Privacy Statement (Personal data protection policy)

1. Introduction

The purpose of this Privacy Statement is to inform individuals, service users, employees and other persons (hereinafter: the individual) who cooperate with Beep Institute d.o.o., Finžgarjeva ulica 4, 1000 Ljubljana (hereinafter: the company) about the purposes and legal bases , security measures and the rights of individuals regarding the processing of personal data carried out by our company.

We value your privacy, so we always protect your information carefully.

The statement is intended for visitors of our website, participants in our events, subscribers to the Beep Club and other individuals or companies we work with.

Beep Institute, developing human potential , d.o.o. 
Finžgarjeva ulica 4
1000 Ljubljana 
E-mail: [email protected] 
Phone: +386 31 737 788 
Legal representative: Maja Fesel Kamenik 
Website: https://www.beepclub.institute 
Owner and manager of the website: https://www.beepclub.institute

4. Purpose of personal data processing

We process personal data mainly for the purposes of employment help, employing, marketing employment possibilities for our clients, attracting potential candidates and HR processes for our clients, training, coaching, staff management, and administrative and legal HR processes. Candidates not chosen in a process of selection will also receive new potential job opportunities. 

We also process personal data for counseling you and your clients, which includes sitting in on the meetings or phone interviews, and for the needs of voluntary psychological evaluations.

We also process data for the purposes of wages, bonuses, travel expanses and other benefits, for the purposes of managing and planning HR capacities, training and developing personnel, and planning promotions and successions.

Data is also proccessed for any potential defense in legal matters and procedures and for the purpose of congruency, which includes congruency with legal demands of state authorities for personal data, congruency with tax procedures, for work safety, etc.. We can use them for internal reports, for revisions and in other legal matters within the scope of normal bussiness activities.

Data can be utilised for improving our services, which includes recognition of troubles with existing services, planning improvements for existing services, devising new services. We can employ surveys for that.

3. Ways and sources for personal data collection

We gather your data from you personally (for example over website, in e-mail, over the phone, in person or any other way), but those are not the only ways of collecting data.

Other ways include:

  • If you personally published personal data, including social media like LinkedIn and other networks, but only if your profile is public.
  • If your personal data was sent to us by your employer who is our client, and we are doing contractual personal data processing for them.
  • You sent us your resume (or CV) during an HR selection process and we can use that data to for example offer you new employment options.
  • Recomendations of your previous coworkers, supervisors or other third persons.
  • Personal data that you personally deliver about third persons (i.e. coworkers, candidates, employers, etc.), like e.g. recomendations or your comments.

However we only want this data if you have the legal grounds for it, and you treat said data in accordance with personal data protection in GDPR and Slovenian legislature about personal data protection.

This personal data is helping us carry out our activities and services and so we can manage our legal bussiness interests.

With your explicit written consent we can also do a background check, including checking your felony records, but only by respecting any measures specified by the legislature.

5. Legal basis for personal data processing

Use of personal data is based on one of the following legal rules:

  • Processing personal data on the ground of explicit consent and is used as the basis in processing that is mandatory and required,
  • processing of personal data for the executing of a contract to which the individual is a party or due to the signing of an employment contract or the implementation of steps for the conclusion of an employment contract or in the case of the implementation of an employment contract,
  • Processing is necessary for fulfilling legal duty, which the manager is under,
  • Data processing is based on legal bussiness interests that include general HR and labour procedures, reveals for the purpose of revision, reports, internal investigations, third party contractual obligations, managing the security of web and informational systems, promotion of bussiness, conducting and managing bussiness, and assuring services to our clients,
  • Processing is necessary for the protection of life interests of the individual, to whom the personal data belongs, or of other physical persons.

Proccessing of the special kind of personal data (e.g. racial, biometric data, data about syndicate membership, medical conditions data, data about religious beliefs, etc.) is always based on the following grounds: when the proccessing is ordered or allowed by the current legislature (e.g. for maintaining congruency with the mandatory diversity reports); when the proccessing is ordered by the legal duty of the authorities in charge of discovering and preventing crime; when the processing is mandatory for enforcing, implementing or defending legal rights; whether we have obtained your prior express consent before the processing of your specific personal data in accordance with applicable law (this legal basis only applies in connection with processing that is completely voluntary – it does not apply to processing that is in any way necessary or mandatory).

5. Legal basis for personal data processing

Use of personal data is based on one of the following legal rules:

  • Processing personal data on the ground of explicit consent and is used as the basis in processing that is mandatory and required,
  • processing of personal data for the executing of a contract to which the individual is a party or due to the signing of an employment contract or the implementation of steps for the conclusion of an employment contract or in the case of the implementation of an employment contract,
  • Processing is necessary for fulfilling legal duty, which the manager is under,
  • Data processing is based on legal business interests that include general HR and labour procedures, reveals for the purpose of revision, reports, internal investigations, third party contractual obligations, managing the security of web and informational systems, promotion of business, conducting and managing business, and assuring services to our clients,
  • Processing is necessary for the protection of life interests of the individual, to whom the personal data belongs, or of other physical persons.

Proccessing of the special kind of personal data (e.g. racial, biometric data, data about syndicate membership, medical conditions data, data about religious beliefs, etc.) is always based on the following grounds: when the proccessing is ordered or allowed by the current legislature (e.g. for maintaining congruency with the mandatory diversity reports); when the proccessing is ordered by the legal duty of the authorities in charge of discovering and preventing crime; when the processing is mandatory for enforcing, implementing or defending legal rights; whether we have obtained your prior express consent before the processing of your specific personal data in accordance with applicable law (this legal basis only applies in connection with processing that is completely voluntary – it does not apply to processing that is in any way necessary or mandatory).

