Legal documents

Privacy Policy

Last updated

The purpose of this Privacy Policy is to inform individuals, service users, external partners, employees and other persons (hereinafter referred to as “the individual” or “data subject”) working with GT INDUSTRIES, d. o. o. (hereinafter referred to as “the company”) of the purposes, legal bases, security measures and rights of individuals with regard to the processing of personal data carried out by the company.

We value your privacy, and always carefully protect your data.

We process personal data in accordance with European legislation – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Regulation”), the applicable Slovenian legislation on the protection of personal data and other legislation that provides us with a legal basis in this regard.

The Privacy Policy contains information on how we, as controller, process personal data that we receive from the individual on legal basis.

Data Controller

The controller of personal data is:

Raceva 14, 4226 Ziri, Slovenia
+386 41 462 967

Contact person for personal data protection

Individuals to whom personal data refer can contact the contact person for personal data protection regarding all issues related to the processing of their personal data and the exercise of their rights in accordance with the General Regulation:
+386 41 462 967

Personal Data

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Purposes of and Bases for Data Processing

We collect and process personal data on the following legal grounds:

  • The processing is necessary to fulfil a legal obligation applicable to the controller;
  • The processing is necessary for the fulfilment of a contract to which the data subject is a contracting party, or for the implementation of measures at the request of such an individual prior to the conclusion of the contract;
  • The processing is necessary due to the legitimate interests pursued by the controller or a third party;
  • The data subject consents to the processing of his or her personal data for one or more specific purposes;
  • The processing is necessary to protect the vital interests of the data subject or of another natural person.
Fulfilment of a Legal Obligation

Under the law, we process our employees’ data; this processing is allowed by the labour law and social assistance legislation. On the basis of the legal obligation for employment purposes, we process mainly the following types of personal data: name, gender, date of birth, personal identity number, tax number, place, municipality and country of birth, nationality, place of residence, etc.

Fulfilment of a Contract

If the individual enters into a contract with the company, this constitutes the legal basis for the processing of personal data. Personal data can thus be processed for entering into and fulfilling a contract, e.g. preparation od the offer, sale of goods or services, season subscriptions, etc. If the individual does not provide personal data, a contract cannot be entered into, nor can we provide a service or deliver goods or other products in accordance with the contract, as we do not have the necessary data to fulfil the contract. In the course of lawful activities, we can keep individuals and our service users up to date with our services, events, trainings, offers and other content via their e-mail addresses. An individual may at any time opt out of such communication and processing of personal data and exercise the right of withdrawal from receiving notifications by clicking the unsubscribe link in the received message or by e-mailing or sending a land mail to the company.

Legitimate Interests

The legitimate interests of a controller may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. At any rate the existence of a legitimate interest is subject to careful assessment in accordance with the General Regulation. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. We may also process personal data of individuals collected from publicly available sources or in the course of lawful activities for the purposes of offering goods, services, employment, information on benefits, events, promotions etc. In order to achieve these purposes, we may use land mail, telephone calls, e-mails, and other means of telecommunication. For the purposes of direct marketing, we may process the following personal data of individuals: the name and surname of the individual, address of permanent or temporary residence, telephone number and e-mail address. We may also process these personal data for the purposes of direct marketing without the explicit consent of the individual. The individual may at any time opt out of such communication and processing of personal data and exercise the right of withdrawal from receiving notifications by clicking the unsubscribe link in the received message or by e-mailing or sending a land mail to the company.

Processing on the Basis of Consent

If there is no legal basis in Union law or in the law of the Member State to which the controller is subject, contractual obligation or legitimate interest, we may seek consent from the individual. Thus, where the individual gives his or her consent, we may process specific personal data of the individual for the following purposes:

  • The address of residence and e-mail address for information and communication purposes;
  • Photos, videos and other content relating to the individual (e.g. posting of pictures of individuals on our website or social media) for the purposes of documenting activities and informing the public about our work and events;
  • Other purposes to which the individual agrees through giving consent.

The data subject shall have the right to withdraw his or her consent to the processing of personal data at any time. The data subject may request that data processing be suspended by e-mailing or sending a land mail to the company. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Processing Is Necessary to Protect the Vital Interests of the Individual

The processing of personal data should also be regarded to be lawful where it is necessary to protect an interest which is essential for the life of the data subject. In an emergency, we may search for the individual’s identity document, check whether that person exists in our database, or contact his or her family, for which the individual’s consent is not required. All of this applies solely if strictly necessary to protect the vital interests of the individual.

Storage and Erasure of Personal Data

We shall store personal data only for as long as necessary to achieve the purpose for which they were collected and processed. If the data is processed under the law, it is stored for the duration prescribed by law. In doing so, some of the data is stored for the duration of the data subject’s contractual/business relationship with us, while some data needs to be stored permanently. We store personal data that we process on the basis of a contractual relationship with the individual for as long as necessary for the contract to be fulfilled and for six years after its termination, except when a dispute arises between the individual and the controller in connection with the contract. In such cases, we keep the data for ten years after the legal effect of a court ruling, arbitration or court settlement, or in the absence of a court case, for five years from the date of the amicable settlement of a dispute. We may keep the data we process on the basis of the individual’s personal consent or the legitimate interest until consent has been withdrawn or until a request for data erasure has been submitted. The data is erased within 15 days upon the receipt of a withdrawal of consent or request for data erasure. We may also delete data prior to withdrawal if the purpose of their processing has been achieved or if the law so provides.

