Effective date: November 25, 2021
Last update: November 2021
MIND BODY HORSEMANSHIP, Nastja Pungracic Sprogar s.p. ("us", "we", "our", "Company") operates this website ("Website" or "Service").
The Company processes personal data under European laws, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("General Regulation") and under Slovenian laws regarding the protection of personal data and related legislation that provides the legal basis for the Company to process personal data.
The Company is the controller of personal data:
Name of the organisation: www.mindbodyhorsemanship.com, MIND BODY HORSEMANSHIP, Nastja Pungracic Sprogar s.p.
Address: Kot 52, 8333 Semic, Slovenia
Contact person for protection of personal data
Individuals, that the personal data pertain to, that have any questions regarding the processing of their personal data and want to exercise their rights under the General Regulation, can contact the contact person for protection of personal data via the following email address:
The definition of personal data includes any information that is connected to an identified or identifiable individual; identifiable individual is an individual that can be directly or indirectly identified, in particular through stated identifiers, such as name, identification number, location data, web identifier, or by stating one or more factors, that acn be contributed to the physical, physiological, genetic, spiritual, economical, cultural, or societal identity of an individual.
The purposes and legal grounds for data processing
The Company is collecting and processing personal data from individuals on the following legal grounds:
- the processing is necessary for meeting the legal obligations of the Company as the controller of personal data
- the processing is necessary for execution of contracts that the individual has entered into with the Company (including, but not limited to, purchase agreements, use of service agreements) or to execute measures requested by an individual before entering into a contract with the Company
- the processing is necessary because of legal interests followed by the controller or a third party
- the individual has consented to his personal data being processed by the Company for one or more specifically predetermined reasons
- the processing is necessary for protection of life interests of the individual the personal data pertains to, or another natural person
Meeting legal obligations
The Company will process personal data to meet all the requirements under existing laws that bind the Company as a controller (for example, tax reporting and other obligations).
Execution of contracts
In case an individual enters into an online contract, the contract represents the legal basis for processing personal data. The Company is therefore allowed to process personal data to enter into and execute contracts, including, but not limited to, purchase agreements and service use agreements, online memberships, event attendance, educational events, promotions, etc.
Unless the individual provides accurate personal data, the Company can not enter into any contracts and will not be able to deliver any products or services covered by the contract.
Within the boundaries of the Company's legally registered and approved business activities, the Company can notify the individuals via their email address about the Company's services, educational or general events, offers and other content.
An individual has the right to request immediate cessation of further notifications by the Company and processing of personal data and withdraw the given consent at any time, using the link found in each email notification sent by the Company, or send a request to email@example.com or mail the request to the Company's address stated above.
The Company can process personal data based on the legal interest that it follows. The latter is not permitted, when the Company's legal interest is superseded by the individual's interests, basic rights, or civil liberties that the personal data that require protection pertain to.
The Company assesses each case of its legal interest in accordance with the General Regulation. When processing of personal data of an individual is done for the purposes of direct marketing, that counts as execution within the Company's legal interest.
The company can process the personal data of individuals that it collected from publicly accessible sources or within the boundaries of its legal business activities, even for purposes of direct offers of goods or services, employments, notifications of events, discounts, etc.
For these purposes, the Company can use regular mail, phone calls, email or other means of communication.
For direct marketing purposes, the Company can process the following individual personal data: name and surname of an individual, permanent or temporary address, phone number and email address.
The stated personal data can be processed for direct marketing purposes even without explicit consent from na individual.
The individual can at any time request the cessation of stated forms of communication and further data processing and withdraw the given and withdraw the given consent using the link found in each email notification sent by the Company, or send a request to the Company's email (firstname.lastname@example.org) or mail the request to the Company's address stated above.
Processing of data based on given consent
If the Company has no legal basis under valid law, contractual obligations or legal interest, the Company can ask an individual for consent to process personal data.
