Privacy policy for the implementation of data collection projects

Last amendment:26-09-2023

The Privacy Policy lays down the method in which company Valicon, trženjsko svetovanje in raziskave d.o.o., Kopitarjeva ulica 2, 1000 Ljubljana (hereinafter “Valicon”) collects, stores and uses the personal data acquired within the scope of the research studies conducted as part of its activities, other than the research conducted within the scope of the Jazvem web panel, for which other rules have been adopted. The effective date of this Privacy Policy is 26 September 2023.

You are kindly asked to read the Privacy Policy carefully.

  1. About us

The personal data controller is the company Valicon, trženjsko svetovanje in raziskave d.o.o., Kopitarjeva ulica 2, 1000 Ljubljana.

If you have any questions, you can e-mail us at: [email protected] or calling us at +386 1 420 49 08.

  1. Obtaining Personal Data

Your personal data is obtained within the scope of different data collection projects (e.g., within the scope of field, telephone, qualitative, online and other research studies). Your personal data can be collected and processed on the basis (i) of your written or electronic consent (Article 6.1 item (a) of the General Data Protection Regulation) or (ii) in the event of field and telephone surveys, based on the implementation of a contract, namely your voluntary consent to taking part in the survey (Article 6.1 item (b) of the General Data Protection Regulation). However, for the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unique identification of an individual, data concerning health, or data concerning an individual’s sex life or sexual orientation (special categories of personal data), the processing will always be carried out with the consent of the individual (Article 6.1 point (a) of the General Data Protection Regulation).

  1. What Types of Personal Data are Collected or Obtained About You

Depending on the methodology and other requirements for a specific project, the following personal data is collected:

  1. Contact information (e.g., name and surname, contact telephone number, e-mail address, etc.);
  2. Survey data obtained as responses to surveys, including specific types of personal data;
  3. The data required for keeping records of the payment of prizes to research participants;
  4. Audio, video and other electronic records for the purposes of qualitative research;
  5. Web browser properties and web identifier

4. How Your Personal Data is Used (Purposes of Processing)

Your personal data may be used for one or more of the following purposes:

  1. In relation to your participation in data collection projects for our clients or for use in our own research;
  2. For the purpose of establishing contact in relation to the execution and coordination of a particular research study, for keeping a record of research participants and for the purposes of verifying interviewers. The latter is required for proper implementation of a research study to which you agreed by giving consent;
  3. For the purpose of maintaining records of the disbursement of prizesto research participants;
  4. For the purpose of protecting Company operations and business interests, including prevention of fraud and data manipulation. That is why your online identifier and browser characteristics are collected. This is necessary to safeguard our legitimate interests in preventing fraud and protecting our business.
  5. For the purpose of communicating with the Valicon’s business consultants and legal representatives. This is necessary for our legitimate interests in obtaining legal or professional business advice, and we will only disclose your personal data if required, to the minimum extent necessary, and anonymized whenever possible.
  6. For the purpose of sharing personal data with third parties affiliated with Valicon in connection with the implementation of data collection projects, such as our clients, affiliated companies, independent contractors, e-mail providers, and providers of various information and communication technology services. For example, personal data may be disclosed to sub-processors for data processing services or for sending requested information or conducting interviews for market research projects. We have entered into legally required data processing agreements with such contractual data processors, committing them to the same standard of personal data protection as if Valicon were performing these specific data processing activities itself. These contractual processors process data solely for the purpose of providing contractually defined services for Valicon and for no other purpose, nor may they use them for their own purposes or the purposes of third parties. Such data is shared or made accessible only to the extent required for a specific purpose. When sharing your personal data, this will be consistently based on the necessity of disclosure, subject to relevant confidentiality limitations, on an anonymized basis whenever possible, and only to the extent necessary for any of these purposes.
  7. For the purpose of enforcing our legal rights and complying with laws, regulations, and other legal requirements. This is necessary for our legitimate interest in protecting our business and enforcing our contractual and other legal rights. To ensure physical, network, and information security and integrity. This is necessary for our legitimate interest in ensuring a secure and uncompromised IT system and network, including backup and archiving, preventing malware, viruses, errors, or other harmful code, preventing unauthorized access to our systems, and preventing any form of attacks or damage to our IT systems and networks. Your personal data may be used and processed to comply with legal obligations that we are required to adhere to. Your personal data may also be required to fulfil applicable legal obligations, such as tax laws and other regulations that bind us.
  8. For statistical and research purposes. The data will be anonymized and used for legitimate interests in processing personal data for research purposes.

When your personal data is processed based on your consent (Article 6.1 item (a) of the General Data Protection Regulation), you can withdraw your consent at any time by sending us an email to: [email protected]. This email address is protected against spam bots. To view it, please enable JavaScript. The effective date of such withdrawal is 30 business days from the day we receive your request.

  1. Processing of Children’s Personal Data

We will not collect or process data of children under the age of 15 without obtaining parental consent in accordance with applicable law. If it is discovered that data about a child was collected unintentionally, such information will be promptly deleted.

  1. Processing of Sensitive Data

In some cases, and for purposes specified in the consent to participate in a particular data collection project in which you are involved as a participant, we may process special categories of your personal data (“sensitive data”). Your sensitive data can only be processed if you have voluntarily, explicitly, and separately provided consent in a specific context for a specific purpose.

  1. Personal Data Storage and Processing Period

Valicon stores your personal data on its own servers. Your personal data is stored until 90 days after the completion of the data collection project. After this date, all personal data is anonymized.

If you would like more information about where and how long your personal data is stored, and for more details on your right to erasure and data portability, please contact us at [email protected].

