Effective from: 6 July 2026 · Replaces the version dated 25 May 2018
1. Data Controller
The controller of personal data is Infinita d.o.o., Slamnikarska cesta 1c, 1230 Domžale, Slovenia (hereinafter “Infinita” or the “controller”). Contact for data protection matters: info@infinita.si. Responsible person: Beno Stern, Director. A Data Protection Officer (DPO) has not been appointed, as this is not legally required given the scope and nature of our processing.
This policy applies to the website infinita.si and related services. Additional processing notices may apply to the InterventionLogic application and to workshops and are provided when you use those services.
2. What Personal Data We Process
We only process the data we actually need:
- “Let’s collaborate” contact form and call booking: name, e-mail address, message content, and any information you choose to include in your message.
- E-mail and telephone communication: data you provide when communicating with us (name, contact details, content of correspondence).
- Business cooperation data: when a contract is concluded and performed, the data required to deliver the services and issue invoices (business name, address, VAT number, contact persons).
- Server logs: IP address, access time, requested URL, browser type — collected automatically for security and technical operation.
- Cookies and analytics: website usage data (only with your consent — see Section 6).
The website does not require user registration. We do not sell your data and do not share it with third parties for their own marketing.
3. Purposes and Legal Bases of Processing
- Responding to enquiries and arranging cooperation — steps prior to entering into a contract, or the contract itself (Article 6(1)(b) GDPR).
- Providing services (consulting, proposal preparation, project management, workshops, application access) — contract (Article 6(1)(b) GDPR).
- Invoicing and accounting — legal obligation (Article 6(1)(c) GDPR; tax and accounting legislation).
- Security and technical operation of the website (server logs, abuse prevention) — legitimate interest (Article 6(1)(f) GDPR).
- Web analytics and non-essential cookies — your consent (Article 6(1)(a) GDPR), given via the cookie banner and revocable at any time.
- News and event notifications (if you explicitly subscribe) — consent (Article 6(1)(a) GDPR); you can unsubscribe at any time.
4. Recipients and Transfers to Third Countries
Access to data is limited to authorised personnel of the controller and to contracted processors required to operate the services: the hosting provider (servers in the EU), the e-mail service provider, and Google (web analytics — see Section 6). Data processing agreements under Article 28 GDPR are in place with all processors.
The use of Google services may involve transfers of data to the United States. Such transfers are based on the EU-U.S. Data Privacy Framework or on the European Commission’s Standard Contractual Clauses.
5. Retention Periods
- Enquiries and correspondence: until the communication is concluded, or at most 2 years after the last contact, unless business cooperation begins.
- Contractual documentation: 5 years after termination of the contract (limitation periods).
- Invoices and accounting records: 10 years (legal obligation).
- Server logs: up to 6 months.
- Analytics data: up to 14 months (Google Analytics setting).
- Consents: until withdrawn; we keep a record of the withdrawal to demonstrate compliance.
6. Cookies and Web Analytics
On your first visit, the consent management banner (Compliance by Hu-manity.co) asks for your consent to non-essential cookies. Essential cookies (required for the site to function and to store your cookie preferences) are used on the basis of legitimate interest and do not require consent. Analytics cookies (Google Analytics 4) are only loaded after you give consent; we use Google Consent Mode v2, which means no analytics data is collected without your consent.
You can change or withdraw your consent at any time via the cookie settings on the website or by deleting cookies in your browser. Declining non-essential cookies does not limit your use of the website.
7. Your Rights
Under the GDPR and the Slovenian Personal Data Protection Act (ZVOP-2) you have the right of access to your data (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), objection to processing based on legitimate interest and to direct marketing (Article 21), and the right to withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal (Article 7(3)).
Please send requests to info@infinita.si. We will respond without undue delay and at the latest within one month. If you believe the processing infringes the law, you have the right to lodge a complaint with the supervisory authority: Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, gp.ip@ip-rs.si, www.ip-rs.si.
8. Automated Decision-Making and Profiling
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals (Article 22 GDPR).
9. Data Security
We protect data with appropriate organisational and technical measures (encrypted HTTPS connection, restricted access, software updates, backups). The website contains links to external sites (e.g. official EU funding portals, interventionlogic.eu); their own privacy policies apply to any processing they perform.
10. Minors
The website and services are not intended for persons under 15 years of age, and we do not knowingly collect their data.
11. Changes to This Policy
We may update this policy; the current version with its effective date is always published on this page. In the event of material changes, we will inform users with whom we actively cooperate in an appropriate manner.