How we protect your privacy

This Privacy Policy (the “Policy”) describes how VIZANO d.o.o. collects, uses, and protects your personal data when you visit vizano.si (the “Site”) or otherwise interact with us in a business‑to‑business context. We built the Site in a “coffee‑without” style: we don’t use cookies, trackers, or any Big Tech code, and we don’t collect data we don’t genuinely need.

1. General provisions and objectives

This Policy is drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), the Slovenian Personal Data Protection Act (ZVOP‑2), the Slovenian Information Security Act (ZInfV‑1), and other applicable legislation. Its goal is to give you a complete picture of what data we process, why, and on what legal grounds.

2. Data controller and scope

The data controller is VIZANO d.o.o., Trg komandanta Staneta 8, 1000 Ljubljana, Slovenia, EU (reg. no. 6449867000, VAT SI95205829). The Site is intended solely for businesses, sole proprietors, and their representatives – it is not aimed at individual consumers.

Controller details:

• Full legal name: VIZANO d.o.o.
• Address: Trg komandanta Staneta 8, 1000 Ljubljana, Slovenia, EU
• Registration number: 6449867000
• Tax number: 95205829
• VAT ID: SI95205829
• General contact: @.

Data Protection Officer (DPO). VIZANO d.o.o. has voluntarily appointed a DPO as the primary contact for all privacy matters. You can reach the DPO at @. . The appointment has been notified to the Information Commissioner of the Republic of Slovenia.

3. Data processing principles

We adhere to the core GDPR principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality.

Categories of data, purposes, and legal bases

We do not collect any data automatically when you browse the Site (see Section 5). Personal data is only processed in the following situations:

Category of Data	Purpose of Processing	Legal Basis (GDPR)
Data you provide when contacting us (B2B): — First Name, Last Name — Email Address — Company Name and Job Title — Phone Number — Content of your message	Processing your inquiry and communicating with you within the framework of existing or potential business (B2B) relations. For example, to answer your question, provide information about our services, or coordinate details of cooperation.	Our Legitimate Interest (Art. 6(1)(f) GDPR), which consists of effective communication with business representatives and maintaining business contacts. We have conducted a “balancing test” and are satisfied that our legitimate interests do not override your rights and freedoms. If communication leads to a contract, the basis for further processing will be Performance of a Contract (Art. 6(1)(b) GDPR).
Data you provide via direct contact (email/phone): — Any personal data you choose to disclose.	Communication and fulfillment of your requests.	Legitimate Interest (Art. 6(1)(f) GDPR) for responding to inquiries. Performance of a Contract (Art. 6(1)(b) GDPR) or Steps prior to entering a contract, if the communication relates to a potential transaction.
Technical data when visiting the Site (see Section 5)	Ensuring the technical functionality of the Site.	Your Consent (Art. 6(1)(a) GDPR) to receive web pages, which you grant by the very act of visiting the Site (technical necessity of processing the IP address for data transmission).

We do not process special categories of personal data (Art. 9 GDPR) and do not use your data for automated decision‑making or profiling.

4. Cookie Policy

Our Site implements a “coffee‑without” approach, which implies a complete rejection of intrusive tracking technologies.

• No Cookies. We do not use first‑party or third‑party cookies, including analytical, advertising, or other tracking cookies. Our Site does not store any information on your device.
• No Personal Data Collection. We do not collect data about your IP address, browser, operating system, or browsing history. We do not compile statistics or analyze visitor behavior on the Site.
• No “Big Tech” Code. Our Site contains no hidden pixels, tracking codes, analytics scripts (e.g., Google Analytics, Meta Pixel), advertising, or social plugins.
• No AI. Our Site does not use artificial intelligence tools for interacting with visitors.
• Local Fonts. All fonts are hosted locally on our server and are not loaded from third‑party resources (e.g., Google Fonts).
• Hosting. Our Site is hosted on the Statichost.eu platform. This is a European (Swedish) static hosting provider that shares our privacy values. Statichost.eu servers are located within the European Union. The provider does not keep access logs and does not store IP addresses of visitors to hosted sites. In providing the hosting service, Statichost.eu acts as a “Data Processor” in relation to us as the “Data Controller”, as confirmed by a corresponding Data Processing Agreement.

