Last update: 25.04.24
PRIVACY NOTICE
This document details the privacy policies of the website operated by effortlesstalk.com (hereinafter known as "Website" or "Websites") concerning the collection and use of personal information you supply while using the SOFIMED, internetne storitve, d.o.o. Website to access SOFIMED, internetne storitve, d.o.o. Service. It further outlines your options concerning our handling of your personal data and how you can control and manage this information.
Visiting the Website does not necessitate revealing personal information, but should you decide to use SOFIMED, internetne storitve, d.o.o. Service via our Website, it may be necessary to gather and process personal data.
In such instances, we typically seek the user's consent as the data subject. According to GDPR regulation Article 37/1, SOFIMED, internetne storitve, d.o.o. is not required to designate a Data Protection Officer (DPO). Nonetheless, SOFIMED, internetne storitve, d.o.o. has designated a person responsible for overseeing GDPR compliance, who will handle any queries, requests, or concerns regarding data protection. This individual is reachable for contact through [email protected] email.
SOFIMED, internetne storitve, d.o.o. is committed to adhering to the General Data Protection Regulation (GDPR) and any applicable data protection laws in various countries when handling personal information such as names, addresses, email addresses, phone numbers, or billing details of any individual ("data subject"). This Privacy Policy is designed to transparently convey the types, extent, and purpose of the personal data that we collect, use, and process. Furthermore, it aims to educate data subjects (users) about their rights regarding their personal information.
Being the data controller, SOFIMED, internetne storitve, d.o.o. has adopted comprehensive technical and organizational safeguards to ensure the highest level of protection for the personal data managed on this Website.
Within the scope of this Privacy Policy, "we", "us", "our", and "SOFIMED, internetne storitve, d.o.o." all denote SOFIMED, internetne storitve, d.o.o..
It's also significant to note that our services are not targeted towards minors, and our Website is not intended for users under the age of 18.
CONSENT AND DATA PROCESSING
At SOFIMED, internetne storitve, d.o.o., we prioritize the privacy and control of our users over their personal data. Consent from individuals - known as data subjects or users - forms the foundation of our data processing activities. Here's an overview emphasizing the key aspects of consent and data processing in our operations:
· Consent: A voluntary, specific, informed, and unequivocal indication by the data subject, given through a clear affirmative action, allowing the processing of their personal data.
· Data subject/user: Any natural person who is identifiable or identified, whose personal data is processed by SOFIMED, internetne storitve, d.o.o.. This encompasses: the collection, storage, structuring, modification, retrieval, consultation, use, distribution, merging, deletion of data. These processes can be carried out with or without automated means.
· Personal Data: Any information related to a data subject/user that can identify them either directly or indirectly. This may include, but is not limited to: name, identification number, location data, online identifiers, physical, physiological, genetic, mental, economic, cultural, or social identity factors.
Our commitment to responsible data processing reflects our dedication to protecting the privacy and rights of our users. By ensuring that data subjects are fully informed and willingly consent to data processing activities, SOFIMED, internetne storitve, d.o.o. remains compliant with GDPR and other data protection laws, ensuring the highest standards of privacy and data security.
PERSONAL INFORMATION
If you wish to cease receiving future emails from us, you have the option to unsubscribe by navigating to the "Unsubscribe Page" or by following the contact instructions provided at the conclusion of this Privacy Policy.
It may take us up to 10 (ten) business days to fully process your opt-out request. For adjustments or updates to your personal information that we have on file, kindly reach out to us utilizing the contact details outlined at the close of this Privacy Policy.
Retention Period for Personal Data
The length of time we hold personal data is governed by the applicable legal retention period. Once this period concludes and the data is no longer required for its intended purpose, we systematically and securely eliminate or dispose of the data, provided it's no longer essential for achieving the objective for which it was collected.
Data Control
The controller is obligated to handle and keep the personal data of the data subject only for the timeframe required to fulfill the objectives of providing the Service or to the extent permitted by laws or regulations established by European or other legislative bodies to which the controller adheres.
