The purpose of this Privacy Policy is to inform individuals, clients, users of products or services, partners, employees, and other persons (hereinafter: the “data subject”) who interact with PLANET GV, d. o. o., Likozarjeva ulica 3, 1000 Ljubljana (hereinafter: the “Company”) about the purposes, legal bases, security measures, and rights of data subjects in relation to the processing of personal data carried out by the Company.
We value your privacy and therefore protect your data with due care.
We process personal data in accordance with the applicable personal data protection legislation and other laws that provide a legal basis for such processing.
Any change to this document will be published on our website. By using the website, you acknowledge that you are familiar with the full content of this Privacy Policy.
Personal Data Controller:
Planet GV, poslovno izobraževanje, d. o. o.
Likozarjeva 3
1000 Ljubljana
Slovenia
Email: izobrazevanje@planetgv.si
Phone: +386 1 309 44 35
Web site: https://www.planetgv.si/
1) Personal Data
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2) Purposes of Processing and Legal Bases
The Company collects and processes personal data on the following legal bases::
- Compliance with a legal obligation to which the controller is subject;
- Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
- Legitimate interests pursued by the controller or by a third party;
- Consent given by the data subject for one or more specific purposes;
- Protection of vital interests of the data subject or of another natural person.
Event Registration
The Company processes personal data of individuals for the purpose of organising and delivering events and professional trainings. Processing includes the collection of registration data, communication with participants, sending notifications and materials, and issuing certificates of attendance.
The categories of participants’ personal data processed include in particular: name and surname, company, telephone number, and email address. The legal basis for data processing is registration for the event, which constitutes a contractual relationship. Personal data are retained for at least as long as necessary for the organisation and delivery of the event and to fulfil statutory obligations (retention of issued invoices). Based on the Company’s legitimate interest, participants’ email addresses may continue to be processed for the purpose of sending offers and information about upcoming events.
Electronic Communications (e.g. Newsletters)
Based on the lawful pursuit of its business, the Company may inform clients, customers, and users of its services via email about its services, events, trainings, offers, and other related content. The data subject may at any time request that such communications and data processing cease and may unsubscribe via the unsubscribe link included in each message or by sending a request by email or regular mail to the Company’s address.
The legal bases for data processing are legitimate interest and consent. The data will be processed until the individual unsubscribes, withdraws consent, or until the purpose of processing has been fulfilled. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
Performance of a Contract
When an individual concludes a contract with the Company, such contract constitutes the legal basis for processing personal data. The Company may process personal data for the conclusion and performance of a contract, such as the sale of goods and services, preparing an offer, or participation in various programmes. If an individual does not provide personal data, the Company cannot conclude the contract, nor can it perform the service or deliver goods or other products under the contract, as it lacks the data necessary for performance. On this basis, the Company processes only those personal data that are necessary for the conclusion and proper performance of contractual obligations.
The legal basis for data processing is the contract. The retention period is until the purpose of the contract is fulfilled or up to six years after termination of the contract, except in cases where a dispute arises between the individual and the Company in connection with the contract. In such a case, the Company retains the data for ten years after the final court, arbitration, or settlement decision or, if no legal proceedings were initiated, six years from the amicable resolution of the dispute.
Legitimate Interest
The Company may also process personal data based on a legitimate interest it pursues. Such processing is not permitted when the interests or fundamental rights and freedoms of the individual to whom the data relate override the Company’s legitimate interests and require the protection of personal data. When relying on legitimate interest, the Company performs an assessment in accordance with the law. Processing of personal data for direct marketing purposes is considered to be carried out on the basis of legitimate interest.
The Company may process personal data of individuals obtained from publicly available sources or in the course of its lawful business activities, for purposes such as offering goods, services, employment opportunities, or providing information about benefits and events. For these purposes, the Company may use postal mail, telephone calls, email, and other telecommunications means. For direct marketing purposes, the Company may process the following personal data of individuals: name and surname, permanent or temporary address, telephone number, and email address. Such personal data may be processed for direct marketing purposes even without the individual’s explicit consent. The individual may at any time request cessation of such communication and processing and may unsubscribe via the link provided in the received message or by sending a request by email or regular mail to the Company’s address.
