Privacy Policy
1. Data controller
The data controller within the meaning of the GDPR (EU Regulation 2016/679) and the Slovenian Personal Data Protection Act (ZVOP-2) is:
Dimičeva ulica 9, 1000 Ljubljana, Slovenia
Tax: SI40790215 · Registration: 7522967000
Email: media4estate@gmail.com
We have not appointed a Data Protection Officer (DPO) because the thresholds in Art. 37(1) GDPR are not met: we are not a public authority, we do not carry out large-scale systematic monitoring, and we do not process special categories of data on a large scale. Send any data protection questions to the email above.
2. What personal data we collect
2.1 Data you provide voluntarily
- Contact form / inquiry: name, email, phone (optional), message content.
- Communication via email / messengers (Telegram, WhatsApp): data in your messages.
2.2 Data collected automatically
- Technical data: IP address, browser type, OS, language, date/time of visit, referrer URL.
- Behavioural data (only with consent): clicks, video views, time on page, scroll depth.
3. Legal basis and purposes
| Purpose | Legal basis (GDPR) | Retention |
|---|---|---|
| Responding to inquiries | Art. 6(1)(b) — pre-contract / Art. 6(1)(f) — legitimate interest | 2 years from last contact |
| Performance of services after contract | Art. 6(1)(b) — contract | 10 years (Art. 32 ZDavP-2 — accounting obligation) |
| Analytics and optimisation | Art. 6(1)(a) — consent | 26 months |
| Marketing pixels (Meta, Google Ads) | Art. 6(1)(a) — consent | up to 90 days |
| Technical necessity (security, language) | Art. 6(1)(f) — legitimate interest | up to 12 months |
4. Obligation to provide data
Providing personal data is not a statutory requirement. Providing the contact-form data is a contractual / pre-contractual necessity solely so that we can process your inquiry. If you do not provide it we cannot reply to you, but no other consequences arise for you.
5. Automated decision-making and profiling
We do not carry out automated decision-making that produces legal or similarly significant effects on individuals (Art. 22 GDPR). Marketing pixels (Meta) may perform limited profiling to display ads, but only with your consent and without legal effects; you may withdraw consent at any time.
6. Cookies
Cookie use is governed by Directive 2002/58/EC (ePrivacy), in Slovenia by ZEKom-2 (Off. Gaz. 130/22), with the consent standard from Art. 4(11) and Art. 7 GDPR. On your first visit a consent banner appears; optional cookies load only after your prior opt-in consent, never beforehand.
| Category | Purpose | Examples | Duration |
|---|---|---|---|
| Essential | Functionality, language, security | mc-consent, mc-lang | 12 mo. |
| Analytics | Anonymous usage stats | Google Analytics 4 (_ga) | up to 26 mo. |
| Marketing | Retargeting, advertising | Meta Pixel (_fbp, fr) | up to 90 days |
You can change preferences any time via the «Cookies» button in the footer; withdrawing consent is as easy as giving it, and on withdrawal we delete any already-set cookies (_fbp, _fbc, _ga). Currently only Meta Pixel marketing tracking is active (with consent); Google Analytics 4 is not installed and would load only if enabled in future — always only after your analytics consent.
7. Processors and third parties
We do not sell your data. We share it only with processors under a data-processing agreement (Art. 28 GDPR):
- Google LLC (USA) — Google Analytics 4, with consent. Transfer under EU-US Data Privacy Framework (Google is certified).
- Meta Platforms Ireland Ltd (Ireland/USA) — Facebook/Instagram pixels, with consent. US transfer under EU-US DPF (Meta is certified).
- Telegram FZ-LLC (UAE) / WhatsApp Ireland Ltd — if you contact us via these channels. For the UAE, Standard Contractual Clauses (SCC, module 2) apply.
- Hostinger International Ltd (EU) — website hosting.
8. International transfers
When using Google and Meta services, data may be transferred to the USA, safeguarded by the EU-US Data Privacy Framework (Commission Decision 2023/1795). For providers not DPF-certified (e.g. Telegram, UAE), Standard Contractual Clauses (SCCs) — Commission Implementing Decision 2021/914, module 2 apply. You may request a copy of the relevant safeguards at media4estate@gmail.com.
9. Your rights under GDPR
- Access (Art. 15) — a copy of your data
- Rectification (Art. 16)
- Erasure / "right to be forgotten" (Art. 17)
- Restriction (Art. 18)
- Portability (Art. 20) — provided in a structured, machine-readable format (JSON or CSV on request)
- Objection (Art. 21)
- Withdraw consent (Art. 7(3)) — at any time, without affecting prior processing
- Lodge a complaint (Art. 77) — with the Information Commissioner of Slovenia or the supervisory authority in your country of residence
To exercise your rights, email media4estate@gmail.com. We respond free of charge within 30 days; for complex or numerous requests this may be extended by up to 2 months (Art. 12(3)), and we will inform you. For manifestly unfounded or excessive requests we may charge a reasonable fee or refuse (Art. 12(5)). You have the right to a judicial remedy against our decision (Art. 79).
10. Data security
We use HTTPS (TLS 1.3), restricted system access, encrypted backups, and regular updates. Nevertheless, no internet transmission can be 100% secure.
11. Minors
This service is not intended for persons under 15 (the threshold under Art. 8 GDPR as derogated by Slovenian ZVOP-2). We do not knowingly collect minors' data; if found without parental consent, we delete it.
12. Changes and supervisory authority
We may update this policy; material changes are published here with a new date.
Information Commissioner of Slovenia · Dunajska cesta 22, 1000 Ljubljana · tel. +386 1 230 9730 · gp.ip@ip-rs.si · www.ip-rs.si