General conditions of personal data processing

General conditions of personal data processing

1. General terms and conditions governing the processing of personal data

SIQ Ljubljana, which acts as a data controller in the processing of personal data, values your privacy, which is why we carefully protect your data by adhering to all security and other rules that meet high standards of data protection and are in accordance with the legislation in force governing the protection of personal data.

The data collected is used solely for the purposes for which you have provided it, given your consent to the processing, or we are required to keep it for legal or contractual obligations. When you provide personal data, you acknowledge that you have read and understood these General terms and conditions governing the processing of personal data. We respect the confidentiality of your data (your privacy) and will take all necessary steps to protect it from breach and/or misuse.

2. Processing of personal data

2.1 Processing of personal data when visiting the SIQ Ljubljana website

In this section, we would like to provide you with information about how your personal data is processed when you visit our website. Unless otherwise stated in the following subsections, the legal basis for the processing of your personal data is the fact that such processing is indispensable for you to access the requested website functions (point b of the first paragraph of Article 6 of the General Data Protection Regulation (hereinafter referred to as the GDPR).

2.1.1 Use of our website

When you access our website, your browser transfers certain data to our web server. The transfer is due to technical reasons, but it is also necessary to enable you to access the information you want. In order to facilitate your access to the website, the following data is collected, stored, and used for a short period:

– IP address

– Date and time of access

– Time zone difference compared to GMT

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred

– Webpage requesting access

– Browser, language settings, operating system, software, and browser version

In addition, in order to protect our legitimate interests, we will store this data for a limited period, which will allow us to initiate the tracking of personal data in the event of attempted unauthorised access to our servers (point f of the first paragraph of Article 6 of the GDPR).

2.1.2   Cookies

What are cookies?

This website uses so-called “cookies”. Cookies are small text files that are stored in your terminal’s memory via your browser. They store certain information (for example, your preferred language or site settings) that your browser may (depending on the lifetime of the cookie) send to us the next time you visit our website.

Which cookies do we use?

We use cookies to personalise content and ads, provide social media features, and analyse our traffic. In addition, we share information about your use of our site with our partners in social media, advertising, and analytics, who may combine it with other information you have provided to them or that they have collected through your use of their services.

Necessary cookies make the website usable by enabling basic functions such as site navigation and access to secure areas of the website. The website does not function properly without these cookies.

Name Provider Purpose Lifetime Type
_GRECAPTCHA google.com This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 179 days HTTP
CONSENT google.com Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 years HTTP
rc::a google.com This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistent HTML
rc::b google.com This cookie is used to distinguish between humans and bots. Session HTML
rc::c google.com This cookie is used to distinguish between humans and bots. Session HTML
li_gc linkedin.com Stores the user’s cookie consent state for the current domain 179 days HTTP
_grecaptcha siq.si This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistent HTML
CookieConsent siq.si Stores the user’s cookie consent state for the current domain 1 year HTTP
pll_language siq.si This cookie is used to determine the preferred language of the visitor and sets the language accordingly on the website, if possible. 1 year HTTP
CONSENT youtube.com Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 years HTTP

Statistics cookies help website owners understand how visitors use the website by collecting and reporting information anonymously.

Name Provider Purpose Lifetime Type
collect google-analytics.com Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels. Session Pixel
AnalyticsSyncHistory linkedin.com Used in connection with data-synchronization with third-party analysis service. 29 days HTTP
_ga siq.si Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 399 days HTTP
_ga_# siq.si Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. 399 days HTTP
_gat siq.si Used by Google Analytics to throttle request rate 1 day HTTP
_gid siq.si Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP
last_pys_landing_page siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. 6 days HTTP
last_pysTrafficSource siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. 6 days HTTP
ln_or siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. 1 day HTTP
pys_first_visit siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. 6 days HTTP
pys_landing_page siq.si Detects and stores which landing page was presented to the user. 6 days HTTP
pys_session_limit siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. 1 day HTTP
pys_start_session siq.si Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. Session HTTP

Marketing cookies are used to track users across websites. The purpose is to serve ads that are relevant and interesting to the individual user and therefore more valuable to publishers and advertisers of foreign sites.

