interEnergo Logo - Link zur Startseite

Privacy Policy

1. DATA CONTROLLER

 

Data Controller: Interenergo Group, energetski inženiring, d.o.o. (hereinafter: Interenergo or The Data Controller).

Address/headquarters: Gosposvetska cesta 11, 1000 Ljubljana. 
Phone number: +386 (0)1 6203 700, fax: +386 (0)1 6203 701, 
e-mail: info@interenergo.si.

 

2. DEFINITIONS

 

Personal Data

Personal data means any information related to an identified or identifiable individual (hereinafter referred to as the "data subject"); an identifiable individual is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

 

Individual
The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

 

Processing
Obdelava pomeni: vsako dejanje ali niz dejanj, ki se izvaja v zvezi z osebnimi podatki ali nizi osebnih podatkov bodisi z avtomatiziranimi sredstvi bodisi brez njih, kot so zbiranje, beleženje, urejanje, strukturiranje, shranjevanje, prilagajanje ali spreminjanje, priklic, vpogled, uporaba, razkritje s posredovanjem, razširjanje ali drugačno omogočanje dostopa, prilagajanje ali kombiniranje, omejevanje, izbris ali uničenje.

 

Data Controller
Data controller means a natural or legal person, public authority, agency, or another body that alone or jointly with others determines the purposes and means of processing (e.g., the website owner).

 

User
User means a natural or legal person, public authority, agency, or another body to whom personal data has been disclosed, regardless of whether they are a third party. However, public authorities that may receive personal data in response to a specific inquiry under Union law or the laws of the Republic of Slovenia are not considered users; the processing of this data by such public authorities is carried out in accordance with the applicable data protection rules based on the purposes of the processing.

 

Third party
Third party means a natural or legal person, public authority, agency, or body that is not the individual to whom the personal data pertains, nor the data controller, data processor, or persons authorized to process personal data under the direct authority of the data controller or processor.

 

Consent of the individual
Consent of the individual to whom the personal data pertains means any voluntary, specific, informed, and unambiguous action in the form of a statement or another clear affirmative act, by which the individual expresses their wishes regarding the processing of their personal data. This act signifies consent to the processing of personal data concerning them. The types of personal data and the purposes of their use.

 

3. PURPOSES, TYPES, AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

 

3.1. Processing based on the consent of the individual (Article 6(1)(a) of the General Data Protection Regulation)

exceptionally, collects and processes personal data based on the prior consent (agreement) of individuals, which they can also express by completing certain forms.

The data will be collected exclusively for specific purposes, such as potential collaboration, notifications, communication, and project management. Data processing will be strictly limited to the objectives explicitly defined and authorized by the individual through their consent. This means that personal data will only be used for purposes that are clearly defined and accepted by the individual, while respecting their will and complying with all applicable legal provisions on personal data protection. This approach ensures that data processing will be in accordance with the principles of legality, fairness, and transparency, while also allowing the individual to have control over how and for what purposes their data will be used. The data will not be used for any other purposes without the individual's additional consent and will be adequately protected in accordance with security standards and legal requirements.

Individuals can revoke their consent at any time without affecting the legality of the data processing that was carried out based on the consent prior to its withdrawal.

 

3.2. Fulfilling contractual obligations (Article 6(1)(b) of the General Data Protection Regulation)

Interenergo or authorized processors process your personal data for the purpose of fulfilling contractual obligations. This includes billing for services received, sending invoices, sending reminders if necessary, communication regarding contract performance, determining your consumption, and processing payments. The legal basis for processing and transmitting your personal data is therefore processing for the purpose of fulfilling and executing the contract.

 

3.3. Processing of personal data in accordance with the law (Article 6(1)(c) of the General Data Protection Regulation) 

Intenergo processes your personal data based on applicable laws in the fields of energy and self-sufficiency, consumer protection, data protection, and other laws that apply to the data controller.
 

