Privacy Policy
I. Data controller
MDM Company for Production, Trade and Engineering d.o.o., Brnčičeva street 17, 1231 Ljubljana - Črnuče, registration number: 5321034000, VAT ID: SI 23809671, Phone: +386 1 200 49 30, e-mail: shop@mdm.si.
For video surveillance of the company's headquarters, the management is shared with MDM Invest, Real Estate Ltd., Ljubljana, Brnčičeva ulica 17, 1231 Ljubljana - Črnuče, registration number: 2372509000, VAT ID: SI 76415767. The above-mentioned contact details are available for information and the exercise of individual rights with MDM d.o.o.
II. Types and sources of processed personal data
Customers/Suppliers: Contact and identification data, order data, debt information, status data (e.g. bankruptcy).
Competitors: Contact and identification data, tax number (for winners).
Employees and other contractors and candidates: Contact and identification data, education and conditions affecting the fulfilment of obligations, data on position, start and duration of employment, education, disability status, part-time retirement, additional employment with another employer (identification data of the other employer), work permit (for foreigners).
Video surveillance footage: Video recordings of visitors to company premises for the security of visitors, employees and assets.
Sources include signed contracts or intent to contract, online forms, the web portal, emails, direct marketing, data received from competitions, video recordings and public records (where there is a legitimate legal interest, such as legal proceedings and investigations, although no direct links are established).
III. Legal basis for the processing of personal data and retention periods
Legal authorisation: Consent is not required (e.g. ZDR-1/ZEPDSV, ZDavP-2, ZPPDFT-2, ZPotK-2, ZDDV-1, etc.).
Contracts/Negotiations: The data described in contracts, which is the minimum necessary to fulfil the contract.
Legitimate interest: Justified by reasons of business efficiency, electronic transactions, website security, prevention of illegal activities, debt recovery, proof of business communications, orders, negotiations, proof of complaints and the security of persons and property, including entry and exit control.
Consent: Required for purposes such as direct marketing, entry into competitions, etc. and may be withdrawn at any time.
We will retain all personal data as set out below, or exceptionally for longer if there is a legal basis for longer retention. If required by law, data will be deleted sooner. Retention rules include
Data processed on the basis of personal consent is kept until the purpose is fulfilled or until the individual withdraws consent.
Data processed on the basis of legitimate interest is retained for as long as necessary to achieve the legitimate interest. Video recordings are retained for 30 days, unless otherwise specified, or up to one year from the date of the incident or until the conclusion of any related proceedings.
Data processed on the basis of a legal authorisation is kept for the period prescribed by the specific law.
Data processed on the basis of contracts will be kept for the duration of the contract and for a further five years after the termination of the contract, except in the case of disputes relating to the contract, in which case the data will be kept for five years after the final resolution of the dispute or five years from the date of an amicable settlement.
IV. Consequences of not providing personal data
The provision of personal data is mandatory when required by law, otherwise participation is not possible.
For the conclusion of a contract, it is also necessary to provide the required personal data, otherwise the conclusion of a contract is not possible.
Failure to provide personal data for legitimate interests may restrict or deny access to services or goods.
Signs are posted at building entrances to inform people of CCTV before they enter.
Where consent is required, it is often to enable us to contact you. It is your choice whether to cooperate with us and provide information. If you do not give consent, we apologise if this prevents timely or any contact and cooperation.
V. Sharing with third parties and processors
Personal data may be shared with contract processors who provide processing support and software solution providers and processors who provide services necessary for the performance of contracts (carriers, contractors). Processors will only receive the data necessary to fulfil their obligations. We require all processors to process and protect data in accordance with the law and to ensure at least the same level of data protection as we do.
VI. Transfer of data to third countries
We will not transfer your personal data to third countries unless this is necessary to provide services (e.g. delivery of orders). In the event of a transfer to countries outside the EEA, we will ensure that data is only transferred to trusted third parties and will use mechanisms approved by the Commission, such as Privacy Shield certification and standard contractual clauses, as set out in Decision 2004/915/EC.
VII. Right to withdraw consent
Any individual may at any time request in writing to withdraw consent to the processing of personal data processed on the basis of his or her consent by sending a message to shop@mdm.si. Withdrawal shall not affect the lawfulness of the processing carried out prior to the withdrawal.
VIII. Rights of individuals whose personal data are processed
Right of access: You may at any time ask us whether we are processing your personal data and, if so, obtain access to such data in the form of a copy and additional information.
Right of rectification: You may at any time ask us to correct any inaccurate or incomplete data.
Right to Erasure: You may request that we erase your personal data, in the cases provided for in Article 17 of the General Data Protection Regulation (GDPR).
Right to Restrict Processing: Temporarily stop processing for a certain period of time, for example where accuracy is disputed, to allow time for verification.
Right to object to processing: Object to processing on the basis of legitimate interests and request that we stop processing your data.
Right to data portability: Request that we provide your data in a structured, commonly used and machine-readable format and/or transfer it to another controller where technically feasible.
To exercise your rights, please identify yourself and clearly define your request by sending it to shop@mdm.si. In some cases, we may contact you to verify your identity.
IX. Cookies and automated decision making
We conduct web analytics and marketing on the Websites using cookies, only with your express consent. Information about cookies and their settings is available at this link.
In addition, some personal data may be processed through automated decision making, including profiling to identify customer preferences using a specific mathematical algorithm.
X. Data protection and storage measures
We implement various data protection measures, such as physical access control (24-hour access control to MDM's offices, building access control systems, locking and barring of doors), electronic access measures (named accounts, password systems, profile-based access rights, encrypted administrator passwords), and data leakage prevention measures (protection in transit, encryption).
XI. Information on the protection of personal data
If you have any further questions or wish to exercise your rights, please send your request by post or e-mail to shop@mdm.si.
XII. Right to complain to the national supervisory authority
If you believe that your rights or data protection regulations have been violated, or if you are not satisfied with our response, you have the right to file a complaint with the Information Commissioner (IP, Dunajska ulica 22, 1000 Ljubljana, tel.: +386 1 230 97 30, e-mail: gp.ip@ip-rs.si), which is the supervisory authority.
XIII. Final provision
This Privacy Policy is subject to changes in regulations and significant changes in our business.
Ljubljana, 1.10.2024