Personal Data Controller
NEBULA računalniške storitve in finančno svetovanje, d.o.o.
Staretova ulica 13A
1000 Ljubljana
Slovenia
Registration number: 1754742000
VAT number: SI50503375
Website: www.nebula.si
Data protection contact:
zascita.podatkov@nebula.si
Last updated: 16 October 2023
1. Introduction
NEBULA d.o.o. respects the privacy of visitors to the website
www.nebula.si,
users of NEBULA d.o.o. mobile applications published in Google Play and Apple App Store,
its business partners, users of services and other individuals with whom it cooperates.
This Privacy Policy explains which personal data we may collect through the website,
mobile applications, email, contact forms and other communication channels, for which purposes
we process such data, on which legal basis, how long we retain it, to whom we may disclose it,
and what rights individuals have in relation to the processing of personal data.
We process personal data in accordance with applicable data protection legislation, in particular
the EU General Data Protection Regulation, the Slovenian Personal Data Protection Act and the
internal rules of NEBULA d.o.o.
This Privacy Policy applies to:
- the website www.nebula.si,
- subpages and web forms of NEBULA d.o.o.,
- mobile applications of NEBULA d.o.o. published in Google Play and Apple App Store,
- communication with users, business partners and other individuals,
- other digital services where this Privacy Policy applies or is expressly referenced.
2. Which personal data we process
When you visit the website, use mobile applications or communicate with us, we may process
the following types of personal data.
2.1 Data you provide yourself
This primarily includes data that you enter into a contact form, send by email, enter into
a mobile application or otherwise voluntarily provide to us, for example:
- first and last name,
- company or organisation name,
- email address,
- telephone number,
- username or user identifier, where this is necessary for the use of an application or service,
- content of a message, enquiry, application or request,
- data required for the use of an individual application or service,
- other data that you include in your communication with us.
2.2 Technical data when visiting the website
When visiting the website, certain technical data may be processed automatically, as this is
necessary for the operation, security and maintenance of the website, for example:
- IP address of the device,
- date and time of access,
- visited pages or URLs,
- browser and device type,
- operating system,
- data about errors or security events,
- data about website usage where this is enabled through cookies or similar technologies.
2.3 Data when using mobile applications
When using mobile applications of NEBULA d.o.o., depending on the functionality of the individual
application, the following data may be processed:
- user identifier or user account identifier,
- login and authentication data, where the application requires login,
- device data, such as device type, operating system, application version and language settings,
- technical logs of application operation,
- data about errors, crashes and application diagnostics,
- data about the use of individual application functionalities,
- data entered into the application by the user,
- data necessary for providing a contractually agreed service,
- data related to notifications or push messages, if enabled by the user,
- location data only if it is necessary for the operation of a specific application and enabled by the user in the device settings.
The scope of data depends on the purpose and functionality of the individual application.
If a particular application uses additional types of data or special functionalities, this may be
further explained within the application itself, in Google Play or Apple App Store, or in a separate
privacy notice.
2.4 Data provided by Google Play and Apple App Store platforms
When installing, updating or using mobile applications, certain data may also be processed by
the operators of the Google Play and Apple App Store platforms. Such data is processed in accordance
with their privacy policies and terms of use.
NEBULA d.o.o. generally does not have direct access to all personal data independently processed
by Google or Apple within their services. Where the platforms provide us with aggregated or
diagnostic data about the operation of an application, we use such data to improve stability,
security and user experience.
2.5 Cookies and similar technologies
The website may use cookies and similar technologies to ensure the operation of the website,
improve user experience, analyse visits and for other purposes where enabled.
Mobile applications may use similar technologies, such as local storage, device identifiers,
diagnostic logs or analytics tools, where this is necessary for operation, security, diagnostics
or improvement of the application.