3.4. Processing of personal data based on legitimate interest (Article 6(1)(f) of the General Data Protection Regulation)

Interenergo may process your personal data based on its legitimate interest, the existence and justification of which are founded on a careful assessment that your interests, as well as fundamental rights and freedoms related to the processing of personal data, do not outweigh the legitimate interests of the Data Controller. Furthermore, it is reasonable to expect that, at the time of collection, you could anticipate the processing of your data solely for the intended purpose. When it comes to further use of your data, the Data Controller conducts a thorough evaluation in compliance with data protection regulations. As a general rule, such further use of data will occur in pseudonymized or aggregated form..

On this basis, Cinkarna carries out the following processing or activities:

  • Optimization of websites, portals, or applications in terms of system efficiency, usability, and providing useful information about Interenergo's services on the user's computer. Interenergo automatically collects and stores information, including: browser type and language setting, operating system, date/time of visit, and possibly other data depending on the current state of technology. The collected data can be used for analysis and research that Interenergo conducts based on legitimate interest, as well as for communication (for example, optimizing and improving user experience, providing more attractive offers and services, and enhancing the overall user experience). Websites, emails, web services, advertising, and interactive applications may use cookies for service optimization. 
  • Interenergo may process your personal data through companies affiliated with the Data Controller (listed on the website www.interenergo.com/slo/povezane-druzbe.htm) solely for the purpose of carrying out joint tasks and shared management of Interenergo..
  • Ensuring continuous operation and security of network and information systems, allowing Interenergo to prevent accidental events or unlawful and malicious actions. This may include preventing unauthorized access to electronic communication networks, the spread of malicious code, denial-of-service attacks, and damage to computer and electronic communication systems, with the aim of ensuring the availability, integrity, and confidentiality of your personal data.
  • Preventing or limiting potential abuse and fraud.
  • Interenergo conducts video surveillance to ensure the safety of people and property, protect data and business secrets, ensure the security of office spaces, and control access to and from business premises. This is done in those areas where it is necessary to protect the aforementioned interests. In the process of video surveillance, your personal data is processed to the extent that is absolutely necessary, and video surveillance is carried out only in locations assessed as potentially vulnerable. You are informed about the existence of the video surveillance system through notices placed before entering each monitored area.

 

4. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS 

 

In some cases, Cinkarna may also transfer your personal data to countries that are not members of the European Economic Area or to international organisations ("third countries"), where an adequate level of personal data protection may not be ensured. Such transfers always take place to a limited extent, for a specific purpose, and in strict compliance with the security mechanisms prescribed by the legislation applicable in the territory of the Data Controller (binding corporate rules, codes of conduct, standard contractual clauses, data transfers based on derogations in special cases, and similar other mechanisms).

The affiliated companies in third countries that may process some of your personal data are listed on www.interenergo.com/slo/povezane-druzbe.htm.

In case Interenergo transfers your personal data to third countries, it will do so after carefully reviewing the legal grounds and protective measures considered by the third country. Any transfer of personal data to third countries will be carried out by the Data Controller with due diligence and consideration, in accordance with the principle of accountability. Information about the specific security mechanism used for each transfer of personal data to third countries, and a copy thereof, if applicable, can be obtained from the Data Controller.

 

5. RETENTION PERIOD OF PERSONAL DATA    

 

Interenergo processes your data as long as necessary for the duration of the business relationship and for periods determined by law for retention and documentation. 

 

6. PERSONAL DATA BREACHES

 

You have the right to request correction, deletion, restriction of the processing of your data, or access to it at any time. You also have the right to data portability and the right to object to processing. We take the protection of your data very seriously. If you wish to exercise your rights, you can do so without providing reasons by submitting a written request clearly specifying your personal data to the following address: Interenergo d.o.o., Gosposvetska cesta 11, 1000 Ljubljana, or by sending an email to: info@inerenergo.si.

You can file a complaint with the Information Commissioner. (address: Dunajska 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si phone number: 012309730, website: www.ip-rs.si).


