication, storage of data in the organization’s archive, etc.). |
|
Data of individuals who have signed up to receive the organization’s newsletters |
Individual’s email address
|
Personal data of an individual who has consented to the organization occasionally sending information, advice and other useful information regarding the organization’s products/services to their email address.
|
To unsubscribe from receiving electronic communications, with an unsubscribe link included in each email. *An individual can always request deregistration or deletion of data by sending their request to the official email address of the organization, which is listed at the beginning of this document.
|
Based on the consent obtained, the organization may process the data ( i.e. store and use it in connection with the electronic messaging system) solely for the purpose of providing information, advice and other useful data regarding the organization’s services.
|
|
Information we obtain from website visitors using cookie technology providers |
Data described for each type of necessary or non-necessary cookie (such as IP address, session time, browser data, etc.) (see our dedicated cookie policy) |
Personal data of an individual who visits our website and installs necessary or non-necessary cookies (see our dedicated cookie policy). |
(See our dedicated cookie policy) |
(See our dedicated cookie policy) |
*The organization reserves the right, in certain cases based on its legitimate interests, to retain certain data for longer than the written periods specified above (e.g. in the case of an inspection procedure in connection with a service/competition/form), whereby in all such cases the organization will limit the retention of data to those data that are necessary for the pursuit of such legitimate interest. An individual may always request the deletion of data by sending their request to the official email address listed at the beginning of this document.
** In relation to the purposes described above (e.g. data storage), data may be transferred for processing to the contractual partners of the organization ( subprocessors ), which are listed in section 3.3. of this notice. Subprocessors may process data only in connection with the performance of tasks assigned to them and which are directly related to the purposes pursued.
1.2 The legal basis for processing personal data may lie in the performance of a contract or negotiations for the conclusion of a contract.
We may process individuals’ personal data on the basis of a concluded contract (e.g., performance of a service) or negotiations for the conclusion of a contract (e.g., when an individual contacts us through our official communication channels and wishes to obtain more information about our services).
In the described cases, you provide us with personal data as part of a contractual obligation or as part of negotiations to conclude a contract, whereby we consequently do not need your explicit consent for the processing of your personal data described above.
If we otherwise need your personal data to perform our services and you do not provide us with this data, there will be no negative consequences. However, such situations may significantly complicate or even make it impossible to perform the ordered services or our cooperation, and in such cases you will be informed about this in advance or subsequently.
1.3. The legal basis for processing your data may also be the law
The organization also processes personal data for the purposes of fulfilling legal and other regulations , especially those governing taxes and accounting ( e.g. records of issued and received invoices, etc. ), e.g.:
– when an inspector or other public authority instructs an organization to entrust the personal data of a specific customer/visitor to it in accordance with the law ( e.g. in the context of carrying out an inspection under the provisions of the Inspection Act (ZIN) ,
– when the organization processes the personal data of the customer to whom it issued an invoice, the organization processes this invoice and data about the customer ( e.g. personal name, contact details, etc. ) on the basis of the Value Added Tax Act (ZDDV-1) (see chapter 3.2.), etc.
1.4. Based on the legitimate interests of the organization
We may also process certain personal data for the purposes of protecting our own legitimate interests. This is the case, for example, when the processing of your data would be necessary for administrative, criminal or civil proceedings (e.g. when the organization would have to submit the database as evidence in the proceedings, otherwise the organization would suffer a penalty or suffer serious and irreparable damage), in which case we will always process only those data that are strictly necessary for the pursuit of such legitimate aims.
The organization may also process an individual’s personal data in cases where processing is necessary to protect the vital interests of the individual (e.g., access to the address of an individual who is in immediate and serious danger to his or her life).
1.5. Based on the consent obtained
In principle, cooperation with us and use of the organization’s services are not conditioned on your consent to the processing of personal data.
However, we may also process your personal data in the organization based on your explicit consent ( i.e. consent). An individual’s explicit consent is considered to be their voluntary declaration of will by which they agree to the processing of certain personal data for a specific purpose (e.g. your consent to receive our information messages), in which case we process the data listed in the section of the table from point 1, where it is indicated that the processing is based on consent.
You may unsubscribe from such communications at any time by following the link contained in each such email or by contacting us at the address provided at the beginning of this document.
Based on your consent, our online advertising may also be carried out if, when visiting our website, you agreed to the installation of optional (advertising) cookies and tracking pixels of our advertising partners (e.g., the installation of the Google Analytics cookie, which allows us to more easily advertise our services to you on other websites, etc.). A detailed list of optional cookies of our advertising partners, the data we process with them, and the retention periods for this data is defined on the “Cookies” subpage.
