Marvix Digital | Privacy Policy

Notice to individuals under Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data

The controller of your personal data in relation to the website https://marvixdigital.com/ (hereinafter: the website) and your other interactions with MARVIX DIGITAL is:

MARVIX DIGITAL, MARKO BIZJAK S.P., RAČUNALNIŠKO PROGRAMIRANJE

Koper, Marušičeva ulica 7, 

6000 Koper - Capodistria, 

company reg. no. 8075867000, 

VAT ID no. SI 79835350

email: info@marvixdigital.com

website: https://marvixdigital.com/

(hereinafter: we, us, our, Marvix, processor, provider, company or organization)

A Data Protection Officer has not yet been appointed. Please reach out to us with any privacy related inquiries or requests at info@marvixdigital.com.

Purpose and use of this notice

You can find out more about us and our services and other activities here.

The company is the owner and provider of the website https://marvixdigital.com/ and its various sub-domains or related websites (hereinafter collectively referred to as: the website).

This notice describes how our organization processes and protects the personal data of individuals who have provided their data directly to the company as the controller of personal data in connection with the website (e.g. by consenting to the placement of cookies when visiting the website, when completing and submitting an online form through the website, etc.).

Use of terms and amendments to this notice

Unless otherwise stated, terms used in this notice (e.g. personal data, processing, controller, processor, etc.) have the same meaning as in the General data protection regulation (hereinafter: the GDPR).

The terms defined in this notice, which are used in the singular form shall be deemed to include the plural form and vice versa, whereby the terms relating to the masculine gender shall be deemed to include all genders.

We may update or change the information and references in this notice from time to time, whereby news of major changes shall be posted on our website.

In the event of substantial changes (e.g. to the legal basis and purposes of the processing of data already collected), we shall inform individuals of the proposed changes by email or by other appropriate means.

  1. What data we process, what gives the right to do so and why we process such data

1.1. Review of databases and types of personal data, categories of data subjects, deadlines for deletion of personal data and purposes and types of processing

NAME OF THE PERSONAL DATABASE

LEGAL GROUNDS

TYPES OF DATA & CATEGORIES OF DATA SUBJECTS

DEADLINES FOR DELETION OF PERSONAL DATA**

PURPOSES OF PERSONAL DATA PROCESSING AND

TYPES OF PROCESSING*

Data associated with a contract 

Contract 




Data on the authorized person of the client or representative who had concluded/negotiated for the conclusion of a contract with our organization (such as his email address, password, first name, last name) as well as the relevant business data (company name, pricing package, special usage requirements).

Until the termination of the contract and another 6 years after the termination of the contract (or in a limited scope even longer, if, for example, processing is necessary because there is a dispute between the individual and our organization, etc.).

Please note that this data shall not be deleted if our organization is obliged to keep such data after the termination of the contract (e.g if a high probability of fraud exists or other special cases apply, as described in section 2). 

For the purposes of concluding / negotiating the conclusion of the contract, whereby the data shall be stored on our servers and in our CRM systems, viewed, shared inside and outside of our organization, structured and processed in other relevant ways for achieving these purposes.

Data associated with the issuing of invoices/billing

Fulfilling our legal obligations.





Data on the authorized person of a client who has a registered account for the use of our services (such as his email address, password, first name, last name) as well as the relevant account data (company name, pricing package, special usage requirements).

We are legally required to store these data for a period of 10 years.

Please note that this data shall not be deleted if our organization is obliged to keep such data after the termination of the contract (e.g. archiving data on issued invoices), as is described in more detail under points 1.3. and 2. of this notice. 

For the purposes of issuing invoices/billing on the basis of a concluded contract, whereby the data shall be stored on our servers and in our CRM systems, viewed, shared inside and outside of our organization, structured and processed in other relevant ways for achieving these purposes.

Information on the individual communicating with the company via the email addresses and other communication channels that are available on the website 

Negotiation for the conclusion of a contract.

Personal data of an individual who voluntarily communicates with the company (e.g. enquires about the company's services, orders support services or proposes support related questions, arranges to place an order via a published email address, etc.), whereby such situations justifie the limited storage or processing of such individual's data for the purpose of preparing the company's response or for further communication.

Until the purposes for which the personal data had been collected for the processing of the individual personal data have expired (e.g. until the cessation of communications) or until 5 years have elapsed since the moment of last communication with the individual.

