Pursuant to the Real Estate Brokerage Act and on the basis of Articles 24 and 25 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, 86/04 and 113/05), M&N-IRE d.o.o., Ljubljanaska cesta 2A,
6000 Koper - Capodistria, hereby publishes a

Privacy Policy
 
I.    GENERAL PROVISIONS
Article 1
These Rules determine the organizational, technical and logical-technical procedures and measures for the protection of personal data in M&N-IRE d.o.o., Ljubljanaska cesta 2A, 6000 Koper - Capodistria in order to prevent accidental or intentional unauthorized destruction of data, their change or loss, as well as unauthorized access, processing, use or  transmission of personal data.

Employees and external associates who process and use  personal data in their work must be familiar with the Personal Data Protection Act, the sectoral legislation governing each field of their work and the content of these Rules.

Article 2
For the purposes of this Regulation the terms mean as follows:

1.    ZVOP-1 - Personal Data Protection Act (Official Gazette of the Republic of Slovenia, no. 86/04 and 113/05);
2.    Personal data - means any data relating to an individual, regardless of the form in which it is expressed;
3.    An individual - is a defined or identifiable natural person to whom the personal data relates; a natural person is identifiable if it can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors characterizing his physical, physiological, mental, economic, cultural or social identity, the method of identification does not high costs or does not require a lot of time;
4.    Personal data collection - means any structured set of data containing at least one piece of personal data that is accessible on the basis of criteria that allow the use or aggregation of data, regardless of whether the set is centralized, decentralized or dispersed on a functional or geographical basis; a structured set of data is a set of data organized in such a way as to determine or enable the identifiability of an individual;
5.    Processing of personal data - means any operation or set of operations which is performed on personal data which are processed automatically or which, when processed manually, are part of a personal data collection or are intended to be included in a personal data collection, in particular collection, retrieval, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, alignment or association, blocking, anonymisation, erasure or destruction; the processing may be manual or automated (means of processing);
6.    Personal data controller - means a natural or legal person or another person of the public or private sector who alone or jointly with others determines the purposes and means of personal data processing or a person determined by law, which also determines the purposes and means of processing;
7.    Sensitive personal data - means data on racial or ethnic origin, political, religious philosophical beliefs, trade union membership, health status, sex life, registration or deletion in or from criminal records or misdemeanor records, and biometric characteristics;
8.    Recipient of personal data - is a natural or legal person or other person of the public or private sector to whom personal data are transmitted or disclosed;
9.    Data carrier - all types of assets on which data are written or recorded (documents, acts, materials, files, computer equipment including magnetic, optical or other computer media, photocopies, sound and visual material, microfilm, data transmission devices, etc. .).;

Article 3
The description of personal data collections managed by M&N-IRE d.o.o. is kept in the catalogue of personal data collections (description of personal data collections), which is kept in accordance with the provisions of Article 26 of ZVOP-1. The data referred to in points 1, 2, 4, 5, 6, 9, 10, 12 and 13 of the catalogues of personal data collections shall be forwarded to the state body responsible for keeping the Register of personal data collections. The catalogue of the personal data collection   shall be provided for each personal data collection no later than 15 days before the establishment of the personal data collection, and within the same period, the data from the catalogue shall also be forwarded to the competent national authority. The catalogue of personal data collections is supplemented with each change in the type of personal data in each collection, and the changes are

also forwarded to the competent national authority within 8 days.
Employees who process personal data must be acquainted with the catalog of personal data collections, and access to the catalog of personal data collections should also be provided to anyone who requests it.

M&N-IRE d.o.o.  is obliged to keep an up-to-date list, from which it is clear which person is responsible for each personal data collection and which persons may, due to the nature of their work, process personal data relating to each personal data collection. The following data shall be entered in the list: the name of the personal data collection, the personal name and workplace of the person responsible for the personal data collection and the personal name and workplace of persons who, due to the nature of their work, may process personal data relating to the personal data collection.

II. PROTECTION OF PREMISES AND COMPUTER EQUIPMENT

Article 4
The premises in which personal  data carriers are located, hardware and software (protected areas) must be protected by organizational and physical and/or technical measures that prevent unauthorized persons from accessing data.

Access is possible only during regular working hours, and outside these hours only with the permission of the head of the organizational unit.

Keys to protected areas are used and stored in accordance with house rules. Keys are not left in the door lock from the outside.

Protected spaces must not remain uncontrolled, or they must lock in the absence of workers who control them.

Outside of working hours, cabinets and desks with personal  data carriers must be locked, computers and other hardware switched off and physically locked or locked through the use of software.

Employees must not leave carriers of  personal data on the tables in the presence of persons who have no right to view them.

Personal  data carries located outside of protected areas (corridors, common spaces) must be permanently locked.

Sensitive personal data must not be kept outside the protected areas.

Article 5
In premises intended for dealing with customers, data carriers and computer displays must be installed in such a way that customers do not have access to it.

Article 6
Maintenance and repairs of hardware computer and other equipment are allowed only with the knowledge of the authorized person, and can only be carried out by authorized services and maintainers who have an appropriate contract with M&N-IRE d.o.o..

Article 7
Room, hardware and software maintainers, visitors and business partners may move in protected areas only with the knowledge of an authorized person. Employees, such as cleaners, security guards, etc., can only move outside those working hours only in those protected areas, where access to personal data is prevented (data carriers are stored in locked cabinets and desks, computers and other hardware are switched off or how otherwise physically or programmatically locked).

III. PROTECTION OF SYSTEM AND APPLICATION SOFTWARE AND DATA, PROCESSED WITH COMPUTER EQUIPMENT

Article 8
Access to the Software must be protected in such a way  as to permit access only for that purpose to the designated employees or legal or natural persons who perform agreed services according to the contract.

Article 9
Correction, modification and updating of the system and application software is allowed only on the basis of the authorization of the authorized person, and can only be carried out by authorized services, organizations and individuals who have concluded an appropriate contract with the company. Changes and additions to the system and application software must be properly documented by contractors.

Article 10
The same terms and conditions apply to the storage and protection of the application software as for the other  data contained in this policy.

Article 11
The contents of the network server disks and local workstations where personal data are located are checked instantly by the presence of computer viruses. In the event of the occurrence of a computer virus, this shall be eliminated as soon as possible with the assistance of an the expert service of onOffice Software GmbH, while at the same time determining the cause of the occurrence of the virus in the computer information system of onOffice Software.

All personal data and software intended for use in a computer information system and arriving at M&N-IRE d.o.o. on computer data transmission media or via telecommunication channels must be checked for the presence of computer viruses before use.

Article 12
Employees must not install software without the knowledge of the person in charge of the operation of the computer information system. They may also not remove software from , M&N-IRE d.o.o., Ljubljanaska cesta 2A, 6000 Koper - Capodistria without the approval of the head of the organizational unit and the knowledge of the person in charge of the operation of the computer information system.

Article 13
Access to data through application software is protected by the system of passwords for authorizing and identifying users of programs and data, and the password system must also allow the possibility of subsequent identification of when individual personal data were  enteredi  into a database, used or otherwise processed, and who it is did it.
The authorised person shall determine the arrangements for assigning, storing and changing of passwords.

IV. SERVICES, PROVIDED BY EXTERNAL LEGAL ENTITIES OR NATURAL PERSONS

Article 14
With any outside legal or natural person performing individual tasks relating to the collection, processing, storage or transmission of personal data and is registered to perform such an activity (contracted processor), the written contract provided for in paragraph 2 of Article 11 of ZVOP-1. In such a contract, the conditions and measures to ensure the protection of personal data and their insurance must also be prescribed. This also applies to outsiders who maintain hardware and software, and manufacture and install new hardware or software.

External legal or natural persons may only provide personal data processing services only within the framework of the authorizations of the person placing an order and may not process or otherwise use the data for any other purpose.

Authorized legal or natural person who, for M&N-IRE d.o.o., Ljubljanaska cesta 2A, 6000 Koper
Capodistria, provides the agreed services outside the premises of the controller must have at least the same strict manner of personal data protection as provided for in these Rules.

V. RECEPTION AND TRANSMISSION OF PERSONAL  DATA

Article 15
The worker, who is in charge of receiving and registering mail, must deliver a postal item with personal data directly to the individual, or to the service to which this consignment is addressed.

The worker, who is in charge of receiving and registering mail, does not open those consignments addressed to another body or organization and is accidentally delivered and the items marked as personal data or which appear on the label on the envelope that they relate to competition or tender.

The worker in charge of receiving and recording mail may not open consignments addressed to the worker on which the envelope states that they are to be served personally to the addressee, and consignments on  which the personal name of the worker is first indicated without indicating his official position, and only then the address of the administrative authority (option:  company, institution, etc.).

Article 16
Personal data is permitted to be transmitted by means of information, telecommunication and other means only in the course of procedures and measures, that prevent the unauthorized data from being tampered with or destroyed  and unjustifiably informed about their content.

SENSITIVE PERSONAL DATA is sent to addressees in sealed envelopes against signature in
delivery book or with a delivery note.

Personal data is sent in a registered letter. The envelope, in which the personal data are transmitted, must be made in such a way, that the envelope does not allow the contents of the envelope to be visible under normal light or when the envelopes are illuminated by the usual light. The envelope must also ensure that the opening of the envelope and access to its content can not be carried out without a visible opening of the envelope.  

Article 17
The processing of sensitive personal data must be specially marked and secured. The data referred to in the previous paragraph may be transmitted via telecommunications networks only if they are specially secured by cryptographic methods and electronic signature in such a way as to ensure the illegibility of the data during their transmission.

Article 18
Personal data is provided only to those users, who show up with the appropriate legal basis or with the written request or consent of the data subject.

For each transfer of personal data, the beneficiary must file a written application in which the provision of the law authorizing the user to obtain personal data must be clearly stated, or the written request or consent of the data subject must be attached to the application.

Each transfer of personal data is recorded in the record of transfers, from which it must be evident which personal data were transferred, to whom, when and on what basis (Article 22 of the ZVOP-1).

The originals of documents shall never be transmitted except in the case of a court order. The original document must be replaced with a copy during the absence.

VI. DELETION OF DATA

Article 19
After the expiration of the retention period, personal data will be deleted, destroyed, blocked or anonymized, unless otherwise provided by law or other act.

The deadlines after which personal data are deleted from the database are evident from point 7 of the personal data catalogue.

Article 20
For deleting data from computer media, such a deletion method is used that it is impossible to restore all or part of the deleted data. Data on classic media (documents, files, register, list, ...) are destroyed in a way that makes it impossible to read all or part of the destroyed data.

In the same way, ancillary material is to be destroyed (such as matrices, calculations and charts, sketches, experimental or unsuccessful printouts, etc.).

It is prohibited from discharging waste volumes of data with personal data in the recycle bins.

When transferring personal data carriers to the site of destruction, adequate insurance must also be provided at the time of transfer.

The transfer of data carriers to the place of destruction and the destruction of personal data carriers is supervised by a special commission, which also draws up appropriate minutes of the destruction.

VII. ACTION IN CASE OF SUSPICION OF UNAUTHORIZED ACCESS

Article 21
Employees are obliged to immediately notify the authorized person  or superior about activities related to the detection or unauthorized destruction of confidential data, malicious or unauthorized use, altering, change or damaging, and they themselves try to prevent such activity.

VIII. RESPONSIBILITY FOR THE IMPLEMENTATION OF SECURITY MEASURES AND PROCEDURES

Article 22
The implementation of procedures and measures to protect personal data is the responsibility of the heads of organizational units and  authorized persons appointed by onOffice Software GmbH.
Supervision of the implementation of the procedures and measures set out in these Rules is performed by M&N-IRE d.o.o., Ljubljanaska cesta 2A, 6000 Koper - Capodistria.

Article 23
Anyone who processes personal data shall be required to implement the prescribed procedures and measures to safeguard the data and to protect the data of which they have knowledge or of which they become aware in the course of their work. The obligation to protect the data does not end with the termination of the employment relationship.

Before starting work at the workplace where personal data is processed, the employee must sign a special statement obliging him to protect personal data. The signed statement must show that the signatory is familiar with the provisions of these Rules and the provisions
of VOP-1, and the statement must also contain instruction on the consequences of the violation.

Article 24
For violation of the provisions of the previous article, the employees are disciplinally liable and the rest on the basis of contractual obligations.

IX. FINAL PROVISIONS:

Article 25
This Policy shall enter into force 1 day after 01.01.2019


M&N-IRE d.o.o.,
Ljubljanaska cesta 2A,
6000 Koper – Capodistria

In Koper - Capodistria,    02. February 2024
M&N-IRE, d.o.o.

Call us. We look forward to a personal conversation.

+38668648112
Contact
Direct contact

I agree with the privacy policy *

Address M&N-IRE, d.o.o. Ljubljanaska cesta 2A 6000 Koper - Capodistria
Contact Phone+38668648112 Fax Emailinfo@man-ire.com
Our office

Größere Karte anzeigen
Subscribe to our newsletter

Register for free and be informed about new updates.

I agree with the privacy policy. *

By submitting the form, you agree that your personal data will be used for the purpose of sending you an e-mail newsletter. Your data will only be used to send the newsletter and will never be shared with third parties. You can revoke your consent at any time.

Thank you very much!

Ihre Anmeldung für unseren Newsletter war erfolgreich.