Privacy policy
Personal data protection - GDPR
BDO Consulting d.o.o., BDO Revizija d.o.o. and BDO Business Solutions d.o.o. (hereinafter referred to as the "Companies") strictly comply with the General Data Protection Regulation (EU679/2016, hereinafter referred to as the "GDPR") and the Personal Data Protection Act ZVOP-2 (hereinafter referred to as the "PDPA-2") in the provision of our services and in our relations with you. We provide some basic information in this respect below.
The General Regulation and ZVOP-2 regulate the obligations of controllers and processors and the rights of individuals in the area of personal data of individuals.
Personal data is any data or information from which an individual can be uniquely identified (examples include: name, address, residential address, telephone number, e-mail address, VAT number, tax identification number, health insurance number, vehicle registration number, education, employment, function, position or status within a particular entity, etc.).
Sensitive personal data are personal data revealing racial or ethnic origin, political opinions and beliefs, religious or philosophical beliefs, membership of associations, genetic features, biometric features which are processed solely for the purposes of personal identification, health, sex life or sexual orientation of an individual.
We will not ask you for sensitive personal data as we do not process it!
Processing of personal data means the activities of collecting, storing, processing and disclosing personal data of individuals.
When is it lawful to process an individual's personal data if they have interacted or been contacted by the Companies? When at least one of the following conditions is met:
- the data subject has consented to the processing of his or her personal data for one or more specified purposes;
- the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of an action at the request of such data subject prior to the conclusion of the contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject,
- processing is necessary to protect the vital interests of the owner of the personal data or of another person;
- processing is necessary for the performance of a task carried out in the public interest;
- processing is necessary for the legitimate interests pursued by the controller or by a third party, provided that those interests are not overridden by the interests of the owner of the personal data.
Principles followed by the Companies when processing your personal data:
- Legality, fairness and transparency,
- purpose limitation,
- minimum scope,
- accuracy,
- limitation of retention,
- integrity and confidentiality.
The rights guaranteed to the individual by the General Regulation and the GDPR-2, which are strictly respected by the Companies:
- Access to personal data,
- rectification of personal data,
- Forgetting or ''right to erasure'',
- restriction of processing,
- right to object,
- the right to data portability.
The Companies have adopted, and in our day-to-day work we endeavour to comply strictly with, all technical and organisational measures to ensure compliance with the requirements of the General Regulation, the GDPR, the GDPR-2, the Standards of Professional Conduct, the Information Security Standards and good practice in the field of information security.
This is based in particular on regular awareness-raising and training of our employees, who are also committed to strict compliance with all legal provisions and the provisions of internal acts in the field of personal data protection.
We have also appointed a Data Protection Officer (DPO) in the Companies. If you have any questions and would like further clarification, you can contact him/her via GDPR@bdo.si.
You may also address any requests relating to the exercise of the rights of the individual guaranteed by the GDPR and the GDPR-2 to the Data Protection Officer by sending an e-mail to GDPR@bdo.si.