  1. Personal Data Storage and Processing Period

We have implemented appropriate technical and organizational measures to secure your personal data and protect them from unauthorized or unlawful use, processing, accidental loss, or destruction, including:

– Principle of data minimization and pseudonymization whenever possible;

– Training our employees on the importance of confidentiality and preserving the privacy and security of your data;

– Commitment to taking appropriate disciplinary measures to enforce employee accountability for privacy;

– Continuous and comprehensive updates and testing of our security technology;

– Careful and responsible selection of our sub-processors;

– Using secure servers for storing your personal data;

– Appointing a Data Protection Officer;

– Requesting proof of identity from anyone requesting access to personal data.”

  1. Web Plug-ins and Other Online Technologies
    a) YouTube

“Our website uses plugins from YouTube, which is operated by Google. The website operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube’s servers is established. This informs YouTube about the pages you have visited on our website.

If you are logged into your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube helps us make our website appealing. This is a legitimate interest within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR).

For more information on how YouTube handles user data, please see YouTube’s privacy policy: https://www.youtube.com/static?template=privacy_guidelines”

Additional information on user data handling is available in the YouTube Data Protection Statement

https://www.youtube.com/static?template=privacy_guidelines

        b) Google Maps

“Our website uses the mapping service Google Maps via API. It is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To use Google Maps, your IP address must be stored. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and facilitating the location of places specified by you on the website. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information on how Google handles user data, please see Google’s privacy policy: https://policies.google.com/privacy?hl=en.

  1. How cookies and Similar Technologies are Used

A cookie is a small amount of data that a website installs on your computer and retrieves each time you access another document on the same website. Cookies are primarily used to identify each user or distinguish them from the multitude of other users simultaneously using the same website. It is a computerized means of recognizing identity.

Some cookies are deleted as soon as you close your browser. These cookies are called session or temporary cookies, as they only last for the duration of a single session and are no longer stored after the session ends. Such cookies typically only contain an identification code that can be recognized only by the website that placed the cookies.

Other cookies have a specific lifespan or expiration time and are used to determine whether you have already logged into a particular website or to store information about certain settings, such as language preferences.

Each website can only access the cookies it has stored; it cannot access data from other websites.

You can reject some or all of the cookies we use by changing your browser settings, but this may reduce your ability to use our websites or some/all of their functions. For additional information about cookies, including how to change your browser settings, visit www.allaboutcookies.org.

           a) The online survey system (surveys.valicon.net) uses cookies for proper and secure operation, as well as to enhance the user experience. The lifespan of individual cookies is limited to the duration of the survey or session and the expected time to complete the survey (usually defaulting to 5 minutes).The cookies for each survey are named WSS__HEADERS__AI__XXX and WSS__SESSION__ID __XXX, where XXX represents the identification of the survey to which the cookies relate.

         b) Google reCAPTCHA To ensure an adequate level of data security during data entries on our website, in certain cases, we use the Google reCAPTCHA service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter: reCAPTCHA).This is primarily used to distinguish whether the input on our website (e.g., via a contact form) is made by a human or if there has been abuse through automated or automatic input. The service includes the transmission of IP addresses and all other data that Google needs for the reCAPTCHA service (e.g., information about which pages you viewed, when you viewed them, and what you clicked on).

The analysis carried out by reCAPTCHA takes place entirely in the background. Visitors to our websites are not alerted to the fact that this analysis is taking place.

More information about reCAPTCHA and Google’s privacy policy can be found on the following websites: https://www.google.com/recaptcha/intro/v3beta.html and https://policies.google.com/privacy?hl=en.

The processing of data by reCAPTCHA is carried out based on Article 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in protecting our online offering from malicious automated input and unwanted electronic mail (SPAM).

  1. International Transfers of Personal Data

If your personal data is transferred outside the European Economic Area, it will be done after a careful review of appropriate legal bases and protective measures, such as:

– Data protection policies known as ‘Binding Corporate Rules’ or ‘BCRs’;

– Standard Contractual Clauses adopted by the European Commission;

– Codes of conduct or codes of conduct prepared by an association or other body approved by the Information Commissioner;

– Approved certification mechanisms.

  1. The Rights of a Data Subject

If personal data is processed by Valicon d.o.o. based on consent, the individual can revoke their consent for the processing of personal data at any time, either temporarily or permanently. Additionally, the individual has the right to object to the processing of personal data concerning them for the purpose of direct marketing or they can also request access, completion, correction, restriction of processing, data portability, or deletion of personal data, or file an objection against the processing of personal data related to them. This can be done by submitting a written request to Valicon d.o.o., Kopitarjeva ulica 2, Ljubljana, or by sending an email to [email protected].  Your revocation is valid going forward and does not affect the processing of personal data that occurred prior to your revocation.

If you object to the processing of personal data based on our legitimate interests, your personal data will no longer be processed, unless compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims, in accordance with the General Data Protection Regulation can be demonstrated.

Furthermore, we would like to inform you that if you believe that regulations governing the protection of personal data have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana.

For additional information about your rights regarding your personal data, including specific limitations that apply to some of these rights, refer to Articles 12 to 23 of the General Data Protection Regulation (GDPR), available here: http://ec.europa.eu/pravosodje/varstvopodatkov/reform/files/regulation_oj_en.pdf.

13. Amendments to the Company’s Privacy Policy

The Privacy Policy may be updated occasionally. Any changes to this privacy policy will take effect on the day of publication on the website www.valicon.net.

14. Data protection officer

Vesna Stanković, LL.B., is the Data Protection Officer and can be contacted at [email protected].