In the context of contract negotiations (i.e. obtaining information about or ordering a product or service or other voluntary communication between an individual and the company), the company may process the data in ways that are logically related to the negotiations taking place or the preparation of responses (e.g. storage in an email system for the purposes of responding and any further communication, storage of the data in the company's archives, etc.).

Details of individuals who have opted in to receiving the company's newsletters and other commercial communication

Consent.

Personal data of an individual who has consented to the company sending him commercial information and other useful information about its products and services to his or her e-mail address from time to time.

To unsubscribe from receiving electronic communications, an individual may follow the unsubscribe link contained in each email.


In any case, the individual may also request the deletion of his data by sending his/her request to the company's official e-mail address: info@marvixdigital.com

On the basis of consent, which had explicitly been obtained from the individual, the company may process (i.e. store and use in connection with the email system) the data solely for the purpose of providing commercial information and other useful information about its products and services.

Details of individuals applying for a open employment position in the company

Negotiation for the conclusion of a contract.

Name and surname of the candidate, the candidate's email address, his Curriculum vitae, motivation letter, previous work experience or other information relevant to the selection procedure and indicated as such when the vacancy is posted or advertised, as well as yny personal data contained in email correspondence with such individual

Until the end of the recruitment process, unless the company has obtained the individual's explicit consent for longer data retention.

On the basis of the negotiation of an employment contract, the company may process (i.e. collect, store for the duration of the selection process, review, structure) and otherwise reasonably use the data solely for the purposes of the recruitment process (e.g. evaluating the references of the individual and communicating with him/her about the progress of the recruitment process, using the data to view other publicly available information about the individual, etc.).

**In certain cases, based on its legitimate interests and unless otherwise stated above or elsewhere in this notice, our organization reserves the right to store certain data beyond the stated period, as stated-above and in section 2 of this notice, whereby our organization will, in all such cases, limit data storage to the data that are essential for pursuing such legitimate interests. Individuals can always request the deletion of data by sending their request to our official email address: info@marvixdigital.com. In connection with the above-stated purposes (e.g., where data storage is listed), the data shall be transferred for processing to our organization's contractual partners (subprocessors), which are listed in section 3.3. of this notice. Subprocessors shall process data only in connection with the performance of tasks assigned to them and are directly related to the pursued purposes.

1.2 The legal basis for the processing of personal data may lie in the fulfillment of a concluded contract or in negotiations for the conclusion of a contract

We may process personal data of individuals on the basis of a concluded contract (e.g., the conclusion of a contract for the use of our services) or negotiations for the conclusion of a contract (e.g., when an individual contacts our organization through our official communication channels and wants to obtain more information about our services). 

In the described cases, you provide us with personal data as part of a contractual obligation or as part of negotiations for the conclusion of a contract, whereby we consequently do not need your explicit consent for the above-mentioned processing of your personal data. In principle, you will not suffer any serious negative consequences in situations where we would otherwise need your personal data to perform our services and you do not provide us with these data. However, such situations can significantly complicate or even prevent the execution of ordered services or our cooperation, and you will be informed in advance or subsequently in these cases.

1.3. The legal basis for the processing of your data may also be set out in legislation

Our organization may also process personal data for the purposes of fulfilling legal and other lawful obligations, especially those governing taxes and accounting requirements (e.g., records of issued and received invoices, etc.), for example: when an inspector or another holder of public authority orders our organization to entrust him with personal data of a certain client/visitor in accordance with the law (for example, in the context of conducting inspection supervision under the provisions of the applicable law, when our organization processes personal data of a client to whom it has issued an invoice, our organization processes this invoice and client data (e.g., personal name, contact details, etc.) on the basis of the applicable tax laws and regulations (see section 3.2.), etc.

1.4. Based on our legitimate interests

We are also allowed to process certain personal data for the purposes of safeguarding our own legitimate interests. Such cases may arise, for example, when the processing of your data would be necessary from the perspective of administrative, criminal, or civil proceedings (e.g., when our organization would have to submit a database as evidence in a procedure, otherwise our organization would suffer a penalty or severe and irreparable damage), in which case we will always process only those data that are absolutely necessary to pursue such legitimate goals. OUR organization is also allowed to process the personal data of an individual in cases where the processing is necessary to protect the vital interests of the individual (e.g., looking up the address of an individual who is facing an immediate and serious life-threatening danger).

1.5. Based on prior consent 

Interacting with us and the use of our services is generally not conditional on you agreeing to the processing of your personal data.

