Privacy Policy

1. About the Personal Data Protection Policy

The purpose of the Personal Data Protection Policy (hereinafter referred to as the “Policy”) is to inform subscribers, or passengers, and other persons (hereinafter referred to as “Individuals”) about the purposes and basis of the processing of personal data by FIKA7 d.o.o., Janežičeva cesta 21, 1000 Ljubljana (hereinafter referred to as “Fika”) and the rights of Individuals in this area. At the same time, this Policy further clarifies consent to data processing.

The Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. The following information is included in the General Data Protection Regulation (GDPR), which is adopted on 1 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR):

  • contact information for Fika’s Data Protection Officer;
  • the purposes, grounds and types of processing of different types of personal data of Individuals, including profiling of personal data of Individuals;
  • transfer of data to third parties and third countries;
  • the retention period for each type of personal data;
  • the rights of Individuals in relation to the processing of personal data;
  • the right to lodge a complaint concerning the processing of personal data.

Where applicable, the provisions relating to Individuals shall also apply to issues of secrecy and confidentiality of communications of users who are legal persons.

  1. Controller of personal data

The controller of the personal data of Individuals processed in accordance with the Personal Data Protection Policy is Fika d.o.o., Janežičeva cesta 21, 1000 Ljubljana. The Company has a Data Protection Officer who can be contacted at info@fika-food.si.

  1. Purposes of processing and grounds for processing

3.1 Processing on the basis of a contract:

Fika processes Personal Data of Individuals for the performance of its obligations under a contractual relationship or other service agreed between the contracting parties. In the context of the exercise of rights and performance of contractual obligations, Fika processes the personal data of Individuals for the following purposes:

  • Identification of the Individual; preparation of the offer and conclusion of the contract;
  • the provision of the service, whereby Fika may pass on the data to other contractual partners
  • sending notices to Individuals in connection with the performance of a contractual or other relationship;
  • informing you about changes to legislation in a particular area or changes to terms and conditions of sale;
  • charging for services;
  • resolving any objections or complaints from Individuals;
  • carrying out any recovery procedures, selling receivables;
  • for other purposes necessary for the performance or conclusion of the contractual relationship between Fika and the Individual.

For the purposes of providing the services ordered by the Individual, Fika processes all the data necessary for this purpose.

This includes, but is not limited to: title, first name, last name, address, city, country, mobile phone number, e-mail address, post office.

3.2 Processing under the law:

Fika processes Personal Data of Individuals for the purposes of concluding, performing, monitoring, billing and terminating the contract or other services.

Fika may also share this information with other business partners, the police or other competent authorities if required to do so by law. Other purposes of processing may also arise from the legislation in force at the time.

3.3 Processing on the basis of a legitimate interest pursued by Fika:

Fika may also process data on the basis of a legitimate interest pursued by Fika or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data relate to a child. Where further use of data collected about an Individual is concerned, Fika will carry out an assessment in accordance with the General Data Protection Regulation. For example, such further use of the data in pseudonymised or aggregated form constitutes a legitimate use of the data for marketing and other business or technical analyses of Fika.

Under the General Data Protection Regulation, direct marketing is also a legitimate interest. For direct marketing purposes, Fika may also create profiles of Individuals without consent based on basic information about the selected products, such as. the type or specific characteristics of the product selected, the timing of the selection, or past marketing contacts with the Individual, in particular with regard to the expressed interest or lack of interest in certain services or products. Such basic profiling will never include sensitive data. The individual may object to that processing in accordance with point 6/iv of the Policy.

On the basis of legitimate interest, Fika may contact Individuals for the purpose of improving the Services or for the purpose of determining their satisfaction with the Services, including in cases where this is not strictly necessary for the performance of the Contract. Fika shall not contact again those Individuals who have objected in order to weigh this interest against the interests of the Individual.

Fika has a legitimate interest in retaining and further using the data until the expiry of the legal retention period for analysis and research for marketing, business planning and similar purposes.