The organization guarantees the individual the right to withdraw their explicit consent at any time in a simple manner, i.e. by contacting us at any time at the email address provided at the beginning of this document.
The withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent until the moment of withdrawal.
If you do not provide consent to the processing of personal data, provide partial consent, or (partially) revoke your consent, we will, to the extent possible, cooperate with you only to the extent of the consent given or in ways permitted by applicable law.
Consent is voluntary and if you decide not to provide it, or if you later revoke it, this does not in any way affect your other rights or pose additional costs or aggravating circumstances for you.
- How long do we store or process your personal data?
The period for which personal data is retained depends on the basis and purpose of the processing of each category of personal data. Personal data is generally retained for as long as is necessary to fulfil the purpose for which the data was collected, or as long as a regulation requires that we retain it, after which it is deleted.
If the retention period of individual data is not specified in more detail in the table in Chapter 1, the following applies:
– Data related to the concluded contract or the provision of our services and issuing invoices. Until the expiration of the retention period or the fulfillment of the purpose of processing individual personal data, whereby the organization can generally store the data for 6 years after the end of cooperation or even longer (e.g. data on the invoice), whereby we store the personal data of subscribers on invoices for 10 years, as such an obligation is imposed on the organization by the Value Added Tax Act (ZDDV-1),
– Data about an individual who communicates with the organization via email addresses and other communication channels available on the website is stored until the purposes of processing individual personal data for which the data was collected expire (e.g. until the end of communication) or until 4 years have passed since the last communication with the individual.
– Based on your explicit consent to marketing communication or our legitimate interest in advertising to people who are already our customers, we store the data until the person withdraws their consent.
– Data of individuals applying for a vacant position in the organization, whereby the data is stored until the completion of the employment process, unless the organization has obtained explicit consent from the individual for longer data storage.
The organization may retain the data for 15 days after the expiration of the specified retention period in order to be able to destroy the stored data from all data carriers and servers during this period.
An individual can always request the deletion of data by sending their request to the organization’s official email address at the address listed at the beginning of this document.
- Who within and outside the organization processes your personal data (personal data users)?
3.1. Certain employees in the organization
Your personal data is processed by those employees of the organization who need the data to perform their work tasks. All employees are committed to confidentiality and to respecting the protection of personal data.
3.2. State authorities
In certain cases prescribed by applicable law, the organization must also provide your personal data or report it to competent state authorities, as well as to authorities responsible for financial, tax or other supervision ( e.g. the Office of the Information Commissioner of the Republic of Slovenia, etc. ). In certain cases, the organization is also obliged to provide data to third parties if such an obligation to provide or disclose is imposed on the organization by law or by the legal entitlement of a third party.
3.3. Contractual processing of personal data
In addition to employees of the organization, users of personal data may also be employees of the organization’s contractual processors, who may process personal data as confidential solely on behalf of the organization and within the limits of the contract on external processing of personal data that the organization has concluded with each such processor. Contract processors may process personal data only within the framework of the organization’s instructions ( i.e. the contract), and may not use the data to pursue any of their own interests.
The organization will not share your personal information with unauthorized third parties.
To obtain a detailed list of all of the organization’s contracted subprocessors , you can write to us at the email address provided at the beginning of this document.
3.4 Website hosting service provider
Our website is hosted on the servers of a company based in the Republic of Slovenia.
3.5. Export of personal data to third countries and international organizations and measures to protect transferred data
Our organization does not, as a rule, transfer personal data to third countries ( i.e. outside the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and to international organizations.
An exception to the above is the occasional transfer of certain technical and personal data to the servers of the above-mentioned processors, whose headquarters or servers are located in the USA (i.e. automatic transfer of certain data collected by cookies of companies from the USA – more in our cookie policy, our sending of emails using the services of MailerLite , Inc. , a Delaware company). corporation at 548 Market St, PMB 98174, San Francisco, CA 94104-5401, USA), with the relevant contract processors being former members of the “ Privacy Shield ” (https://www.privacyshield.gov/) and after July 12, 2020, they comply with and have adopted security measures in relation to the receipt or transfer of data (e.g. standard contractual clauses) or have duly completed and achieved full self-certification in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on an adequate level of protection of personal data in the EU-US data privacy framework (i.e. in the sense of the new framework for data transfers between the EU and the US in accordance with the aforementioned adequacy decision from July 10, 2023).
a list of all such sub-processors by sending a request to the email address provided at the beginning of this document.
