Privacy Policy

Respect for the privacy of individuals, including the protection of personal data, is crucial for the company GAO d.o.o. (hereinafter referred to as "GAO d.o.o./controller"). GAO d.o.o. is committed to safeguarding personal data and ensuring security and confidentiality. We invite you to familiarize yourself with information about the processing of your personal data.

1. COMPANY INFORMATION

Full name: GAO Construction, Architecture, Design, d.o.o.

Address: Linhartova cesta 8, 1000 Ljubljana

Tax number: 85202037 VAT ID number: SI

Registration number: 5303028000

Phone: +386 41 353 352

Website: www.gao-arhitekti.com

Email address: petra@gao-arhitekti.com

2. COLLECTION AND USE OF PERSONAL DATA

We collect and process your data in accordance with regulations governing personal data protection. Specific segments of personal data protection can be found in the guidelines of the Information Commissioner, the competent state authority for overseeing the legal framework for personal data protection in the Republic of Slovenia.

2.1. When do we obtain your personal data?

GAO d.o.o. may collect personal data obtained from you when:

  • You use our website,

  • You establish a business relationship with GAO d.o.o. (inquiries, offers, contracts, etc.),

  • You subscribe to newsletters or give consent for personalized offers,

  • You wish to become or are a user of services offered by GAO d.o.o.,

  • You request information, provide feedback, or file a complaint,

  • You give consent for the processing of personal data.

  • For more detailed information about the processing of personal data related to the provision of services, refer to the LEGAL NOTICE or COOKIES on our website.

2.2. When visiting websites

GAO d.o.o.'s website: www.gao-arhitekti.com is publicly accessible and intended for use and information for the general public, also allowing other functionalities.

Visitors to the website can voluntarily decide when and how to contact GAO d.o.o. (via phone, email, web forms, regular mail, or in person at the company's headquarters) and which services to use. User identification is not possible when using the website.

GAO d.o.o. uses data related to website visits for the following purposes:

  • Providing information about services and other important information (offers, project progress, content of business services, events, etc.),

  • Managing relationships with existing customers and providing selected services (sending photos and related materials, recording satisfaction, etc.),

  • Technical maintenance of the website and services of GAO d.o.o.,

  • Other purposes (seminars, events, and activities related to the company's operations) mentioned in this privacy policy.

  • During the visit to GAO d.o.o.'s website, the server automatically collects details about your visit, such as:

  • IP address and

  • URL address of the website from which you accessed our website,

  • Browser settings,

  • Content accessed on GAO d.o.o.'s website,

  • Date of access and duration of the visit to GAO d.o.o.'s website.

You might have encountered the term "Cookies" on various data controllers' websites. You can find detailed information about Cookies in the COOKIES section, which is an integral part of this policy. Cookies are small text files that most websites store in users' devices when they access the internet. They serve to recognize individual devices, improve user experience, and enhance the efficiency of information retrieval. It is important to note that specific individuals cannot be identified through the use of Cookies.

2.3. When subscribing to newsletters on the website

When subscribing to newsletters, personal data is provided in the form, which GAO d.o.o. needs to provide you with the desired information or service. The following online forms are available on the company's website, where, in addition to the data from the previous point in this privacy policy, data may be collected and processed as listed in the following:

Area Personal data about the individual in addition to the data from the previous point in this privacy policy Purpose of data processing

Newsletter registration Name and surname, IP address, email address for information, when it can identify the individual Provision of information related to expressed interests of the individual

Inquiry Name and surname, phone number, IP address, email address for information, when it can identify the individual, message content, property data Establishing contact regarding expressed interest

Informational offer, invoices Email address, Address, property data Providing information related to individual's interests

Electronic document transfer Email address, IP address, name and surname, property data Providing information related to individual's interests

2.4. Use of email

Individuals can address electronic messages to the company GAO Ltd. or to the email address published on our website. In this case, you voluntarily decide which personal data you want to share with us. GAO Ltd. will further process your email address and electronic message in accordance with the content of your email and considering the nature of the mutual relationship.

2.5. Use of Phones

You can also contact GAO Ltd. by phone, and it is also possible for employees or collaborators of GAO Ltd. to call you or send you SMS messages when necessary for the execution of a business relationship or other purposes, with your consent.

2.6. Recording and Photography

GAO Ltd. occasionally publishes photos or videos on its website, all with prior written confirmation and permission.

