Privacy Policy
We are aware of the importance of privacy, which is why we strive every day to be able to ensure the safe and appropriate processing of your personal data.
Please read this privacy policy carefully before giving your consent to the processing of personal data.
The owner and operator of the website and application is Arctur d.o.o. (click here for more information about the company and for contact information).
In the company Arctur d.o.o. we respect your privacy and in accordance with the regulations according to:
- Personal Data Protection Act ZVOP-1, (Official Journal of the Republic of Slovenia, No. 94/07),
- Electronic Communications Act ZEKom-1 (Official Journal of the Republic of Slovenia, no. 109/12, 110/13, 40/14 – ZIN-B, 54/14 – dec. US, 81/15 and 40/17) and
- EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation - GDPR)
Both on the website www.4pm.si (hereinafter the website) and in the 4PM web application (hereinafter the application) we carry out all activities for the protection and ethical handling of your personal data, as stated in the remainder of this privacy policy.
Meaning of terms
A website visitor or user is any person who visits the website.
An individual is a natural person whose personal data is processed on the website or in the application. Individuals within the meaning of this policy are:
- subscribers to the application, if they are natural persons;
- contact persons or registered users of the application at clients who are legal entities;
- test users of the application;
- registrants for events;
- natural persons whose data is entered into the application by subscribers or test users of the application
Personal data is any data that relates to a certain natural person, i.e., an individual, depending on the form in which it is expressed. These are data on the basis of which you can be identified (example: Social Security number, tax number, health insurance number, telephone number, vehicle registration number, personal transaction account number, etc.).
Special types of personal data are data about an individual that reveal their racial or ethnic origin, political belief, religious or philosophical belief or trade union membership and the processing of genetic data, biometric data for the purpose of unique identification of an individual, data related to health or data related to with the individual's sexual orientation, sex life, information on convictions..
The company Arctur d.o.o. acts as a personal data operator.
What personal data we process
About website visitors
Company, name, e-mail address and telephone, date and time of receipt of data.
We process data only if the website visitor enters it in the contact form or subscribes to receive e-news.
About subscribers to the application or the subscribers' contact persons
Company, name, e-mail address and telephone number, date of conclusion and termination of the subscription contract, possible communication between Arctur d.o.o. and to the subscriber or the subscriber's contact person, data on possible complaints or requests, data on the use of the application (dates and times of logins and logouts to and from the application), the number of licenses for the use of the application.
About test users of the application
Company, name, e-mail address and phone number, date of start of use and date of termination of use of the application, date of conclusion of the subscription contract (if one exists), possible communication between Arctur d.o.o. and to the client or the client's contact person, information about any complaints or claims.
About registrants for events
Company, name, email address and phone number, events the individual registered for, whether or not they attended the event
About natural persons whose data is entered into the application by subscribers or test users of the application
Arctur d.o.o. as a contractual processor in the application, it stores and enables subscribers and test users of the application to enter, change and delete data. Arctur d.o.o. has no influence on what and which data is entered into the application by subscribers and test users. Given that the application is by its very nature an information system, typical data entered into the application are first and last names and contact information of organizations or their employees.
How and for how long will we store your personal data?
Personal data collected based on your express consent will be stored in an electronic or physical database of personal data.
Collected personal data may be kept in the personal data database until you revoke your consent to the processing of personal data or for as long as is necessary to achieve the purpose for which your personal data is processed or to meet legal requirements.
After fulfilling the processing purpose, we will delete your personal data or blocked access to them.
You can request that we stop using your personal information for direct marketing purposes. In this case, we will appropriately prevent the use of your personal data for direct marketing purposes within 30 days and notify you accordingly.
The specific retention periods for personal data are different depending on the category of individuals to whom they relate, and are listed below.
Website visitors
Communication via the contact form: 5 years from the (last) communication.
Sending emails: until cancelled.
Subscribers to the application or contact persons of the subscribers
5 years from the termination of the subscription relationship.
Test users of the application
1 year from the end of the test period (if no subscription contract was concluded)
Registrants for events
5 years from participation in the event.5 years until the application, if the individual did not participate in the event for which he applied.
Natural persons whose data are entered into the application by subscribers or test users of the application
The storage time is determined by the client and Arctur d.o.o. it has no effect on it.
After termination of use of the application by the client Arctur d.o.o. all data entered into the application by this subscriber is exported and sent to the subscriber, after which it is effectively and permanently deleted from the application. If the client has not settled all obligations to Arctur d.o.o., the data is not exported, Arctur d.o.o. however, the data is effectively and permanently deleted from the application after the subscriber has been repeatedly warned about this.
We will carefully protect all collections of personal data using the latest technical security measures.
Processing and use of your personal data
In accordance with the Regulation, the company can only manage, collect and process your personal data:
- on the basis of your express written or electronic consent, if the collection of your personal data is necessary in order for us to enter into a contract with you
- if the collection of personal data is required by applicable legislation (e.g. regarding the data on the issued invoice).
For what purposes we process personal data
The company manages, collects and processes your personal data for which your express and written consent is required only within the scope of the purposes for which the data was provided to us.
We undertake not to lend or sell your personal data to a third party without prior notification and obtaining your express written consent, and we will not process them in any other way that is incompatible with these purposes.
In the following, we explain the purposes for individual categories of individuals.
Website visitors
Communication with the user who filled out the contact form on the website.
