Privacy Policy


The purpose of the privacy policy is to inform individuals, customers, users of products or services, collaborators, employees, and other persons (hereinafter referred to as “individuals”) who interact with the company TRONIUS d.o.o. (hereinafter referred to as “Company”) about the purposes, legal bases, security measures, and rights of individuals regarding the processing of personal data carried out by the company.





We value your privacy, so we always carefully protect your data.





We process personal data in accordance with applicable legislation on the protection of personal data and other legislation that provides us with a legal basis for the processing of personal data. Any changes to this document will be published on our website. By using the website, you confirm that you are familiar with the entire content of the privacy policy.





Data Controller:
TRONIUS D.O.O.
Kromberk, Cesta 25. junija 1B
5000 Nova Gorica
e-pošta: info@troniusgaming.com
https://troniusgaming.com





1) Personal data





Personal data means any information relating to an identified or identifiable individual; an identifiable individual is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.





2) The purposes of processing and the legal bases for processing data





The company collects and processes personal data on the following legal bases:
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
• The individual to whom the personal data relates has given consent to the processing of their personal data for one or more specific purposes;
• Processing is necessary to protect the vital interests of the data subject or of another natural person.





The legal basis for data processing is a contract. The retention period is until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract. Informing individuals via electronic mail, such as newsletters. Based on its lawful activities, the company may inform its customers, buyers, and users of its services via their email address about its services, events, education, offers, and other content. An individual may request the cessation of such communication and the processing of personal data at any time and revoke the receipt of messages through an unsubscribe link in the received message or by submitting a request via email or regular mail to the company’s address. The legal bases for data processing are legitimate interest and consent. The data will be processed until the withdrawal of consent or until the purpose of processing is fulfilled. Revoking consent does not affect the lawfulness of processing based on consent before its withdrawal. In the organization TRONIUS d.o.o., we conduct video surveillance. Through video surveillance (cameras installed in the test room), we monitor entries and exits (based on Article 77 of the Personal Data Protection Act). Video surveillance is also conducted for the purpose of protecting individuals (users, employees, and visitors) and the organization’s property (based on legitimate interest, as defined by point (f) of Article 6(1) of the General Data Protection Regulation). Recordings are kept for at least 7 days. Video surveillance is not conducted in a manner that would have a significant impact on processing. Likewise, video surveillance does not enable unusual further processing, such as transfers to third countries, live monitoring, or the possibility of audio intervention in the event of live monitoring. / Video surveillance allows live monitoring. All information regarding the implementation of video surveillance can be obtained at the organization’s telephone number or email address. The rights of individuals are described in this Privacy Policy. Video surveillance is carried out internally by Tronius.





The execution of the concluded contract





In cases where an individual enters into a contract with the company, this constitutes the legal basis for the processing of personal data. The company may process personal data for the purpose of entering into and performing a contract, such as the sale of goods and services, preparing offers, participating in various programs, etc. If an individual does not provide personal data, the company cannot enter into a contract, nor can it provide services or deliver goods or other products in accordance with the concluded contract, as it does not have the necessary data for execution. On this basis, the company processes only those personal data that are necessary for the conclusion and proper performance of contractual obligations. The legal basis for data processing is a contract. The retention period is until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract, except in cases where a dispute arises between the individual and the company regarding the contract. In such a case, the company retains the data for 10 years after the finality of a court decision, arbitration, or judicial settlement, or if there is no judicial dispute, for 5 years from the date of amicable settlement of the dispute.





Legitimate interest





The company may also process personal data based on its legitimate interests. However, this is not permissible when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relates, which require the protection of personal data. In the case of using legitimate interests, the company conducts an assessment in accordance with the legislation. Processing the personal data of individuals for the purposes of direct marketing is considered to be carried out in a legitimate interest. The company may process personal data of individuals obtained from publicly available sources or within the lawful conduct of its activities, for the purposes of offering goods, services, employment opportunities, informing about benefits, events, etc. To achieve these purposes, the company may use regular mail, telephone calls, email, and other telecommunication means. For the purposes of direct marketing, the company may process the following personal data of individuals: name and surname, address of permanent or temporary residence, telephone number, and email address. The company may process the mentioned personal data for direct marketing purposes even without the explicit consent of the individual. An individual may request the cessation of such communication and the processing of personal data at any time and revoke the receipt of messages through an unsubscribe link in the received message or by submitting a request via email or regular mail to the company’s address. The legal basis for data processing is legitimate interest. The data will be processed until the withdrawal of receipt of messages or until the purpose of processing is fulfilled. The revocation does not affect the lawfulness of processing based on consent before its withdrawal.





Processing based on consent





If the company does not have a legal basis established based on law, contractual obligation, legitimate interest, or protection of an individual’s life, it may request consent from the individual. In this way, it can process certain personal data of the individual for the following purposes when the individual gives consent for this:
• The individual’s residential address and email address (for the purposes of communication and information);
• Photographs, videos, and other content related to the individual (e.g., posting pictures of individuals on the company’s website for the purpose of documenting activities and informing the public about the company’s work and events);
• Other purposes for which the individual agrees by giving consent.





If an individual gives consent for the processing of personal data and at some point no longer wishes to do so, they can request the cessation of personal data processing by submitting a request via email or regular mail to the company’s address. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Upon receipt of the withdrawal or request for deletion, the data will be deleted within 15 days at the latest. The company may also delete this data before withdrawal when the purpose of processing personal data has been achieved or if required by law.





