1. Personal data
Personal data is any information that identifies you as an identified or identifiable individual. An individual is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.
· name and surname;
· phone number;
· information about the user's use of the website (IP address, dates and times of visits to the website, pages or URLs visited, time spent on each page, total time spent on the website, etc.);
· information about which operating system and browser you are using and the browser language;
· other information voluntarily provided by the user to the Lemur Legal when requesting certain services that require this information.
2. Purpose and basis for the processing of personal data
Lemur Legal collects and processes your personal data on the basis of your consent and legitimate interest. Any personal data you provide to us will be treated confidentially and will only be used for the purpose for which it was provided and collected.
We use your personal data for the purposes of providing our services, namely to respond to your enquiries, questions and comments that you send us via the website. For this purpose, we only collect personal data that you voluntarily provide to us. Lemur Legal does not collect or process your personal data except when you allow it to do so or when you consent to it, i.e. when you send us enquiries, questions or comments and when Lemur Legal has a legitimate interest in collecting your personal data. By submitting an enquiry or question on our website, you will be deemed to have consented to us responding to your email address and to us emailing you with information regarding our services. You may unsubscribe from our mailing list by sending an email to firstname.lastname@example.org.
If there is a need to further process your data for another purpose, we will contact you in advance and ask for your prior written consent.
3. Users of personal data
Lemur Legal will not disclose your personal data to unauthorised third parties without your consent.
We may only disclose your data to third parties if this is strictly necessary to ensure that Lemur Legal 's operations comply with the law and other legally binding acts or if we are required to do so by a competent government authority.
4. Retention of personal data
The Lemur Legal shall keep the personal data it processes on the basis of the individual's personal consent or legitimate interest permanently, until the individual withdraws consent or requests that processing be discontinued. Lemur Legal shall delete such data before revocation only where the purpose of the processing of the personal data has already been achieved or where required by law.
After the retention period, the Lemur Legal permanently deletes or anonymises the personal data so that it can no longer be linked to a specific individual.
5. Links to third-party websites
Our website may contain links to third party websites. These websites have their own privacy policies for which Lemur Legalaccepts no responsibility.
6. The rights of the data subject with regard to the processing of data
Under the EU General Data Protection Regulation, you have the following rights as an individual:
Right to withdraw consent: if you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing of the data carried out on the basis of your consent up to the time of withdrawal. Consent may be withdrawn by written declaration sent to the controller at one of the contacts indicated on the website https://www.fintechfactory.eu. Withdrawal of consent to the processing of personal data shall not have any negative consequences or sanctions for the data subject. However, it is possible that the controller may no longer be able to provide one or more of its services to the data subject after the withdrawal of the consent to the processing of personal data, if these are services that cannot be provided without the personal data.
Right of access to personal data: as an individual, you have the right to obtain confirmation from the provider (personal data controller) as to whether personal data relating to you are being processed and, where this is the case, access to personal data and certain information (on the purposes of the processing, on the types of personal data, on the users, on the retention periods, or. the existence of the right to rectification or erasure, the right to restrict and object to processing and the right to lodge a complaint with a supervisory authority, the source of the data if the data were not collected from you, the existence of automated decision-making, including profiling, the reasons for it and the meaning and consequences of such processing for you, and other information in accordance with Article 15 of the EU General Data Protection Regulation.
Right to rectification of personal data: as an individual, you have the right to have inaccurate personal data concerning you rectified by the provider without undue delay. As an individual, you have the right, taking into account the purposes of the processing, to have incomplete data completed, including by submitting a supplementary declaration.
Right to erasure of personal data ("right to be forgotten"): As an individual, you have the right to have personal data relating to you erased by the provider without undue delay and the provider must erase the data without undue delay where one of the following reasons applies:
the data are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw your consent and there is no other legal basis for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
the data has been processed unlawfully;
the data must be erased in order to comply with legal obligations under EU law or the law of the Member State to which the provider is subject;
data collected in connection with the provision of information society services.
However, as an individual, you do not have the right to erasure in certain cases described in Article 17(3) of the EU General Data Protection Regulation.
Right to restriction of processing: as an individual, you have the right to have the provider restrict processing where one of the following applies:
the processing is unlawful and you object to the erasure of the data, but instead request a restriction on its use;
the provider no longer needs the data for the purposes of the processing, but you need the data for the establishment, exercise and defence of legal claims;
you have lodged an objection to the processing, pending verification whether the legitimate grounds of the provider outweigh your grounds.
Right to data portability: as an individual, you have the right to receive the personal data relating to you that you have provided to the provider in a structured, commonly used and machine-readable format, and you have the right to transfer that data to another controller without being hindered by the provider to whom the personal data have been provided, where:
the processing is based on consent or on a contract; and
processing is carried out by automated means.
In exercising that right, you, as an individual, have the right to have your personal data directly transferred from one controller (provider) to another, where technically feasible.
Right to object to processing: As an individual, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (point (e) of Article 6(1) of the EU GDPR) or is necessary for the pursuit of legitimate interests pursued by the provider or by a third party (point (f) of Article 6(1) of the EU GDPR), including profiling on the basis of the said processing. The Provider shall cease processing personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for marketing purposes, the data subject shall have the right to object at any time to the processing of data concerning him or her for such marketing, including profiling insofar as it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the data shall no longer be processed for those purposes.
Where data are processed for scientific or historical research purposes, or for statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right to lodge a complaint with a supervisory authority: without prejudice to any other (administrative or other) legal remedy, you as an individual have the right to lodge a complaint with a supervisory authority, in particular in the country where you are habitually resident, where you work or where the breach is alleged to have taken place (in Slovenia, the Information Commissioner), if you consider that the processing of personal data relating to you infringes data protection rules.
Without prejudice to any other (administrative or extra-judicial) remedy, you have the right as an individual to an effective remedy against a legally binding decision of the supervisory authority concerning your complaint, including if the supervisory authority does not consider your complaint or does not inform you within three months of the status of the case or of the decision on the complaint. The courts of the Member State where the supervisory authority is established have jurisdiction over proceedings against the supervisory authority.
The data subject may address any request concerning the exercise of the rights relating to personal data to the controller in writing, using one of the contact details provided on the website https://www.fintechfactory.eu.
For the purposes of reliable identification in the event of the exercise of rights relating to personal data, the provider may request additional information from the data subject, but may refuse to act only if it demonstrates that it cannot reliably identify the data subject.
The provider must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receipt of the request.
Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or legal remedy, you have the right, as a data subject, to lodge a complaint with a supervisory authority, in particular in the Member State where you are habitually resident, where you work or where the breach is alleged to have occurred if you consider that the processing of personal data concerning you infringes the EU General Data Protection Regulation. The supervisory authority with which the complaint is lodged will inform you, as the complainant, of the status of the case and the decision on the complaint, including the possibility of a remedy under Article 78 of the EU GDPR. As a data subject, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, telephone: 01 230 97 30, e-mail: email@example.com.
Lemur Legal, d.o.o.
Ljubljana, May 2023