Privacy Policy

1. Introductory Provisions

The company FRUCTAL d.o.o., Tovarniška cesta 7, 5270 Ajdovščina, Slovenia (hereinafter: the “Company”, “Fructal”, “we”, “us” or the “Controller”) respects the privacy of individuals and is committed to the protection of personal data.

The purpose of this Privacy Policy is, in particular, to present to you in a clear and simple manner the personal data we collect about you, the legal bases and purposes for which we process such data, the options available to you regarding the management of privacy settings, and your rights in relation to personal data.

This Privacy Policy is in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: the “General Data Protection Regulation”), the Personal Data Protection Act (hereinafter: “ZVOP-2”), and other applicable regulations in the field of personal data protection.

This Privacy Policy describes the manner of collection, use, processing, storage and protection of personal data processed by the Company in connection with the operation of the website www.fructal.si (hereinafter: the “website”).

This Policy applies to all users of the website, including visitors, individuals submitting inquiries, and job applicants.

2. Data Controller

The controller of personal data is:

FRUCTAL d.o.o.
Tovarniška cesta 7
5270 Ajdovščina
Slovenia
Email: info@fructal.si
Website: www.fructal.si

The Company determines the purposes and means of the processing of personal data and ensures that all processing operations are carried out lawfully, fairly and in a transparent manner.

You may contact the Controller and/or the Data Protection Officer via the contact details provided above. Any questions you may have regarding this Privacy Policy, the confidentiality of your personal data, the manner of processing or the exercise of your rights in relation to personal data will be addressed by the responsible person of the Controller and/or the Data Protection Officer.

3. Types of Personal Data

In the context of using the website, the Company may process the following categories of personal data.

3.1 Data Provided Voluntarily by the Individual

When using certain functionalities of the website, the user may voluntarily provide the following data:

  • name and surname
  • email address
  • telephone number
  • content of the message or inquiry
  • data contained in the curriculum vitae (CV)
  • data contained in the cover letter or job application
  • other information voluntarily provided by the individual

3.2 Data Relating to the Use of the Website

When visiting the website, certain technical data are automatically collected, such as:

  • IP address
  • date and time of access
  • device type
  • browser type and version
  • operating system
  • referring URL
  • data relating to interaction with the website

These data are primarily used to ensure the functioning of the website, its security, and for statistical analysis of website usage.

3.3 Data Collected Through Cookies

The website uses cookies in order to facilitate easier use of the website. Cookies are small text files stored by your web browser on your computer. When you reopen the relevant page, cookies allow the recognition of your computer. The settings for storing cookies can be changed at any time in the settings of your web browser, where you can select the option “do not accept cookies”. Refusing cookies may result in certain functions of the offered services not being available.

More information about cookies, including a list of cookies used by the website, can be found here in the Cookies Policy.

4. Purposes of Personal Data Processing

The Company processes personal data exclusively for specific, lawful and predetermined purposes.

These purposes include in particular:

  • ensuring the operation and security of the website
  • enabling communication with users
  • handling questions and inquiries from users
  • processing applications for published job vacancies
  • handling unsolicited CV submissions
  • improving the user experience on the website
  • statistical analysis of website usage
  • fulfilling the legal obligations of the Company

The Company does not use personal data for automated decision-making or profiling unless this is explicitly stated.

5. Legal Basis for Processing

The processing of personal data is based on one or more of the following legal bases.

5.1 Consent of the Individual

Where an individual voluntarily provides personal data, for example via a contact form or when submitting a CV.

5.2 Performance of Pre-Contractual Measures

In the case of job applications where processing is necessary for the recruitment process.

5.3 Compliance with Legal Obligations

Where processing is required due to obligations imposed by applicable legislation.

5.4 Legitimate Interest of the Controller

For example, to ensure information security, prevent misuse and improve the functioning of the website.

6. Job Applications

The website may contain information about job vacancies or allow the submission of job applications.

