Gender Equality Plan
Privacy policy
ReCatalyst d.o.o. (“ReCatalyst,” “we” “us” or “Company;” for contact details see the end of this privacy policy) considers protecting and respecting your privacy and safeguarding your personal data as critically important aspects of its business.
All personal data provided is treated confidentially and is used only for the purpose for which it was provided. Your personal data is handled with the utmost care, taking into account applicable law and the highest standards of treatment. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to safeguard the collected data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data that has been transmitted, stored or otherwise processed.
This policy details and regulates how we collect, store, process, transfer, share and use your personal data, for example when you visit our website for informational purposes, when you contact us via our website (https://recatalyst.si/) and e-mail or when you enter into contractual negotiations with us. You will also find information on the protective measures we have taken concerning your personal data, transferring of your personal data, information on your rights, and our contact details.
If you have any questions about our privacy policy or how we use your personal information, please contact us via e-mail at info@recatalyst.si.
Who is Responsible for Processing Your Data
We are the data controller with regard to the personal data processed when you visit, use our website, contact us or purchase our services or products. This means that we determine and are responsible for how your personal data is processed. Our full contact details can be found at the end of this privacy policy.
Our website may contain links to other websites. Please be aware that once you leave our site and navigate to a third-party website, their privacy policy will apply to any information you provide or is collected through that site. We encourage you to review the privacy policy of any site you visit to understand their data practices.
Types of Data Processed and the Purpose for Processing
To achieve the purposes set out in this privacy policy, we process some or all of the following personal data. The exact composition of the personal data processed varies in each case, but we always follow the principle of processing as little personal data as necessary to achieve the purpose:
- Personal data disclosed to us during communication with clients and potential clients (including the names, email addresses, phone numbers, and postal addresses of individuals and individuals related to legal entities, such as representatives, contact persons, certain employees, etc.) are primarily processed for the purpose of establishing and maintaining client relationships. We have a legitimate interest in responding to inquiries, ensuring client satisfaction, and offering our services or products. Additionally, we process such data for fulfilling our contractual obligations and protecting our rights.
- For the above purposes, we may process your personal data if you have disclosed it to us via the contact form on our website or through email communication. For example, if you have asked us for information about a specific product/service or a quote, we process your data to send you the requested information, offer, etc., and to prepare, conclude, and fulfill the contract during contractual negotiations, and to protect our rights if necessary.
- In contracts, we process the names, personal identification numbers, email addresses, phone numbers, bank account numbers, and, if necessary, financial and other information needed for preparing, concluding, and fulfilling (and also protecting rights under) the contract, related to individuals and individuals associated with legal entities with whom we have business relationships (e.g., representatives, contact persons, certain employees, etc.). Until the contract is concluded, we process this information for the purpose of concluding the contract (establishing a client relationship) and protecting rights. From the conclusion of the contract, we process the data for fulfilling the contract and protecting our rights. We process personal data for as long as necessary for these purposes.
- In case you have subscribed to our marketing communications, we will process your personal data based on your consent which you may at all times withdraw by an unsubscribe link provided in the marketing communication.
Withdrawal or modification of consent applies only to data processed on the basis of your consent. The last consent we received from you is valid. The possibility to withdraw consent does not constitute a right of withdrawal in the individual’s business relationship with the company.
We may also process your personal data to fulfill obligations set out in legal acts, such as ensuring the protection of personal data, retaining personal data for any period necessary to comply with legal obligations (e.g., for accounting purposes), and fulfilling other obligations arising from applicable legal acts.
- When you visit our website, we may process personal data that we gather ourselves (or by using third-party services) regarding how, when and for what periods you access and use our website, and information about the device you use to access our website. For further information, please see our cookie policy.
We always ask for your prior explicit consent to process personal data if we use it for purposes not listed in the privacy policy. You can withdraw such consent at any time.
In addition to ensuring the processing of personal data in accordance with applicable laws as a data controller, we keep all data that becomes known to us through the use of the website or in the course of contractual relationships confidential (subject to any applicable exceptions) and secure.
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in the event of suspected abuse, the company may process data about individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, also share such data with other providers of such services, business partners, the police, public prosecutors or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in relation to an individual, which may include data on the subscription relationship and, for example, the IP address, may be retained for five years after the termination of the business relationship.
Data Retention
The retention period is determined according to the category of the individual data. We retain data for no longer than is necessary to achieve the purpose for which they were collected or further processed or until the expiry of the limitation periods for compliance with the obligation or the statutory retention period.
Billing data and related contact data of individuals may be retained for the purpose of fulfilling contractual obligations until payment for the service has been made in full, or at the latest until the expiry of the statute of limitations in respect of the individual claim, which may by law range from one to five years. Invoices shall be kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other data obtained on the basis of your consent is retained for the duration of the business relationship and for 2 years after termination, unless a longer retention period is provided for by law. If the individual who has given consent to the processing of personal data has not entered into a business relationship with us, their consent is valid for 2 years from the date on which it was given or until it is withdrawn.
We may be required to store customer data for longer periods when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.
After the expiry of the retention period, the data will be deleted, destroyed, blocked or anonymised, unless otherwise provided by law for a specific type of data.
Storing and Transferring Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All data we collect will be stored on the secure servers of our reputable cloud service providers.
If you wish to enquire further about the safeguards we use, please contact us using the details set out at the end of this privacy policy.
Any transfers of personal data outside the EU/EEA shall be done under a lawful basis, including to a recipient which is in a country which provides an adequate level of protection for personal data; or under appropriate safeguards which cover the EU/EEA requirements for the transfer of personal data outside the EU/EEA.
