HIRSCH KOVIFLEX d.o.o., Industrijska cesta 1, 1290 Grosuplje +386 (0)1 786 22 01 Info.hiko@hirsch-gruppe.com

Privacy policy

1. PURPOSE OF THE PRIVACY POLICY (GDPR)

The purpose of this policy is to ensure that the company HIRSCH Koviflex d.o.o. processes the personal data of employees, business partners and other individuals in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable regulations on personal data protection.

This policy defines:

  • The methods of collecting, processing, using, and storing personal data.
  • The rights of individuals whose data is being processed and procedures for exercising those rights.
  • The security measures through which the company ensures the confidentiality, integrity, and availability of personal data.
  • The responsibilities of employees and management in ensuring compliance with the GDPR.

2. OBJECTIVE

To protect the rights of individuals whose data is being processed and to prevent potential misuse of personal data. To ensure transparency in the processing of personal data and the company’s accountability for safe and lawful handling of such data.

3. PRINCIPLES OF PERSONAL DATA PROCESSING

When processing personal data, the company adheres to the following principles:

  • Lawfulness, fairness, and transparency: Data is processed lawfully and transparently, with clear information provided to individuals.
  • Purpose limitation: Data is collected and processed solely for specific, lawful purposes.
  • Data minimisation: Only the data necessary to achieve the intended purpose is collected.
  • Accuracy: Data is accurate and updated when necessary.
  • Storage limitation: Data is retained only as long as necessary for the purpose of processing.
  • Integrity and confidentiality: Adequate data security is ensured, including protection against unauthorised access or loss.

4. RIGHTS OF INDIVIDUALS

In accordance with the GDPR, individuals have the following rights:

  • Right to be informed: Information about the processing of their data.
  • Right of access: The right to access their personal data.
  • Right to rectification: Request to correct inaccurate data.
  • Right to erasure (right to be forgotten): Request to delete data if it is no longer necessary.
  • Right to restriction of processing: Restriction of processing in certain cases.
  • Right to data portability: Transfer of data to another data controller.
  • Right to object: Objection to data processing based on specific reasons.
  • Right to lodge a complaint: Complaint to the supervisory authority (e.g. Information Commissioner of the Republic of Slovenia)

5. COMPANY RESPONSIBILITIES

  • Data controller: The company HIRSCH Koviflex d.o.o. is responsible for compliance with the GDPR in all data processing activities.
  • Employees: Employees are required to act in accordance with this policy and protect the confidentiality of personal data.
  • Service providers (processors): Contracted processors must ensure GDPR compliance and adhere to data protection agreements.

6. SECURITY MEASURES

The company ensures appropriate technical and organisational measures to protect personal data, including:

  • Limiting access to personal data to authorised individuals only.
  • Encrypting sensitive data.
  • Regularly backing up data.
  • Providing employee training on data protection.

7. DATA RETENTION

Personal data is retained only as long as necessary to fulfil the purpose for which it was collected or in accordance with statutory retention periods. After this period, data is securely deleted or anonymised.

8. PERSONAL DATA BREACHES

In case of a suspected or actual personal data breach, the company must:

  • Immediately notify the designated data protection officer.
  • Take action to resolve the breach and minimise damage.
  • Notify the competent authority (e.g. Information Commissioner of the Republic of Slovenia) within 72 hours of detecting the breach.
  • Notify affected individuals if necessary.

9. ENFORCEMENT OF THE POLICY

This policy enters into force on the date of signature and is binding for all employees, management, and external contractors. Any changes to the policy are made through amendments approved by the company director. For all matters not regulated by this privacy policy, the applicable legislation shall apply. The company reserves the right to amend this privacy policy. You will be notified of any changes by publication on the official website of HIRSCH Koviflex 30 days before the amendments take effect. If you have any questions regarding this privacy policy or the data we hold about you, please contact us at info.hiko@hirsch-gruppe.com. This privacy policy is published on the website of HIRSCH Koviflex.

Date: 31.05.2025
Responsible person: Andraž Hrovat