Privacy policy for the implementation of data collection projects

Last amendment: 15-10-2021

The Privacy Policy lays down the method in which the company Valicon, trženjsko svetovanje in raziskave d.o.o., Kopitarjeva ulica 2, 1000 Ljubljana (hereinafter “Valicon”) obtains, stores and uses the personal data acquired within the scope of the research studies conducted as part of its activities, other than the research conducted within the scope of the Jazvem web panel, for which other rules have been adopted. The effective date of this Privacy Policy is 21 June 2018.

You are kindly asked to read the Privacy Policy carefully.

1. About us

The personal data controller is the company Valicon, trženjsko svetovanje in raziskave d.o.o., Kopitarjeva ulica 2, 1000 Ljubljana.
If you have any questions, you can contact us by sending an email to [email protected] or calling us at +386 1 420 49 08.

2. How your personal data is obtained

Your personal data is obtained within the scope of different data collection projects (e.g. within the scope of field, telephone, qualitative, online and other research studies). Your personal data is obtained and processed on the basis of your written or electronic consent.

3. What types of personal data are collected or obtained about you

Depending on methodology and other requirements for a specific project, we collect the following personal data:

1. contact information (e.g. name and surname, contact phone number, email address, etc.),
2. survey data obtained as answers within the scope of research studies,
3. the data required for keeping records of the disbursement of prizes to research participants,
4. audio, video and other electronic records for the purposes of qualitative research,
5. web browser properties.

4. How your personal data is used (purposes of processing)

Your personal data may be used for one or more of the following purposes:

• in relation to your participation in data collection projects for our clients or for use in our own research studies based on your written or electronic consent;
• to establish contact in relation to the execution and coordination of a particular research study, for keeping a record of research participants and for the purposes of verifying interviewers. The latter is required for proper implementation of a research study to which you agreed by giving consent;
• to keep a record of the disbursement of prizes to research participants;
• to protect Company operations and business interests, including for the verification of past experiences and fraud prevention. The latter is required for the protection of the Company’s legitimate interests to prevent criminal activities, such as fraud, and to protect Company operations. Such checks will only be conducted if permitted under the law;
• to communicate with the Company’s business advisers and legal representatives. The latter is required for the Company’s legitimate interests to obtain legal or expert business advice, whereas the Company will forward your personal data, if required, in the smallest extent necessary and in an anonymised form, where possible;
• to share personal data with third parties (hereinafter “sub-processors”) that are related with the Company in terms of service provision, such as the Company’s clients, group companies, independent providers, email providers and providers of various ICT services. Personal data may, for example, be sent to sub-processors for the purposes of data processing services or for sending information that you requested or for conducting interviews for market research projects. Such data will be sent or, rather, made available only to the extent necessary for a particular purpose. When sharing your personal data, we will do so consistently based on the need to know, pursuant to the relevant confidentiality restrictions, on an anonymised basis, if possible, and only to the extent necessary for any of such purposes;
• to enforce the Company’s legal rights and compliance with laws, regulations and other legal requirements. The latter is necessary for the Company legitimate interest to protect its operations and enforce its contractual and other legal rights. For the provision of physical, network and information security and integrity. The latter is necessary for the Company’s legitimate interest to provide a safe and uncompromised IT system and networks, including data backup and storage, preventing malware, viruses, errors or other malicious codes, preventing unauthorised access to the Company systems and all forms of attacks or defects to the Company IT systems and networks. The Company may have to use and process your personal data in order to comply with the legal requirements it needs to observe. For example, the Company may request that you submit certain personal data to the court upon the receipt of a court order. Your personal data may also be required to comply with the applicable legal requirements, such as tax legislation and other regulations binding the Company;
• for statistical and research purposes. The data will either undergo pseudonymisation or be used for the legitimate interests of personal data processing for research purposes;
• in relation to any legal dispute or proceedings. The latter is required for the Company’s legitimate interest to promote and ensure successful Company operations, resolve disputes and provide such disclosures as required under the law or which are believed to be reasonable under the law.

When your personal data is processed on the basis of your consent, you may cancel the consent given at any time by sending an email to this email address, protected against littering. If you wish to see it, you must enable Javascript. The effective date of such a cancellation is 30 working days following the date on which your request is received.

5. The processing of personal data of a child

Data about children aged under 15 will not be collected or processed if no consent is received from parents pursuant to the applicable legislation. If we establish that data about a child has been collected unintentionally, such data will be deleted immediately.