3.4 Processing based on consent to the processing of personal data:

The processing of data may be based on the consent obtained by Fika from the data subject. For example, consent may relate to information about offers and services, the provision of offers tailored to individual consumption habits, or the provision of value-added services. The communication shall be carried out through the channels chosen by the Individual in the consent. Communication using an email address may include the provision of an email address to an external processor for the purpose of displaying Fika’s advertising messages while you are browsing the web.

The data subject may withdraw or modify his or her consent at any time in the same manner as consent was given or in any other manner as determined by Fika, subject to Fika’s right to identify the customer. Withdrawal or modification of consent applies only to data processed on the basis of consent and not to data processed on any other lawful basis. The last consent given by the Individual shall be valid. The possibility of withdrawing consent constitutes an opt-out right in the Individual’s business relationship with Fika. Consent may also be given by a parent, foster parent or guardian of a minor child who, under current legislation, cannot give consent himself. Such consent will remain in force until it is revoked or modified by the parent, foster parent or guardian, or by the child himself or herself once he or she has acquired this right in accordance with the applicable law.

Where consent involves direct marketing based on an Individual’s profile, Fika may carry out profiling of the Individual based on the services ordered, the services actually provided and other information that Fika has collected about the Individual based on the consent. Profiling may result in an offer, or information about an offer, from Fika that is tailored to the Individual, but in no case creates legal obligations for the Individual. Profiling for direct marketing purposes may also include the use of your date of birth.

  1. Transfers of data to third parties and transfers of data to third countries (countries that are not members of the European Union or the European Economic Area)

Fika may, if it is compatible with the purpose for which the personal data is processed under EU and Slovenian law, transfer personal data about Individuals:

  • natural and legal persons who are Fika’s contractual partners and who provide individual services to Fika for the purpose of performing the contractual relationship between Fika and the Individual;
  • natural and legal persons who are Fika’s contractual partners and perform processing tasks for Fika, such as the preparation and transmission of invoices or data analytics, maintenance and development of the network and services, including software, where these tasks involve the processing of personal data to the extent necessary;
  • natural and legal persons who provide sales and marketing services to Fika, including sales and marketing in the field, or cooperate with Fika in the marketing and sale of their own services or those of third parties, to the extent necessary for such tasks within the scope of the purposes and grounds set out in this Policy.

The transfer of data to third countries is ensured in accordance with the legal basis for the transfer of data to third countries, as prescribed by EU law and applicable Slovenian regulations. Possible bases include:

  • an implementing act of the European Commission on the adequacy of protection in a third country;
  • binding corporate rules, in accordance with the General Data Protection Regulation, if duly approved;
  • standard data protection clauses;
  • another mechanism allowed by the GDPR.
  1. Retention period of personal data

Fika may keep the data resulting from the contractual relationship for five years after its termination, or until the claim has been settled, for the purpose of proving any claims arising from the contractual relationship. Invoices are kept for 10 years after the end of the year to which the invoice relates, in accordance with the law governing value added tax.

If the data is processed on the basis of the Data Subject’s consent, for the purpose of marketing Fika’s services, the data may be processed to the extent necessary for as long as it is necessary for such marketing or services.

Where a sectoral law provides otherwise for the retention period of personal data, the provisions of that law shall apply.

  1. Rights of Individuals in relation to the processing of personal data

Fika shall ensure that Individuals exercise their rights without undue delay and in any event within one month of receipt of the request. Fika may extend the time limit for exercising the rights of the Individual by up to two additional months, taking into account the complexity and number of requests. In the event of an extension of time, Fika shall notify the Individual of any such extension within one month of receipt of the request, together with the reasons for the delay.

FIKA accepts requests regarding the rights of the Individual by e-mail to info@fika-food.si or by post to FIKA7 d.o.o., Janežičeva cesta 21, 1000 Ljubljana.

Where the Data Subject makes the request by electronic means, the information shall, where possible, be provided by electronic means, unless the Data Subject requests otherwise.