Name Provider Purpose Lifetime Type
IDE doubleclick.net Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year HTTP
pagead/landing doubleclick.net Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. Session Pixel
test_cookie doubleclick.net Used to check if the user’s browser supports cookies. 1 day HTTP
fr facebook.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months HTTP
ads/ga-audiences google.com Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. Session Pixel
NID google.com Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads. 6 months HTTP
pagead/1p-user-list/# google.com Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Session Pixel
pagead/landing google.com Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. Session Pixel
rc::f google.com Persistent HTML
bcookie linkedin.com Used by the social networking service, LinkedIn, for tracking the use of embedded services. 1 year HTTP
bscookie linkedin.com Used by the social networking service, LinkedIn, for tracking the use of embedded services. 1 year HTTP
li_sugr linkedin.com Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant. 3 months HTTP
lidc linkedin.com Used by the social networking service, LinkedIn, for tracking the use of embedded services. 1 day HTTP
UserMatchHistory linkedin.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences. 29 days HTTP
_fbc siq.si This cookie is used by Facebook to target advertisement based on user behavior and preferences across multiple websites. The cookie contains an encrypted ID which allows Facebook to identify the user across websites. 6 days HTTP
_fbp siq.si Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 6 days HTTP
_gcl_au siq.si Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 months HTTP
VISITOR_INFO1_LIVE youtube.com Tries to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 days HTTP
YSC youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session HTTP
ytidb::LAST_RESULT_ENTRY_KEY youtube.com Stores the user’s video player preferences using embedded YouTube video Persistent HTML
yt-remote-cast-available youtube.com Stores the user’s video player preferences using embedded YouTube video Session HTML

SIQ Ljubljana will not use or allow any third party to use any statistical analytical tool to track or collect personally identifiable information about visitors to this site.

2.1.3 Cookie preferences

2.1.4 In compliance with your consent

We use the optional cookies only if we have first obtained your consent to their use (Article 6(1)(a) GDPR). When you first visit our website, you will be asked to consent to the installation of selected cookies. If you give your consent, we will place a cookie on your browser and the request will not appear again as long as the cookie is active. After the cookie expires or if you delete the cookie yourself, the consent request will reappear the next time you visit our website.

2.1.5 How can you prevent the installation of cookies?

You can use our website even if you don’t allow cookies. You can set or fully enable the cookies in your browser at any time. However, this may limit the features of the website or negatively affect its user-friendliness. You can deny optional cookies at any time by selecting the option to withdraw your consent.

2.1.6 Website signals

The website may also contain website signals, which are used to count visitors to the website and the services offered together with other providers. We use website signals solely to improve our services. The information about website signals is anonymised.

2.2. SIQ Ljubljana news
2.2.1 Electronic communication

Electronic communication is used to communicate current activities in SIQ. To do this, we need the following information: your name, surname, email address, IP, date and time of subscription, name of organisation (optional), and job title (optional).

We will use your data for the purpose of carrying out electronic communication until you withdraw your consent. You may change or withdraw your consent at any time by clicking on the link Change your newsletter preferences and unsubscribe.

2.2.2 Mailing by post (SIQ Report)

The purpose of the SIQ Report newsletter is to report on SIQ activities and results. To do this, we need the following information: your first name, last name, name of your organisation, address of your organisation (street, postcode, city, country), and your email address (optional).

2.3 Notifying of new editions of standards

For the purpose of sending newsletters on standardisation, changes to national certification requirements, and security and EMC training, we need the following information: first name, last name, email, phone number (optional), and name of organisation.
Your data will be used for information purposes until your consent is withdrawn. At any time, you can withdraw your consent by requesting a withdrawal at gdpr@siq.si.

2.3 Offers

In order to obtain an offer via the online form, we need the contact details of the person with whom the communication will take place. For this purpose we need the following information: first name, last name, name of organisation, email, and telephone number (optional).

Your data will be used for offer preparation and offer-related communication purposes until the cooperation is terminated.

2.3.1 Informative seminars

For the purpose of an online registration to an informative seminar, we require the contact data of the person with whom we shall communicate. To this end, we require the following data: your name and surname, e-mail address (optional), telephone number, name, street, postal number, and place of the organization.
Your data will be used for offer preparation and offer-related communication purposes until the cooperation is terminated.

2.4 Information on training

The purpose is to keep you informed of upcoming SIQ Ljubljana training events. To this end, we require the following data: your name and surname, e-mail address, IP, date and time of subscription, name of the organization, and job title (optional).

Your data will be used for the purpose of communicating training until your consent is withdrawn or our cooperation is concluded. At any time, you can change or withdraw your consent by clicking on the link Change your newsletter preferences and unsubscribe.

2.4.1 Registration for training

The purpose of registering for training is to order a service, secure a place, draft an invoice, and keep you informed.

For a successful registration for training and invoicing, SIQ Ljubljana requires the following data: name and surname, job title, name of the organization, address of the organization (street, postcode, city, state), VAT ID number of the organization, e-mail address, telephone number, info on being registered for VAT (optional), IP, date and time of registration.

Your personal data shall be kept for three years.

2.4.2 Attending training

The purpose of attendance lists is to get proof of attendance, consent to being informed of future training events, and grounds for the issue of a certificate of attendance.

SIQ Ljubljana may grant the lecturer access to personal data to be able to carry out specific training.

The personal data of the attendee (data subject) may be forwarded to a third party provided the data subject has been informed of that in advance.

An attendance list is kept until revoked in writing.

2.4.3 Subscription to receiving information on training

You can subscribe to receiving information on training when you register for training or directly on the SIQ website. For the purpose of targeted marketing and spreading information on current training events, we segment data subjects according to their expressed interest. Data subjects can select training events they wish to be informed about.

Personal data is processed until the consent is withdrawn.

2.4.4 Request for an offer for training in a closed group (online form)

Requiring the completion of the online form, we get the contact data of a natural person from the organization asking for the implementation of training in a closed group. Data subjects completing the online form provide us with the following data: name, surname, e-mail address (optional), telephone number, and name of the organization.
SIQ Ljubljana may grant the lecturer access to personal data to be able to carry out specific training.
Personal data is processed for three years.

2.5 Use of contact forms

You can contact us directly using the forms available on our website. In particular, please provide us with the following information: email address, name, address, and telephone number. We will collect and process the information you provide via the contact forms solely in connection with your request.

3 Collection of personal data

We collect personal data for the purpose of providing our services. In addition to the data necessary for the provision of our services, we also collect the data required by the applicable legislation of the Republic of Slovenia for the provision of our services (the processing necessary for the fulfilment of a legal obligation of the controller, in which case the personal data will be kept for as long as required by law).
The website may also collect other data, such as the Internet Protocol (IP) address through which you access our services, and the date and time. The use of this data is intended solely for the purpose of improving the use of the website and for the purpose of carrying out statistical analyses, where the identity of the users remains anonymous.

4. Transfer of your personal data to third countries

The personal data collected (first name, last name, e-mail address, organisation name, workplace, and gender) is transferred to the United States on the basis of the decision on the adequacy of the level of protection of personal data under the EU-US Data Privacy Framework https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf for the purpose of communicating SIQ events and novelties.

5. Video surveillance

SIQ Ljubljana carries out video surveillance at Mašera-Spasićeva ul. 10, Ljubljana. The video surveillance system has been set up in order to ensure a higher level of security for people and property managed by SIQ Ljubljana in the secure area.
In order to prevent damage or to establish the circumstances under which damage may have occurred, video surveillance is carried out both in the outside area and inside the office building, where the entrances to the building are video recorded.
The legal basis for the processing of personal data is the legitimate interest of SIQ Ljubljana (point f of the first paragraph of Article 6 of the GDPR).