6. The processing of sensitive data

In some cases, and for the purposes laid down in the consent to participate in a particular data collection project in which you take part as a participant, the Company may process special categories of personal data about you (“sensitive data”). Your sensitive data may also be processed if you have given your voluntary, express and separate consent in the specific context for the specific purpose.

7. Personal data storage and processing period

Valicon stores your personal data on its own servers. Your personal data is stored until your cancellation or expiry of the period laid down in the consent to processing that you have given. Ordinarily, the personal data received from you will be deleted if it is no longer relevant to the attainment of purposes for which it was collected. In the event of a request for the deletion of data, the data will be deleted within the statutory period (30 days).

If you wish to receive more information about where and for how long your personal data is stored and for more information about your right to the deletion and portability of personal data, please contact us at [email protected].

8. How your personal data is protected

The Company has adopted appropriate technical and organisational measures to secure your personal data and protect it against unauthorised or illegal use or processing and against accidental loss, destruction or damage to your personal data, including:

– the principle of data minimisation and processing on the basis of pseudonymisation, where possible;
– training Company employees about the importance of confidentiality and keeping your data confidential and safe;
– commitment to the adoption of the relevant disciplinary actions to enforce employee responsibility as regards privacy;
– continuous and comprehensive updating and testing of the Company security technology;
– prudent and responsible selection of Company sub-processors;
– the use of safe servers for the storage of your personal data;
– the appointment of a data protection officer;
– a request to prove the identity of each individual requesting access to personal data.

9. Web plug-ins and other Internet technologies
10. a) YouTube

The Company website uses YouTube plug-ins that are managed by Google. The webmaster is You Tube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a Company web page that uses a YouTube plug-in, a link with YouTube servers will be established. YouTube is, therefore, informed of the Company web page that you have visited.

If you have logged in to a YouTube account, YouTube will allow you to link your browsing behaviour directly with your personal profile. That may be prevented by logging out of your YouTube account.

YouTube helps us make the Company website attractive. That is a legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (hereinafter “GDPR”).

Additional information on user data handling is available in the YouTube Data Protection Statement

https://www.youtube.com/static?template=privacy_guidelines

1. b) Google Maps

The Company website uses the Google Maps mapping service via API. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

If you wish to use Google Maps, your IP address must be stored. Such information is ordinarily transferred to a Google server in the USA and stored there. The site provider has no control over such data transfer.

The use of Google Maps is in the Company’s interest to make its website attractive and facilitate the location of places that you specify for us on the website. That is a legitimate interest pursuant to Article 6(1)(f) of GDPR. Additional information on user data handling is available in the Google Data Protection Statement at https://policies.google.com/privacy?hl=sl.

10. How cookies and similar technologies are used

A cookie is a small amount of data that the website installs on your computer and receives every time you access some other document on the same website. Cookies are primarily used to enable the identification of each user or separate them from a mass of other users using the website at the same time. It is, therefore, a computerised means to establish identity.

Some cookies are deleted as soon as you close the browser. Such cookies are called session or transient cookies, since they last only as long as a particular session lasts and are no longer stored after the end of the session. Such cookies ordinarily contain only an identification code recognised by the website that installed the cookies.

Other cookies have a specified lifespan or validity period and are used to establish whether you have already logged in to a particular website or to store information about certain settings, e.g. language selection.

Each website may access only those cookies that have been stored by that website and cannot access other website data.

Some or all cookies that are used may be rejected by changing the browser settings; however, that may reduce your ability to use the Company website or some or all of its functions. Additional information about cookies, including how to change browser settings, is available at www.allaboutcookies.org

1. a) The online survey system (net) uses cookies for proper and safe functioning and the improvement of the user experience. The lifespan of individual cookies is limited to the term of the survey or session and to the time foreseen for the completion of a questionnaire (as a rule 5 minutes by default).

The two cookies for a particular survey are named WSS__HEADERS__AI__XXX and WSS__SESSION__ID __XXX, whereby XXX constitutes the identification of the survey to which the cookies refer.

1. b) Google Analytics

The Company website uses the Google Analytics service to conduct web analytics. The latter is managed by the company Google Analytics, which uses the so-called cookies. The data obtained by a cookie regarding your use of the website is ordinarily transferred to a Google server is the USA and stored there.

Google will use such information to calculate your use of the website, complete reports about website activities for webmasters and to render other services relating to the use of websites and the Internet. Google may forward such information to third parties if so laid down under the law or if third parties process such data by order of Google. Google will not link your IP address with other Google data.

