The IEDC–Bled School of Management, with its registered office at Prešernova cesta 33, 4260 Bled, Company Identification No: 1197843, VAT Identification No.: SI11537094, as data controller for the IEDC-Bled School of Management and IEDC-Bled School of Management, Postgraduate Studies provides you with this Notice to explain how we process and protect your personal data.
We provide this Notice to you at the commencement of our interaction through our website.
What processing is covered by this Notice?
This Notice applies to personal data processing of our clients, leads and visitors of our website.
What information we collect about you
We collect and process your personal data when you interact with us (for example, information that you provide us by filling in Application forms for programmes and programme interests on paper or internet or by corresponding with us by phone, e-mail or otherwise). The information you give us may include your name, address, e-mail address and phone number, employer and position, your interests and prior attendance.
Each time you visit our website we automatically collect the following data:
- Technical data, including [the Internet protocol (IP) address used to connect your computer to the Internet,], [browser type and version,] [time zone setting,] [browser plug-in types and versions,] [operating system and platform,] …;
- Data about your visit, including [the full Uniform Resource Locators (URL),] [clickstream to, through and from our website (including date and time),] [products you viewed or searched for,] [page response times,] [download errors,] [length of visits to certain pages,] [page interaction information (such as scrolling, clicks, and mouse-overs),] [methods used to browse away from the page,].
How we use your personal data and under what legal basis
We process your personal data where we need to perform a contract we have entered into with you; where we need to comply with a legal obligation (for example, laws related to employment, accounting, auditing, equal opportunities monitoring); where it is necessary for our legitimate interests (or those of a third party) and your interests (for example, for the detection and prevention of fraud or ensuring network and IT security) unless your fundamental rights override those interests; where it is necessary to protect your vital interests (or someone else’s vital interests); and/or where it is necessary in the public interest or for official purposes.
We process your personal information for various technical, administrative and operational reasons, such as to ensure that content is presented in the most effective manner for you and for your computer. To improve our website including its functionality. For administration of our website; for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and as part of our efforts to keep our website safe and secure.
In some cases, we will only process your personal data with your consent. In these cases, we will separately ask for your clear consent when you provide your personal data. You will be then able to withdraw your consent at any time via email or post. However, this will not affect the lawfulness of processing based on consent before its withdrawal.
Where we request personal data to comply with legal or contractual obligations, then provision of such personal data is mandatory. This means that if such personal data are not provided, then we will not be able to manage our contractual relationship, or to meet obligations imposed on us. In all other cases, provision of personal data is optional and you are not obliged to provide them.
We process your personal data also for the purpose of potential enforcement of our rights or claims against you in the future. This processing is based on our legitimate interest as we need to enforce our rights in potential disputes. We will keep these personal data for the period necessary for the purpose of this processing activity but not longer than a reasonable period after the expiry of the applicable statutory limitation period.
How and to whom we disclose your personal data
We do not sell your personal data to third parties.
- Within Company, only limited number of personnel has access to your personal data on a need-to-know basis. Company's personnel are subject to confidentiality obligation about personal data and measures taken for their protection. They are only entitled to handle personal data upon Company's instructions and if necessary in connection with their job responsibilities.
- Your personal data may also be disclosed to third parties including:
- Service providers that provide administrative, professional and technical support to Company for IT, security and business resources support.
- Company will also share personal data with external advisors (e.g., lawyers, accountants, auditors) if necessary.
Company seeks to exercise appropriate due diligence in the selection of its third party service providers, and require (by contract or otherwise) that such service providers maintain adequate technical and organizational security measures to safeguard personal data, and process the personal data only as instructed by Company. Service providers will be entitled to use subcontractors and to transfer personal data to such subcontractors when assisting the service provider in providing the services to Company, subject to the service provider complying with the same data protection obligations as the service providers.
Storage of your personal data and transfers abroad
Your personal data which we collect is stored within the European Economic Area (“EEA”). The data may be transferred to, and stored at, a destination outside the EEA. If this occurs it will also be processed by one of our third party suppliers. Personal data will only be transferred outside the EEA where adequate protections are in place.
You may request us for a copy of your personal data and/or to correct it. In certain circumstances, you have the right to require us to erase your personal data or to transfer it to other organizations. You also have rights to object to some processing of your personal data (for example, to the use of processing for direct marketing purposes). Where we have asked for your consent to process your personal data, you have the right to withdraw this consent. Where we process your personal data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. You also have the right to restrict processing of your personal data in certain circumstances.
These rights may be limited in some situations; for example, where we can demonstrate that we have legitimate grounds to process your personal data. You will need to verify your identity and provide us with other details to help us to respond to your request.
If you wish to exercise these rights, please contact us via the contacts mentioned below. We hope that we can satisfy any queries that you may have about the way we process your personal data. However, if you have unresolved concerns you also have the right to complain to the relevant data protection authorities. You can bring the complaint in the Member State where you reside, where you work or where the alleged infringement of data protection law occurred.
How long we keep your personal data and data security
We retain your personal data for no longer than is necessary to carry out the purposes listed in this Notice and/or as required by applicable law and/or as required to enforce our legitimate rights (and the legitimate rights of others). We can process any of your personal data which has been anonymized without further notice to you.
Where we process your personal data based on your consent, such personal data will only be processed for the period granted by your consent unless you withdraw or limit your consent prior to expiration of such period. In such cases, we will stop processing the affected personal data for relevant purposes, subject to any legal obligation to process such personal data and/or our need to process such personal data for the purpose of enforcing our legitimate rights (including the legitimate rights of others).
We store your data on our secure servers inside the organization and in the cloud of our service providers where adequate protections are in place.
The transmission of data via the internet is not completely secure. Although we will do our best to protect your data we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access.
Cookies and Social Media Widgets
If you have any questions or concerns about processing of your personal data, or if you wish to exercise any of your rights, please contact us by phone at +386 (0)4 57 92 500, by e-mail at firstname.lastname@example.org.
Last update: May 2018
Company may update this Notice from time to time. Changes will be posted on our website. Please review this Notice periodically for any changes.