Last update of the Policy: December 5, 2022
This Policy describes DFVU d.o.o. Družba za posredništvo (hereinafter referred to as the “Controller”) policies and procedures on collecting, processing, transferring, storing, using, and disclosing the User’s information when the User uses the Website and tells the User about privacy rights and how the law protects the User.
The Company uses the User’s Personal Data that the Users of the Company’s Services provide. Using the Website or Services, the User agrees to collect and use information following this Policy.
The Policy complies with Articles 12, 13 and 14 of the GDPR.
The words in which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear singular or plural.
For the purposes of this Policy:
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“Company”, “us”, “we”, “our”, or “DFVU d.o.o. Družba za posredništvo” means DFVU d.o.o., with a principal place of business at Liparjeva cesta 6A, 1234 Mengeš, Slovenia, registration number: 7193548000.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, an online identifier, etc.
“Processing” means any operation or set of operations that are performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Services” or “Companys Services” means the Cartfox service enables the sending of electronic messages to registered telephone numbers (SMS, instant messaging applications) and e-mail addresses.
“The User”, “you”, or “your” means any person who is responding to an invitation to participate in a survey via Company’s Website.
“Usage Data” refers to data collected automatically, either generated using the Website infrastructure (for example, the duration of a visit, website usage, and the number of users).
“Website” means the Company’s web platform for the User’s mobile devices or computers which can be used through a browser without downloading, under the name of https://cartfox.io/hr//en/, and it is not affiliated with any other websites, companies, brands, organisations, or similarly named entity resembling it.
The Controller acts as an independent (sole) controller with regard to the personal data of the contact persons of its Users.
This Policy also contains all the information about your rights in relation to your Personal Data.
The Data Protection Officer is JK Group d.o.o., Stegne 27, 1000 Ljubljana, email@example.com, + 386 (0)590 91 794.
If the User is personally invited as a contact person of a landlord or property manager that has contracted the Company to survey their tenants for them, or if the User is a business contact or user of another service or company that have contracted the Company to survey them in some other respect, certain identifiable information that can be used to contact or identify the User will have been provided to Company from said parties.
Personally identifiable information may include but is not limited to:
message type (SMS, instant messaging application (type of application), e-mail);
the date of sending;
time of sending;
the content of the message sent (e.g., abandoned cart, discount notification, etc.);
From the contact persons of the Users:
The information is collected from the contact persons. The provision of data is optional, but without it, the controller might not be able to provide certain services or fulfil specific requests.
The e-mail address and telephone number data are collected automatically when entered by the individual on the website or in the application of the joint controller, the Services subscriber.
The Company has the right, at any time at its sole discretion, to request you confirm your Personal Data as documents confirming your identity.
Usage Data is collected automatically when using the Website.
Usage Data may include information, type of the Device, pages that the User visits, the time and date of the visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When the User accesses the Website by or through a Device, Company may collect certain information automatically, including, but not limited to:
This data mentioned above is collected automatically and without the individual’s intervention.
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on the User’s personal Devices when the User goes offline, while Session Cookies are deleted as soon as the User closes the web browser.
The Company may use both Session and Persistent Cookies for the following purposes:
Type: Session Cookies
Administered by the Company
Purpose: These Cookies may be essential for providing the User with services available through the Website and enabling the User to use some of its features. They can help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that the User has asked for may be inaccessible.
Type: Persistent Cookies
Administered by the Company
Type: Persistent Cookies
Administered by the Company
Purpose: These Cookies allow Company to remember the choices the User makes when using the Website, such as remembering the User’s login details or language preference. The purpose of these Cookies is to provide the User with a more personal experience and to avoid the User having to re-enter preferences every time the User uses the Website.
Administered by the Company
Purpose: Those cookies can be turned on and off by the Website to deliver our potential customers the best advertising experience. They do not contain personal information and are based on the User’s actions over the Website.
Personal data and information obtained by way of such cookies concern the use that Users make of the Website and will be transmitted from the User’s browser to Google Inc., with registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America, and stored on the company’s servers. Google’s norms on privacy, which we kindly invite you to read, are available at the following URL: http://www.google.com/intl/it/privacy/privacy-policy.html.
The information on personal data concerning Google Analytics services is available at the following URL: http://www.google.com/intl/en/analytics/privacyoverview.html.
Computer systems and procedures responsible for the correct functioning of the Website automatically acquire, whilst operating, some Personal data concerning your browsing history. For instance, within this category, Company may find:
Data freely and optionally provided by Users via email to one of the email addresses indicated on the Website or in this Information may be acquired for purposes communicated to Users from time to time. Besides email addresses required to answer Users, additional Personal data included within the same communication received by Company may be processed. Personal data collected will be retained and processed solely to preserve them and send correspondence for no further purpose.
Company may use Personal Data for the following purposes:
To provide and maintain the Website, including monitoring the usage of the Website.
To manage the User’s requests: To attend to and manage the User’s requests to Company.
For other purposes: Company may use the User’s information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of Company’s promotional campaigns, and evaluating and improving the Website, products, and services, marketing, and the User’s experience.