In exceptional cases, we may refuse a request for erasure of personal data for the reasons specified in the General Regulation, as follows: the exercise of the right to freedom of expression and information, the fulfilment of a legal obligation to process, reasons of public interest in the field of public health, the purposes of archiving in the public interest, scientific or historical research or statistical purposes, the exercise or defence of legal claims. After the purpose of storing has been served, unless there exist legal grounds, personal data shall be effectively and permanently deleted or rendered anonymous in such a manner that the data subject is not or no longer identifiable.

Subcontracting the Processing of Personal Data and Data Output

The processing of personal data may be entrusted to a subcontractor on the basis of a data processing contract. The data entrusted to a subcontracted processor may be processed exclusively on behalf of the controller, within the limits of the powers expressly conferred upon the processor, which shall be recorded in a written contract or other legal act, and in accordance with the purposes set out herein (Personal Data Protection Policy).

The processors with whom we have entered into a subcontract are, in particular:

  • Auditing services and other legal and business consultancy providers;
  • Infrastructure maintenance providers (video surveillance, security services);
  • Information systems maintenance providers;
  • E-mail and software service providers, cloud services;
  • Social media and online advertising providers (Google, Facebook, Instagram, TikTok etc.).

We do not transmit personal data to third unauthorized parties under any circumstances. Subcontracted processors may process personal data only within the framework of our instructions and may not use it for any other purposes.

The company as the controller and its employees do not transfer personal data to third countries (outside the Member States of the European Economic Area – EU members, as well as Iceland, Norway and Liechtenstein) and to international organisations, except to the USA, whereby relations with US subcontracted processors are regulated on the basis of standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the organisation and approved by the EU supervisory authorities).

For the purposes of better review and control over the subcontracted processors and for the sake of the regularity of contractual relationships, we keep a list of subcontracted processors, which specifies all the processors with whom we have entered into a contractual relationship.

Data Protection and Data Accuracy

We provide information security and security of infrastructure (premises and application/systems software). Our information systems are protected by antivirus programs and firewalls, among others. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and against other unlawful and unauthorised forms of processing. Any transmission of specific types of personal data is password protected and carried out in an encrypted form.

The individual has the sole responsibility for providing his or her personal data securely and for ensuring the data is accurate and authentic. We have spared no effort to ensure that the personal data we process is accurate and, if necessary, updated, and may therefore occasionally contact the individual for data validation.


Information related to your interactions with the Service may be collected and stored by us in small data files—commonly referred to as cookies—that are placed onto your device by our servers. We may use temporary session cookies, which are terminated when you close your current session, to store certain personal information you provide for purposes of administering that session and facilitating transactions requested by you during that session. We also may use persistent cookies, which remain saved on your device after your current session is closed, to store information related to your interactions with the Service to facilitate future sessions. Most browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your device. Each browser is different, but generally users can remove cookies by following directions provided in the browser’s “help” file. Please note that, if you reject cookies or disable cookies, some features of the Service may not function properly.

Our website uses the following cookies:

The name of the cookie

Duration time
2 years
24 hours
1 minute
24 hours

It is used to differentiate between users.
It is used to differentiate between users.
It is used to regulate access to the website
Improved connection allocation

Rights of a Data Subject

In accordance with the General Regulation, the individual may exercise the following personal data protection rights:

  • The right of requesting information concerning whether we have collected his/her personal data and, if so, which data we have collected and on what basis, as well as the purposes of its use;
  • The right to access his/her personal data, enabling him/her to receive a copy of the personal data collected and stored by the organisation and determine whether the data is processed lawfully;
  • The right of rectification: data subject has the right to obtain from the Organisation the rectification of incomplete or inaccurate personal data concerning him/her;
  • The right to erasure of personal data when no reason exists for further processing or where he/she exercises his/her right to object;
  • The right to object to further processing of personal data, where we refer to the legitimate commercial interest (including the legitimate interest of a third party) on grounds relating to his/her particular situation; Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing;
  • The right to obtain from the controller restriction of processing which means suspending the processing of data, for example if a data subject wishes to establish the accuracy or verify the grounds for further processing of personal data;
  • The right to transmit to another controller the personal data concerning him or her, where technically feasible;
  • The right to withdraw the consent given for the collection, processing and transfer of personal data for a particular purpose; Upon receipt of a notice of withdrawal of consent, we shall cease to process personal data for the purposes initially set out, unless we have other legal basis to do so lawfully.

If wishing to exercise any of the above rights, a data subject may e-mail the request to or send a land mail to the company. We shall reply to a data subject’s request without undue delay, i.e. within one month at the latest. If this time limit were extended (up to two additional months at the most), taking into account the complexity and number of requests, a data subject shall be informed thereof. Access to personal data and acquired rights is free of charge for the data subject. However, a reasonable charge may be made if the data subject’s request is manifestly unfounded or excessive, especially if submitted repeatedly. In such a case, we may also refuse the request. When exercising rights under this title, we may need to request certain information from the data subject to assist us in verifying the identity of the data subject, which is only a security measure to ensure that personal data is not disclosed to unauthorized persons.

In exercising the rights under this title, a data subject may use the form provided by the Information Commissioner available on their website (Obrazci s področja varstva osebnih podatkov – IPRS (

If a data subject has reasonable belief that his or her rights have been infringed, he or she may contact the supervisory body (Information Commissioner) for protection or assistance: Prijava kršitev varnosti – IPRS (

For any questions regarding the processing of personal data, the individual may always contact us by sending an e-mail to or a land mail to the company.

Changes to the Privacy Policy

Any change to our Privacy Policy is posted on our website By using the website, the individual confirms that they accept and agree to the full content of this Personal Data Protection Policy.

The Privacy Policy was adopted by Grega Zust on 22 November 2022.