3. ACQUISITION OF PERSONAL DATA

We mostly obtain personal data from you as part of providing information regarding expressed individual interests in services that we can only perform by processing your personal data or having them at our disposal while fulfilling contractual or legal obligations. In the course of our business activities, we collect and process personal data such as surname and name, address, tax number, country of residence for tax purposes, personal document details (type, number, issue date, issuer for customer/foreigner identification, alternative contact address), customer activities, and information about authorized representatives for representation purposes. We do this with high diligence and only to the extent necessary for achieving contractual or lawful processing purposes where the processing of personal data is unavoidable (e.g., issuing an invoice).

The data you entrust to us during registration, inquiry, or before/during the provision of our services is generally used only for that purpose. Depending on the circumstances, we may sometimes need to use this data for other purposes, but only when we have a proper legal basis for doing so. Such other purposes usually arise from specific obligations that GAO Ltd. has based on sectoral legislation, e.g., issuing invoices or reporting to tax authorities.

3.1 Additional Information for Individuals in Cases Where Personal Data Were Not Obtained from the Relevant Individual

Occasionally, GAO Ltd. obtains personal data of individuals not directly from the individuals themselves. The company mainly uses such acquired data for marketing purposes, and the individual is informed that their personal data will be transferred to GAO Ltd.

GAO Ltd. provides the following information for managing such cases:

Controller of Personal Data:

Name: GAO Construction, Architecture, Design, Ltd.

Address: Linhartova cesta 8, 1000 Ljubljana, with the note "personal data."

Responsible person: Petra Rabič Zakrajšek

Email: petra@gao-arhitekti.com

Phone number: +386 41 353 352

  • Contact Person for Data Protection:

The authorized person for data protection is reachable in writing at GAO, Ltd., Linhartova cesta 8, 1000 Ljubljana, with the note "personal data," or via email at petra@gao-arhitekti.com.

  • Purpose of Personal Data Processing and Legal Basis:

Personal data obtained through the use of the Lead Ad function offered by the Facebook application, owned by Meta Platforms Inc., is used for marketing communication purposes only when the individual has expressed a desire to receive more information about GAO Ltd.'s services.

  • Types of Personal Data and Users:

In the case of obtaining and processing personal data from Meta Platforms Inc., GAO Ltd. acquires the following personal data: name, surname, email address, and phone number. GAO Ltd. will use the acquired personal data for contacting individuals and providing additional information about GAO Ltd.'s services, in accordance with the individual's expressed wish.

Individuals whose personal data is processed can contact the designated data protection contact person regarding any questions related to the processing of their personal data and the exercise of their rights based on applicable data protection laws.

  • Third Countries:

Personal data obtained in the manner defined in this chapter will not be transferred to third countries by GAO Ltd.

  • Retention Period:

The retention period depends on the purpose of data collection and processing, either for the period prescribed by law, the period necessary for fulfilling the contract (considering warranty periods and periods within which any claims based on the contract can be asserted), or permanently or until revocation, if obtained based on personal consent.

  • Individual Rights:

Individuals have the right to request access to personal data from the controller at any time, as well as correction or deletion of personal data, or restriction of processing concerning the individual, whose personal data is processed. Individuals can also request, upon written request to the data protection contact person, the right to object to processing and the right to data portability.

Individuals can revoke their consent to the processing of personal data at any time by sending the revocation to the responsible person and the data protection coordinator at GAO via email: petra@gao-arhitekti.com.

Individuals also have the right to contact the supervisory authority, the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, Ljubljana, or by email: gp.ip@ip-rs.si or by phone: 01 230 97 30 (more on the website: www.ip-rs.si) if they believe that their personal data is processed in violation of applicable data protection laws.

4. PROCESSING OF PERSONAL DATA BASED ON LEGITIMATE OR LAWFUL INTERESTS

In the company GAO d.o.o., personal data is processed in certain cases for the protection of legitimate and lawful interests, such as:

Ensuring the security of networks and information, i.e., the ability of the network or information system to prevent accidental events or illegal or malicious acts that jeopardize the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data and the security of related services offered or accessible through these networks and systems (preventing unauthorized access to the company's information systems, responding to computer security incidents),

Asserting the company's own legal claims against individuals in court,

Preventing and detecting internal fraud and other violations,

For the purpose of protecting and securing the property and employees of GAO d.o.o. from threats and violence, and in similar cases where without processing personal data of individuals, the company could not secure and enforce its own legitimate interests and rights under the law,

Improving, developing, and upgrading the services, systems, and products of GAO d.o.o. (such as collecting customer satisfaction data),

For the purpose of internal administrative purposes of GAO d.o.o.

