Skip to content

Privacy Statement

Controller in the sense of the General Data Protection Regulation (GDPR):

STARKOM d.o.o.
Cesta k Tamu 18
2000 Maribor, Slovenia

 

Email: lcr-starkom@mercedes-benz.com

Phone: +386 2 46 01 731

(hereinafter referred to as the controller or the company)

Contact person for personal data protection:

Individuals whose personal data is processed can contact the data protection officer with any questions related to the processing of their personal data and the exercise of their rights under the General Data Protection Regulation. The data protection officer can be reached via email: lcr-starkom@mercedes-benz.com

1. Data protection

We are pleased to welcome your visit to our website and your interest in our offer. Protecting your personal data is extremely important to us. In the data protection guidelines, you will find information on how your personal data is collected and processed, the purpose of collection, the legal basis, and your rights in this regard.  Additional information can also be found in the Mercedes-Benz Data Protection Directive: The Mercedes-Benz Data Protection Directive.

Our data protection guidelines for the use of our websites and the Mercedes-Benz Data Protection Directive do not apply to your activities on websites of social networks or other providers’ websites that you can access via links on our websites. You will find detailed information regarding their data protection regulations on their websites.

We process your personal data in accordance with European legislation (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation)) and applicable Slovenian data protection legislation and other laws that provide us with the legal basis for processing personal data.

2. Collection and Processing of Your Personal Data

a. Personal data means any information relating to an identified or identifiable individual (hereinafter referred to as the data subject); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

b. When you visit our websites, we store certain data, including the browser and operating system you use, the date and time of your visit, the access status (e.g., whether you accessed the website without issues or received an error message), the use of website functions, any search terms entered, the frequency of access to individual web pages, the designation of accessed files, the amount of data downloaded, the website from which you access our websites, and the website you visit from our websites, e.g., by clicking on a link on our websites or by entering a website directly into the input field on the same tab (or window) of your browser in which you opened our websites.

c. We only store other personal data if you provide it to us yourself, e.g., in a contact form, by email, or for the purpose of fulfilling a contract, and even in these cases only if you expressly consent to it or it is in accordance with applicable legal regulations (more information on this can be found in the section “Purposes and Legal Basis for Processing”).

d. You are neither legally nor contractually obligated to provide your personal data. However, in certain cases, the functionality of specific features on our websites may depend on the provision of personal data. If you do not wish to provide your personal data in these cases, some functions may not be available or may only be available to a limited extent.

3. Purposes and Legal Basis for Data Processing

a. The company collects and processes your personal data on the following legal bases:

  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
  • The data subject has given consent to the processing of their personal data for one or more specific purposes;
  • Processing is necessary to protect the vital interests of the data subject or of another natural person.
  •  

Compliance with Legal Obligations

Based on legal provisions, the company primarily processes data about its employees, as enabled by labor law. Due to the legal obligation for employment purposes, the company therefore mainly processes the following personal data: first and last name, gender, date of birth, identification number, tax number, city, municipality and country of birth, citizenship, residence, etc.

Performance of a Contract

When an individual concludes a contract with the company, this contract serves as the legal basis for processing personal data. We may process personal data for the conclusion and performance of the contract, such as the sale and purchase of goods, provision of services, etc. If the individual does not provide personal data, the company cannot conclude a contract or provide services or deliver goods in accordance with the contract, as it does not have the data required for performance.

Legitimate Interest

The company may also process personal data based on the legitimate interest it pursues. This is not permissible when such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data. In cases of using legitimate interest, the company always conducts an assessment in accordance with the General Regulation.

Processing Based on Consent

If the company does not have a legal basis established by law, contractual obligation, or legitimate interest, it may request the individual’s consent. Therefore, if the individual gives consent, the company may also process certain personal data for the following purposes:

  • name, email address in the contact form on the website for business communication purposes;
  • photos, videos, and other content related to the individual (e.g., publishing images of individuals on the company’s website) for documenting activities and informing the public about the company’s work and events;
  • other purposes for which the individual agrees by giving consent.

If an individual gives consent for the processing of personal data and later decides to withdraw it, they can request the termination of the processing of personal data by sending an e-mail to lcr-starkom@mercedes-benz.com or a letter by post to the company’s address. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Processing is necessary to protect the Vital Interests of the Individual

The company may process the personal data of the data subject insofar as it is necessary to protect his or her vital interests. For example, the company can search for an individual’s identity document, check whether that person exists in their database, examine their medical history or establish contact with their relatives, for which the company does not require their consent. This applies when it is strictly necessary to protect the vital interests of the individual.

