DOBA Business School
Prešernova ulica 1
Data Protection Officer
02 228 38 94
We value your privacy, so we always carefully protect your data.
Personal data means any information that relates to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to that individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
Purpose and basis of processing
The company collects and processes personal data on the following legal bases:
Registration with online forms on the DOBA website
When you register for events and activities or request more information about a specific topic on the DOBA website, your personal data (name, surname and contact details), which you enter in the online form, are collected in addition to your IP address.
DOBA shall process the personal data, which were collected with the user entering them in the online form, for the purposes for which users of the DOBA website submit these data (conventional, electronic and telephone communication and notification, sending of information, materials and invitations to DOBA events, actual applications for enrolment, internal statistical processing, segmentation, analyses, and preparations of reports). The data on your registration are stored and processed until you unsubscribe in writing from the email notification service via the DOBA website or by email at email@example.com.
If the data subject has given their consent to the processing of personal data and at some point no longer wishes the data to be processed, they may request the processing of personal data to be terminated by sending a request by email or by regular mail to the company’s address. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Upon receipt of a withdrawal or a request for deletion, the data shall be deleted within 15 days at the latest. The company may also delete these data before withdrawal, where the purpose of the processing of personal data has been achieved or where required by law.
Exceptionally, the company may refuse a request for deletion on the grounds set out in the General Data Protection Regulation: in cases of exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, the exercise or defence of legal claims.
The legal bases for the processing of data are legitimate interest and consent. The data shall be processed until the cancellation of the subscription to notifications or the withdrawal of consent or until the purpose of the processing has been achieved. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Withdrawing your consent for the processing of personal data and information
As the user of the DOBA website, you may at any time request in writing (by unsubscribing on the DOBA website or directly by email at firstname.lastname@example.org) that DOBA permanently or temporarily, in part or in full, ceases processing your personal data. DOBA undertakes to prevent the processing and/or to delete the user’s personal data no later than within fifteen days after receiving the written request.
Please email all your questions related to the protection of your personal data, which are collected through the DOBA website (e.g. collection, processing, protection, additional information), to email@example.com. Your questions will be answered by the person responsible for the processing of personal data.
Retention and deletion of personal data
The company shall only keep personal data for the time necessary to fulfil the purpose of collection or processing of personal data. If the company processes the data on the basis of an act, it shall keep the data for the period prescribed by the act. In this case, certain data shall be kept for the duration of the cooperation with the company, while certain data must be kept permanently. Personal data processed by the company on the basis of a contractual relationship with an individual shall be kept by the company for the period necessary for the performance of the contract and for a period of 6 years after its termination, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company shall keep the data for 10 years after the final decision of the court, arbitration or court settlement or, in the absence of litigation, for 5 years from the date of amicable settlement of the dispute. The personal data that the company processes on the basis of the individual’s personal consent or legitimate interest shall be kept by the company until the consent is withdrawn or until a request for deletion of the data is made. Upon receipt of a withdrawal or a request for deletion, the data shall be deleted without undue delay. The company may also delete these data before withdrawal, where the purpose of the processing of personal data has been achieved or where required by law. If the rights of an individual are being exercised, the company shall keep the personal data of that individual until the case has been finally decided, and, after the final decision has been made, in accordance with the final decision in the case.
The company may exceptionally refuse a request for deletion on the grounds such as: exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, the exercise or defence of legal claims. After the retention period has expired, the company must effectively and permanently erase or anonymise the personal data so that they can no longer be linked to a specific individual.
Contractual processing of personal data
The contractual processors with which the company cooperates are, in particular:
In order to improve the transparency and control of the contractual processors and the associated contractual relationships, the company also maintains a list of contractual processors, which specifies the contractual processors with which the company cooperates.
Under no circumstances shall the company provide any personal data to unauthorised third parties. Contractual processors may only process personal data within the scope of the instructions of the company and may not use personal data for any other purpose.
As the data controller, the company and its employees shall not transfer personal data to third countries (outside the Member States of the European Economic Area – EU Member States and Iceland, Norway and Liechtenstein) and to international organisations, except to the USA, whereby the relationships with contractual processors from the USA are governed by standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the company and approved by the supervisory authorities in the EU).
Cookies are small data files which are placed on your computer to improve your user experience. Cookies are not harmful and are always time-limited.
Managing and disabling cookies on your computer:
You have complete control over how cookies are used, as you can restrict or disable the storage of cookies in your browser’s settings. For more information on cookie settings, please select the browser that you are using:
By disabling cookies, some of the available services may no longer be operational.
List of cookies used on this website:
NAME OF THE COOKIE: _ga
NAME OF THE COOKIE: _gid
NAME OF THE COOKIE: _gat
Data protection and data accuracy
The company ensures information security and infrastructure security (premises and application and system software). Our information systems are protected by, inter alia, antivirus and firewall protection. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful and unauthorised forms of processing. In the case of transmission of special categories of personal data, we transmit them in encrypted and password-protected form. It is the data subject’s responsibility to ensure that their personal data are provided securely and that the provided data are accurate and credible.
Rights of the data subject
The data subject shall have the right to request access to and rectification or erasure of their personal data, or the restriction of processing of their personal data as well as the right to object to processing, and the right to data portability. The data subject’s request shall be treated in accordance with the provisions of the General Data Protection Regulation and the applicable personal data protection legislation.
All of the above rights and any questions may be exercised by the data subject by means of a request sent to the company’s address. The company shall respond to the data subject’s request without undue delay, no later than within one month after receipt of the request. This deadline may be extended by up to two additional months, taking into account the complexity and number of requests, of which the data subject shall be informed, including of the reasons for the delay. The exercise of rights is free of charge for the data subject; however, the company may charge a reasonable fee if the request is clearly unfounded or excessive, in particular if it is repetitive. In such a case, the company may also refuse the request. In case of doubt as to the identity of the data subject, additional information may be requested which the company needs to establish the identity.
In its decision on the request, the company shall also inform the data subject of the reasons for the decision and of their right to lodge an appeal with the supervisory authority within 15 days of being informed of the decision. The right to lodge an appeal with the supervisory authority may be exercised by the data subject with: the Information Commissioner of the Republic of Slovenia at Dunajska 22, 1000 Ljubljana (email: firstname.lastname@example.org, website: www.ip-rs.si).