- Processing and protection of special categories of personal data
We do not direct individuals to provide sensitive personal data ( i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data, data concerning health, or data concerning an individual’s sex life or sexual orientation) in connection with our website or services.
If the organization becomes aware of a situation in which such data would be disclosed to it, the data received will be protected or other appropriate action will be taken.
- What are your rights regarding your personal data and how can you exercise them?
In relation to this notice on the processing of personal data or the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without reservation via the email address provided at the beginning of these General Terms and Conditions.
You can also use the address provided to send your requests and exercise other rights related to personal data and the GDPR.
As a data subject, the GDPR gives you the opportunity to exercise the following rights against our organization:
Right to information: Individuals have the right to be informed about the collection and processing of their personal data.
Right of access: Individuals have the right to access their personal data and obtain information about how the data is processed, as well as a copy of the data itself.
Right to erasure (right to be forgotten): Individuals have the right to request the erasure of their personal data in certain circumstances.
Right to withdraw consent: Where the processing of personal data is based on consent, individuals have the right to withdraw their consent at any time without suffering any negative consequence.
Right to rectification: Individuals have the right to request the rectification of inaccurate or incomplete personal data. If the data has been disclosed to third parties, we will, where possible, inform those third parties of the rectification.
Right to restriction of processing: Individuals have the right to request the restriction of processing of their personal data. This right applies in certain cases, for example, where the accuracy of the data is disputed or the individual has objected to its processing.
Right to data portability: Individuals have the right, in certain cases, to receive their personal data in a structured, commonly used and machine-readable format. They may also request that their data be transmitted to another controller, where the processing is based on consent or a contract and where the processing is carried out by automated means.
Right to object: Individuals have the right to object to the processing of their personal data based on legitimate interests or public interest/exercise of official authority. In such cases, we will cease such processing unless we can demonstrate compelling legitimate grounds which override the individual’s interests, rights and freedoms.
Rights in relation to automated decision-making and profiling: Individuals have the right not to be subject to solely automated decisions, including profiling, that significantly affect them. They also have the right to obtain human intervention, to express their point of view and to complain about such decisions.
Right to lodge a complaint with a supervisory authority: If you believe that the processing of personal data carried out by our organisation in relation to you infringes the regulations on the protection of personal data, you may, without prejudice to any other (administrative or other) legal remedy, lodge a complaint with a supervisory authority, in particular in the country where you have your habitual residence, where your place of work is located, or where the infringement is alleged to have occurred (in Slovenia this is the Information Commissioner):
– Information Commissioner , Dunajska 22, 1000 Ljubljana, email address: gp.ip@ip-rs.com , phone: 012309730, website: www.ip-rs.com .
A list of other EU supervisory authorities and their contact details is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#.edoms .
- Existence of automated decision-making and profiling
The processing carried out by our organization does not include automated decision-making and profiling based on your personal data.
- Processing of personal data of persons under the age of 15
Our organization has focused the development and provision of its services on collecting personal data from persons over the age of 15. In cases where a younger person uses the organization’s services, the organization will, if it becomes aware of such a case, obtain the consent of the parent or guardian of such person.
If the organization subsequently determines that personal data of a person under the age of 15 is being processed in connection with the service and their parent or guardian has not consented to this, it will do everything necessary to ensure that all personal data collected is deleted.
The aforementioned persons or their parents or guardians may at any time submit their requests for the deletion of the relevant data to the email address provided at the beginning of this document.
- Who can you contact for further clarification regarding the processing of personal data and your rights?
You can contact us at any time regarding the processing of your personal data at the email address provided at the beginning of this document.
- Protecting your personal data
In the organization, we carefully store and protect personal data using organizational, technical, and logical-technical procedures and measures to protect data from accidental or intentional unauthorized access, destruction, alteration, or loss, as well as unauthorized disclosure or other form of processing to which you have not expressly consented.
For this purpose, the organization has also adopted appropriate internal processes and established various measures (e.g. assigning, using and changing passwords, locking premises, offices, and server and workstation locations, regularly updating support software and upgrading security-related components, physically protecting materials containing personal data in specially designated places, training employees, etc.). The organization also demands the same security requirements from its contractual processors.
- Version and date of last update of this notice
The text of this notice represents version 1.0 of this document. This notice was last updated on 14/05/2025.
Klimalab, an innovative climate consulting and education company, d.o.o.