← Back SL

Privacy Policy

Last updated: 1 April 2026

1. Data Controller

The controller of personal data is PROVENIO, grafično oblikovanje, d.o.o., Mestni trg 10, 1000 Ljubljana, Slovenia, registration number: 9367527000, tax number: SI34009965 (hereinafter: “Provenio”, “we”, or “us”).

For any questions regarding privacy, please contact us at: info@provenio.si

Provenio has not appointed a Data Protection Officer (DPO), as this is not required given the nature and scope of our data processing. For any questions regarding the protection of personal data, please contact us at the email address above.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Contact data — name, email address, and the content of messages you send us via the contact form or email.
  • Website usage data — visit analytics (number of visitors, page views, time on site, traffic sources), collected via Google Analytics only if you consent to the use of cookies.
  • Technical data — IP address (in anonymized form), browser type, operating system, and screen resolution, processed exclusively to ensure the operation and security of the website.

3. Purpose and Legal Basis of Processing

We process your personal data on the following legal bases:

  • Legitimate interest (Article 6(1)(f) GDPR) — to ensure the operation of the website, improve user experience, and protect against misuse.
  • Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR) — when you contact us with the intention of entering into a business relationship.
  • Consent (Article 6(1)(a) GDPR) — if you explicitly consent to certain processing activities (e.g., receiving newsletters).

Providing personal data (e.g., via the contact form) is not a statutory or contractual obligation. If you do not provide data, there will be no legal consequences; however, we may not be able to respond to your inquiry or provide our services.

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

4. Cookies

When you first visit our website, a cookie consent banner is displayed. Analytics cookies are not set unless you explicitly accept them. If you decline or ignore the banner, no tracking cookies are placed.

Cookies we use:

  • provenio_consent — stores your cookie consent choice (accepted/declined). Duration: 1 year. This cookie is essential for remembering your preference and does not require consent.
  • _ga, _ga_* — Google Analytics cookies used to distinguish visitors and track site usage. Duration: up to 2 years. These cookies are set only after you accept analytics cookies via the consent banner.

You can withdraw your consent at any time by clearing cookies in your browser settings. On your next visit, the consent banner will appear again.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

  • Contact data from inquiries: 2 years after the last contact, unless a business relationship is established.
  • Website usage data: aggregated and anonymized — does not allow identification of individuals.

6. Sharing Data with Third Parties

We do not sell, rent, or share your personal data with third parties for commercial purposes. We may share data exclusively with:

  • Service providers — Cloudflare Inc. (hosting), Google LLC (analytics, fonts), and other providers who are contractually bound to protect your data.
  • Competent authorities — when required by law or court order.

7. Data Transfers Outside the EU/EEA

Certain third-party services (e.g., Cloudflare, Google) may process data outside the European Economic Area. In such cases, we ensure appropriate safeguards in accordance with Article 46 GDPR, including standard contractual clauses or adequacy decisions.

8. Your Rights

In accordance with Regulation (EU) 2016/679 (GDPR), you have the right to:

  • Access — request access to the personal data we process about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Restriction of processing — request restriction of processing in certain circumstances.
  • Data portability — request transfer of your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

Please address your requests to info@provenio.si. We will respond to your request within 30 days.

If you believe your privacy has been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (www.ip-rs.si).

9. Automated Decision-Making and Profiling

Provenio does not carry out automated decision-making or profiling within the meaning of Article 22 GDPR that would produce legal effects or similarly significantly affect you.

10. Data Security

We employ appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure. Among other measures, we use encrypted connections (HTTPS/TLS), secure hosting, and restricted data access.

11. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with the date of the last update indicated. We recommend that you check this page regularly.