Data Retention and Deletion
In adherence to the principles of data retention and deletion, our commitment extends to safeguarding the privacy and protection of personal information. This commitment is not passive; it involves active measures to ensure that data is not held beyond its utility or the lawful retention period. Our policies are designed to comply strictly with legislations concerning data privacy, such as the GDPR for entities within the European Union, emphasizing the importance of data minimization and the restriction of data storage to the necessary duration for processing purposes.
Upon the expiration of this lawful period or when the data ceases to serve its original purpose, we engage in a systematic process of data deletion or de-identification. The deletion process is handled with the same level of security and confidentiality as data retention, ensuring that personal information is irretrievably erased from our records. Meanwhile, in certain cases where complete deletion is not immediately possible or where archival purposes serve a legitimate interest (always within the legal frameworks), data may be de-identified to remove any personal identifiers, thereby mitigating risks associated with data breaches or unauthorized access.
GATHERING AND UTILIZATION OF PERSONAL INFORMATION
In alignment with GDPR compliance efforts, SOFIMED, internetne storitve, d.o.o. adheres to the principle of data minimization to ensure the protection of personal data. The categories of personal information that we gather are outlined below and include essential details that enable us to offer our services effectively. These details encompass:
The user's full name, which includes both the first and last names;
· An e-mail address, which is crucial for registering an account and thus facilitates the user's access to utilize the SOFIMED, internetne storitve, d.o.o. Service;
· Billing details, which cover the user's full address, zip code, city, country, and telephone number, necessary for transaction purposes;
· The chosen method of payment, though it's important to note that we do not retain the full credit card number nor the expiration date;
· The IP address, which is provided by the user's Internet service provider (ISP) and plays a key role in identifying the data subject/user;
· Location data, aimed at gathering insights and statistics related to user engagement across different geographical areas.
When you subscribe to the SOFIMED, internetne storitve, d.o.o. Service, essential personal details are required under the category of User's Information. This encompasses identifiable information such as your full name (encompassing both first and last names) and email address, all of which are collected, processed, and stored by SOFIMED, internetne storitve, d.o.o. for account registration and management purposes. Additionally, you are required to provide Billing Information, inclusive of personal details that are partly retained by SOFIMED, internetne storitve, d.o.o. and partly processed by external payment providers. The utilization of your Personal Data encompasses several objectives, including:
· Enhancing your user experience by customizing the website and refining the SOFIMED, internetne storitve, d.o.o. Service;
· Delivering pertinent information to you through email concerning registration status, password verification, and payment verification;
· Facilitating communication regarding your engagement with the Service and any content/materials related to the Service;
· Distributing aggregated statistical data about our user base to our partners, ensuring this is done via secure methods and in compliance with data processing agreements (DPA).
COOKIE POLICY
Types of Data Collected and Their Uses
The types of information we collect are confined primarily to marketing-related data necessary for sending updates or promotional materials, along with basic personal details such as your name, address, telephone number, and email address. This information is used in a manner that keeps your identity private, treating it as anonymous statistical data. Importantly, we do not share these pieces of information with any external entities.
Cookies Usage Control
Certain web browsers provide the functionality to block cookies that do not align with your privacy settings. It is possible to configure settings to refuse new cookies, alert you to new cookies, and deactivate current cookies. However, it's important to note that completely turning off cookies may adversely affect your online experience, preventing you from fully enjoying all the services our website offers.
Certain sections of our website necessitate the acceptance of cookies to operate correctly. You have the flexibility to delete or decline cookies by modifying the settings in your web browser at any time you choose. For additional details, consider visiting www.allaboutcookies.org and/or www.youronlinechoices.com.
Cookie and Pixel Tag Policy
If your preference is to avoid Cookies, your browser may provide an option to disable them.
SOFIMED, internetne storitve, d.o.o. employs Pixel tags — also known as transparent GIFs, clear GIFs, or web beacons — which work alongside Cookies to identify users who visit the Website or who open our HTML-formatted emails. Users have the autonomy to prevent the activation of Cookies on our Website by adjusting the settings on their web browsers, thereby indefinitely blocking Cookies.