Sending e-mails with the presentation of the offers and services of Arctur d.o.o. to those users who subscribed to receive e-news. You can unsubscribe at any time.
Registration or provision of personal data on the website is voluntary.
Subscribers to the application or contact persons of the subscribers
Conclusion and fulfillment of the subscription contract; creating a user account and enabling the use of the application; communication with the client, including providing support and assistance; invoicing and invoicing services; resolution of objections and complaints; statistical monitoring of the use of the application for the purpose of its improvement and upgrades.
Test users of the application
Creating a user account and enabling the use of the application; communication with the client; statistical monitoring of the use of the application for the purpose of its improvement and upgrades.
Registrants for events
Event organization; communication regarding participation; attendance monitoring; verification of participant satisfaction; sending presentations and other materials related to the event.
Natural persons whose data are entered into the application by subscribers or test users of the application
Implementation of the subscription agreement by providing the possibility for subscribers to process personal data for their own purposes in the application. It also includes access to personal data by Arctur d.o.o., when this is necessary at the explicit request of the client for the provision of help and support services.
Arctur d.o.o. in relation to this personal data, it acts in the role of contractual processor, and the client in the role of controller, which means that the purposes of personal data processing are determined by the client.
Important information regarding the processing of your personal data in the 4PM application
We undertake to process all collected data only within the scope of the listed management purposes or processing of personal data and in accordance with the Personal Data Protection Act and other relevant field legislation as well as in accordance with Regulation (EU) 2016/679 on the protection of individuals in the processing of personal data (GDPR).
ISL remote assistance
We use the ISL Pronto system to implement remote user assistance, which is accessible from 4PM and on the website. When creating a request, the following personal data is collected in ISL Pronto:
- name
- location
- IP address
- transcript of the conversation
Other integrated services on the website
- Youtube
- Google Analytics
- Mailchimp
- Security mechanisms
Login to 4PM
4PM does not store user passwords of users. All passwords must be sufficiently secure. The password must be sufficiently complex: consist of at least 8 characters and contain at least one capital letter and at least one number.
Registration of new users
Insight and access to data can be individually adapted. User group settings allow your administrators to add new users at will. User access is activated by the application administrator, who ensures that new users have an appropriate level of insight into the data.
User management and access control
Administrators have the option of managing users' rights to view and process personal data on three levels:
- application (user groups)
- projects (roles on projects)
- groups of projects (project rights)
Information security and compliance
4PM is a cloud service (Saas) hosted on Arctur's server infrastructure in the EU. Data security is ensured with numerous security mechanisms, access control and technical solutions.
Organizational security
- is provided with premises, equipment and system software,
- prevents unauthorized access to the space where the technical equipment is located,
- provides fire and flood protection for technical equipment,
- ensures the adequacy of the space in which the technical equipment is located,
- regularly inspects the operation of technical equipment
Technical security:
- performing control of physical accesses and accesses to data located on technical equipment,
- locking the rooms where the equipment is located,
- prevention of access to personal data located on the technical equipment by the premises maintainers, customers and other visitors,
- preventing the use of passwords by persons to whom the password was not directly assigned or for a purpose not specified by this contract.
Revocation of consent for the processing of personal data
You have the right to revoke your consent to the processing of personal data at any time for one or all of the purposes for which you have consented to the processing of personal data.
You can send a written statement to cancel your consent to the processing of personal data to our address or to the email address available on our website.
In case of your withdrawal of consent to the processing of personal data, the company will delete all collected personal data and immediately stop processing them.
Your rights in the area of personal data protection
The new regulation brings you many rights in the field of personal data protection, which are:
- the right to delete/forget and correct inaccurate personal data
- the right to supplement inaccurate or incomplete personal data relating to you
- the right to immediate deletion of personal data processed in relation to you
- the right to be informed by the controller in case of correction, addition or deletion of personal data about the correction, addition or deletion
- the right to limit the processing of personal data
- the right to request the restriction of the processing of your personal data in the event of their inaccuracy, illegality, termination of the purpose of processing or filing of an objection
- the right to portability of your data
- the right to forward personal data that it processes in relation to you
- the right to forward the personal data it processes in relation to you to another controller, if you request it
- the right to object
- the right to terminate the use of data for information purposes or direct marketing
- the right to access personal data relating to you
You have the right to receive confirmation from the controller as to whether personal data is being processed in relation to you and access to personal data relating to you and the following information: purpose of processing, type of personal data relating to you, users of your personal data, expected retention period of personal data, source of personal data.
You can request all rights by writing to the controller. You send the request by post to our address or to the email address available on our website.
Personal data breach
In the event of a breach of the protection of your personal data and in the event that it is likely that such a breach of the protection of personal data could cause a significant risk to your rights and freedoms, we will notify you immediately.
In the event of a violation of the protection of personal data, we will notify the competent authority without undue delay, but no later than within 72 hours after becoming aware of the violation of the protection of your personal data.
Right to appealIn the event of a breach of personal data protection, you have the right to file a complaint against the controller with the competent supervisory authority at the address: Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si, .
Contact and exercise of rights in relation to personal data
In case of questions, ambiguities, exercising your rights in the field of personal data, please contact the company's contact person:
ARCTUR d.o.o.
Industrijska cesta 1A
5000 Nova Gorica
e-mail address:
Telephone no.: +386 5 30 29 070
Website: arctur.si
This policy is valid from 01.05.2023.