The legal basis for data processing is legitimate interest. The data will be processed until the individual unsubscribes or until the purpose of processing has been fulfilled. Withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal.
Processing Based on Consent
If the Company does not have a legal basis arising from law, contractual obligation, legitimate interest, or protection of an individual’s vital interests, it may request consent from the data subject. In such cases, the Company may process certain personal data of the individual for the following purposes when consent is given:
- Residential address and email address (for information and communication purposes);
- Photographs, video recordings, and other content relating to the individual (e.g. publication of photographs of individuals on the website for the purpose of documenting activities and informing the public about the Company’s work and events);
- Other purposes for which the individual agrees by giving consent.
Informing the Public About the Company’s Activities
For the purpose of informing the public, the Company may process (including publicly disclose) personal names, titles, photographs, and video recordings of individuals and other persons obtained at events organised by the Company within the scope of its tasks, competences, or activities. Such processing is permitted unless expressly prohibited by the individual. The data are retained until the purpose of processing has been fulfilled or until the individual prohibits processing. The legal basis for processing is legislation.
If an individual has given consent for the processing of personal data and later no longer wishes such processing to continue, they may request cessation of personal data processing by submitting a request by email or regular mail to the Company’s address. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Upon receipt of a withdrawal or erasure request, the data will be deleted no later than within fifteen days. The Company may delete such data earlier if the purpose of processing has been achieved or if required by law.
Exceptionally, the Company may refuse a request for erasure for reasons provided by the General Data Protection Regulation, such as the exercise of the right to freedom of expression and information, compliance with a legal obligation, public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defence of legal claims.
The legal basis for data processing is consent. The data will be processed until withdrawal of consent or fulfilment of the purpose of processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
Protection of Vital Interests
The Company may process personal data of an individual where this is necessary to protect their vital interests. In urgent cases, the Company may locate a personal document of the individual, verify whether the person exists in its database, review their history, or contact their relatives, for which the Company does not require consent. This applies in cases where it is strictly necessary to protect the individual’s vital interests.
3) Retention and Erasure of Personal Data
The Company will retain personal data only for as long as necessary to achieve the purpose for which they were collected and processed. Where processing is based on law, data will be retained for the period prescribed by law. Some data are retained for the duration of cooperation with the Company, while certain data must be retained permanently. Personal data processed on the basis of a contractual relationship with an individual are retained for the period necessary to perform the contract and for six years after its termination, except in cases where a dispute arises between the individual and the Company. In such a case, the Company retains the data for ten years after the final court, arbitration, or settlement decision or, if no legal proceedings were initiated, six years from the amicable resolution of the dispute. Personal data processed on the basis of consent or legitimate interest are retained until withdrawal of consent or until an erasure request is made. Upon receipt of a withdrawal or erasure request, the data are erased without undue delay. The Company may erase such data earlier if the purpose of processing has been achieved or if required by law. In the event of exercising the rights of an individual, the Company retains the personal data of that individual until a final decision has been made, and thereafter in accordance with that decision.
Exceptionally, the Company may refuse a request for erasure for reasons such as exercising freedom of expression and information, compliance with a legal obligation, public interest in public health, archiving in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defence of legal claims. Upon expiry of the retention period, the Company must effectively and permanently delete or anonymise the personal data so that they can no longer be linked to an identified individual.
4) Processors and Data Transfers
The Company may entrust specific personal data processing activities to a contractual processor on the basis of a data processing agreement. Contractual processors may process the entrusted data exclusively on behalf of the controller, within the limits of the controller’s authorisation set out in a written contract or other legal act, and in accordance with the purposes defined in this Privacy Policy.
The contractual processors with whom the Company cooperates are primarily::
- Accounting services and other providers of legal and business consulting;
- IT system maintainers;
- E-archiving providers;
- Email service providers and providers of cloud software and services (e.g. Microsoft, Google);
- Social network and online advertising providers (Google, Facebook, Instagram, etc.);
- Printers of magazines and promotional materials for events (e.g. accreditations).
For the purpose of better oversight and control of contractual processors and the regulation of mutual contractual relationships, the Company maintains a list of all contractual processors with whom it cooperates.