7.  AUTOMATED DECISION-MAKING

 

Interenergo operates predominantly digitally; however, all decisions related to contractual relationships and other decisions with legal or similar effects are made by employees with appropriate informational support.
 

8. YOUR RIGHTS 

 

The data protection legislation applicable within the territory of the Data Controller grants you various rights concerning privacy and the protection of personal data, including, in particular, the following:

  • the right to be informed about the processing of your personal data (the text you are reading constitutes part of this right);
  • the right to access personal data, which means you have the right to request from Interenergo, as the Data Controller, information on whether personal data concerning you is being processed, and if so, to gain access to your personal data and additional information (such as the purposes of processing, types of data, data recipients, the existence of rights, information on the possibility of filing a complaint, data sources, and any automated decision-making or specific profiling);
  • the right to obtain from Interenergo a copy of the personal data being processed, provided there is a legitimate interest for such a request.;
  • the right to rectification allows you to request that Interenergo, without undue delay, correct any inaccurate personal data concerning you; taking into account the purposes of processing, you also have the right to complete incomplete personal data, including by providing a supplementary statement;
  • the right to erasure, also known as the “right to be forgotten,” allows you to request that Interenergo erase personal data concerning you without undue delay if the prescribed conditions are met (e.g., the processing is no longer necessary, consent is withdrawn and no other legal basis exists, a justified objection is made, unlawful processing, erasure is required by applicable regulations, etc.);
  • -    the right to restriction of processing means the right to request that Interenergo restrict the processing of your data if you contest the accuracy of the data, if you have filed an objection, if the processing is unlawful, or if the data is no longer necessary for the Data Controller but is required for the establishment, exercise, or defense of legal claims.
  • the right to notification regarding correction, erasure, or restriction of processing of your personal data, if these data have been shared with another user, unless this proves impossible or involves disproportionate effort;
  • the right to data portability means the right to receive personal data concerning you that you have provided, in a structured, commonly used, and machine-readable format, including the right to transmit this data to another controller without hindrance (applies to data processed automatically based on consent or a contractual relationship
  • he right to object means that you can object at any time to certain types of processing of your personal data (public interest, legitimate interests of the controller, marketing purposes), and the controller must prove the legitimate interests for processing or cease the processing (always in the case of direct marketing, including profiling related to such direct marketing, which you can object to, and you will be clearly and unambiguously informed), except in rare cases of justified exceptions, if Interenergo can demonstrate that it has compelling legitimate grounds for processing, which override your interests, rights, and freedoms, or that they are necessary for the establishment, exercise, or defense of legal claims;
  • The right regarding automated processing and profiling means that no decision based solely on automated processing, including profiling, which has legal or similar effects concerning you, shall apply to you, unless this is necessary, prescribed, or you consent to it;
  • the right to file a complaint with the supervisory authority, i.e., the Information Commissioner of the Republic of Slovenia;
  • when Interenergo processes your personal data based on your consent, you can withdraw the given consent at any time, either temporarily or permanently. In this case, the withdrawal will apply from that point onward and will not affect any processing that took place before the withdrawal.

 

The Data Controller will provide information on the actions related to the processing of your personal data taken at your request, in accordance with data protection legislation applicable in the Data Controller's territory, without unnecessary delay, and in any case within one month of receiving the request. Exceptionally, this period may be extended by up to two additional months, depending on the complexity and number of requests. In such a case, the Data Controller will notify you within one month of receiving the request and explain the reasons for the delay. If you submit your request electronically, the Data Controller will provide the information, where possible, electronically, unless you request otherwise. Upon submitting a request, we will verify your identity and, in case of doubt regarding whether you are the correct person and the legitimate requester, we will request additional information necessary to confirm your identity.

The Data Controller reserves the right to change or supplement the provisions of the privacy policy for website users at any time and without prior notice. Users are advised to check the date of the last change to these terms of use before each use of the website.