It's also feasible to erase Cookies that have already been saved, using a web browser or other software solutions at any time. Our website leverages Cookies to compile statistical reports. These Cookies are pivotal for customizing online experiences and facilitating online behavioral advertising.
We meticulously collect statistical information regarding which pages are frequented, the types of files downloaded, the internet service provider's domain and country, as well as the webpage addresses visited just before and after visiting SOFIMED, internetne storitve, d.o.o.. Utilizing Google Analytics, we can evaluate the potency of our advertising strategies and the ease of use and efficiency of our website.
Modification to Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. Any alterations will be reflected on our Website, so we encourage you to review our Privacy Policy frequently to stay informed. Changes made to this Privacy Policy will have no effect on personal data that has been collected from you either before or after these modifications are made. Should you have any concerns or disagree with the updated policy, please reach out to us as detailed further below.
LEGAL DISCLOSURES
At SOFIMED, internetne storitve, d.o.o., we prioritize the confidentiality of your service usage. However, under certain circumstances, it becomes necessary for us to reveal the personal information held within your account or residing on SOFIMED, internetne storitve, d.o.o.'s servers and databases. These instances include, but are not limited to, the following:
Adhering to legal obligations or responding to valid legal inquiries and processes directed towards us;
Addressing and scrutinizing potential violations of this Privacy Policy or instances where the Service might be used as a tool for unlawful activities;
Investigating activities suspected of being fraudulent;
Safeguarding the rights, property, or well-being of SOFIMED, internetne storitve, d.o.o., our employees, our clientele, or the general public.
SOFIMED, internetne storitve, d.o.o. maintains a staunch commitment to protecting your privacy, yet these measures are pivotal for compliance and ensuring the overall safety and integrity of our services and stakeholders.
Should SOFIMED, internetne storitve, d.o.o. undergo a change in control through mechanisms like mergers, sales, assignments, or business liquidations, or if there is a direct or indirect sale of our publishing assets or Website(s), the personal data of users pertinent to the affected Website(s) will be passed on to the succeeding ownership.
You will receive notification regarding any such transitions, affording you the opportunity to assert your rights as delineated under GDPR. You retain the right to modify or erase your personal information, or withdraw consent at any moment by contacting us through the provided measures, or you can opt to follow any new procedures if the acquiring entity introduces an updated Privacy Policy.
In alignment with ensuring the safeguarding and lawful processing of personal data as per GDPR, we may disclose Information Gathering to third-party entities, including strategic allies for marketing activities, contingent upon the establishment of finalized data processing agreements.
For payment transactions, the controller might transfer the personal data of data subjects to various processors, such as payment gateways compliant with DPA, a necessary step attributed to the controller for enabling transactions that allow users access to and use of SOFIMED, internetne storitve, d.o.o. Service. Given our reliance on external technology providers to deliver our Services, there's a potential for your data to be moved across borders.
These tech service providers are allowed to handle the personal data we supply only as sub-processors and strictly adhering to the DPA, in line with GDPR requirements. However, it's crucial to underline that encryption efforts are rendered null if a data subject fails to securely manage and store their access credentials, including passwords. In scenarios where credentials are compromised due to the data subject’s negligence, the controller bears no liability for the resultant data breaches.
Should a breach of personal data occur, the controller is mandated to promptly report this incident to the appropriate supervisory body, ideally within a 72-hour window from the moment the breach is identified, barring impractical circumstances. Furthermore, should this breach carry a potential risk for unauthorized access to personal data, the controller is obligated to alert the impacted data subject at the earliest opportunity. Nonetheless, the obligation for the controller to notify the data subject can be circumvented if robust security measures were previously instituted, including encryption techniques, which were active on the data compromised during the breach.