4. Transfer of Personal Data to Third Parties and Contractual Processing

a. The company may entrust certain personal data processing tasks to a contractual processor based on a data processing agreement. Contractual processors may process the entrusted data exclusively on behalf of the controller, within the limits of its authorization, which is specified in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.
b. The contractual processors with whom the company collaborates primarily include providers of legal and business consulting; infrastructure maintenance providers (video surveillance, security services); IT system maintenance providers; email service providers; and software providers.
c. The company will not disclose personal data of individuals to unauthorized third parties under any circumstances. Contractual processors are allowed to process personal data only within the instructions of the company and may not use the personal data for any other purposes.
d. The company, as the controller, and its employees do not transfer personal data to third countries (outside the member states of the European Economic Area – EU member states, Iceland, Norway, and Liechtenstein) and international organizations, except to the USA. In such cases, relationships with contractual processors from the USA are regulated based on standard contractual clauses (model contracts adopted by the European Commission) and/or binding corporate rules (adopted by the organization and approved by the supervisory authorities in the EU).
e. Our websites may also display offers from third parties. If you click on any of these offers, certain data will be transferred to the respective provider (e.g., information that you found the offer on our website and, if necessary, additional information that you have already provided on our websites for this purpose).

5. Data Usage Analysis ("Tracking"); Use of Analysis Tools

a. We aim to tailor the content of our websites to your interests and needs, thereby improving our offerings. To identify user preferences and particularly popular areas of our websites, we use the following analysis tools: Google Analytics.
b. More information from the relevant providers regarding the above-mentioned technologies and the associated processing of personal data can be found at the following links:
https://policies.google.com/technologies/partner-sites

For legal reasons, tracking technologies are used only with your explicit consent (so-called Opt-In – see point c); in other cases, you can object to the use of such technologies if you wish (so-called Opt-Out – see point d).
c. Use of Google Analytics Products – Opt-In
We use Google Analytics products only with your explicit consent, which you can give by clicking on the “Accept” button in the so-called Cookie Information Layer (“Opt-In”). We will store your consent on your device in the form of a cookie so that we do not have to ask for your consent again on each subsequent visit to our websites, and also for legal reasons, along with your IP address and the time of consent on our servers; we will delete or restrict the processing of this data if you withdraw your consent, or at the latest, 6 months after your visit to our websites.
If you change your mind at any time, you can withdraw your consent by clicking on the following link:

Withdraw consent for Google Analytics products:
https://tools.google.com/dlpage/gaoptout?hl=en-GB
d. Use of Other Providers’ Technologies – Opt-Out
If you do not want information about your visit to our websites to be collected and analyzed using the mentioned tracking technologies, you can object to this at any time in the future (“Opt-Out”). For the technical implementation of this objection, an Opt-Out cookie will be placed in your browser. This cookie is solely intended to assign your objection. Please note that for technical reasons, the Opt-Out cookie can only be used in the browser in which it was installed. If you delete cookies or use a different browser or device, you must perform the Opt-Out again.
Below you will find the appropriate Opt-Out option for Google Analytics:
https://tools.google.com/dlpage/gaoptout?hl=en-GB
You can manage and deactivate the use of cookies and information about interests by participating third-party providers on the following website:
https://www.youronlinechoices.com/uk/your-ad-choices

6. Security

The company implements technical and organizational security measures to protect the data it processes. Our security measures are continuously improved in line with technological developments.
Our information systems are protected, among other things, by antivirus programs and firewalls. We have implemented appropriate organizational and technical security measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other unlawful and unauthorized forms of processing. In cases where special types of personal data are transmitted, they are sent in encrypted form and protected by a password.
Individuals are responsible for ensuring that they transmit their personal data securely and that the data provided is accurate and truthful. The company will strive to ensure that the personal data it processes is accurate and, where necessary, kept up to date. Occasionally, we may contact you to confirm the accuracy of your personal data.

7. Retention and Deletion of Your Personal Data

We delete your personal data once it has been processed for the purpose for which it was collected. After this period, data is retained only if required by applicable laws, orders, or other legal regulations in the EU or by legal regulations in third countries, provided that an adequate level of data protection is ensured there. If the company processes data based on the law, it will retain it for the period prescribed by law. Some data is retained for the duration of the cooperation with the company, while some data must be retained permanently. If deletion is not possible in a specific case, the relevant personal data will be marked to restrict its future processing.
Personal data processed by the company based on a contractual relationship with an individual is retained for the period necessary to fulfill the contract and for 6 years after its termination, except in cases where a dispute arises between the individual and the company regarding the contract. In such cases, the company retains the data for 10 years after the final court decision, arbitration, or court settlement, or, if there was no legal dispute, 5 years from the date of peaceful resolution of the dispute.
Personal data processed by the company based on the individual’s consent or legitimate interest will be retained until the consent is withdrawn or a request for data deletion is made. Upon receiving a request to withdraw consent or a request for deletion, the data will be deleted without undue delay, but in any case, within one month of receiving the request. This period may be extended by up to two additional months if necessary, considering the complexity and number of requests, and the individual will be informed of the delay and the reasons for it within one month of receiving the request. An exception applies to personal data for which the retention period is prescribed by law. The company may also delete this data before the withdrawal if the purpose of processing the personal data has been achieved or if required by law.
Exceptionally, the company may refuse a request for deletion for reasons specified in the General Regulation, such as: compliance with a legal obligation to process, exercising the right to freedom of expression and information, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes, or statistical purposes, the establishment, exercise, or defense of legal claims.
After the retention period has expired, the company must effectively and permanently delete or anonymize the personal data so that it can no longer be linked to a specific individual.

