Legal
Privacy Notice
Controller of your personal data is Klemen Kraigher Mišič, s.p., Poljanska cesta 19, 1000 Ljubljana, Slovenia. Contact for data protection inquiries: info (at) dpopilot.eu
Definitions
GDPR: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — terms defined in the GDPR also apply to this policy.
ZVOP-2: means the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22)
What are my rights and how can I exercise them?
Your rights include the right:
- to access your personal data;
- to rectification or supplementation of personal data;
- to erasure of personal data, where there is no longer a legal basis (or legal obligation) for retention, or where you have given us your consent;
- to restriction of processing of personal data (in certain cases);
- to object — where processing is based on legitimate interest;
- to data portability — where the processing is based on a contract or consent & is carried out by automated means.
You may exercise your rights in writing at the controller's address or via e-mail at at info (at) dpopilot.eu. In certain cases, we may contact you in order to verify your identity.
Right to lodge a complaint: if you believe we are not exercising your rights properly, we will be happy if you first contact us. If this does not resolve the matter, you may lodge a complaint with the Information Commissioner of the Republic of Slovenia.
Purposes of Processing
Newsletter subscription
If you subscribe to our newsletter, we will use your e-mail address to send you occasional updates about news, service updates and content related to our services. You may unsubscribe from the newsletter at any time by clicking the unsubscribe link in any message received.
Details
| Legal basis | Consent (Article 6(1)(a) GDPR). |
| Recipients | E-mail service providers, IT system administrators. |
| Retention | Until withdrawal of consent. |
| Note | Subscribing to the newsletter is entirely voluntary. If you do not give consent, this does not affect your use of our services. |
Registration on the website
Registration is required to use the services at dpopilot.eu. Registration is also mandatory for the trial period, as we need to prevent misuse of services and unauthorised consumption of resources (e.g. query credits). Upon registration, we collect your basic contact details and login credentials.
Details
| Legal basis | Performance of a contract (Article 6(1)(b) GDPR) — where you register as a natural person; legitimate interest (Article 6(1)(f) GDPR) — where you register as a contact person of a legal entity. |
| Recipients | IT system administrators, hosting providers. |
| Retention | 3 months after the user's last login. Where the user has purchased a subscription or service, the retention period is governed by the rules set out in the 'Subscription or purchase of a service' section of this policy. |
| Note | Registration is a prerequisite for using the services, including the trial period. Without registration, we cannot provide access to the services. |
Registration or sign-in with a Google account
If you register or sign in with a Google account (“Sign in with Google”), Google will share your e-mail address with us. Google Ireland Limited acts as an independent controller of your Google account data and processes your data in accordance with its privacy policy (https://policies.google.com/privacy). We use this data solely to create and manage your user account.
Details
| Legal basis | Performance of a contract (Article 6(1)(b) GDPR) — where you register as a natural person; legitimate interest (Article 6(1)(f) GDPR) — where you register as a contact person of a legal entity. |
| Recipients | Google Ireland Limited (independent controller — privacy policy: https://policies.google.com/privacy), IT system administrators. |
| Third-country transfers | Although Google Ireland Limited acts as controller in the EU, personal data is also transferred to the USA within the scope of Google services, on the basis of Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the adequate level of protection of personal data under the EU-US Data Privacy Framework. |
| Retention | 3 months after the user's last login. Where the user has purchased a subscription or service, the retention period is governed by the rules set out in the 'Subscription or purchase of a service' section of this policy. |
Subscription or purchase of a service
When you subscribe to or purchase a service, we require certain data to conclude and perform the contract, issue invoices and provide the agreed services. The legal basis depends on whether you act as a natural person or a legal entity.
Details
| Legal basis | Performance of a contract (Article 6(1)(b) GDPR) — where the subscriber is a natural person; legitimate interest (Article 6(1)(f) GDPR) — where the subscriber is a legal entity (processing of contact data of the subscriber's employees for the purpose of performing the business relationship). |
| Recipients | Payment service providers (Stripe Technology Europe, Limited, Ireland — privacy policy: https://stripe.com/privacy — acts as an independent controller for payment data processing where it determines the purposes and means, e.g. fraud prevention and regulatory compliance; acts as a processor when executing payment transactions on our instructions), accounting service providers, IT system administrators. |
| Third-country transfers | Personal data is transferred to the USA within the scope of payment processing via Stripe, on the basis of Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the adequate level of protection of personal data under the EU-US Data Privacy Framework. |
| Retention | 5 years from the end of the subscription or settlement of all obligations; for legally required retention (tax regulations): 10 years. |
| Note | If you do not provide the required data, we cannot conclude or perform the contract (e.g. we cannot create an account, provide access to services or issue an invoice). |
Ensuring the security of the website and information systems
To ensure the secure use of our websites and services, we monitor server operations, log technical access data (e.g. IP address, time and duration of visit, browser used) and implement measures to prevent misuse, unauthorised access and other security incidents.
Details
| Legal basis | Legitimate interest of the controller in protecting networks, information systems and data (Article 6(1)(f) GDPR). |
| Recipients | IT system administrators, hosting and security solution providers, competent law enforcement authorities where necessary. |
| Retention | Technical data is retained for a maximum of 1 year, or longer if necessary for the investigation of a security incident. In the event of detected attacks and other harmful events, IP addresses of attackers are retained permanently (black list — permanent block). |