If a candidate submits an application or sends a CV through the website, the Company processes personal data exclusively for the purposes of:

  • carrying out the recruitment process
  • assessing the suitability of the candidate
  • communicating with the candidate

Candidate data are stored:

  • until the completion of the recruitment process, or
  • for a maximum period of 1 year after the completion of the process, unless the candidate provides consent for longer data retention

Access to these data is granted only to authorized persons within the Company who are involved in the recruitment process.

7. Disclosure of Personal Data

The Company generally does not disclose personal data to third parties, except in the following cases:

  • contractual processors, for example IT providers and hosting providers
  • providers of information system maintenance services
  • public authorities where required by applicable legislation

All contractual processors are bound to protect personal data and process such data solely in accordance with the instructions of the Company.

8. Transfer of Data to Third Countries

Your personal data are generally processed within the European Union and the European Economic Area, hereinafter: “EEA”. However, in certain cases your data may also be transferred to users outside the EU and the EEA, whereby we guarantee that transfers to third countries and international organizations are carried out only in full compliance with the General Data Protection Regulation or legislation in the field of personal data protection.

9. Retention of Personal Data

Personal data are retained only for as long as necessary to achieve the purpose for which they were collected, or for as long as required by applicable legislation.

After the expiry of the retention period, personal data are deleted or anonymized.

10. Rights of Individuals

10.1 Right of Access to Data

An individual may at any time request that the Company confirm whether it processes personal data relating to him or her. Based on such a request, the Company shall provide the individual with access to personal data and the following information regarding the processing of his or her personal data:

  • the purposes of processing
  • the categories of personal data concerned
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the individual or to object to such processing
  • the existence of the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the individual, any available information as to their source
  • the existence of automated decision-making, if any

Where the conditions under the General Data Protection Regulation are fulfilled, the Company shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed.

10.2 Right to Rectification

An individual may at any time request that the Company rectify inaccurate personal data concerning him or her or complete incomplete personal data.

10.3 Right to Erasure

In the exhaustively defined cases set out in Article 17 of the General Data Protection Regulation, the individual may request that the Company erase his or her personal data, the so-called right to be forgotten.

10.4 Right to Restriction of Processing

The data subject has the right to obtain from the Company restriction of processing where one of the following applies:

  • the data subject contests the accuracy of the personal data, for a period enabling the Company to verify the accuracy of the personal data
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the Company no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the data subject

10.5 Right to Data Portability

An individual may at any time request that the Company provide personal data concerning him or her in a structured, commonly used and machine-readable format. The individual has the right to transmit those data to another controller, and the Company shall not hinder this.

The individual also has the right to have the personal data transmitted directly from the Company as the controller to another controller, where technically feasible.

10.6 Right to Object

The data subject has the right, on grounds relating to his or her particular situation, to object at any time to the processing of personal data concerning him or her where the Company processes personal data:

  • for the performance of tasks carried out in the public interest
  • in the exercise of official authority, or
  • where processing is necessary for the purposes of legitimate interests

The Company shall cease processing the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests of the data subject or where the processing is necessary for legal reasons.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing purposes. In such case, the Company shall cease processing the personal data for direct marketing purposes.

10.7 Right to Withdraw Consent

The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

10.8 Right to Lodge a Complaint with the Supervisory Authority

An individual has the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia if he or she believes that personal data are being processed in violation of applicable data protection regulations.

The contact details of the Information Commissioner are available here.

10.9 Right to Judicial Protection

An individual who believes that a controller or processor from the public or private sector violates his or her rights under the General Data Protection Regulation or laws governing the processing or protection of personal data may seek judicial protection of his or her rights for the entire duration of the violation, without prior exercise of rights under other provisions of ZVOP-2 or the use of other legal remedies.

11. Security of Personal Data

The Company implements appropriate technical and organizational measures to protect personal data, including:

  • restricting access to data
  • protecting information systems
  • regularly monitoring security risks

These measures ensure the protection of personal data against unauthorized access, loss, destruction or misuse.

12. Changes to the Privacy Policy

The Company reserves the right to amend or supplement this Privacy Policy.

All changes will be published on this website.

Send the next one and I’ll keep doing them in this exact format.