3. Purposes of personal data processing
We process personal data for the following purposes:
| Purpose of processing | Examples of processing |
|---|---|
| Responding to enquiries | processing contact forms, emails and business enquiries |
| Communication with business partners and users | preparing offers, arranging meetings, answering questions, user support |
| Pre-contractual and contractual activities | preparing offers, coordinating the scope of services, performing ordered services |
| Ensuring website operation | technical maintenance, troubleshooting, ensuring availability |
| Ensuring mobile application operation | user login, enabling application functionalities, data synchronisation, diagnostics and troubleshooting |
| User support | handling requests, resolving technical issues, communicating with users |
| Information security | preventing misuse, detecting security events, protecting systems and applications |
| User notifications | sending service, technical or security notifications where necessary |
| Improving services | analysing website and application operation, improving user experience, fixing errors |
| Compliance with legal obligations | keeping records, retaining business documentation, responding to lawful requests from authorities |
| Establishing, exercising or defending legal claims | resolving disputes, proving communication or agreements |
We do not process personal data for purposes that are incompatible with the purposes listed above,
unless an appropriate legal basis exists.
4. Legal bases for processing
We process personal data on the following legal bases:
| Legal basis | When it applies |
|---|---|
| Performance of a contract or steps prior to entering into a contract | when you send us an enquiry, request an offer, use a contractually agreed application or enter into a business relationship with us |
| Legal obligation | when we are required to retain or disclose data under applicable law |
| Legitimate interest | for protecting the website, applications and information systems, ensuring information security, business communication, diagnostics, preventing misuse and proving legal relationships |
| Consent | for the use of non-essential cookies, analytics, push notifications, access to location or other functionalities where consent is required |
Where processing is based on consent, the individual may withdraw consent at any time.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
The user can generally manage individual permissions for a mobile application in the settings
of their mobile device.
5. Disclosure of personal data
We do not sell personal data and do not disclose it to third parties for their independent marketing purposes.
We may disclose or provide access to personal data to the following categories of recipients:
- website hosting and maintenance providers,
- information infrastructure, cloud service and security service providers,
- email and communication tool providers,
- providers of development, maintenance, diagnostics or operation services for mobile applications,
- providers of analytics or diagnostic tools, where used,
- application distribution platform providers, such as Google Play and Apple App Store, to the extent necessary for publishing, installing, updating and operating applications,
- external professional contractors where necessary for service delivery,
- accounting, legal or other advisers where necessary,
- public authorities or other authorised entities where required by law.
Where personal data is processed by processors, we regulate the relationship with them in a manner
that ensures appropriate protection of personal data and processing solely within the agreed purposes.
6. Transfer of data to third countries
As a rule, personal data is processed within the European Union or the European Economic Area.
Since mobile applications are distributed through Google Play and Apple App Store platforms,
the use of these platforms may also involve data processing by Google and Apple or their affiliated
companies outside the European Union or the European Economic Area.
If the use of individual services, platforms or tools involves the transfer of personal data to third countries,
we will ensure that such transfer is carried out only with appropriate safeguards as required by applicable law.
7. Retention of personal data
We retain personal data only for as long as necessary to achieve the purpose for which it was collected,
or for as long as required by applicable regulations.
Indicative retention periods are:
| Type of data | Retention period |
|---|---|
| Enquiries via web form or email | until communication is completed or for a maximum of 2 years after the last communication, unless a contract is concluded or another lawful reason for longer retention exists |
| Business communication | in accordance with legitimate business interests and regulations on retention of business documentation |
| Data related to a contractual relationship | for the duration of the contract and, after its termination, in accordance with statutory retention periods |
| User data in mobile applications | for the duration of application use or the contractual relationship, and thereafter in accordance with the purpose of processing and statutory retention periods |
| Diagnostic and technical application logs | generally up to 12 months, unless a security incident, technical error or another lawful reason for longer retention exists |
| Server and security logs | generally up to 12 months, unless a security incident or another lawful reason for longer retention exists |
| Cookies and similar technologies | in accordance with the settings of the individual cookie or technology and the user’s choice |
After the retention period expires, personal data is deleted, anonymised or otherwise appropriately destroyed.
8. Protection of personal data
We use appropriate technical, organisational and security measures to protect personal data against
unauthorised access, loss, alteration, disclosure or other inappropriate processing.
These measures include in particular:
- restricting access to personal data on a need-to-know basis,
- using security mechanisms to protect information systems,
- regular maintenance and updating of systems,
- data backups,
- access control,
- use of appropriate security mechanisms in web and mobile applications,
- procedures for detecting and handling security events,
- confidentiality obligations of employees and contractual partners.