Recipients
Where necessary, your personal data may be shared with third party service providers that perform services for us or on our behalf. In such case, we may also provide personal data to such carefully selected external processors (e.g. IT service provider, accounting office, CRM system provider, etc.) who will enter into a personal data processing agreement or a substantially identical agreement or other binding document with us (“Processing Agreement”). We will only provide or make available to the external processors such data to the extent required by the specific purpose. Such data may not be used by the external processor for any other purpose, subject at a minimum to compliance with all standards of processing of personal data provided for by applicable law. External processors are contractually bound to respect the confidentiality of your personal data.
Your personal data may also be shared with external recipients if we are legally obliged to do so. This may include court orders and judgements, and data protection supervisory authority requests. In honouring such orders, judgements, and requests, we shall make sure that a lawful basis exists under which we share the information.
We may share your personal data in connection with legitimate exercise or protection of our or our customers’ rights, or in investigating contract breaches or illegal activity. In such cases the recipients of your personal data may be professional advisors or law enforcement agencies.
Your personal data may be disclosed to third parties if we are involved in a merger, sale of all or part of our assets or shares, reorganisation, or financing.
Your Rights
We ensure that your rights in relation to the processing of your personal data are exercised without undue delay. We will decide on your request within one month of receiving your request. In case of complexity and a large number of requests, we may extend the time limit by up to two additional months. If we extend the deadline, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
Requests concerning the exercise of your rights are accepted by email to info@recatalyst.si or by mail at ReCatalyst d.o.o., Hajdrihova 19, 1000 Ljubljana, Slovenia.
Where you make a request by electronic means, we will, where possible, provide you with the information by electronic means, unless you request otherwise.
Where there is reasonable doubt as to the identity of the individual making a request in relation to any of their rights, we may require the provision of additional information necessary to confirm the identity of the data subject.
If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, the company may:
– charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action; or
– refuse to act on the request.
In accordance with and subject to exceptions prescribed by applicable law, you as a data subject have the following rights against us to the extent we act as a data controller:
- Right of access (the “subject access request”). This will provide you information on your personal data processed by us (including a copy thereof, if requested), including the lawful bases and purposes thereto.
- Data portability right. You can request a copy of your personal data in a structured, commonly used and machine-readable format or to transfer this data to another party.
- Rectification right. You may request for us to correct your personal data held by us if it is inaccurate or incomplete.
Right to restrict processing. You may request for us to restrict processing of your personal data if you have contested the accuracy of the personal data, if the data processing is unlawful, if there is no purpose for the controller to process the data but you need the data for making a legal claim, or if you have objected to processing. - Right to object. Under bases provide by applicable legal acts, you may object to the processing of your personal data by us. In such case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
- Erasure right. Unless prohibited by statutory provisions or overridden by our legitimate interests, you may demand the deletion of your personal data held by us.
- Right to withdraw consent. If we process your data based on consent, you may revoke it at any time, following which we will no longer process your data based on such consent. This does not affect the lawfulness of prior processing activities based on consent.
- You have the right to lodge a complaint.
Any complaint regarding the processing of your personal data can be sent to the e-mail address info@recatalyst.si or by post to ReCatalyst d.o.o., Hajdrihova 19, 1000 Ljubljana, Slovenia.
If we do not decide on your request within the statutory time limit or if we refuse your request, you have the possibility to lodge a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU data protection legislation.
If you have exercised your right of access to data and, after receiving a decision, you consider that the personal data you have received is not the personal data you requested or that you have not received all the personal data requested, you may lodge a reasoned complaint with the company within 15 days before lodging a complaint with the Information Commissioner. We must decide on your complaint as a new request within five working days.
Definitions
Privacy Policy. Details and regulates how we collect, store, process, transfer, share and use your personal data when you enter in communication with us.
Data Subject – Any identified or identifiable natural person whose personal data is processed by the Company, such as clients, potential clients, website visitors, or business contacts.
Data Controller. Entity determining and responsible for how your personal data is processed.
Personal Data. Any information relating to an identified or identifiable natural person.
External Processor – A natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller under a written agreement, ensuring appropriate technical and organizational measures are in place to protect the data.
Processing – Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.
Retention period. Period determining the storage and format of personal data at the data controller.
Amendments to the Privacy Policy
This privacy policy may be amended by us from time to time. We suggest for you to periodically review this page. In amending the privacy policy, the “last modified” date at the top of this privacy policy shall be updated. The privacy policy currently published on our website is regarded as valid and effective.
Anything not covered by this Privacy Policy shall be governed by applicable law.
Contacting Us
Please contact us if you have any questions, comments, or requests regarding this privacy policy. Our contacts are as follows:
ReCatalyst
Registration number: 8815020000
Registered address: Hajdrihova 19, 1000 Ljubljana, Slovenia
E-mail address: info@recatalyst.si
Our supervisory authority is the Information Commissioner (https://www.ip-rs.si/)
This Privacy Policy is published on the website www.recatalyst.si and will enter into force on 1. September 2025.
Cookie policy
You always have the option to accept or reject cookies. Most web browsers automatically accept cookies, and you can change this in your settings so that your computer refuses cookies or so that you receive a warning before a cookie is stored.
Cookies – Small text files that are placed on a user’s device when visiting a website, used to collect standard Internet log information and visitor behavior information.
Click on the name of your browser for information about cookie settings:
Use of cookies on our website
Our website uses cookies for our own purposes only to distinguish between and count the number of visitors so that we can improve the performance of the site. For this purpose, we use the most widely used Google Analytics tool.
Our website also uses cookies to provide you with a better user experience by remembering your login or registration on the website, the information you enter in online forms and your consent to the use of cookies.
We will not pass on the information collected through cookies to third parties.
Mandatory cookies
These cookies are necessary to navigate the website and use its features, such as accessing secure areas of the website. Without these cookies, it is not possible to provide the services you have requested, such as a prize draw form, etc.