In case of an explicitly given consent by an individual, the Company can process their personal data for the following purposes as well:
- address of temporary or personal residence or an email address for the purposes of notification and communication
- photographs, video clips and other content that pertains to an individual (for example, publishing of the photographs of an individual on the Company's website) with the purpose of documenting activities and notifications of the public about the activities and events of the Company.
- other purposes that the individual gives explicit consent for
If an individual gives explicit consent to process personal data, but decides to withdraw the given consent at any time, they can request the cessation of processing of personal data via email@example.com or mail the request to the Company's address stated above.
Withdrawal of a previously given consent does not affect the legality of the processing of personal data prior to the withdrawal.
Protection of the life interests of an individual
The Company can process personal data of an individual in case that is necessary for the protection of an individual's life interests.
In cases of an emergency, the Company can find a personal document of an individual, or verify the existence of an individual in the Company's data collection, analyze an individual's anamnesis or make contact with relatives, none of which is subject to prior approval/consent from the affected individual.
The company can only act in the stated manner when this as absolutely necessary to protect the life interests of an individual.
Storage and deletion of personal data
The Company will only store personal data until the purpose, for which they were stored and processed, is fulfilled.
In case the company processes personal data based on other grounds stated by the legislation, they will store the data until that is required by the law. In such cases, personal data can either be stored for the duration of interaction or contractual obligations with the Company, or under certain circumstances, permanently.
Personal data that the Company processes under a contractual agreement with an individual, the Company stores for the period necessary to execute the contract and 6 years after the expiry or cancellation of the contract, unless there is a dispute between the individual and the Company regarding the contract.
In case of a contractual dispute, the Company will store personal data for a period of 10 years after the court decision, arbitrage, or court settlement goes into effect, or if the agreement was reached outside of court, for 5 years after the date of agreement.
The personal data that the Company processes based on an individual's explicit consent or legal interest, will be stored until the withdrawal of the consent or a request to delete the personal data in question.
The Company will delete personal data within 15 days of receiving a withdrawal od deletion request.
The Company can delete personal data even before receiving a withdrawal or deletion request, if the purpose for which personal data was gathered was already fulfilled or if that is required by the law.
The Company can deny a request to delete personal data based on the reasons stated in the General Regulation in these cases:
- execution of freedom of speech rights and the right to be informed
- meeting the legal requirements of personal data processing
- grounds of public interest in the area of public health
- purposes of archiving in the interest of the public
- scientific or historical research purposes or statistical purposes
- execution or defense of legal requests
After the period that the Company must store personal data has expired, the data must be efficiently and permanently deleted in a manner that they can no longer be attributed to any individual.
Contractual processing and export of personal data
The Company can outsource individual processing of personal data based on a personal data processing contract with a third-party processor.
Contractual processors that the Company outsources personal data processing may include, but is not limited to:
- accounting services providers and other providers of legal and business consulting
- infrastructure maintainers (video surveillance)
- information systems maintainers
- email services, software, cloud services providers (Microsoft, Google, etc.)
- social media and internet advertising providers (Facebook, Instagram, etc.)
The Company, for the purposes of a better overview and monitoring of data processors and the contractual obligations between them, maintains a list of contractual processors that includes every processor that the Company works with.
Under no circumstances will the Company forward, sell, or share individual personal data with unauthorized third parties.
Contractual processors can only process the personal data provided in accordance with the instructions provided by the Company and can not be used for any other purposes.
The Company as personal data controller and its employees will never export personal data into "third countries" (the countries outside of European Economic Area - EU members, Iceland, Norway and Liechtenstein), international organizations, excluding the United States of America, in case of which the relations and obligations between contractual processors are determined by the standard contractual clauses (typed contracts, accepted by the European Commission) and/or obligatory business rules (that are accepted by the Company and approved by the supervisory authorities in the EU).