9. Rights of individuals
An individual has the following rights in relation to the processing of their personal data:
- the right to information about the processing of personal data,
- the right of access to personal data,
- the right to rectification of inaccurate or incomplete data,
- the right to erasure of personal data,
- the right to restriction of processing,
- the right to object to processing,
- the right to data portability, where applicable,
- the right to withdraw consent, where processing is based on consent,
- the right to lodge a complaint with a supervisory authority.
Requests may be sent to:
zascita.podatkov@nebula.si
We will respond to requests without undue delay, generally no later than within one month of receiving
the request. In the case of more complex requests or a larger number of requests, the deadline may be
extended in accordance with applicable law.
If the request relates to a mobile application, please also state the name of the application,
the platform you use and the data that enables us to identify the user account or request, where necessary.
10. Complaint to the supervisory authority
If you believe that the processing of your personal data violates applicable legislation,
you may lodge a complaint with the competent supervisory authority:
Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana
Slovenia
Website:
www.ip-rs.si
Nevertheless, we recommend that you first contact us so that we can try to resolve your request
or concern directly.
11. Cookies and similar technologies
The website www.nebula.si may use cookies. Cookies are small text files stored on the user’s device
that enable the operation of the website, improve user experience or analyse website usage.
Mobile applications may use similar technologies, such as local storage, application or device identifiers,
diagnostic logs, analytics tools and mechanisms for push notifications.
11.1 Managing cookies and permissions
Users can manage cookies through their browser settings or through a consent management mechanism,
where this is enabled on the website.
Users can manage mobile application permissions, such as notifications, location, camera, files or
other permissions, in the settings of the Android or iOS operating system.
If the user disables certain cookies or application permissions, some functionalities of the website
or mobile application may not work properly.
12. Mobile applications in Google Play and Apple App Store
NEBULA d.o.o. may publish mobile applications in Google Play and Apple App Store.
This Privacy Policy applies to all mobile applications where NEBULA d.o.o. is listed as the developer,
publisher or controller, unless a separate Privacy Policy is published for an individual application.
Mobile applications may, depending on their purpose, provide various functionalities such as user login,
access to business data, display of data from backend systems, submission of requests, notifications,
data synchronisation or other functionalities.
The processing of personal data in an individual application is always limited to data necessary for
the operation of the application, provision of the service, security, user support, troubleshooting and
compliance with contractual or legal obligations.
If an individual application uses special device permissions, such as location, camera, notifications,
access to files or other sensors, such permissions are used only for the functionalities for which they
are required and in accordance with the permissions enabled by the user in the operating system.
NEBULA d.o.o. does not use data from mobile applications for the sale of personal data to third parties.
13. Links to other websites and third-party services
The website and mobile applications may contain links to third-party websites, systems or services.
NEBULA d.o.o. is not responsible for the content, operation or privacy policies of such external websites,
applications or services.
We recommend that users review the privacy policies of third-party websites or services when visiting
them or using them.
14. Special categories of personal data
As a rule, we do not collect special categories of personal data through the website or mobile applications,
such as data concerning health, political opinions, religious beliefs, trade union membership, biometric
data or other sensitive data.
Please do not send us such data through web forms, mobile applications or email unless this is strictly
necessary for handling your request, using a specific service or fulfilling a legal or contractual obligation,
and an appropriate legal basis exists.
15. Security incidents
In the event of a detected personal data security breach, we will act in accordance with applicable
legislation and the company’s internal procedures.
If the breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the
competent supervisory authority. Where required, we will also notify the affected individuals.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time due to changes in legislation, changes to the website,
changes to mobile applications, changes to services or changes to internal procedures.
The current version of this Privacy Policy is always published on the website
www.nebula.si
or accessible via a link in Google Play or Apple App Store for the individual mobile application.
17. Contact
For questions regarding this Privacy Policy or the processing of personal data, you may contact us at:
NEBULA d.o.o.
Staretova ulica 13A
1000 Ljubljana
Slovenia
Data protection email:
zascita.podatkov@nebula.si