Privacy policy


About the Privacy Policy

Purpose of the BITI d.o.o. Privacy Policy (hereinafter: “Privacy Policy”) is information for users of BITI d.o.o. services. and other persons (hereinafter also referred to as: “individuals”) with the purposes and basis of the processing of personal data by BITI d.o.o. , Vosek 1A, 2231 Pernica, Slovenia (hereinafter: “Companies”) and the rights of individuals in this area. The company takes special care of the security of your personal data. All provided personal data is treated confidentially and is used only for the purpose for which it was provided. We manage your personal data with the utmost care, taking into account the applicable legislation and the highest standards of their treatment. We take care of the security of your personal data with, among other things, appropriate organizational measures, work procedures and advanced technological solutions, as well as external experts with the aim of protecting your personal data as effectively as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the collected data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or from unauthorized access to personal data that has been transferred, stored or otherwise processed.

At the same time, this Privacy Policy further explains the consent you have given to the processing of your personal data.

The Privacy Policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (hereinafter: “General Data Protection Regulation”), the following information is covered:

  • company contact information,
  • purposes, bases and types of processing of various types of personal data of individuals,
  • storage time of individual types of personal data,
  • the rights of individuals in relation to the processing of personal data,
  • the right to lodge a complaint regarding the processing of personal data,
  • validity of the Privacy Policy.

Personal information collected by the company

If you are only a visitor to the website, we only collect data about you through the use of cookies. If you are a user of services or a customer of services provided by the company, we also collect other personal data about you that we need to perform the services you have ordered or that you use. These personal data are:

  • name and surname
  • contact email address
  • contact phone number
  • IP address
  • data for issuing an offer based on your request (your address, tax number).

Personal data controller

The controller of personal data processed in accordance with this Privacy Policy is BITI d.o.o. , Vosek 1A, 2231 Pernica, Slovenia.

Categories of individuals whose personal data is processed

This Privacy Policy is intended for everyone who has ordered and/or used our services or submitted an inquiry, as well as for those who visit our website.

Purposes of processing and basis for data processing

Processing on the basis of a contract:

In the context of exercising contractual rights and fulfilling contractual obligations, the company processes your personal data for the following purposes: identification of an individual, preparation of an offer, conclusion of a contract, to provide the ordered services, to inform about possible changes, additional details and instructions for using the services, to solve possible technical problems , objections or complaints, accounting for services and for other purposes necessary for the implementation or conclusion of a contractual relationship between a company and an individual.

When invoicing services, based on tax regulations, we obtain and process your address for the correct issuance of the invoice.

Processing based on law:

On the basis of a legitimate interest, we use your personal data to detect and prevent fraudulent use and abuse of services, further within the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting requirements related to the quality of services, and detecting technical failure of systems and services.

Based on a legitimate interest, we also use your personal data for the purposes of possible executions, judicial and extrajudicial recovery.
In accordance with the General Regulation, in case of suspicion of abuse, the company may process data on individuals to an appropriate and proportionate extent for the purpose of identification and prevention of possible fraud or abuse and may, if appropriate, forward this data to other providers of such services, business partners, the police , the State Prosecutor’s Office or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in connection with the individual, which includes data on the subscription relationship and, for example, the IP address, may be kept for five years after the termination of the business relationship.

Processing based on consent to the processing of personal data: Data processing may also be based on your consent, which you have provided to the company. Consent may, for example, relate to information about offers, benefits and service improvements provided by the company. The purpose of such notification is to bring the services as close as possible to your needs and wishes and thereby increase their useful value for you. The notification is carried out through the channels that you have chosen in the consent. You can cancel the notification at any time, namely in the manner defined in the Privacy Policy. You can withdraw or change your consent at any time in the same way as you gave it or in another way as defined in the Privacy Policy, whereby the company reserves the right to identify the customer. The change of consent can be arranged, among other things, via email to the address or by sending a written request to the address of the company’s headquarters. Withdrawal or change of consent only applies to data processed on the basis of your consent. Your last given consent that we received is valid. The possibility of revocation of consent does not constitute a withdrawal right in the business relationship of the individual with the company. In the absence of cancellation, data for which your consent is given is processed for up to two years after the end of the business relationship with the company.

Restrictions on the transmission of personal data

If necessary, we will authorize other companies and individuals to perform certain tasks that contribute to our services. In such a case, the company may also forward personal data to such carefully selected external processors who will conclude a contract with the company on the processing of personal data, or an agreement or other binding document of the same content (hereinafter: “Processing Agreement”). We will forward this type of data to external processors or make them accessible only to the extent required for a specific purpose. This data may not be used by the external processor for any other purposes, while meeting at least all personal data processing standards provided for by applicable legislation. External processors are contractually obligated to the company to respect the confidentiality of your personal data. On the basis of a reasoned request, the company also forwards personal data to the competent state authorities, which have a legal basis for this. BITI d.o.o. will, for example, responded to the requests of courts, law enforcement authorities and other state authorities, which may also include state authorities of another EU member state.