However, we can also process your personal data based on your explicit consent. An individual's explicit consent is considered as his voluntary declaration of will by which he agrees to the processing of certain personal data for a certain purpose, (e.g., when you consent to receiving our newsletter or other commercial messages), whereby in such cases we process those data that are indicated in the relevant section of the table from point 1, where consent is indicated as the legal basis for processing.

Receiving such communication can be stopped at any time by following the link contained in every newsletter/commercial email message or by contacting us at info@marvixdigital.com.

Based on your consent, our online advertising can also be performed, provided that you have agreed to the installation of optional (advertising) cookies and tracking pixels of our advertising partners when visiting our website (e.g., installation of the Google Analytics cookie, which enables us to advertise our services more easily on other websites, etc.). A detailed list of optional cookies from our advertising partners, the data we process with them, and the retention periods of these data is defined on the "Cookies" page.

Our organization provides each individual with the right to withdraw his explicit consent at any time in a simple way, by contacting us at any time at info@marvixdigital.com.

The withdrawal of consent does not affect the legality of the processing that was carried out on the basis of consent until the moment of withdrawal.

If you do not give consent for the processing of personal data, give consent partially or withdraw consent (partially), we will, if possible, cooperate with you only to the extent of the given consent or in ways permitted by applicable law.

Consent is voluntary and if you decide not to give it or later withdraw it, this in no case infringes on your other rights or represents additional costs or aggravating circumstances for you.

  1. How long do we store or process your personal data?

The retention period of personal data depends on the basis and purpose of processing each category of personal data. Personal data is usually stored as long as necessary to fulfill the purpose for which the data was collected, or until some regulation requires us to keep it, after which it is deleted.

If the retention period of individual data is not more precisely defined in the table in section 1, the following applies:

  • we keep the personal data of clients on invoices for another 10 years after issuing the invoice, as this is a duty imposed on our organization by applicable tax laws,
  • based on the concluded contract for the use of our services, data is processed for the duration of the contract, or for another 6 years after the termination of the contract (or in a limited scope even longer, if, for example, processing is necessary because there is a dispute between the individual and our organization, etc.),
  • we keep data about an individual who communicates with our organization via email addresses and other communication channels available on the website until we receive an opt-out or data deletion request from such individual or until 4 years have elapsed from the last communication,
  • based on the explicit consent to receive our newsletters/commercial communication or our legitimate interest for advertising to people who are already our clients, we keep the data until such person withdraws his consent. 
  •  

Our organization may retain the data for another 15 days after the expiration of the said retention period with the aim of being able to destroy the stored data from all data carriers and servers during this period.

An individual can always request the deletion of data by sending their request to our organization's official email address: info@marvixdigital.com.

  1. Who processes your personal data?

3.1. Certain employees that work for our organization

Your personal data is processed by those employees in our organization who need the data in order to perform their work. All employees are bound by confidentiality and are required to protect your personal data.

3.2. Government bodies 

In certain cases, as prescribed by applicable legislation, our organization must also provide or report your personal data to the competent state authorities, as well as to authorities that are, for example, competent for financial, tax or other supervision (e.g., the Estonian Data Protection Inspectorate, etc.). In certain cases, our organization is obliged to provide data to third parties, if such an obligation to provide or disclose is imposed on our organization by law or the legal entitlement of a third party.

3.3. Contractual Processing of Personal Data

In addition to the employees in our organization, the users of personal data can also be employed persons of contractual processors of our organization, who can process personal data as confidential exclusively on behalf of our organization and within the limits of the contract on external processing of personal data, which our organization has concluded with each such processor. Contractual processors may only process personal data within the instructions of our organization (i.e., the contract), and they may not use the data to pursue any of their own interests.

The contractual processors our organization engages that might come into contact with your personal data are:

  • persons who work with us on the basis of subcontracts or author's contracts (IT system maintainers, software code developers, etc.),
  • accountants or accounting services,
  • the provider of the website development and hosting services (see section 3.4.).

Our organization will not disclose your personal data to third unauthorized persons.

If you would like to obtain an exact list of all contractual subprocessors of our organization, you can write to us at info@marvixdigital.com.

3.4.  Website development and hosting service provider

The data you provide to us via our website (e.g. in relation to communication via the contact form on the site, etc.) is stored on servers and shared with other sub-processors inside and outside the EU for the purposes of the operation of our website (e.g. the functioning of the contact form).

