Privacy policy

PRIVACY POLICY

The purpose of the privacy policy is to familiarize siBIM members with the purposes and basis of personal data processing by the association siBIM - SLOVENIAN ASSOCIATION FOR INFORMATION MODELING IN CONSTRUCTION Slovenčeva ulica 93, 1000 Ljubljana (hereinafter: siBIM or the provider or manager of personal data).

At siBIM, we value your privacy, which is why we always carefully protect your data.

This privacy policy may be changed or amended at any time without prior warning or notice. By using the provider's website after a change or amendment, the individual confirms that he agrees with the changes and amendments.

All our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals in the processing of personal data and on the flow of such data (General Data Protection Regulation or GDPR) and the conventions of the Council of Europe (ETS No. 108, ETS No. .181, ETS no. 185, ETS no. 189) and the national legislation of the Republic of Slovenia (Act on the protection of personal data (ZVOP-1, Official Journal of the Republic of Slovenia, no. 94/07)) ZEPT, Official Journal of the Republic of Slovenia, No. 96/09 and 19/15).

The privacy policy deals with the handling of information that the provider obtains from you when you visit and use the siBIM websites or provide it in another way.

Controller and authorized person for data protection

The controller of personal data is siBIM - SLOVENIAN ASSOCIATION FOR INFORMATION MODELING IN CONSTRUCTION Slovenčeva ulica 93, 1000 Ljubljana.

The siBIM association has appointed an authorized person for data protection, who can be reached at contact@sibim.si.

Information about the authorized person

društvo siBIM - SLOVENIAN ASSOCIATION FOR INFORMATION MODELING IN CONSTRUCTION Slovenčeva ulica 93, 1000 Ljubljana

Responsible person

dr. Andrej Tibaut

E-mail address

contact@sibim.si

Telephone

+386 31 307 731

 

Personal data

Personal data is information that identifies you as a specific or identifiable individual. An individual is identifiable when it can be directly or indirectly identified, in particular by specifying an identifier such as name, identification number, location data, online identifier, or by specifying one or more factors that characterize the individual's physical, physiological, genetic, mental, economic, cultural or social identity.

The provider collects the following personal data in accordance with the purposes defined below in this privacy policy:

·         basic information about the user (name and surname, residential address, date of birth, location);

·        contact information and information about your communication with the controller (email address (email), telephone number, date, time and content of postal or email communication);

·        channel and campaign – the method of acquiring a member or the source through which the user came into contact with the administrator (website, phone call, physical contact);

·        data about the user's services and issued invoices (date and place of service, service prices, total amount of services, method of payment, invoice number and date of issue, identifier of the person who issued the invoice, etc.);

·         data on the user's use of the operator's website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, settings made on the website) and data on the use of received messages (e-mail, SMS) of the controller;

·         data from voluntarily completed forms by the user, e.g. in the framework of prize games;

·         other data that the user voluntarily provides to the provider when requesting certain services that require this data.

The provider does not collect or process your personal data, except when you allow it or you agree to this, i.e. when ordering a service, when you subscribe to receive notifications, participate in a prize game, etc., or when there is a legal basis for the collection of personal data or the provider has a legitimate interest in the processing.

The time period during which the Provider stores the collected data is defined in more detail in the Personal Data Storage chapter of this Policy.

 

Purposes of processing and basis for data processing

The provider collects and processes your personal data on the following legal bases:

·         law and contractual relations,

·         legitimate interest.

Processing based on law and contractual relationships

In the case where the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and implementation of a contract with the provider, or a legal obligation, you must provide personal data; if you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider provide you with services under the contract, as it does not have the necessary information to perform the contract.

• Conclusion of membership

Conclusion of membership concluded with the provider, communication with you, verification of your payments and fulfillment of other obligations of the provider and/or your obligations (legitimate interest of the provider in processing your personal data, point (f) of Article 6 (1) GDPR).