RIGHTS TO PRIVACY FOR HOLDERS OF PERSONAL DATA
Right to Rectification
Under the rights recognized by European legislation, each individual whose data is collected holds the authority to demand that the controller swiftly amend any of their personal data that is incorrect. In line with the goals of processing, individuals are also entitled to enhance their incomplete personal data by contributing an additional declaration.
Right to Erasure
In accordance with the rights established by the legislation of the European Union, every data subject possesses the right to request that the data controller promptly erase any personal data concerning them, provided there are no justified reasons for its retention. The obligation falls on the data controller to delete the personal data without unnecessary delay under the following conditions, unless its processing remains indispensable:
The personal data is no longer necessary in relation to the purposes for which it was originally collected or otherwise processed.
The concerned data subject revokes their consent, which formed the basis of the data's processing according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and where there is no other legal ground for the processing.
The data subject opposes the processing pursuant to Article 21(1) of the GDPR, and no superior legitimate reasons for the processing exist, or the data subject contests the processing based on Article 21(2) of the GDPR.
Right to Restrict Processing
In alignment with the European legislation, every individual whose data is being processed is vested with the right to request that the data controller restrict processing in particular circumstances. Such conditions include but are not limited to the following scenarios:
When the accuracy of the personal data is contested by the data subject, buying time for the controller to verify the data's veracity.
In instances where data processing breaches legal statutes, yet the data subject prefers to limit the data's use rather than insisting on its removal.
The scenario where the data ceases to be necessary for the controller's processing purposes, but is retained by the data subject for the purposes of asserting, exercising, or defending legal claims.
Whenever the data subject has raised an objection to data processing based on Article 21(1) of the GDPR, and the determination of whether the controller's legitimate reasons supersede the data subject's reasons is pending.
If confronted with any of these circumstances, the data subject is encouraged to reach out to us via the contact details provided at the termination of this Privacy Policy. We commit to attending swiftly to such requests, ensuring their execution without undue delay.
Right to Data Portability
Every individual whose personal information is handled by a data controller is endowed with specific rights by the European legislature. Among these is the right to data portability, which empowers the data subject to obtain and reuse their personal data across different services. This right ensures that an individual can receive their data from a controller in a structured, widely used, and machine-readable format, enabling them to transfer that data to another controller effortlessly.
This process should face no obstacles from the controller that originally collected the personal data, provided that the data processing is founded on consent in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, or is based on a contractual obligation under point (b) of Article 6(1) of the GDPR. Furthermore, this right is applicable only when the data handling is executed through automated processes, and it does not impinge upon data processing that is essential for public interest tasks or the execution of an official authority endowed upon the controller.
Right of Access
Under the rights afforded by the European legislator, every individual whose personal data is held by a data controller is entitled to access their data at any moment. This includes not only the right to request and receive a copy of their personal data but also to be informed about various aspects of how their data is handled. Specifically, the data subject has the right to know:
· The objectives behind the processing of their data.
· The types of personal data that are being processed.
· The entities or categories of entities to whom the personal data has been disclosed, especially if these recipients are located in third countries or are international organizations.
· Whenever feasible, the duration for which the personal data is expected to be stored; if establishing this duration is impossible, the criteria used to determine it.
· The rights to modify or erase personal data held by the controller, to limit processing of the data subject's personal data, or to oppose such processing.
· The right to file a complaint with a regulatory body.
· In cases where the personal data was not sourced directly from the data subject, any information available regarding the source of the data.
This comprehensive access ensures transparency and control over personal data for individuals, reinforcing their rights in the digital age.
Automated Decision-Making and International Data Transfers
The legislation acknowledges the presence of automated decision-making processes, including profiling, as outlined in Articles 22.1 and 22.4 of the GDPR. Data subjects are entitled to understand critical details concerning the logic applied in these automated processes, their significance, and the potential impacts these decisions could have on them. Furthermore, individuals have a right to know if their personal data is being transferred to a third country or an international organization. In such instances, they are guaranteed the right to learn about the protective measures in place regarding these transfers. Should there be a need to inquire more about any of these practices, data subjects are encouraged to reach out to us following the guidelines provided at the conclusion of this Privacy Policy. We are committed to addressing and resolving any such requests without delay.
