Privacy Policy

Privacy Policy

The purpose of this Privacy Policy is to inform individuals, customers, users of products or services, colleagues, employees and other persons (hereinafter referred to as “the individual”) who interact with Farmtech d.o.o. (hereinafter referred to as “the Company”) about the purposes, legal bases, safeguards and rights of individuals with regard to the processing of personal data carried out by the Company.

We value your privacy and therefore we always protect your data carefully.

We process personal data in accordance with applicable data protection legislation and other legislation that provides us with a legal basis for processing personal data.

Any changes to this document will be published on our website. By using the website, you acknowledge that you have read and understood the entire contents of this Privacy Policy.

Data Controller:
Farmtech d.o.o.
Industrijska ulica 7, SI-9240 Ljutomer
E: info@farmtech.eu
T: +386 2 584 91 00
W: www.farmtech.eu

Contact person for the protection of personal data:
Individuals may contact the Data Protection Contact Person for all questions related to the processing of their personal data and the exercise of their rights under the General Data Protection Regulation, who can be contacted at:
E: gdpr@farmtech.eu
T: +386 51 245 981

 

1. Personal data

Personal data means any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

 

2. Purposes of processing and grounds for processing

The Company collects and processes personal data on the following legal bases:

  • processing is necessary for compliance with a legal obligation to which the controller is subject.
  • processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures at the request of such data subject prior to the conclusion of the contract.
  • processing is necessary for the legitimate interests pursued by the controller or by a third party.
  • the data subject has consented to the processing of his or her personal data for one or more specified purposes.
  • processing is necessary for the protection of the vital interests of the data subject or of another natural person.

 

Processing of personal data in the course of online transactions via the company website

We offer various contact forms on our website. These forms allow you to contact us to enquire about our products, services or employment. In order to process these enquiries, in certain cases we may need to pass on your details to our distributors and partner companies. When you contact us via our website www.farmtech.eu we process information about you including your name, surname, address, email address, telephone number and message. We process the data on the basis of your expressed interest (your consent, or in the context of your enquiry and the preparation of a quotation – contractual relationship).

On our website, we offer a configurator which allows you to configure our products yourself by selecting the products or equipment you want. In the case of a specific request that can be initiated directly via the configurator, you must provide your name, address, e-mail address, company affiliation and telephone number. The configured product data is sent to the Farmtech central email address. The personal data provided (name, address, email address, telephone number, company affiliation) is then used to process the order further. By pre-configuring your product, our employees can start processing your documents more quickly and efficiently and, on this basis, conduct further communication with you.

This part of our website is only accessible to our employees and distributors who can create a user account in the Farmtech GO! application. The data provided by the user of this area when registering for a user account in the login form will be processed. The purpose of this data processing is to ensure an optimal exchange of information between Farmtech and its distributors in order to optimise the approach to joint customers, to exchange information on the products available to joint customers, to improve these products and to adapt them to the customers’ wishes.
The legal basis for the processing of data is a contractual relationship. The retention period is until the purpose of the contract has been fulfilled or until 6 years after termination of the contract.

Informing individuals by email, e.g., newsletter or e-bulletins
The Company may, by virtue of carrying out a lawful activity, inform its customers, clients and users of its services by email about its services, events, trainings, offers and other content. An individual may at any time request to cease such communications and processing of personal data and to opt-out of receiving such communications via the unsubscribe link in the communication received or by sending a request by email or regular mail to the Company’s address.
The legal grounds for processing data are legitimate interest and consent. The data will be processed until the cancellation of the receipt of communications or the withdrawal of consent or until the purpose of the processing is fulfilled. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

Video surveillance
We provide video surveillance. Video surveillance (cameras are installed around the entrances to the organisation) is used to monitor entrances and exits to and from the premises (based on Article 77 of ZVOP-2). Video surveillance is also carried out for the purpose of protecting individuals (users, employees and visitors) and the property of the organisation (based on legitimate interest as defined in Article 6(1)(f) of the General Regulation). The recordings are kept for 3 months. Video surveillance is not carried out in a way that would have a specific processing impact. Neither does video surveillance allow for unusual further processing, such as transfers to third country entities, the possibility of audio intervention in the event of live monitoring of events. Video surveillance allows the monitoring of live events. All information concerning the implementation of video surveillance can be obtained by calling the following telephone number or emailing the organisation. The rights of individuals are described in this Privacy Policy.