The Company will not disclose personal data to unauthorised third parties. Contractual processors may process personal data only in accordance with the Company’s instructions and may not use the data for any other purposes.
As controller, the Company and its employees do not transfer personal data to third countries (outside the European Economic Area – EU Member States, Iceland, Norway, and Liechtenstein) or to international organisations, except to the United States, where relationships with US processors are governed by Standard Contractual Clauses adopted by the European Commission and/or Binding Corporate Rules approved by EU supervisory authorities.
5) Cookies
The Company’s website operates using cookies, which are important for providing online services. They are used to store information about the status of individual web pages, to assist in compiling user statistics and website traffic analytics, etc. Upon entering the website, only those cookies that are strictly necessary for the functioning of the website (e.g. for the shopping cart) are placed on the device. Other cookies are placed only with the individual’s consent. The individual may change settings and delete cookies at any time (instructions are available on the websites of individual browser providers).
The website uses the following cookies:
| Cookie name | Duration | Function |
| PHPSESSID | Session | User session management (PHP). |
| PH_HPXY_CHECK | Session | Stores information about the current session. |
| wp_woocommerce_session_* | 2 days | Unique identification linking to cart contents. |
| __cf_bm | 1 hour | Bot protection via Cloudflare. |
| wordpress_test_cookie | Session | Checks whether cookies are enabled in the browser. |
| m | 1 year 1 month 4 days | Stripe – abuse prevention and device recognition. |
| __stripe_mid | 1 year | Stripe – unique user identification across sessions. |
| __stripe_sid | 1 hour | Stripe – identification of the current session. |
| __Host-stripe.mkt.csrf | Session | Stripe – CSRF protection. |
| sbjs_migrations | Session | Sourcebuster – tracking traffic sources. |
| sbjs_current_add | Session | Sourcebuster – additional information on the current session. |
| sbjs_first_add | Session | Sourcebuster – initial traffic source. |
| sbjs_current | Session | Sourcebuster – current session data. |
| sbjs_first | Session | Sourcebuster – first visit data. |
| sbjs_udata | Session | Sourcebuster – user analytics data. |
| sbjs_session | 1 hour | Sourcebuster – analytics session ID. |
| chatbase_anon_id | Session | Chatbase – anonymised bot interaction tracking. |
| NID | 6 months | Google – personalised ads and performance measurement. |
6) Data Security and Data Accuracy
The Company ensures information security and infrastructure security (premises and application/system software). Our IT systems are protected, inter alia, by antivirus software and firewalls. We have implemented appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and other unlawful or unauthorised forms of processing. Where special categories of personal data are transmitted, they are transmitted in encrypted form and protected by password. The individual is responsible for ensuring that their personal data are submitted securely and that the data provided are accurate and truthful.
7) Rights of the Data Subject
The individual to whom the personal data relate has the right to request access to personal data, rectification or erasure of personal data, restriction of processing, the right to object to processing, and the right to data portability. The individual’s request is handled in accordance with the provisions of the General Data Protection Regulation and applicable data protection legislation.
The individual may exercise all the aforementioned rights and submit any questions by sending a request to the Company’s address. The Company will respond to the individual’s request without undue delay and no later than within one month of receiving the request. Taking into account the complexity and number of requests, this period may be extended by up to two additional months, in which case the individual will be informed together with the reasons for the delay. Exercising rights is free of charge; however, the Company may charge a reasonable fee if the request is manifestly unfounded or excessive, particularly if repetitive. In such cases, the Company may also refuse to act on the request. In case of doubt regarding the identity of the individual, additional information may be requested to verify identity.
In its decision on the individual’s request, the Company will also inform the individual of the reasons for the decision and the right to lodge a complaint with the supervisory authority within fifteen days of being informed of the decision. The right to lodge a complaint may be exercised with the Information Commissioner of the Republic of Slovenia at Dunajska 22, 1000 Ljubljana (email: gp.ip@ip-rs.si, website: www.ip-rs.si).
This Privacy Policy takes effect on 21 May 2025.
Peter Ribarič, Director
Stopite v stik z nami
Od ponedeljka do četrtka 8:00 – 16:00
petek 8:00 – 15:00
Splošni pogoji Politika zasebnosti Naložba v prihodnost
Vse pravice pridržane