The purpose of this privacy policy is to inform individuals, service users, employees and other persons (hereinafter: the individual) who cooperate with the Institute for Development and Innovation Ljubljana Ltd., Čufarjeva ulica 5, 1000 Ljubljana, Slovenia (hereinafter: the company) on the purposes and legal bases, security measures and rights of individuals regarding the processing of personal data carried out by our company.

The website, through which it is presented to the public, is owned by the Institute for Development and Innovation Ljubljana Ltd.

The privacy policy contains information for individuals on how our company, as a data controller, processes the personal data received from the individual in accordance with applicable personal data protection legislation.


Individuals to whom personal data relate may contact us on any matter relating to the processing of their personal data and their rights under the General Regulation:

Institute for Development and Innovation Ljubljana Ltd.
Čufarjeva ulica 5, 1000 Ljubljana, Slovenia


The company collects and processes your personal data on the following legal bases:

  • processing is necessary to fulfil the legal obligation applicable to the controller;
  • processing is necessary for the execution of a contract to which the individual is a party, or for the implementation of measures at the request of the individual before the conclusion of the contract;
  • the processing is necessary for legitimate interests pursued by the controller or a third party;
  • the individual has consented to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary to protect the vital interests of the individual or other natural persons.


Based on the provisions of the law, the company primarily processes data of its employees, which is enabled by labour law. Thus, on the basis of a legal obligation for employment purposes, the company mainly processes the following personal data: name and surname, gender, date of birth, identity number, tax number, place, municipality and country of birth, citizenship, residence, etc.


In the event that you as an individual enter into a contract with the company, this represents the legal basis for the processing of personal data. We may process your personal data in order to conclude and perform the contract. If the individual does not provide personal data, the company cannot enter into a contract, nor can the company provide you with services or deliver goods in accordance with the contract, as it does not have the necessary data to perform.


The company may also process personal data on the basis of the legitimate interest it pursues. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the individual, which require the protection of personal data. In the case of a legitimate interest, the company always makes an assessment in accordance with the General Regulation.


The company asks the individual for consent. Thus, it may also process certain personal data of the individual for the following purposes when the individual gives his or her consent:

  • residence address and e-mail address for information and communication purposes,
  • tax number or identity number for the purposes of possible enforcement in case of non-fulfilment of obligations (e.g., non-payment of invoice),
  • photographs, videos and other content related to the individual (e.g., publishing pictures of individuals on the company’s website) for the purpose of documenting activities and informing the public about the work and events of the company;
  • other purposes for which the individual consents.

If an individual gives consent for the processing of personal data and at some point, no longer wishes to do so, he may request the termination of the processing of personal data by e-mail to or by regular mail to the company’s address.


The Company will only retain personal data for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the company processes the data on the basis of the law, it will keep them for the period prescribed by law. In doing so, some data is kept for the duration of the cooperation with the company, and some data must be kept permanently.

Personal data processed by the company on the basis of a contractual relationship with an individual are kept by the company for the period necessary to perform the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the company. In such case, the company keeps the data for 10 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful resolution of the dispute.

Those personal data that the company processes on the basis of the personal consent of the individual or a legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for deletion, the data shall be deleted within 15 days at the latest.

The company may also delete this data before revocation, when the purpose of processing personal data has been achieved or if so, provided by law.

After the retention period, the company must delete or anonymize personal data efficiently and permanently so that it can no longer be linked to a specific individual.


For individual processing of personal data on the basis of a contractual processing contract, the company may entrust it to a contractual processor. Contractual processors may process confidential data only on behalf of the controller, within the limits of his authority, which is written in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.

The contractual processors with which the company cooperates are mainly:

  • providers of legal and business advice;
  • infrastructure maintainers (video surveillance, security, cleaning services);
  • information system maintainers;
  • e-mail service providers and cloud service software providers (e.g., Telekom, Microsoft, Google);
  • providers of social networks and online advertising (Google, Facebook, Instagram, etc.).

Under no circumstances will the company pass on the personal data of an individual to unauthorized third parties.

Contractual processors may process personal data only in accordance with the company’s instructions and may not use personal data for any other purpose.


The company’s website works with the help of cookies. A cookie is a file that stores the settings of websites. Websites store cookies on users’ devices that access the internet in order to identify individual devices and settings that users used to access them. Cookies allow web pages to identify if a user has already visited this website, and with advanced applications, they can be used to adjust individual settings accordingly. Their storage is under the complete control of the browser used by the individual – the latter can restrict or disable the storage of cookies.


Cookie name Duration Function Advanced
_fbp 1 month It is used by Facebook to deliver a range of advertising products, such as real-time offers from third-party advertisers.
_ga 2 years Registers a unique ID that is used to generate statistics about how a visitor uses the site.
_gat 24 hours Used to regulate the speed of the request.
_gid 24 hours Registers a unique ID that is used to generate statistics about how a visitor uses the site.
_cookie_notice_accepted 1 year Recorded agreement with cookies
PHPSESSID 1 year PHP session throughout the website
woocommerce_cart_hash 1 year Used to maintain the current shopping cart
woocommerce_items_in_cart 1 year Record the number of items in the cart
wordpress_logged_in_* 72 hours Used to record applications with WordPress * indicates any user identifier
wp_woocommerce_session 72 hours A session that accompanies shopping on the website
wp_settings-* 1 year Used to maintain the wp-admin user configuration. * indicates any user identifier
wp_settings-time-* 1 year Time setting WordPress settings for the user * indicates any user identifier
wordpres_test_cookie session Check if a cookie can be set
woocommerce_recently_viewed cookie 1 year Recently viewed products


The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected by, among other things, antivirus programs and a firewall. We have put in place appropriate organizational and technical security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In case of providing special types of personal data, we keep them in encrypted form and password protected.


According to the General Regulation, an individual has the following rights from the protection of personal data:

  • He may request information on whether we have his personal data and, if so, what data we have, on what basis we have it and why we use it.
  • He may request access to his personal data, which allows him to receive a copy of the personal data held by the company and to verify that the company processes them legally.
  • He may request corrections to personal data, such as the correction of incomplete or inaccurate personal data.
  • He may request the deletion of his personal data when there is no reason for further processing or when he uses his right to object to further processing.
  • He may object to the further processing of personal data where the company invokes a legitimate business interest (even in the case of a legitimate interest of a third party) when there are reasons related to the individual’s special situation; the individual has the right to object at any time if the company processes personal data for the purposes of direct marketing.
  • He may request a restriction on the processing of personal data, which means the cessation of the processing of personal data, for example if the individual wants the company to establish accuracy or to verify the reasons for further processing of personal data.
  • He may request the transfer of his personal data in a structured electronic form to another controller, as far as possible and practicable.
  • He may revoke the consent he has given for the collection, processing and transfer of his personal data for a specific purpose; upon receipt of notice that he has withdrawn his consent, the company will cease to process personal data for the purposes it originally accepted, unless the company has another legitimate legal basis for doing so lawfully.

If an individual wishes to exercise any of the aforementioned rights, he can send a request by e-mail to or by regular mail to the company’s address. Access to the individual’s personal data and asserted rights is free of charge for the individual. However, the company may charge a reasonable fee if the individual’s request is manifestly unfounded or excessive, especially if repeated. In such a case, the company may also reject the request.

In the case of exercising the rights under this title, the company may need to request certain information from you to help confirm the identity of the individual, which is only a security measure to ensure that personal data is not disclosed to unauthorized persons.

If the individual has any questions regarding the processing of their personal data, he can always contact our company by e-mail at or by regular mail to the company’s address.