Implementation of the contract
In cases where an individual enters into a contract with a company, this constitutes the legal basis for the processing of personal data. Personal data may thus be processed by the company for the conclusion and performance of the contract, such as the sale of goods and services, the preparation of offers, participation in various programmes, events, promotions, etc.

If the data subject does not provide personal data, the company cannot conclude the contract, nor can the company perform the service or deliver the goods or other products in accordance with the contract, as it does not have the necessary data for performance. On this basis, the company processes only and exclusively those personal data necessary for the conclusion and proper performance of the contractual obligations.

The legal basis for the processing of data is the contract. The retention period is until the purpose of the contract has been fulfilled or until 6 years after the termination of the contract, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company shall keep the data for 10 years after the final decision of a court, arbitration or court settlement or, in the absence of litigation, for 5 years from the date of amicable settlement of the dispute.

Legitimate interest
The company may also process personal data on the basis of a legitimate interest pursued by the company. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. In the case of the application of legitimate interest, the company shall carry out an assessment in accordance with the law. The processing of personal data of individuals for direct marketing purposes shall be deemed to be carried out in the legitimate interest.

The company may process personal data of individuals collected from publicly available sources or in the course of the legitimate exercise of its activities, including for the purposes of offering goods, services, employment, information about benefits, events, etc. For these purposes, the company may use ordinary mail, telephone calls, e-mail and other means of telecommunication. For direct marketing purposes, the company may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number and e-mail address. For the purposes of direct marketing, the company may also process the aforementioned personal data without the individual’s explicit consent. The individual may at any time request to cease such communication and processing of personal data and to withdraw from receiving communications via the unsubscribe link in the communication received or by sending a request by e-mail or regular mail to the company’s address.

The legal basis for the processing of data is legitimate interest. The data will be processed until the cancellation of the receipt of communications or until the purpose of the processing is fulfilled. The withdrawal does not affect the lawfulness of the processing on the basis of the consent prior to its withdrawal.

Processing on the basis of consent or consent
If the company does not have a legal basis based on the law, a contractual obligation, a legitimate interest or the protection of the life of the individual, the company may ask for consent or assent from the individual. In this way, it may also process certain personal data of the data subject for the following purposes where the data subject has given his or her consent:

  • residential address and e-mail address (for information and communication purposes).
  • photographs, videos and other content relating to the data subject (e.g., publication of images of individuals on the website for the purposes of documenting activities and informing the public about the work and events of the company.
  • other purposes for which the individual has consented.

 

If an individual has given consent to the processing of personal data and at some point, no longer wishes to do so, he or she may request that the processing of personal data be discontinued by sending a request by e-mail or by regular mail to the company’s address. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Upon receipt of a revocation or a request for deletion, the data shall be deleted within a maximum of 15 days. The company may also delete the data prior to revocation where the purpose of the processing of personal data has been achieved or where required by law.

Exceptionally, a company may refuse a request for erasure on the grounds set out in the GDPR in cases of exercising the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, the exercise or defence of legal claims.

The legal basis for the processing of data is consent. The data will be processed until the consent is withdrawn or revoked or the purpose of the processing is fulfilled. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Protection of the vital interests of the data subject
The company may process the personal data of the data subject insofar as this is necessary to protect his or her vital interests. In urgent cases, the company may search for a personal document of the data subject, check whether that person exists in its database, examine his/her medical history or contact his/her relatives, without the company needing the data subject’s consent. The above applies in the case where it is strictly necessary to protect the vital interests of the individual.

 

3. Retention and deletion of personal data

The company will only keep personal data for as long as necessary to fulfil the purpose for which the personal data was collected and processed. If the company processes the data on the basis of the law, it will keep the data for the period prescribed by the law. In this case, some data will be kept for the duration of the cooperation with the company, while some data must be kept permanently. Personal data processed by the company on the basis of a contractual relationship with an individual will be kept by the company for the period necessary for the performance of the contract and for a period of 6 years after its termination, except in cases where there is a dispute between the individual and the company in relation to the contract. In such a case, the company shall keep the data for 10 years after the final decision of a court, arbitration or court settlement or, if there has been no litigation, for 5 years from the date of amicable settlement of the dispute. Those personal data which are processed by the company on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is withdrawn or until a request for deletion of the data is made. Upon receipt of a revocation or a request for erasure, the data shall be deleted without undue delay. The company may also delete the data prior to revocation where the purpose of the processing of the personal data has been achieved or where required by law. In the event that the rights of an individual are asserted, the company shall retain the personal data of that individual until the case has been finally decided and, after the final decision has been taken, in accordance with the final decision in the case.

