PRIVACY POLICY

At LMM PROFESIONAL d.o.o., IOC Zapolje I 31, 1370 Logatec, Slovenia, we respect the confidentiality of our customers' data and therefore treat your personal data carefully and responsibly and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation") and with the national data protection regulations.


With this Privacy Policy we aim to provide you with information relating to the processing of your personal data. If you have any questions regarding the processing of your data, you can contact us at our registered office or by email at info@lmmpro.si.


General

1. CONTROLLER OF PERSONAL DATA

In accordance with the General Data Protection Regulation, the controller of your personal data is LMM PROFESIONAL d.o.o., IOC Zapolje I 31, 1370 Logatec.


2. DATA PROTECTION OFFICER

LMM PROFESIONAL d.o.o. has appointed a Data Protection Officer who can be contacted at dpo@lmmpro.si.


3. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process your personal data only on the relevant legal basis:


- Performance of a contract: The processing of data is necessary for the performance of orders and the provision of products/services.

- Compliance with a legal obligation: Processing of data is necessary to comply with legal obligations such as tax reporting.

- Legitimate interests: The processing of the data is necessary for the legitimate interests of the data controller, for example to improve services and prevent abuse.

- Consent: In some cases, the processing of data for certain purposes may require the consent of the user.


4. COLLECTION AND USE OF PERSONAL DATA

The Data Controller may share Users' personal data with third parties only in accordance with applicable laws and in the following cases:


To collaborating companies/partners: Personal data may be shared with partners who are directly involved in the execution of orders (e.g. delivery companies). The partners also have a data controller function and manage personal data in accordance with their own privacy policy. 


Outsourced service providers: The Data Controller may engage an external service provider to process personal data, acting in accordance with the Data Controller's instructions. The processors process personal data on behalf of the controller, in accordance with the controller's instructions and under the controller's supervision. 


Legal claims: Personal data may be disclosed in response to legal claims or proceedings (e.g. court orders).


5. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES


If personal data is transferred to countries outside the European Economic Area (EEA), the data controller will ensure that the adequacy of data protection under the GDPR is met. The transfer will only take place in accordance with permitted legal mechanisms such as standard contractual clauses or other appropriate measures.


6. DATA RETENTION PERIOD

Users' personal data will be kept only for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal obligations. After the retention period has expired, the personal data shall be deleted or anonymised, unless there is a legal obligation to continue to retain them.


7. THE RIGHTS OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA


You have the following rights in relation to the processing of personal data in accordance with the General Data Protection Regulation: 

  • Right of access: users have the right to obtain information about the processing of their personal data, namely: 

- the purpose of the processing, 

- the types of personal data collected, 

- the third parties to whom the personal data have been or will be disclosed, 

- where possible, the intended retention period of the personal data, 

- the existence of a right to have the personal data controller rectify or erase the personal data or restrict processing, or the existence of a right to object to such processing, 

  • The right to lodge a complaint with a supervisory authority, 

- where the personal data are not collected from the data subject, any available information concerning their source, 

- the existence of automated decision-making, including profiling, and meaningful information on the grounds for it, as well as the significance and foreseeable consequences of such processing for the data subject.

  •  Right to rectification: users have the right to request the rectification of inaccurate or incomplete personal data, taking into account the purpose of the processing of personal data.
  • Right to erasure: Users have the right to request the erasure of their personal data without undue delay, provided that the grounds for erasure are: 

- the personal data are no longer necessary for the purposes for which they were collected, 

- the user withdraws consent to the processing of personal data, 

- the user objects to the processing of the personal data and there are no overriding legitimate grounds for the processing,

- the personal data have been unlawfully processed, 

- the personal data must be erased in order to comply with a legal obligation under EU law or the law of the Republic of Slovenia. 

  • Right to restriction of processing: users have the right to request restriction of the processing of their personal data in the following cases: 

- the personal data are not accurate, 

- the processing of the personal data is unlawful and the user requests the restriction of its use, but not its erasure,

- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims, 

- the user has lodged an objection to the processing of personal data. 

  • Right to data portability: Users have the right to receive an extract of their personal data in a structured, commonly used and machine-readable format and to transfer it to another data controller if: 

- the processing is based on consent or on a contractual basis, 

- the processing is carried out by automated means.

  • Right to object: Users have the right to object to the processing of their personal data if the processing is carried out on the basis of the legitimate interests of the controller. The controller shall cease processing personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.

- Withdrawal of consent: If the processing of personal data is based on the user's consent, users have the right to withdraw their consent, without prejudice to the lawfulness of the processing prior to the withdrawal.

To exercise any of your rights, please send a request to dpo@lmmpro.si. You may revoke your right temporarily or permanently at any time. 


8. PROTECTION OF PERSONAL DATA

The Data Controller uses appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure. The security measures are regularly reviewed and updated in line with technical progress and best practices.


9. AMENDMENTS TO THE DOCUMENT

Any amendment to the Privacy Policy will be posted on the Website and will take effect from the date of posting. Users are advised to check this page regularly for any updates.