Video surveillance recordings are processed and stored for a maximum of 60 days, after which they are automatically deleted unless they need to be forwarded to state authorities in the event of a detected criminal offense.

6. Transmission of personal data

We will not use personal data and contact information for other purposes and will not disclose it to third parties unless required by law or on the basis of the written consent of the data subject.

5.1. Information about your rights

In general, you have the following rights under applicable personal data protection legislation:
– The right to information in relation to your personal data that we store.
– The right to request rectification, erasure, or limited processing of your personal data.
– The right to object to processing for our legitimate interest, public interest, or market research purposes, unless we demonstrate that there are compelling legitimate grounds which override your interests, rights, and freedoms, or where such processing is necessary for the establishment, exercise, or defence of legal claims.
– Right to data portability.
– The right to lodge a complaint with a data protection supervisory authority.
– You may withdraw your consent to the collection, processing, and use of your personal data at any time with effect from the date of withdrawal. Withdrawal of consent does not affect the lawfulness of the processing prior to withdrawal.
If you wish to exercise your rights, please address your written request to the Data Protection Officer at SIQ Ljubljana, Mašera – Spasićeva ulica 10, 1000 Ljubljana, or by email to gdpr@siq.si.

7. Personal data protection

We protect your personal data in accordance with the GDPR and the legislation governing the protection of personal data and the legislation governing electronic communications.
We use various security technologies and procedures to prevent unauthorised persons from accessing this data. In addition, we use a Secure Socket Layer (SSL) connection on our web portal.

SIQ Ljubljana shall protect the personal data of data subjects in accordance with personal data protection requirements for safeguarding laid down by the national legislation of the Republic of Slovenia and EU regulations.

Safeguards encompass legal, organizational, and appropriate logistic and technical procedures and measures to:

  • ensure the security of premises, devices, and system software;
  • ensure the security of personal data processing application software;
  • ensure the security in transmitting personal data and in their transfer;
  • prevent access to unauthorised persons to personal data processing information assets and personal data files;
  • ensure the implementation of regular testing and assessment procedures, and the evaluation of the efficiency of technical and organizational measures to ensure safe processing;
  • ensure the conditions for timely restoration of availability and accessibility of personal data in the event of a physical or technical incident.

The data subject is aware and agrees that the personal data the data subject has provided to SIQ Ljubljana shall be retained by SIQ Ljubljana for the period stated in the section “Data that we process” of this document. Other data may be retained by SIQ Ljubljana only for the period necessary to fulfil the purpose for which they were collected or required by law after which the personal data shall be permanently erased or rendered anonymous in such a manner that the data subject is no longer identifiable.

6.1. Data transfer for contractual processing

To process your data, we will use specialised subcontractors (processors) to a certain extent. We carefully select these processors and regularly monitor their work. Based on the relevant personal data processing agreements, these processors will process personal data exclusively on our behalf and for our account within the limits of their authority and in accordance with our instructions, whereby they will be obliged to strictly adhere to our instructions.

8. Exemption from liability

SIQ Ljubljana shall not be liable for damage suffered by the data subject as a result of incorrect, false, incomplete, or obsolete personal data provided to the controller by the data subject.

SIQ Ljubljana shall be liable for the damage caused by processing only where it has failed to comply with obligations of the General Data Protection Regulation or legislation regulating personal data protection, or when it has acted contrary to its provisions. SIQ Ljubljana shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

9. Final provisions

Current legislation shall apply in all relations not covered by these general terms and conditions.

10. Changes to general terms and conditions

SIQ Ljubljana reserves the right to change these general terms and conditions. Any change will be brought to your attention on the SIQ Ljubljana webpage https://www.siq.si/.

These general terms and conditions shall be valid and apply as of 22 November 2023.

11. Contact data

SIQ Ljubljana is available for any further questions regarding the processing of personal data.

Please address your questions to:
SIQ LJUBLJANA
Mašera-Spasičeva ulica 10, SI-1000 Ljubljana, Slovenia

or by email to
gdpr@siq.si