Exceptionally, the company may refuse a request for deletion for reasons outlined in the General Data Protection Regulation, such as exercising the right to freedom of expression and information, fulfilling legal obligations of processing, reasons of public interest in the area of public health, purposes of archiving in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defense of legal claims. The legal basis for data processing is consent. The data will be processed until withdrawal or revocation of consent, or until the purpose of processing is fulfilled. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.





Protection of vital interests of the individual





The company may process the personal data of the individual if it is necessary to protect their vital interests. In urgent cases, the company may search for the individual’s personal documents, check if the person exists in its database, examine their medical history, or contact their relatives, without requiring the individual’s consent. This applies when it is necessary to protect the vital interests of the individual.





5) Storage and deletion of personal data





The company will only retain personal data for as long as necessary to fulfill the purpose for which the personal data was collected and processed. If the company processes data based on the law, it will be kept for the period prescribed by the law. Some data are stored during the cooperation with the company, while some data must be kept permanently. Personal data processed by the company based on a contractual relationship with an individual will be retained for the period necessary to execute the contract and for an additional 6 years after its termination unless there is a dispute between the individual and the company regarding the contract. In such cases, the company will keep the data for an additional 10 years after the finality of the court decision, arbitration, or settlement, or if there is no dispute, for 5 years from the date of amicable resolution. Personal data processed by the company based on an individual’s personal consent or legitimate interest will be retained until the consent is revoked or a request for data deletion is made. Upon receipt of revocation or deletion request, the data will be deleted without undue delay. The company may delete this data even before revocation if the purpose of processing personal data has been achieved or if required by law. In the event of exercising individual rights, the company retains the personal data of that individual until the matter is conclusively decided, and thereafter, in accordance with the final decision in the matter.
Exceptionally, the company may refuse a request for deletion for reasons such as: exercising the right to freedom of expression and information, fulfilling legal obligations of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes, or statistical purposes, exercising or defending legal claims. Upon expiration of the retention period, the company must effectively and permanently delete or anonymize personal data so that it can no longer be associated with a specific individual.





6) Contractual Processing of Personal Data and Data Transfer





The company may entrust certain processing of personal data based on a contract to a data processor. Contract processors may process entrusted data solely on behalf of the controller, within the limits of its authority as stated in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.
The contractual processors that the company collaborates with primarily include:
• accounting services and other providers of legal and business consulting services;
• infrastructure maintainers (video surveillance, security services);
• maintainers of information systems;
• providers of email services and software, cloud services (e.g., Microsoft, Google);
• providers of social media and online advertising (Google, Facebook, Instagram, etc.).





The company also maintains a list of data processors for the purpose of better oversight and control over the contractual relationship. This list includes all specific data processors with whom the company collaborates.





The company will not, under any circumstances, disclose an individual’s personal data to unauthorized third parties. Contractual processors may only process personal data within the instructions provided by the company and may not use personal data for any other purposes. The company, as the data controller, and its employees do not transfer personal data to third countries (outside the European Economic Area – EU Member States, Iceland, Norway, and Liechtenstein) and international organizations, except to the USA, where relationships with processors are governed by standard contractual clauses (standard contracts approved by the European Commission) and/or binding corporate rules (adopted by the company and approved by supervisory authorities in the EU).





7) Cookies





The company’s website operates with the help of so-called cookies, which are important for providing web services and are used to store data about the state of each webpage, assist in collecting statistics about users and website traffic, etc. Upon entering the website, only those cookies that are essential for the operation of the website (e.g., for the shopping cart) are loaded onto the device. Other cookies will only be loaded with the individual’s consent. Individuals can change their settings and delete cookies at any time (instructions are available on the respective browser’s websites).
The website uses the following cookies:
Cookie time Duration Function
_ga 1 year 1 month 4 days It is used for distinguishing between users.
_gid 24 hours It is used for distinguishing between users.





8) Data Protection and Data Accuracy





The company ensures information security and the security of infrastructure (spaces and application system software). Our information systems are protected with antivirus programs and a firewall, among other measures. We have implemented appropriate organizational and technical security measures aimed at protecting personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, as well as from other unlawful or unauthorized forms of processing. In the case of transmitting special categories of personal data, we encrypt them and protect them with a password. Individuals are responsible for securely providing their personal data, ensuring that the provided data is accurate and credible.





9) Individual Rights Regarding Data Processing





An individual whose personal data is being processed has the right to request access to their personal data and to request the correction, deletion, or limitation of processing related to them, as well as the right to object to processing and the right to data portability. The individual’s request is handled in accordance with the provisions of the General Data Protection Regulation and applicable personal data protection legislation.
All the rights mentioned and any inquiries can be exercised by the individual by submitting a request to the company’s address. The company will respond to the individual’s request without undue delay, no later than one month after receiving the request. This period may be extended by up to two additional months, taking into account the complexity and number of requests, and the individual will be informed of this extension, along with the reasons for the delay. Exercising these rights is free of charge for the individual, but the company may charge a reasonable fee if the request is clearly unfounded or excessive, especially if it is repetitive. In such a case, the company may also refuse the request. If there is doubt about the individual’s identity, additional information may be requested by the company to confirm the identity.





The privacy policy is valid from 13.03.2025 onwards.