Contact us

PERSONAL DATA PROTECTION

Data Controller and Contact Information

This policy applies to the processing (use) of any personal data carried out by DR. NEJA ZUPAN INSTITUTE, EDUCATION AND CONSULTING (data controller) or carried out on behalf of the data controller.

 

Data controller information:

  1. NEJA ZUPAN INSTITUTE, EDUCATION AND CONSULTING, NEJA ZUPAN S.P.
  2. NEJA ZUPAN S.P. (abbreviated)

4000 Kranj, Slovenia
Tax ID: SI59406224
Registration number:
Phone: 040 535 557
Email: info@nejazupan.com
Website: nejazupan.com

 

What Personal Data We Process

Information You Provide Directly

  • Basic contact information (name, phone number, email address)
  • Information submitted through contact forms on our website
  • Newsletter subscription data
  • Service inquiry and booking information
  • Payment information when purchasing services or products

Information Collected Automatically

  • Website Analytics Data: Pages visited, time spent on site, click patterns, referral sources
  • Technical Data: IP address, browser type and version, device type, operating system
  • Cookies and Tracking Data: Information stored through cookies and similar technologies (see Cookie Policy section below)

Business Transaction Data

  • Data we need to fulfill contracts and deliver purchased products (purchase subject, price, delivery address, delivery time, payment method, payment date, complaint data, invoice data, etc.)
  • Data we need to perform ordered services (service name, price, customer address for invoice issuance, payment method, payment date, complaint data, invoice data, etc.)

 

Cookie Policy

What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better browsing experience and analyze website usage.

Types of Cookies We Use

Essential Cookies (No consent required)

  • Session management cookies
  • Security cookies
  • Basic functionality cookies

Analytics Cookies (Consent required)

  • Google Analytics cookies to understand website usage
  • Performance monitoring cookies
  • User behavior analysis cookies

Marketing Cookies (Consent required)

  • Social media integration cookies
  • Advertising tracking cookies (if applicable)
  • Email marketing tracking cookies

Cookie Duration

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Remain for periods ranging from 30 days to 2 years depending on their purpose

Managing Your Cookie Preferences

You can manage your cookie preferences through:

  • Our cookie consent banner when you first visit the website
  • Browser settings to block or delete cookies
  • The cookie preference center accessible from our website footer

Third-Party Cookies

Our website may set cookies from third-party services including:

  • Google Analytics (Google LLC)
  • Social media platforms (if social sharing buttons are present)
  • Email marketing platforms

 

Legal Basis for Personal Data Processing

We may process your personal data on the following legal bases:

  • Legal Obligation: When necessary to fulfill our legal obligations (e.g., issuing invoices for purchased services and products, tax reporting)
  • Contract Performance: When processing your personal data is necessary for concluding and fulfilling a contract you have entered into with us or because you requested a quote from us
  • Consent: When you have given consent for processing your personal data for a specific processing purpose, whereby you always have the right to withdraw the given consent
  • Legitimate Interest: When we have a legitimate interest in processing your personal data (such as improving our services, direct marketing to existing customers, or fraud prevention)

 

Purposes of Personal Data Processing

We may use your personal data for one or more of the following purposes:

  • Service Provision: Communicating with you regarding the provision of our services and responding to your inquiries
  • Contract Management: Concluding contracts and fulfilling obligations arising from concluded contracts
  • Marketing Communication: Sending emails and SMS messages (where you have consented)
  • Website Analytics: Understanding how our website is used to improve user experience
  • Legal Compliance: Asserting any legal claims and resolving disputes
  • Business Analytics: Statistical analyses of our goods sales and website usage

 

International Data Transfers

Some of our service providers may process your personal data outside the European Economic Area (EEA). When this occurs, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with EU adequacy decisions (such as UK, Canada, Japan, or US companies participating in the EU-US Data Privacy Framework)
  • Standard Contractual Clauses: EU-approved contracts that provide adequate safeguards
  • Other Appropriate Safeguards: As approved by EU authorities

Current service providers that may involve international transfers include:

  • Cloud hosting services
  • Email marketing platforms
  • Website analytics services (Google Analytics)
  • Payment processing services

Data Retention Periods

  • Basic Contact Data: Stored until you withdraw consent or request deletion
  • Consent Records: Stored permanently or until consent is withdrawn
  • Invoice Data: 10 years from issuance (legal requirement)
  • Contract Data: 5 years from contract fulfillment
  • Website Analytics: 26 months (Google Analytics default)
  • Marketing Data: Until unsubscribed or consent withdrawn
  • Cookie Consent Records: 12 months or until consent is withdrawn/renewed

After retention periods expire, we effectively delete or anonymize personal data so it can no longer be connected to you.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption: Data encrypted in transit and at rest where technically feasible
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Reviews: Periodic assessment of our security measures
  • Staff Training: Regular training on data protection requirements
  • Secure Hosting: Use of reputable hosting providers with appropriate security measures

Voluntary Nature of Data Provision

Providing personal data is voluntary. However, certain data is necessary for:

  • Service Delivery: Contact information needed to provide requested services
  • Legal Compliance: Information required for invoicing and tax purposes
  • Website Functionality: Some cookies are essential for basic website operation

Consequences of not providing required data may include our inability to provide requested services or fulfill contractual obligations.

Data Sharing and Third Parties

We do not sell or share your personal data with third parties except:

Service Providers (Contractual Processors):

  • Marketing service providers
  • Email sending service providers
  • SMS sending service providers
  • Website hosting and technical service providers
  • Payment processing services
  • Analytics providers (Google Analytics)
  • Cloud storage providers

All service providers are bound by contracts requiring them to:

  • Process data only according to our instructions
  • Implement appropriate security measures
  • Respect data protection laws
  • Not use data for their own purposes

Legal Requirements: We may disclose data when required by law, court order, or to protect our rights and safety.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Access and Information

  • Confirmation: Whether we process your personal data
  • Access: Copy of your personal data and information about processing
  • Transparency: Details about purposes, recipients, retention periods, and your rights

Control Over Your Data

  • Rectification: Correction of inaccurate personal data
  • Erasure: Deletion of personal data (right to be forgotten) when legally permissible
  • Restriction: Limitation of processing under certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Stop processing for direct marketing or legitimate interest purposes

Consent Management

  • Withdrawal: Withdraw consent at any time (where processing is based on consent)
  • Cookie Management: Change cookie preferences through our preference center

Automated Processing

  • Human Review: Right not to be subject to purely automated decision-making
  • Explanation: Information about any automated processing and its consequences

Complaints

  • Supervisory Authority: Right to file a complaint with your local data protection authority
  • Slovenia: Information Commissioner (IP) – www.ip-rs.si

Exercising Your Rights

To exercise your rights:

  1. Contact Us: Send written requests to any contact information listed above
  2. Identity Verification: We may request additional information to verify your identity
  3. Response Time: We will respond within one month of receiving your request
  4. Free of Charge: First copy of data provided free; additional copies may incur reasonable fees

Automated Decision-Making and Profiling

We do not currently engage in automated decision-making or profiling that would significantly affect you. If this changes, we will update this policy and inform affected individuals.

Children’s Privacy

Our services are primarily intended for adults. We do not knowingly collect personal data from children under 16 without appropriate parental consent. If you believe we have collected such data, please contact us immediately.

Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will inform affected individuals without undue delay
  • We will document the breach and our response measures

 

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated through:

  • Prominent notice on our website
  • Direct notification to registered users
  • Updated version clearly marked with revision date

Contact Information for Privacy Matters

For questions about this privacy policy or to exercise your rights:

Email: info@nejazupan.com
Phone: 040 535 557
Address: DR. NEJA ZUPAN S.P., 4000 Kranj, Slovenia

Data Protection Officer: If you have specific privacy concerns, please mark your communication “GDPR Request” or “Privacy Matter”

Last Updated: 9. 6. 2025
Version: 1.0

This privacy policy complies with the EU General Data Protection Regulation (GDPR) and Slovenia’s Implementation of Data Protection Directive.