5. Transfer of data to third parties and international transfers

We do not sell, trade, or otherwise transfer your personal data to third parties for their own marketing or other purposes. Your data may only be transferred in the following cases:

• Hosting Provider (Statichost.eu): Since our Site is hosted on the Statichost.eu platform, technical processing of the IP address (solely for delivering web pages) is performed by the provider on servers located within the EU. Statichost.eu undertakes not to store this data. All infrastructure, including servers (Hetzner), is located in Europe, and there is no cross‑border transfer of data outside the EEA.
• Legal Requirements: In cases provided for by the legislation of the Republic of Slovenia or the EU, upon official request of authorized state bodies (e.g., court or Information Commissioner).

6. Data retention periods

We store your personal data only for as long as is necessary to achieve the purposes for which it was collected, or for the period prescribed by law. Criteria for determining the retention period include:

• Business correspondence data is stored for 2 (two) years from the date of the last communication, unless a longer retention period is necessary to protect our legitimate interests (e.g., in the event of a dispute).
• Data related to the performance of a contract is stored for 10 (ten) years in accordance with Slovenian accounting and tax legislation requirements.

Upon expiry of the established periods, your data will be permanently deleted or anonymized.

7. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures, taking into account the requirements of the Information Security Act (ZInfV‑1), include:

• Use of HTTPS encryption protocol for data transmission.
• Restriction of data access solely to authorized employees who need it to perform their duties.
• Regular review of our data collection and storage practices.
• Internal Documents: The company has developed and applies internal acts governing data processing and protection procedures, including “Rules on Personal Data Processing”.

8. Data breach notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we undertake to notify the supervisory authority — the Information Commissioner of the Republic of Slovenia — without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, in accordance with Art. 33 GDPR. If the breach is likely to result in a high risk, we will also notify the affected data subjects.

9. Your rights as a data subject

In accordance with the GDPR and ZVOP‑2, you have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): You may request confirmation as to whether we process your data and obtain a copy of that data.
• Right to Rectification (Art. 16 GDPR): You may request the correction of inaccurate or completion of incomplete data.
• Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You may request the deletion of your data if there are no overriding legitimate grounds for its processing.
• Right to Restriction of Processing (Art. 18 GDPR): You may request the temporary restriction of processing of your data.
• Right to Data Portability (Art. 20 GDPR): You may receive your data in a structured, commonly used, and machine‑readable format.
• Right to Object (Art. 21 GDPR): You may object at any time to the processing of your data based on our legitimate interests.
• Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you may withdraw it at any time.
• Right to Lodge a Complaint: If you believe our actions violate your rights, you have the right to lodge a complaint with the supervisory authority — the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec Republike Slovenije).

10. Complaint handling procedure

If you wish to exercise your rights as a data subject or lodge a complaint about our data processing, please contact our DPO at @. . We will consider your request and provide a response within one month of receipt. In exceptional cases, due to the complexity or number of requests, this period may be extended by a further two months, of which we will notify you. If you are not satisfied with our response, you have the right to contact the Information Commissioner of the Republic of Slovenia (contact details provided in Section 9).

11. Processing of minors’ data

Our services and our Site are not intended for persons under the age of 18. We do not knowingly collect or solicit personal data from minors. If we become aware that we have received personal data from a person under 18, we will take steps to delete it immediately.

12. Social media policy

Our Site may contain links to our corporate pages on social networks (e.g., LinkedIn). This Policy does not apply to data processing that occurs on social media platforms. We recommend that you review the privacy policies of the respective social networks. We act as a data controller only with respect to information you provide directly to us through our social media pages.

13. Policy review

We reserve the right to amend or supplement this Policy at any time. The current version of the Policy is always available on our Site. We encourage you to periodically review this page for changes. By continuing to use our Site after changes are posted, you agree to the updated Policy.

14. Final provisions

This Policy enters into force on 14 April 2026. If you have any questions regarding the processing of your personal data, please contact us at the details specified in Section 2 of this Policy.

---

Back to Home