5. Contractual processing of personal data and export of data

For individual processing of personal data on the basis of a contractual processing contract, the company may entrust it to a contractual processor. Contractual processors may process confidential data only on behalf of the controller, within the limits of his authority, which is written in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.Contractual processors with whom the company works with, are mostly:

accounting services and other providers of legal and business advice;

• infrastructure maintainers (video surveillance, security, cleaning services);

• information system maintainers;

• e-mail providers and software providers, cloud services providers (Microsoft, Google);

• providers of social networks and online advertising (Google, Facebook, Instagram, etc.).

Under no circumstances will the company pass on the personal data of an individual to unauthorized third parties.

Contractual processors may process personal data only in accordance with the company’s instructions and may not use personal data for any other purpose.

As a controller and its employees, the company does not export personal data to third countries (outside the European Economic Area – EU member states and Iceland, Norway and Liechtenstein) and to international organizations except the US, with relations with contract processors based on standard contractual clauses (standard contracts adopted by the European Commission) and / or binding business rules (adopted by the organization and approved by EU supervisory authorities).

6. Cookies

The company’s website works with the help of so-called cookies. A cookie is a file that stores the settings of web pages. Websites store cookies on users’ devices that access the Internet in order to identify individual devices and settings that users used to access them. Cookies allow web pages to identify if a user has already visited this website, and with advanced applications, they can be used to adjust individual settings accordingly.

You can read more about cookies on the following page: https://beepclub.institute/en/cookies

Shelf life

The company will only keep personal data for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the company processes the data on the basis of the law, it will keep them for the period prescribed by law. In doing so, some data is kept for the duration of the cooperation with the company, and some data must be kept permanently.

Personal data processed by the company on the basis of a contractual relationship with an individual are kept by the company for the period necessary to perform the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the company. In such a case, the company keeps the data for 10 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful resolution of the dispute.

Those personal data that the company processes on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for deletion, the data shall be deleted within 15 days at the latest. The company may also delete this data before revocation, when the purpose of personal data processing has been achieved or if so provided by law.

A company may exceptionally reject a request for deletion on grounds of the General Regulation, such as: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, implementation or defense of legal claims. After the retention period, the company must delete or anonymize personal data efficiently and permanently so that it can no longer be linked to a specific individual.

10. Data protection and data accuracy

The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected by, among other things, antivirus programs and a firewall. We have put in place appropriate organizational and technical security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In the case of providing special types of personal data, we provide them in encrypted form and password-protected.

It is the individual’s responsibility to provide their personal information securely and to ensure that the information provided is accurate and credible. The company will make every effort to ensure that the personal data we process is accurate and, if necessary, updated, and we may from time to time contact you to confirm the accuracy of your personal data.

8. Personal data protection rights

According to the General Regulation, an individual has the following rights from the protection of personal data. You may:

  • Request information about whether we have personal information about you and, if so, what information we hold and on what basis we hold it and what we use it for.
  • Request access to your personal information, which allows you to receive a copy of the personal information we hold about you and verify that we are processing it legally.
  • You request corrections to personal data, such as the correction of incomplete or inaccurate personal data.
  • You request the deletion of your personal data when there is no reason for further processing or when you exercise your right to object to further processing.
  • You object to the further processing of personal data where we rely on a legitimate business interest (even in the case of a legitimate third party interest) when there are reasons related to your particular situation; notwithstanding the provisions of the previous sentence, you have the right to object at any time if we process your personal data for the purposes of direct marketing.
  • You request a restriction on the processing of your personal data, which means stopping the processing of personal data about you, for example, if you want us to determine their accuracy or check the reasons for their further processing.
  • You request the transfer of your personal data in a structured electronic form to another controller, as far as possible and feasible.
  • Revoke the consent or consent you have given for the collection, processing and transfer of your personal data for a specific purpose; upon receipt of notice that you have withdrawn your consent, we will cease to process your personal data for the purposes you originally accepted, unless we have no other legitimate legal basis for doing so lawfully.

If you wish to exercise any of the aforementioned rights, send a request by e-mail to [email protected] or by regular mail to the address HRM One d.o.o., Finžgarjeva ulica 4, 1000 Ljubljana.

Access to your personal data and exercise of rights is free of charge for you. However, we may charge a reasonable fee if your request for access is manifestly unreasonable or excessive, and especially if it is repeated, we may also refuse the request in such a case.

In the case of exercising the rights under this title, we may need to request certain information from you to help us verify your identity, which is only a security measure to ensure that personal information is not disclosed to unauthorized persons.

In exercising the rights under this title, the individual may use the form of the Information Commissioner, which is available on their website. Link to: https://ip-rs.si.

In the event that an individual believes that his rights have been violated, he can turn to the supervisory authority for protection or assistance, aka to the Information Commissioner. Link to: https://ip-rs.si.

If an individual has any questions regarding the processing of their personal data, they can always contact our company via e-mail at [email protected] or by regular mail to the company’s address.

11. Publication of changes

Any changes to our personal data protection policy will be published on the company’s website: https://beepclub.institute/. By using the website, the individual confirms that he accepts and agrees with the entire content of this personal data protection policy.

The personal data protection policy was adopted by the director Maja Fesel Kamenik.