• Direct notification of members about special offers, discounts and other content via email or SMS

In the siBIM association, on the basis of Act ZEKom-1 (Act on Electronic Communications of the Republic of Slovenia, implemented on the basis of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002), its members about services and content. The member can request the termination of this type of communication and processing of personal data at any time.

the member can terminate this type of communication at any time via the unsubscribe link in the received messages, or by sending a written request to the email address contact@sibim.si.

Processing based on legitimate interest

The provider may also process data on the basis of a legitimate interest, for which the provider strives, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data refer, which require the protection of personal data. In the case of using a legitimate interest, the provider always performs an assessment in accordance with the General Data Protection Regulation.

Processing based on your consent

The provider also collects and processes (uses) your personal data for the following purposes, when you give your consent:

·         ensuring that you access and use your online account with the provider and the provider's online store and for technical reasons of administration on the provider's website,

·         ensuring that you can access specific information available to you on the provider's website and on your online account/profile provided by the provider,

·         sending commercial offers and other content via e-mail, SMS messages, regular mail or phone calls, when there is no other basis for this and you have agreed to it,

·         all other purposes for which you specifically agree when cooperating with the provider.

User profiling based on consent

Based on your consent, the provider also implements customized communication, which is carried out through various communication channels (via email, SMS, phone calls, mail, browser notifications, information on the website, social networks).

Because we want to offer you tailored exactly to your needs, with your consent we create your profile, which is the basis for customized communication.

For this we may use the following information about you:

·         Demographic data (gender, date of birth or age, address),

Answers in various siBIM questionnaires on siBIM websites,

·         Your responses (opening a message, clicking on a link) to the various messages we send you.

Based on this user profile, it can then depend on what kind of content you will receive from us:

·         Which content will we present to you,

·         How often we will send you messages and through which communication channels

If you have given your consent for this type of processing and now you no longer want it, you can stop this type of data processing at any time via the unsubscribe link in the received messages or by sending a written request to the email address contact@sibim.si.

Storage of personal data

The provider will keep your personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected and further processed (e.g. to ensure that you access and use your online account with the provider, for the provider to fulfill your orders, verifying your payments and fulfilling other obligations of the provider and/or your obligations, to ensure that you can access the specific information available to you, to ensure that you can use the benefits of siBIM, for the provider to send e-news, etc.).

Those personal data that the Provider processes on the basis of the law, the Provider keeps for the period prescribed by law.

Those personal data that the Provider processes for the purpose of carrying out a contractual relationship with an individual, the Provider keeps for the period necessary for the execution of the contract and for another 5 years after its termination, except in cases where there is a dispute between you and the Provider regarding the contract ; in such a case, the Provider keeps the data for 5 years after the finality of the court or arbitration decision or settlement, or, if there was no legal dispute, 5 years from the date of the peaceful resolution of the dispute.

Those personal data that the Provider processes on the basis of the individual's personal consent or legitimate interest, the Provider keeps permanently, until this consent is revoked by the individual or requests to stop processing. The provider deletes such data before cancellation only when the purpose of personal data processing has already been achieved or if the law so stipulates.

After the retention period has expired, the controller effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.

Contractual processing of personal data

As an individual, you are aware and agree that the provider may entrust individual tasks related to your data to other persons (contractual processors). Contract processors can process confidential data exclusively on behalf of the provider, within the limits of the provider's authorization (in a written contract or other legal act) and in accordance with the purposes defined in this privacy policy.

Contract processors with whom the provider cooperates are:

·         Accounting Service; law firms and other providers of legal advice;

·         data processing and analytics providers;

IT system maintainers;

·         email providers (eg Mailchimp and others);

·         payment system providers such as Adyen, PayPal, PayU, Klarna, Sofort, Multibanco, dotPay and others);

·         providers of online advertising solutions (e.g. Google, Facebook).

The provider will not forward your personal data to unauthorized third parties.

Contractual processors may only process personal data within the framework of the controller's instructions and may not use personal data to pursue any personal interests.