Exceptionally, a company may refuse a request for erasure on grounds such as: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process, grounds of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defence of legal claims. After the retention period has expired, the company must effectively and permanently erase or anonymise the personal data so that it can no longer be linked to a specific individual.

 

4. Contractual processing of personal data and data export

The company may entrust individual processing of personal data to a contractual processor on the basis of a contractual processing agreement. Contract processors may process the entrusted data exclusively on behalf of the controller, within the limits of the controller’s authorisation, which is enshrined in a written contract or other legal act and in accordance with the purposes set out in this Privacy Policy.

The contractual processors with which the company cooperates are, in particular:

  • accounting services and other providers of legal and business advice.
  • infrastructure maintenance (services).
  • information systems maintainers.
  • email service providers and software providers, cloud services (e.g., Microsoft, Google).
  • social networking and online advertising providers (Google, Facebook, Instagram, etc.).

 

In order to improve the overview and control of the contractual processors and the regularity of the contractual relationship between them, the company also maintains a list of contractual processors, which lists all the specific contractual processors with which the company cooperates.

Under no circumstances will the Company provide personal data of an individual to unauthorised third parties. Contract processors may only process personal data within the scope of the instructions of the company and may not use personal data for any other purpose.

The company as controller and its employees do not export personal data to third countries (outside the European Economic Area – EU member states plus Iceland, Norway and Liechtenstein) and international organisations, except to the USA, where the relationship with US contract processors is governed by standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the company and approved by the supervisory authorities in the EU).

 

5. Cookies

This website uses the “Google Analytics” service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043) to analyse how users use the website. The company’s website operates with the help of so-called “cookies”, which are important for the provision of online services and are used to store information about the state of each web page, to help compile statistics about users and website traffic, etc. When you enter the website, only those cookies that are strictly necessary for the operation of the website (e.g., for the shopping basket) will be placed on your device. Other cookies will only be placed with your consent. The individual can change the settings and delete the cookies at any time (instructions can be found on the web pages of the individual browser).

Essential cookies enable basic functions and are necessary for the proper functioning of the website (Borlabs Cookie – saves the settings of visitors selected in the Borlabs Cookie box, lifetime 1 year).

IP anonymisation occurs on this website. The IP address of users will be reduced in the member states of the European Union and the EEA. This reduction eliminates personal reference to their IP address. In accordance with the agreement signed by the operators with Google, Inc., they provide an analysis of the use of the website and related online services using the information collected.

 

6. Data protection and data accuracy

The company takes care of information security and infrastructure security (premises and application software). Our IT systems are protected by, among other things, antivirus and firewall protection. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful and unauthorised forms of processing. In the case of transmission of special types of personal data, we transmit them in encrypted and password-protected form. It is the individual’s responsibility to ensure that his or her personal data is provided securely, and that the data provided is accurate and reliable.

 

7. Rights of the individual with regard to data processing

The data subject shall have the right to request access to and rectification or erasure of personal data, or restriction of processing concerning him or her, as well as the right to object to processing and the right to data portability. The data subject’s request shall be treated in accordance with the provisions of the General Regulation and the applicable data protection legislation.

All of the above rights and any questions may be exercised by the data subject by means of a request sent to the Company’s address. The company will respond to the individual’s request without undue delay, no later than one month after receipt of the request. This time limit may be extended by up to two additional months, considering the complexity and number of requests, and the individual will be informed of this, together with the reasons for the delay. The exercise of rights is free of charge for the individual, but the company may charge a reasonable fee if the request is manifestly unfounded or excessive, in particular if it is repetitive. In such a case, the company may also refuse the request. In case of doubt as to the identity of the individual, additional information may be requested which the company needs to establish the identity.

In the decision on the request, the company will also inform the individual of the reasons for the decision and of the right to lodge a complaint with the supervisory authority within 15 days of being informed of the decision. The right to lodge a complaint with the supervisory authority may be exercised by the individual with the Information Commissioner of the Republic of Slovenia at the following address: Dunajska 22, 1000 Ljubljana (e-mail: gp.ip@ip-rs.si, website: www.ip-rs.si).

The Privacy Policy is valid as of 1 September 2023.

Farmtech d.o.o.