In cases where this could jeopardize the interests of an individual process being carried out or prevent the achievement of the purpose for which the specific processing of personal data was initiated, GAO d.o.o. may process personal data for the above-defined purposes even without the knowledge of the individuals concerned.

5. CATEGORIES OF PERSONAL DATA USERS

Your personal data is generally not disclosed to third parties. Occasionally, GAO d.o.o. may need to disclose your personal data to certain external users if they demonstrate a legitimate interest in obtaining your data. Such users are usually various government agencies that need your personal data as part of official procedures they conduct, and individuals may also be included if they request access to data through the court or show other appropriate legal grounds.

We engage contractual processors for specific parts of personal data processing, who perform part of the services on our behalf. With such contractual processors of personal data, we conclude a legally required contract for the processing of personal data, in which we commit them to the same standard of personal data protection as if we were performing these specific parts of personal data processing ourselves. At the same time, these contractual processors only process data for the purpose of performing contractually defined services and for no other purpose, nor can they use them for their own purposes or the purposes of third parties. Contractual processors include software suppliers, administrators of GAO d.o.o. websites, digital marketing collaborators, accounting service providers, data archiving service providers, and similar user categories.

6. DATA STORAGE

We will keep your data for a period necessary to achieve the purposes outlined in this PRIVACY POLICY, except when a longer storage period is required or permitted by legal regulations and statutes of limitations.

Your personal data processed based on your consent and for purposes defined in consents will be kept until your consent is revoked by you or your objection to processing.

Personal data of customers received by GAO d.o.o. upon request or accepted during the business relationship with customers is stored at least within the framework of legal regulations and statutes of limitations. Physical documentation is kept at the company's headquarters, GAO d.o.o., with an external accounting or archiving service provider, and responsible persons of GAO d.o.o. and a narrow circle of employees of its external accounting/archiving service provider have access to it.

The responsible person of GAO periodically reviews the circumstances and duration of storage and accessibility to archival material and monitors risks related to such processing of personal data.

7. TECHNICAL AND ORGANIZATIONAL MEASURES FOR PRIVACY PROTECTION

In GAO d.o.o., we implement physical, organizational, and technical measures to protect data from loss, theft, unauthorized use, disclosure, destruction, or alteration. We protect your data in accordance with applicable legislation and internal acts governing the protection and security of personal data and information security.

All employees of GAO d.o.o., contractual processors, and other individuals who have your personal consent or other appropriate legal basis for processing are committed to preserving the confidentiality of your data and must not disclose them to persons who do not have a proper basis for processing your personal data.

Business premises where personal data holders, hardware, and software are carefully protected with measures that prevent unauthorized access to personal data.

We implement, review, and maintain appropriate security procedures that comply with the latest state of technology, standards, and practices for data protection. The network is protected from the external world by a firewall system.

8. EXERCISING RIGHTS REGARDING PERSONAL DATA

An individual can temporarily or permanently revoke their consent for the processing of personal data or request the cessation of the use of their personal data for direct marketing purposes at any time. The revocation of consent does not affect the legality of processing carried out based on the consent until its revocation.

An individual can request access, completion, correction, restriction of processing, transfer, or deletion of personal data or object to the processing of personal data related to them, in writing, sent to the email address of GAO's responsible person and data protection coordinator: petra@gao-arhitekti.com

An individual also has the right to contact the supervisory authority, the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, Ljubljana, or by email at gp.ip@ip-rs.si or by phone at 01 230 97 30 (more on the website: www.ip-rs.si) if they believe that their personal data is being processed in violation of applicable regulations governing the protection of personal data.

9. AUTHORIZED DATA PROTECTION OFFICER

Any questions regarding this policy, comments, suggestions, and requests for assistance in exercising your rights regarding the processing of your personal data can be addressed to the responsible person of GAO d.o.o. and the data protection coordinator reachable by email at petra@gao-arhitekti.com or by regular mail to GAO d.o.o., Linhartova cesta 8, 1000 Ljubljana, with the note "personal data." We will make every effort to provide a response as soon as possible.

10. UPDATING THE PRIVACY POLICY

GAO d.o.o. may periodically update its privacy policy, and the changed content will apply from the date of publication. The current version of the PRIVACY POLICY will be published on the website www.gao-arhitekti.com, so we recommend that you regularly review it.

Ljubljana, April 1, 2023

GAO d.o.o.