The administrator and users do not export personal data to third countries (outside the member states of the European Economic Area - EU members and Iceland, Norway and Liechtenstein) and to international organizations, except in the USA - all contractual processors in the USA are included in the Privacy Shield program.

Freedom of choice

You control the information you provide about yourself. If you decide not to pass on your data to the provider, then you will not be able to access some places or functions on the website.

Individuals who wish to unsubscribe from the siBIM e-newsletter should notify us at contact@sibim.si. If your personal data changes (postal code, e-mail address, physical address, telephone number), please notify us of the changes at the e-mail address contact@sibim.si.

Automatic recording of information (non-personal data)

Whenever you access the website, general, non-personal data (number of visits, average time spent on the website, pages visited) is automatically recorded (not as part of the registration). We use this information to measure the attractiveness of our website and to improve its content and usability. Your data is not subject to further processing and is not forwarded to a third party.

Cookies

Cookies are invisible files that are temporarily stored on your hard drive and allow the provider to recognize your computer the next time you visit the website. The provider uses cookies only to collect information concerning the use of the website and to optimize its internet advertising activities.

Advertising cookies track the individual's use of the Provider's website, unless the individual does not agree to the use of cookies on the page.

Safety

The provider makes great efforts to ensure the security of personal data. Your information is protected against loss, destruction, falsification, manipulation and unauthorized access or disclosure at all times.

Consent of a minor in relation to information society services

Minors under the age of 16 should not submit any personal information to websites or otherwise without the permission (consent or approval) of the holder of parental responsibility for the child (one of the parents or guardians). The provider will never knowingly collect personal data from persons known to be minors (under 16 years of age), or use it in any way or disclose it to an unauthorized third party without the permission of the holder of parental responsibility for the child.

This does not affect the general contract law of the Member States, such as the rules on the validity, formation or effect of a contract in relation to a child.

In such cases, taking into account the available technology, the provider makes reasonable efforts to verify whether the holder of parental responsibility for the child has given or approved consent.

Individual rights regarding data processing

If you have any questions regarding our privacy policy or the processing of your personal data, please do not hesitate to contact us. Write to us at contact@sibim.si. Based on your request, we will notify you - in writing and in accordance with regulations.

To ensure fair and transparent processing, you as an individual have the following rights, based on regulations:

• Right to withdraw consent:

if you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to revoke this consent at any time, without this affecting the legality of data processing, which was carried out on the basis of consent until its revocation.

Consent can be revoked with a written statement sent to the administrator at contact@sibim.si.

Revocation of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, it is possible that the controller may no longer be able to provide one or more of its services to an individual after the withdrawal of consent to the processing of personal data, if it concerns services that cannot be provided without personal data (e.g. benefit club or personalized notification).

• Right of access to personal data:

as an individual, you have the right to receive confirmation from the provider (personal data manager) as to whether personal data is being processed in relation to you, and, when this is the case, access to personal data and certain information (on the purposes of processing, on types of personal data, on users , on retention periods or criteria for determining periods, on the existence of the right to correction or deletion of data, the right to limit and object to processing and the right to appeal to the supervisory authority, on the source of the data, if the data was not collected from you, on the existence of automated acceptance decision, including the creation of profiles, the reasons for it and the meaning and consequences of such processing for you, and other information in accordance with Article 15 GDPR);

• The right to correct personal data:

as an individual, you have the right to have the provider correct inaccurate personal data relating to you without undue delay. As an individual, taking into account the purposes of the processing, you have the right to complete incomplete data, including submitting a supplementary statement;

• Right to erasure of personal data ("right to be forgotten"):

as an individual, you have the right to have the provider delete personal data relating to you without undue delay, and the provider must delete the data without undue delay when one of the following reasons exists:

(a) the data are no longer necessary for the purposes for which they were collected or otherwise processed,

(b) if you withdraw your consent and there is no other legal basis for the processing,

(c) if you object to the processing and there are no overriding legitimate grounds for the processing,

(d) the data has been processed illegally,

(e) data must be deleted to comply with legal obligations under EU law or the law of a Member State applicable to the provider,

(f) data was collected in connection with information society service offerings.