3.5. Transfer of Personal Data to Third Countries and International Organizations and Measures to Protect Transferred Data 

As a rule, our organisation does not transfer personal data to third countries (i.e. outside the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and international organisations. 

An exception to this is the occasional transfer of certain technical and personal data to the servers of the above-mentioned processors whose headquarters or servers are located in the USA (e.g. the automatic transfer of certain data collected by Alphabet Inc.'s cookies, entering email addresses in commercial messaging tools, etc.), whereby the relevant processors are former members of the Privacy Shield (https://www.privacyshield.gov/) and have complied with and adopted security measures in relation to the receipt or transfer of data after 12 July 2020 (e.g. standard contractual clauses) or have adequately performed and achieved full self-certification in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data in the EU-US data privacy framework (i.e. in the context of the new EU-US data transfer framework in accordance with the above adequacy decision as of 10 July 2023).

More detailed information on the categories of users and data sub-processors, can be obtained by sending a request in this respect to the following e-mail addresses: info@marvixdigital.com.

  1. Processing of special category personal data

We do not direct individuals to provide specific personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data or biometric data, data relating to health or data relating to an individual's sex life or sexual orientation) in connection with our website or services.

If our organisation becomes aware of a situation in which such data may be disclosed to it, the data received will be protected or otherwise dealt with as appropriate.

  1. What are your rights regarding your personal data and how can you exercise them?

In relation to this personal data processing notice or the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without any reservations via the email address info@marvixdigital.com. You can also use this address to send your requests and exercise other rights related to personal data and GDPR regulation.

As an individual to whom the personal data refers, the GDPR regulation provides you with the opportunity to exercise the following rights with our organization: 

Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data. 

Right of Access: Individuals have the right to access their personal data and obtain information about how it is being processed, as well as a copy of the data itself. 

Right to Erasure (Right to be Forgotten): Individuals have the right to request the deletion of their personal data in specific circumstances. 

Right to Withdraw Consent: If personal data processing is based on consent, individuals have the right to withdraw their consent at any time and without any detriment.

Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data. If the data has been shared with third parties, our organizations must inform those parties of the rectification, if possible.

Right to Restrict Processing: Individuals have the right to request the restriction of processing of their personal data. This right applies in certain cases, such as when the accuracy of the data is contested or the individual has objected to the processing.

Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format in certain cases. They can also request that their data be transmitted to another controller if the processing is based on consent or a contract and where the processing is carried out by automated means.

Right to Object: Individuals have the right to object to the processing of their personal data based on legitimate interests or public interest/exercise of official authority. Our organization must cease such  processing unless it can demonstrate compelling legitimate grounds that override the individual's interests, rights, and freedoms.

Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to solely automated decisions, including profiling, which significantly affects them. They have the right to obtain human intervention, express their point of view and challenge the decision.

Right to lodge a complaint with a supervisory authority: If you believe that the processing of personal data performed in connection with you by our organization violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the a supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place, whereby:

  • in the Republic of Slovenia the authority is the  Informacijski pooblaščenec, Dunajska 22, 1000 Ljubljana, Slovenia, EU, email: gp.ip@ip-rs.com, phone: +38612309730, website: www.ip-rs.com.

A list of other EU supervisory authorities and their contact information can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.


6. Existence of automated decision making and profiling 


We do not use automated decision making or profiling.

  1. Processing of personal data of persons under 15 years of age 

Our organization does not knowingly collect or otherwise process personal data of persons under 15 years of age. 

If our organization subsequently finds out that it has processed the personal data of such a person without the consent of his parent or guardian, our organization shall do everything necessary to delete all provided personal data.

At the address info@marvixdigital.com, the above-described persons or their parents or guardians shall be able to submit their requests for the deletion of the data concerned at any time.

8. Who can you contact for further clarification regarding the processing of personal data in our organization and regarding your rights?

You can limit or revoke your consent for the processing of data at any time by contacting our organization as a processor of your personal data at:

9. Protection of personal data

Our organization carefully stores and protects personal data through organizational, technical and logical procedures and measures to protect the data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing to which you have not expressly consented to.

To this end, our organization has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, physically protection of material containing personal data in specially designated places, training of employees, etc.). Our organization also demands these security commitments from its contractual processors.

  1. Version and date of the last update of this notice

The text of this notice represents version 1.0 of this document. 

This notice was last updated on November 28th, 2023.