Right to Object
Under the rights conferred by the European legislator, every individual has the authority to voice objections to the processing of their personal data, specifically when such processing is derived from provisions outlined in Article 6(1), points (e) or (f) of the GDPR. This right extends to any profiling activities conducted under the same legal bases. Should individuals find themselves in situations where their personal circumstances justify such objections, they are empowered to reach out to us at their convenience, using the contact information provided at the close of this Privacy Policy. Our obligation is to act swiftly in acknowledging and implementing the request without undue delay.
Right to Confirmation
Every individual has the right, provided by the European legislator, to receive confirmation from the controller about whether their personal data is being processed.
Upon such a request, we will offer clear and precise information regarding the nature of the data being processed, the rationale behind its processing, and any other related aspects that might interest the individual. This is in line with our unwavering commitment to transparency and the upholding of an individual's rights under the GDPR.
APPLICABLE LAWS
This Privacy Policy is regulated and construed following pertinent legislation, encompassing the Data Protection Directive (95/46/EC) and Regulation 2016/679, which is focused on the safeguarding of individuals regarding the processing of Personal Data and on the unrestricted movement of such data, thus annulling Directive 95/46/EC ("GDPR"), commencing from May 25, 2018. Clients who visit the website from territories beyond the European Union bear the responsibility for adherence to all applicable local laws, as far as such laws are applicable.
The GDPR distinguishes between two key roles involved in the handling of personal data: the data controllers and the data processors. The role of a data controller involves establishing the objectives and means of processing personal data. In this scenario, all SOFIMED, internetne storitve, d.o.o. clients, encompassing both entities and individuals, fulfill the role of data controllers. This places SOFIMED, internetne storitve, d.o.o. in the position of a data processor, given its activities related to processing your personal data. It bears the responsibility of not only adhering to GDPR standards but also ensuring that any data processors it collaborates with comply with the GDPR.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to update or modify this privacy policy at any time and for any reason. Such changes will be effective immediately upon posting of the revised policy on our website. We encourage our users to regularly review our privacy policy to stay informed about how we are protecting the personal information we collect. The date of the last revision will be clearly displayed at the top of the policy, making it easy for users to determine when the policy has last been updated.
Significant changes to our privacy practices will be communicated to our users through our website or, where appropriate, through direct notification. However, we recommend that all users periodically review this policy to ensure they are informed of any changes and how their information may be used.
Your continued use of our services following the posting of changes to this privacy policy will mean you accept those changes. We understand the importance of privacy and are committed to being transparent about our practices, including how we treat your personal information. If you have any questions about our privacy policy or our data protection practices, please contact us at our support channel.
CONTACTS
Should you have inquiries regarding this Privacy Policy, or if you desire to modify your personal data or opt out of our database, we encourage you to reach out via email to [email protected]. Please ensure that the subject line of your email exclusively reads "Re: Privacy Policy".
Pursuant to Articles 6-III and 19 of the Law No. 2004-575 from June 21, 2004, for building Confidence in the Digital Economy, referred to as LCEN, we provide users and visitors of the effortlesstalk.com site with the following details:
OWNER STATUS: Company
PREFIX: LTD
COMPANY NAME: SOFIMED, internetne storitve, d.o.o.
ADDRESS: Tržaška cesta 2, Ljubljana, 1000, Slovenia
COMPANY NUMBER: 6732917000
COMPANY DIRECTOR: Blatnik Peter
VAT: SI45902089
EMAIL ADDRESS: [email protected]
SITE BUILDER: SOFIMED, internetne storitve, d.o.o.
PUBLISHING MANAGER: SOFIMED, internetne storitve, d.o.o.
RESPONSIBLE PERSON FOR THE PUBLICATION: [email protected]
RESPONSIBLE PERSON FOR THE PUBLICATION AS A LEGAL PERSON:
WEBMASTER: SOFIMED, internetne storitve, d.o.o.
CONTACT THE WEBMASTER: [email protected]