Where there is reasonable doubt as to the identity of the Data Subject making a request in relation to any of his or her rights, Fika may request the provision of additional information necessary to confirm the identity of the Data Subject.

If the Data Subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, Fika may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action, or refuse to act on the request.

Fika provides individuals with the following in relation to the processing of personal data:

  • the right of access to data; the right to rectification; the right to erasure (‘right to be forgotten’);
  • the right to restrict processing;
  • the right to data portability;
  • the right to object.

6.1 Right of access to data

The data subject shall have the right to obtain from Fika confirmation as to whether personal data concerning him or her are being processed and, where this is the case, access to the personal data and to additional information relating to the processing of personal data, including:

  • the purposes of the processing;
  • types of personal data;
  • the users or categories of user to whom personal data have been or will be disclosed, in particular users in third countries or international organisations;
  • where possible, the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period;
  • the existence of a right to obtain from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject, or the existence of a right to object to such processing;
  • the right to lodge a complaint with the supervisory authority;
  • where the personal data is not collected from the Data Subject, any available information regarding its source;
  • the existence of automated decision-making, including profiling, and meaningful information about the reasons for it, as well as the meaning and intended consequences of such processing for the Data Subject.

Upon the request of the Data Subject, Fika shall provide a copy of his or her personal data being processed. Fika may charge a reasonable fee, taking into account administrative costs, for additional copies of the data requested by the Data Subject.

6.2 Right to rectification

The data subject shall have the right to obtain from La Fika, without undue delay, the rectification of inaccurate personal data concerning him or her. The data subject shall have the right, having regard to the purposes of the processing, to have incomplete personal data completed, including by submitting a supplementary declaration.

6.3 Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from Fika the erasure of personal data concerning him or her without undue delay. Fika has an obligation to delete personal data without undue delay:

  • where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • where the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • where the Data Subject objects to processing on the basis of a legitimate interest of Fika and there are no overriding legitimate grounds for processing;
  • where the Individual objects to processing for direct marketing purposes
  • where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law;
  • where the information is incorrectly collected from a minor for the use of information society services, who is not able to provide such information in accordance with applicable law.

6.4 Right to restriction of processing

The data subject shall have the right to obtain from Fika the restriction of processing where:

  • The data subject shall contest the accuracy of the data for a period which allows the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject objects to the erasure of the personal data and requests instead that its use be restricted;
  • Fika no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims;
  • the Data Subject has lodged an objection to processing, pending verification that the legitimate grounds of the controller override those of the Data Subject.

6.5 Right to data portability

The data subject shall have the right to receive personal data concerning him or her held by Fika in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller, without being prevented from doing so by Fika, to whom the personal data have been provided, where the processing is based on the data subject’s consent or on a contract and the processing is carried out by automated means.

6.6 Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, provided that the processing is based on legitimate interests pursued by Fika or by a third party. In this case, Fika shall no longer process the personal data unless it demonstrates compelling reasons for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing purposes, including profiling insofar as it is related to such direct marketing. To the extent that direct marketing is based on consent, the right to object may be exercised by withdrawing the personal consent given.

  1. Right to lodge a complaint concerning the processing of personal data

Every Individual has the right to lodge a complaint regarding the processing of personal data. The Data Subject may send any complaint to the e-mail address info@fika-food.si or by post to the address Fika d.o.o., Janežičeva cesta 21, 1000 Ljubljana.Any Data Subject shall also have the right to lodge a complaint directly with the Information Commissioner if he/she considers that the processing of personal data concerning him/her violates Slovenian or EU legislation on the protection of personal data. If the Data Subject has exercised the right of access to data with Fika and, after receiving the decision, considers that the personal data received by him/her is not the personal data requested or that he/she has not received all the personal data requested, he/she may, before lodging a complaint with the Information Commissioner, lodge a reasoned complaint with Fika within 15 days. Fika will decide on the appeal as a new request within five working days of receipt.

  1. Validity of the Policy

This Policy is published on the website www.fika-food.si and enters into force on 3. 5. 2021