Company may share the User’s Personal Data in the following situations:
The Company will retain and use the User’s Personal Data to the extent necessary to comply with Company’s legal obligations (for example, if we are required to retain the User’s Personal Data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this Personal Data is used to strengthen the security or improve the functionality of the Website.
The User’s information, including Personal Data, processing by the Company’s operating offices and in any other places where the parties involved in the processing are located. This information may be transferred to — and maintained on — computers outside the User’s state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of the User’s jurisdiction.
Under certain circumstances, Company may be required to disclose the User’s Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Company may disclose the User’s Personal Data in the good faith belief that such action is necessary to:
The Company’s Website does not address anyone under 18 (eighteen). The Company does not knowingly collect personally identifiable information from anyone under 18 (eighteen). Please contact us if the User is a parent or guardian and is aware that the child has provided the Company with Personal Data.
If Company becomes aware that Company has collected Personal Data from anyone under the age of 18 (eighteen) without verification of parental consent, the Company takes steps to remove that Personal Data from Company’s servers or/and any storage used by Company.
If Company needs to rely on consent as a legal basis for processing the User’s information and the User’s country requires consent from a parent, Company may require the User’s parent’s consent before Company collects and use that information.
The Company takes all reasonable steps to protect information received from the User from accidental or unlawful destruction, loss, alteration, and unauthorised disclosure or access. The Company has put in place appropriate physical, technical and administrative measures to safeguard and secure the User’s information, and Company uses privacy-enhancing technologies such as encryption. If you have any questions about the security of your personal information, you can contact us via email: firstname.lastname@example.org.
The Company has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.
The Company may update the Policy from time to time. The Company will notify the User and third parties of any changes by posting the new Policy on this page.
The Company has the right to update the Policy. The Company will inform the User and third parties by updating the “Last Updated” date at the top of this Policy.
The legal basis for processing the User’s Personal Data is Art. 6 sec. 1 a) b), f) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data and repealing Directive 95/46 / MI Laws UE.L.2016.119.1 (GDPR), where the legitimate interest of Company is related to providing the Website for the User.
Personal Data will be processed until an objection to data processing or termination is made, but no longer than 10 (ten) years.
The User has the right to access, correct, delete, or restrict his or her Personal Data or to object to the processing, as well as the right to transfer the Personal Data and the right to complain to the supervisory authority.
In the case of obtaining data and processing them based on Art. 6 sec. a) GDPR – the User has the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out based on consent to its withdrawal.
In accordance with GDPR, Company is a data controller for the Personal Data collected from all categories of data subjects listed above, with the following exceptions: the Company is a data processor of the User logs, administrative user logs, and some account settings information. In addition, the Company is a data processor for any of the content provided by the User through the Website that transit. Where the Company is a data processor, the Company processes data on its user’s behalf under their data processing instructions.
With regard to their Personal Data, you have the following rights, which you may exercise at any time exercise contacting the Controller via the e-mail address email@example.com or via the Data Protection officer JK Group d.o.o., Stegne 27, 1000 Ljubljana, firstname.lastname@example.org, + 386 (0)590 91 794.
For the purposes of reliable identification in the event of the exercise of rights relating to Personal Data, the Controller may request additional information from you and may refuse to act only if the Controller can prove that the individual cannot be reliably identified.
The Controller shall respond to your request to exercise their rights with regard to the Personal Data without undue delay and, at the latest, within one month of receipt of the request.
Right to withdraw consent: if you consented to process your Personal Data, you could withdraw your consent at any time. The consent withdrawal shall not have any adverse consequences for you other than the Controller might no longer be able to provide you service or services that cannot be provided without the Personal Data to which the consent withdrawal relates.
Right of access to personal data: you have the right to obtain confirmation from the Controller as to whether or not Personal Data concerning them are being processed, and if so, you have the right to request access to the Personal Data and certain information about the data processing.
Right to rectification of personal data: have the right to have inaccurate Personal Data concerning you rectified by the Controller.
Right to erasure of personal data (right to be forgotten): you may request the Controller to erase your personal data if at least one of the following grounds applies:
Right to restriction of processing: you may request from the Controller to restrict the data processing where at least one of the following grounds applies:
Right to data portability: you have the right to receive your Personal Data, which they have provided to the Controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to third parties without hindrance from the Controller, where:
You have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.
Right to object to the processing: you have the right to object at any time to the processing of Personal Data which is necessary for the purposes of the legitimate interests pursued by the Controller and/or the third party, including profiling; the Controller shall no longer process Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual or for the establishment, exercise or defence of legal claims.
Where Personal Data are processed for marketing purposes, you have the right to object at any time to the processing of Personal Data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the individual objects to processing for direct marketing purposes, the Personal Data shall no longer be processed.
Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a supervisory authority (Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, email@example.com, +386 (0)1 280 77 00), if you consider that the processing of Personal Data infringes data protection rules.
If you have an unresolved privacy or data use concern that the Company has not addressed satisfactorily, please contact us via email firstname.lastname@example.org.
If you have any questions about this Policy, you can contact us: