The purpose of Penine Istenič’s PRIVACY POLICY is to inform you of the following:

• who processes your personal data

• what personal data we collect

• why we process your personal data

• how long will we store your personal data and

• what are your rights in relation to the information we store about you and how to assert them.

All of our activities relating to the processing of personal data are in accordance with the applicable Personal Data Protection Act, the Electronic Communications Act and the EU General Data Protection Regulation. This privacy policy may be amended or supplemented at any time without prior notice or warning. By using the provider’s website after changing or supplementing, the individual confirms that he agrees to the changes and additions.

Who processes my personal data?

The controller of your personal data is:

Istenič, d.o.o.

Celovška 72

1000 Ljubljana

DŠ: 94703329

MŠ: 5394376000


email: mark@istenic.si
Tel: 01 515 78 85
Web: www.istenic.si

If you have any questions regarding our policy of protecting personal data or processing your personal data, you can contact us at any time. Contact us at:

  • PENINE ISTENIČ email: mark@istenic.si

What personal information do you collect?

The operator collects the following personal data:

Basic information about the user (name and surname, address of residence);

Contact details and information about your communication with the operator (email address, telephone number, date, time and content of postal or email communication);

Information on the user’s purchases and issued invoices (date of purchase, purchased items, prices of purchased items, total purchase amount, method of payment, delivery address, number and date of invoice, code of the person who issued the invoice, etc.) and information on resolving product complaints;

 Information about the user’s use of the operator’s website (dates and times of visits to the website, retention time on each page, number of pages visited, total time of site visit, settings made on the website)

The provider does not collect data relating to credit card payments, which are transmitted by users through the website. This information is collected exclusively by the credit card payment provider, i.e. Stripe.

Why are you processing my personal data?

All personal data you provide to us will be treated confidentially and will only be used for the purposes for which it was provided. The provider does not collect or process your personal data unless you allow or consent to it.

The operator collects and processes your personal data for the following purposes:

Purpose of processingMore detailed explanationLegal basisRetention date
Conclusion and fulfilment of obligations arising from the contract concludedConclusion and execution of a contract concluded with the operator, including the operator’s execution of your orders, communication with you, and the fulfilment of other obligations of the operator and/or your obligations.We process personal data on the basis of a contract. In the event that you do not provide us with all the information necessary for the conclusion of the contract, we reserve the right to defer the order of the Service or cancel the service.Personal data processed by the Operator for the execution of a contractual relationship with an individual shall be kept by the Operator for the period necessary for the execution of the contract and for a further 5 years after its termination.
Directly notifying customers about services/courses and other content via emailBased on your consent, we will inform you about our services and content by email. The buyer may at any time request a suspension of such communication and the processing of personal data in such a way that he withdraws his consent. You can withdraw your consent at any time via mark@istenic.si with the following words: ODJAVA.We process your data when you give us explicit consent. Your consent may be revoked at any time. If you withdraw your consent, your provider will not be able to provide you with certain services.The personal data processed by the Operator on the basis of the personal consent of the individual The Operator shall keep until the individual has revoked that consent
Enforcement of legal claims, protection of our rights and dispute resolution
We collect personal data for a specific purpose in accordance with the law.In cases where there is a dispute between you and the Operator concerning the contract, the Operator shall keep the data for 5 years after the final judgement of the court or arbitration decision or settlement or, in the absence of a legal dispute, 5 years from the date of the peaceful settlement of the dispute.
Legal obligationsWe collect your information for the purpose of complying with legal obligations (e. g. storing invoices for the purposes of tax legislation)Processing on legal basis.The personal data that the Operator processes on a legal basis is stored for the period prescribed by the sectoral law.

Will you pass on my information to third parties?

In providing our services, the Manager may entrust individual tasks related to the processing of your personal data to other persons in accordance with the purposes set out in this Privacy Policy. The processors with which the controller cooperates are:

-payment system providers: Stripe;

-postal servise providers: DPD Slovenia

Will you use my personal data to perform profiling or make automated decisions?

Automated decision-making or profiling is not carried out.

What are my rights with regard to the processing of personal data?

With regard to the processing of your personal data, you have the following rights:

Right to withdraw consent

If you have consented as an individual to the processing of your personal data (for one or more specified purposes), you have the right to withdraw your consent at any time without prejudice to the lawfulness of the processing of the data carried out by consent until its withdrawal.

Consent may be revoked by a written declaration sent to the Operator via e-mail address: mark@istenic.si

The withdrawal of consent for the processing of personal data has no negative consequences or sanctions for the individual.

  • Right of access to personal data

As an individual, you have the right to obtain confirmation from the controller of personal data if personal data are being processed in relation to you and, if so, access to personal data and certain information.

Right to rectification of personal data

As an individual, you have the right to draw the operator’s attention to inaccurate or incomplete data processed by the manager in relation to you, while at the same time ensuring that the operator corrects the inaccurate data or completes the incomplete data in order to process only accurate and complete data.

Right to erasure of personal data

As an individual, you have the right to have the operator delete personal data relating to you without undue delay and the manager must delete the data without undue delay where one of the following reasons exists:

(a) personal data is no longer necessary for the purposes for which it was collected or otherwise processed,

(b) if you withdraw your consent and there is no other legal basis for processing,

(c) if you object to processing and there are no overriding legitimate reasons for processing,

(d)the personal data has been processed unlawfully,

(e) personal data must be deleted in order to fulfil legal obligations under EU or Member State law applicable to the provider,

(f) personal data has been collected in connection with the offers of information society services

• Right to restrict processing

As an individual, you have the right to restrict processing by the operator when there is one of the following cases:

(a) if you dispute the accuracy of the data for a period enabling the provider to verify the accuracy of the data,

(b) processing is illegal and you object to the deletion of data and instead request restriction of their use,

(c) the data provider no longer needs the data for the purposes of processing, but you need them to enforce, pursue and defend legal claims,

(d) you have lodged an objection to the processing until it is verified that the legitimate reasons of the provider outweigh your reasons.

Right to data portability

As an individual, you have the right to receive personal data relating to you that you have provided to the provider in a structured, widely used and machine-readable form, and you have the right to provide that information to another controller without being impeded by the provider to which the personal data has been provided, when:

(a) the processing is based on consent or on the contract;

(b) the processing is carried out by automated means.

As an individual, in exercising that right of portability, you have the right to transfer personal data directly from one controller to another where technically feasible.

  • Right to lodge a complaint with a supervisory authority

Without prejudice to any other remedy, as an individual, you have the right to lodge a complaint with the supervisory authority (in Slovenia it is the Information Commissioner) if you believe that the processing of personal data in relation to you violates the rules on the protection of personal data.

Without prejudice to any other remedy, you have the right, as an individual, to an effective remedy against a legally binding decision of the supervisory authority in relation to it, as well as in the event that the supervisory authority does not hear your complaint or not inform you within three months of the state of the case or of the decision on the complaint. Proceedings against a supervisory authority shall be the responsibility of the courts of the Member State in which the supervisory authority is established.

The individual may make any request concerning the exercise of rights in relation to personal data, addresses, in writing, to the controller, namely at the email address: mark@istenic.si

Notification to the supervisory authority of a personal data breach

In the event of a personal data breach, the operator shall be obliged to inform the competent supervisory authority, except where the infringement is unlikely to jeopardise the rights and freedoms of individuals. Where, in the event of an infringement, a criminal offence is suspected, the Operator shall be obliged to inform the police and/or the competent prosecutor’s office of the infringement.

In the event of an infringement which may give rise to a significant risk to the rights and freedoms of individuals, the operator shall be obliged to inform the data subjects without delay of the infringement or, where this is not possible, without undue delay.

Publishing changes

Any change to our personal data protection policy will be published on this website.

30.5.2022