Google Analytics cookies may be disabled at the following link https://tools.google.com/dlpage/gaoptout . If you decide not to accept certain cookies, you will not be able to use certain functions on the Company website. If you decide not to receive personalised ads, it means that you may be shown ads on the Internet, but such ads will not be tailored to your wishes and browsing patterns.

More about Google privacy rules is available at https://policies.google.com/privacy?hl=sl.

Google Analytics cookies are stored on the basis of Article 6(1)(f) of GDPR. The Company has a legitimate interest to analyse user behaviour in order to optimise its website and advertising on the website.

1. c) Google reCAPTCHA

In order to ensure adequate data security in data entries on the Company website, the Company in certain cases uses the Google reCAPTCHA service as provided by the company Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “reCAPTCHA”).

The latter is used primarily to distinguish whether an entry on the Company website (e.g. via a contact form) is made by a natural person or is subject to an abuse by way of automated or automatic entry. The service includes sending IP addresses and all other data needed by Google for the reCAPTCHA service (e.g. information about which pages you have seen, the time of your visit to a web page and the links you clicked).

The analysis conducted by reCAPTCHA is carried out entirely in the background. Visitors to the Company website are not warned that the relevant analysis is being conducted.

More about reCAPTCHA and Google privacy rules is available at: https://www.google.com/recaptcha/intro/v3beta.html and https://policies.google.com/privacy?hl=sl.

Data processing by reCAPTCHA is conducted on the basis of Article (6)(1)(f) of GDPR. As the webmaster, the Company has a legitimate interest to protect its website against malicious automated entries and undesired email (SPAM).

11. International transfers of personal data

If your personal data is transmitted outside the European Economic Area, the Company will do so upon prudent examination of the relevant legal bases and security measures, such as:

– data protection policies known as “Binding Corporate Rules” or “BCRs”;
– standard contract clauses as adopted by the European Commission or the Information Commissioner and confirmed by the European Commission under the relevant law;
– code or codes of conduct that are prepared by an association or some other body approved by the Information Commissioner;
– approved certification mechanisms
– or where permitted by the Information Commissioner, contract clauses between the data controller or processor and the data controller, processor or recipient in a third country or international organisation.

12. The rights of a data subject

You are hereby informed of the following rights relating to your personal data, which you may exercise by sending an email at  This email address is protected against littering. If your wish to see it, please enable Javascript. and

– requesting access to your personal data and information regarding the Company’s use and processing of your personal data;
– requesting the rectification or deletion of your personal data;
– requesting that the use of your personal data be restricted;
– requesting your personal data provided to the Company, which will be delivered in a structured and machine-readable form (e.g. an Excel spreadsheet), and the right to transfer such personal data to some other personal data controller;
– objecting to the processing of your personal data for certain purposes (for further information please see the section below entitled “Your right to object to the processing of your personal data for specific purposes”);
– and withdrawing your consent to the Company’s use of your personal data that is based on your consent. If you withdraw your consent, this will not prejudice the legality of the Company’s use and processing of your personal data based on your consent prior to the withdrawal of your consent.

You also have the right to file a complaint to the supervisory body, which is the Information Commissioner in the Republic of Slovenia, whose contact information is available here: https://www.ip-rs.si/kazalo-kontakt -iskalnik/kontakt/ .

Additional information about your rights relating to your personal data, including certain restrictions applicable to some of such rights, is available in Articles 12 to 23 of GDPR, which is available here: http://ec.europa.eu/pravosodje/varstvopodatkov/reform/files/regulation_oj_en.pdf .

13. Your right to object to the processing of your personal data for specific purposes:

You have the following rights relating to your personal data, which you may exercise in the same manner as indicated in the previous chapter (your rights relating to your personal data):

– objecting to the use or processing of your personal data, when the latter is used or processed to complete a task in the public interest, if your personal data is processed for the purposes of the Company’s legitimate interests, including “profiling” (e.g. predicting your behaviour based on your personal data) based on any of such purposes; and
– objecting to the processing of your personal data for the purposes of direct marketing (including any automated assessment that is made about you or any of your characteristics as a person, if related with such direct marketing).

14. Amendments to the Company’s Privacy Policy

The Company’s Privacy Policy may be amended from time to time. Upon each consent to participate in a data collection project, you will be informed of the address where the latest version of the Company’s Privacy Policy is published.
When the Company intends to use your personal data for a new purpose, you will receive information about such a purpose and any other important information before your personal data is used for such a new purpose.

15. Data protection officer

The Data Protection Officer is Vesna Stanković, whom you may contact at [email protected].