8. Rights of Individuals

In accordance with the General Data Protection Regulation (GDPR), individuals have the following data protection rights:

  • Right of Access: You can request information about whether we hold your personal data and, if so, which data we hold and on what basis and why we use it. You can request access to your personal data, which allows you to receive a copy of the personal data we hold about you and check that we are processing it lawfully.
  • Right to Rectification: You can request corrections to your personal data, such as correcting incomplete or inaccurate personal data.
  • Right to Erasure: You can request the deletion of your personal data when there is no reason for futher processing or when you exercise your right to object to further processing. You can withdraw the consent you have given for the collection, processing, and transfer of your personal data for a specific purpose.
  • Right to Object: In case of reasons, based on individual circumstances, you have the right to object at any time to the processing of your personal data based on Article 6(1)(e) GDPR (processing in the public interest) or Article 6(1)(f) GDPR (processing based on a balancing of interests). If you object, we will only continue to process your personal data if there are compelling and demonstrable legitimate grounds that override your interests, rights, and freedoms, or if the processing is needed for the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing: You can request the restriction of processing of your personal data, which means the suspension of processing of personal data, for example, if you want us to establish the data’s accuracy or verify the reasons for processing the personal data.
  • Right to Data Portability: You can request the transfer of your personal data in a structured, electronic format to another controller, where this is technically feasible and practicable.
  •  

If an individual wishes to exercise any of the aforementioned rights, they can send a request via email to lcr-starkom@mercedes-benz.com or a letter by post to the company’s address.

Access to an individual’s personal data and the exercise of rights is free of charge for the individual. However, the company may charge a reasonable fee if the request from the data subject is manifestly unfounded or excessive, particularly if it is repetitive. In such a case, the company may also refuse the request. When exercising rights under this provision, the company may need to request certain information from you to help confirm your identity, which is a security measure to ensure that personal data is not disclosed to unauthorized persons.

When exercising rights under this provision, the individual can use the form provided by the Information Commissioner of the Republic of Slovenia, which is available on their website.

If an individual believes that their rights have been violated, they can seek protection or assistance from the supervisory authority or the Information Commissioner of the Republic of Slovenia.

If an individual has any questions regarding the processing of their personal data, they can always contact our company via email at lcr-starkom@mercedes-benz.com or a letter by post to the company’s address.

9. Cookies

The company’s website operates using so-called cookies. A cookie is a file that stores website settings. Websites store cookies on users’ devices that access the internet to recognize individual devices and settings that users have used when accessing. Cookies allow websites to recognize if a user has already visited the site and, in advanced applications, can help adjust individual settings accordingly.
Cookies are essential for providing user-friendly online services. They are used to store data about the state of individual web pages, help collect statistics about users and website visits, etc. With the help of cookies, we can assess the effectiveness of our website’s design.
The storage and management of cookies are entirely under the control of the browser used by the individual – it can limit or disable the storage of cookies as desired. Cookies stored by the browser can also be deleted; instructions can be found on the respective browser’s website.
More detailed information about the cookies used by our website is available in the notice: Cookie Usage Guidelines.

10. Publication of Changes

Any changes to our Privacy Statement will be published on the company’s website: www.starkom.si . By using the website, the individual confirms that they are aware of the entire content of this Privacy Statement.

The Data Protection Notice/Privacy Statement has been accepted by the responsible person of the company 07. 05. 2020.

Starkom uses cookies for various purposes.

The Starkom, d.o.o. website uses cookies that are strictly necessary for the website’s operation, as well as analytical (statistical) cookies. Analytical cookies help us improve our website’s user-friendliness and continuously enhance user experience, for which we require your prior consent.

You can give your consent to the use of analytical cookies by clicking the button ACCEPT ANALYTICAL COOKIES. If you do not wish to consent to the use of analytical cookies, please click the button REJECT ANALYTICAL COOKIES. You may withdraw your previously given consent at any time by clicking the REJECT ANALYTICAL COOKIES button in the cookie notice.

More information about cookies and personal data protection is available in our Cookie Policy and Privacy Statement of Starkom, d.o.o.

Reject analytical cookies
Accept analytical cookies