However, as an individual, in certain cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete data;

• Right to restriction of processing:

as an individual, you have the right to have the provider restrict processing when one of the following cases exists:

(a) if you dispute the accuracy of the data for a period that allows the provider to verify the accuracy of the data,

(b) the processing is unlawful and you object to the deletion of the data and instead request the limitation of its use,

(c) the provider no longer needs the data for processing purposes, but you need them to assert, implement and defend legal claims,

(d) you have objected to the processing until it is verified whether the provider's legitimate reasons prevail over your reasons;

• Right to data portability:

as an individual, you have the right to receive the personal data relating to you that you have provided to the provider in a structured, commonly used and machine-readable format, and you have the right to provide this information to another controller without the provider to whom it is personal data were provided, thereby obstructing, namely when:

(a) the processing is based on consent or on a contract and

(b) the processing is carried out by automated means.

As an individual, when exercising the stated right to portability, you have the right to have personal data directly transferred from one operator (provider) to another, when this is technically feasible;

• The right to object to processing:

as an individual, based on reasons related to your special situation, you have the right to object at any time to the processing of personal data, which is necessary for the performance of tasks in the public interest or in the exercise of public authority assigned to the provider (point (e) of Article 6 (1) GDPR ) or is necessary due to the legitimate interests pursued by the provider or a third party (point (f) of Article 6 (1) GDPR), including the creation of profiles based on the said processing; the provider stops processing personal data, unless it demonstrates imperative legitimate reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where personal data is processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including profiling to the extent related to such direct marketing; when an individual objects to processing for direct marketing purposes, the data is no longer processed for these purposes.

When data is processed for scientific or historical research purposes or statistical purposes, the individual has the right to object to the processing of data concerning him for reasons related to his special situation, unless the processing is necessary for the performance of the task being carried out for reasons of public interest;

• The right to file a complaint with the supervisory authority:

without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to lodge a complaint with a supervisory authority, in particular in the country in which you have your habitual residence, your place of work or in which the violation allegedly occurred (in In Slovenia, this is the Information Commissioner), if you believe that the processing of personal data concerning you violates regulations on the protection of personal data.

Without prejudice to any other (administrative or extrajudicial) remedy, you as an individual have the right to an effective legal remedy, namely against the legally binding decision of the supervisory authority in relation to it, as well as in the case when the supervisory authority does not consider your complaint or you are does not inform about the status of the case or about the decision on the appeal within three months. Courts of the Member State in which the supervisory authority has its seat are competent for proceedings against the supervisory authority.

The individual can address all requests concerning the exercise of rights in relation to personal data, in writing, to the controller, namely to the e-mail address contact@sibim.si.

For the purposes of reliable identification in the case of exercising rights in relation to personal data, the administrator may request additional information from the individual, and may refuse to take action only if he proves that he cannot reliably identify the individual.

The controller must respond to the individual's request, with which he/she exercises his/her rights in relation to personal data, without undue delay and no later than one month after receiving the request.

Notification to the supervisory authority about a breach of personal data protection

In the event of a violation of the protection of personal data, the Provider is obliged to notify the competent supervisory authority, except when it is likely that the rights and freedoms of individuals were not threatened by the violation. When there is a suspicion that a crime has been committed at the time of the violation, the Provider is obliged to inform the police and/or the competent prosecutor's office about the violation.

In the event that it is a violation that may cause a great risk to the rights and freedoms of individuals, the Provider is obliged to report the violation immediately or when it is not possible, without undue delay, to inform the individuals to whom the personal data refer. The notification to the individual must be made in understandable and clear language.

Announcement of changes

By using the website, the individual confirms that he accepts and agrees with the entire content of this privacy policy.

Updated: May 24, 2018