We may employ third party companies and individuals to facilitate our Website ("Service Providers"), to provide the Website on our behalf, to perform Website-related services or to assist us in analyzing how our Website is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Website.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Protection and accuracy of personal data
The Company provides the necessary informational security and infrastructure (physical locations, hardware and software).
Our information systems are, among others, protected by firewalls and antivirus software.
We introduced the appropriate organisational and technical security measures with a purpose of protecting personal data before a random or illegal destruction, loss, modification, unauthorized reveal or access, and other illegal and unauthorized forms of data processing.
In case of forwarding certain forms of personal data, we encrypt and/or password-protect them before the transfer.
An individual is responsible for secure transmission of their personal data, their accuracy and authenticity.
The Company will do its best to keep the personal data that it processes accurate and up to date, and for this purpose we may occasionally request an individual's confirmation of accuracy of personal data.
The rights of an individual regarding data processing
In accordance with the General Regulation, an individual has the following data protection rights:
- an individual can request information on whether or not the Company stores their personal data, and if so, which personal data, on what grounds they are stored and the purpose they're being used for
- an individual can request access to their personal data, which allows them to receive a copy of the personal data stored by the Company and to verify if the Company is processing the data legally
- an individual can request changes to their personal data, when the data is incomplete or inaccurate
- an individual can request the deletion of their personal data when there is no legal grounds for further processing or when the individual is exercising their right to object further processing of data
- an individual can object further personal data processing if the Company is stating its legal business interest for processing (even if a legal interest of a third party is in question), when conditions related to an individual's special condition exist
- an individual can object to further personal data processing at any time, if the Company processes personal data for the purposes of direct marketing
- an individual can request a restriction of processing of their personal data, which effectively means cessation of further processing, for example, when an individual wants the Company to verify the accuracy or reasons for further processig of personal data
- an individual can request an export of their personal data in a structured electronic form to a different controller, if such transfer is possible and can be conducted
- an individual can withdraw their consent for collection, processing and transfer of their personal data for a specific purpose: after receiving a notification that the individual has withdrawn their consent, the Company will cease to process personal data for purposes, that it originally collected the data for, unless the Company has another legal basis to keep processing the data legally
If an individual wishes to exercise any of the above stated rights, they can send a request to the Company's email (firstname.lastname@example.org) or mail the request to the Company's address stated above.
The Company will respond to any such requests as soon as possible, but no later than within one calendar month after receiving the request.
In an unlikely case that the Company would have ot extend this deadline considering a possible overwhelm by the complexity and number of such request, you will be notified of an extension of said deadline (that will be extended by no more than two extra months).
Access to personal data of an individual and exercising of the rights pertaining to their personal data if free of any charges.
The only execption to this is charging an individual that the personal data pertain to, a reasonable fee for repetitive and/or unfounded requests, which can even result in a rejection of such request by the Company.
In case an individual wants to exercise any of the above stated rights regarding their personal data, the Company will request that the individual provides information that will help determine the identity of an individual, which is a security measure meant to prevent disclosure of personal data to unauthorized individuals.
When exercising their rights regarding their personal data, an individual can also use a form provided by the Information Commissioner of Slovenia.
In case an individual believes that their rights regarding their personal data have been violated, they can turn to the Information Commissioner of Slovenia for help and protection.
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Publishing of changes
Our Website does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us.
If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Website to you.
We may also collect information how the Website is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from the Website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Website.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data
We use the collected data for various purposes:
- To provide and maintain the Website.
- To notify you about changes to our Website.
- To allow you to participate in interactive features of our Website when you choose to do so.
- To provide customer care and support.
- To provide analysis or valuable information so that we can improve the Website.
- To monitor the usage of the Website.
- To detect, prevent and address technical issues.
Transfer Of Data
Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Disclosure Of Data
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation.
- To protect and defend the rights or property of the Company.
- To prevent or investigate possible wrongdoing in connection with the Website.
- To protect the personal safety of users of the Website or the public.
- To protect against legal liability.
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.