Personal data retention period

The data retention period is determined according to the category of individual data. We keep the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for the fulfillment of obligations or the statutory retention period. Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment for the service or, at the latest, until the expiry of the statute of limitations in relation to an individual claim, which can range from one to five years by law. Invoices are kept for 10 years after the end of the year to which the invoice refers in accordance with the law governing value added tax. We keep other data that we obtained based on your consent for the duration of the business relationship and for 2 years after termination, unless the law stipulates a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the time it was given or until it is revoked. After the expiration of the retention period, the data is deleted, destroyed, blocked or anonymized, unless otherwise stipulated by law for the individual type of data.

Rights of Individuals in relation to the processing of personal data

We guarantee the exercise of your rights in relation to the processing of your personal data without undue delay. We will decide on your request within one month of receiving your request. In the case of complexity and a large number of requests, the deadline can be extended by a maximum of two additional months. If we extend the deadline, we will notify you of any such extension within one month of receiving the request, along with the reasons for the delay. Requests regarding the exercise of your rights are accepted at the email address or by mail at BITI d.o.o. , Vosek 1A, 2231 Pernica, Slovenia. When you submit a request by electronic means, we will provide the information to you by electronic means whenever possible, unless you request otherwise. When there is a justified doubt regarding the identity of an individual who submits a request regarding one of his rights, we may request the provision of additional information that is necessary to confirm the identity of the individual to whom the personal data relates. If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repeated, the company may: – charge a reasonable fee, taking into account the administrative costs of providing the information or message or taking the requested action, or – refuse to act in relation to with a request. We grant you the following rights in relation to the processing of your personal data: (i) the right to access data (ii) the right to rectification (iii) the right to deletion (“right to be forgotten”) (iv) the right to limit processing (v) the right to data portability (vi) the right to object (i) the right to access data You always have the right to know whether personal data is being processed in relation to you and, if so, access to personal data and the following information: – purposes of processing, – types of personal data being processed, – users or categories of users to whom personal data has been or will be disclosed, – the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period, – the existence of the right , that the controller may be required to correct or delete personal data or limit the processing of your personal data, or the existence of the right to – object to such processing, – the right to file a complaint with a supervisory authority, – when personal data n iso collected from you, all available information regarding their source. (ii) right to correction You have the right to have inaccurate personal data about you corrected without undue delay and, taking into account the purposes of the processing, the right to complete incomplete personal data, including the submission of a supplementary statement. (iii) the right to erasure (“right to be forgotten”) You have the right to have your personal data deleted without undue delay when one of the following reasons applies: – when the personal data is no longer necessary for the purposes for which it was collected or how otherwise processed, – when you revoke the consent on the basis of which the processing takes place, and there is no other legal basis for the processing, – when you object to the processing of the data, and there are no overriding legal reasons for their processing, – when the personal data were processed illegally, – when personal data must be deleted to fulfill a legal obligation in accordance with EU law or the Slovenian legal order. (iv) the right to limit processing You have the right to obtain that we limit the processing of your personal data when one of the following cases applies: – when you dispute the accuracy of the data, namely for a period that allows us to verify the accuracy of the personal data, – the processing is illegal, you but you object to the deletion of personal data and instead request a restriction of their use, – we no longer need your personal data for the purposes of processing, but you need them to assert, implement or defend legal claims, – if you have filed an objection in relation to processing based on legitimate business interests, until it is determined that our legitimate reasons override your reasons. When the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, with the exception of their storage, is processed only with your consent, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. We are obliged to inform you before canceling the restriction on the processing of your personal data. (v) the right to data portability You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without the company preventing you from doing so , when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, personal data may be transferred directly to another controller. (vi) the right to object When we process your data on the basis of a legitimate interest for marketing purposes, you can object to such processing at any time. We will stop processing your personal data unless we demonstrate compelling reasons for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. The right to file a complaint regarding the processing of personal data Any complaint regarding the processing of your personal data can be sent to the email address or by post to BITI d.o.o. , Vosek 1A, 2231 Pernica, Slovenia In the event that we do not decide on your request within the legal deadline or reject your request, you have the option of filing a complaint with the Information Commissioner. You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection. If you have exercised the right to access data and after receiving the decision you believe that the personal data you received are not the personal data you requested, or that you did not receive all the requested personal data, you can file a reasoned complaint with the Information Commissioner before filing a complaint at the company within 15 days. We must decide on your complaint as a new request within five working days.

Final Provisions

For everything that is not regulated by this Privacy Policy, the current legislation applies. The company reserves the right to change this Privacy Policy. We will inform you about the change by publishing it on the official website of BITI d.o.o. 30 days before its entry into force. If you have any questions about the Privacy Policy or about the data we keep about you, please write to us at the e-mail address

Validity of the Privacy Policy

This Privacy Policy is published on the website and comes into effect on January 1, 2022.