Privacy Policy

This Privacy Policy (hereinafter: "Policy") has been adopted by ATH INVEST d.o.o., Dunajska cesta 106, 1000 Ljubljana, Slovenia, registration number: 9760784000, VAT ID: 76006999 (hereinafter: "ATH INVEST" or "we"). This Policy governs the protection of personal data and the privacy of individuals—our customers, users of our services, and business partners—where we act as the data controller (the entity that determines the purpose and means of processing).

ATH INVEST processes personal data in accordance with the highest standards of the European Union and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter: "GDPR"), as well as the Slovenian Personal Data Protection Act (ZVOP-2). If you have any questions or requests regarding the handling or protection of your personal data, please contact us at info@ath.si.

FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA, AND ON WHAT LEGAL BASIS?

A) Performance of a Contract

The processing of your personal data, as outlined here, is necessary for the conclusion and performance of a specific contractual relationship in which you are a party, or for taking steps at your request prior to entering into a contract.

B) Compliance with Legal Obligations

The processing of personal data required to fulfil various legal obligations imposed on us as the data controller under Slovenian and EU laws does not require your consent. For example, this processing is necessary for compliance with anti-money laundering and counter-terrorism financing regulations (e.g., the Prevention of Money Laundering and Terrorist Financing Act).

C) Processing Based on Consent

Newsletter Subscription
  • What personal data do we process?
    If you have subscribed to our newsletter, we process the personal data you provided during registration. Mandatory data includes: email address, name, surname, and address.
  • For what purposes do we process your personal data?
    We process your personal data to deliver our newsletter. In this case, the legal basis for processing is your request. To better understand your interests in relation to purchasing. In this case, the legal basis for processing additional data is your consent provided during registration. If we have another legitimate interest (e.g., for security purposes).
Visitor to Business Premises
  • What personal data do we process?
    If you visit our business premises, you may be recorded by our CCTV cameras if you enter a clearly marked surveillance area. In this case, we process your video footage.
  • For what purposes do we process your personal data?
    We process your personal data to protect people (visitors and employees) and property in our business premises. In this case, the legal basis for processing is the Personal Data Protection Act. To fulfill our legal obligations (e.g., responding to requests from public authorities).
If You Contact Us Regarding Our Services or Products
  • What personal data do we process?
    We process the personal data you provided when submitting inquiries, requests, complaints, compliments, or similar, which may include: name, surname, phone number, email address, address, reason for your inquiry, product purchased, date and place of purchase, and a summary of your inquiry.
  • For what purposes do we process your personal data?
    We process your personal data to respond to your inquiry, request, complaint, compliment, or similar. In this case, the legal basis for processing is our legitimate interest in responding to your inquiries. To monitor satisfaction with our services. In this case, the legal basis for processing is our legitimate interest. To fulfill our legal obligations (e.g., retaining consumer complaints).
Business Partners
  • What personal data do we process?
    We process the personal data you provided, as well as data collected during the establishment and maintenance of a business relationship, including: Your identification data (if you are a natural person, e.g., a sole proprietor), such as name, surname, personal identification number, and connection to a legal entity (owner, director, employee, etc.). Your contact details, including the name and surname of the contact person, contact address (street, house number, city, postal code, country), phone number, and email address.
  • For what purposes do we process your personal data?
    We process your personal data to fulfill our contractual obligations to you and to take other necessary steps related to the conclusion and performance of contracts. In this case, the legal basis for processing is the performance of a contract. If we have another legitimate interest (e.g., for security purposes). To fulfill our legal obligations.
If You Are Interested in Working for Our Company
  • What personal data do we process?
    We process the personal data you provided, i.e., data collected for the purpose of employment in our company, including information provided in the application form.
  • For what purposes do we process your personal data?
    We process your personal data to take necessary steps for selecting and hiring new employees (e.g., selecting candidates for interviews and organizing interviews). In this case, the legal basis for processing is your application. To consider you for future job opportunities and contact you for employment purposes if you have given consent for us to store your data in our records. In this case, the legal basis for processing is your consent. To fulfill our legal obligations.

WHO HAS ACCESS TO YOUR PERSONAL DATA?

data is our business secret and is protected in accordance with applicable Slovenian laws and best practices. Access to your personal data is granted only to authorised employees in Slovenia. Third parties may access and process your personal data in the following situations:

  • Third-party service providers who provide us with certain services and products (e.g., delivery). In this case, they process only the personal data necessary for the service.
  • Competent authorities for monitoring the legality of business operations. In this case, they process your personal data in accordance with their legal powers.
  • Competent authorities (police, public prosecutor's office, courts, etc.) in the case of legal or equivalent proceedings. In this case, they process your personal data strictly in accordance with their jurisdiction.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Your personal data is processed in Slovenia. If required for technical or legal reasons, we reserve the right to transfer your personal data to EU countries in accordance with EU adequacy decisions or based on appropriate safeguards or derogations under the GDPR.

HOW DO WE PROTECT YOUR PERSONAL DATA?

The protection of your personal data is extremely important to us. Some of the security measures we implement include:

  • Using secure methods for exchanging your personal data to prevent unauthorised access.
  • Using access control methods to protect data sources containing personal data.
  • Continuous monitoring of resources (physical areas where your data is stored) used for processing personal data.

RETENTION PERIOD FOR PERSONAL DATA

For data where a legal retention period is specified, we retain your data for that period and delete it after an additional period of one year. If you are our business partner and no legal retention period applies, we retain your personal data for the duration of the contract. After the contract ends, we delete your data within six years (statute of limitations of five years, extended by one year for deletion).

Personal data of users of our services is retained for the duration of the service. After the service ends, your data is deleted in accordance with separately defined deadlines.

Personal data processed based on our legitimate interest is retained as long as the legitimate interest exists and is deleted within one year of the interest ceasing.

Personal data processed based on your consent is retained as long as we have your consent. If you withdraw your consent, the data is deleted. For CCTV footage, data is retained for 30 days unless the footage is needed as evidence.

YOUR RIGHTS AND HOW TO EXERCISE THEM

You can exercise your rights by sending your request to info@ath.si with the subject line "Request by the Data Subject" or by mail to Dunajska cesta 106, 1000 Ljubljana, Slovenia.

You can exercise your rights free of charge. However, if your requests are excessive or repetitive (e.g., less than six months since your last request), we may charge a reasonable fee for administrative costs.

Contact us to exercise the following rights:

  • Right of Access: You have the right to request confirmation of whether we process your personal data and to access the data we process.
  • Right to Rectification: You have the right to request the correction of inaccurate personal data.
  • Right to Data Portability: You have the right to request the transfer of your personal data.
  • Right to Erasure: You can request the deletion of your personal data if one of the grounds under Article 17 of the GDPR applies.
  • Right to Object: You have the right to object to the processing of your personal data.
  • Right to Withdraw Consent: You can withdraw your consent for further processing at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority—the Information Commissioner of Slovenia.