Legal Documentation
Privacy Policy
This Privacy Policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, "GDPR") and the Slovenian Personal Data Protection Act (Zakon o varstvu osebnih podatkov, "ZVOP-2"). It applies to all personal data processed in connection with this website. Please read it carefully before submitting any personal information.
Scope & Data Controller
This Privacy Policy governs the collection, processing, storage, and disclosure of personal data obtained through the operation of this personal website ("the Website"). The Website serves as a personal portfolio, research, and knowledge-sharing platform.
The data controller responsible for the processing of personal data collected through this Website is an individual operating in a personal capacity, domiciled in Ljubljana, Republic of Slovenia, within the European Economic Area. Inquiries regarding data controllership may be submitted via the contact mechanism described in Article 13.
This policy applies to all visitors, users, and individuals who interact with the Website, including those who submit data via the contact form or feedback survey. It does not apply to third-party websites that may be linked to from this Website.
Legal Basis for Processing
All personal data is processed on one or more of the following legal bases as prescribed by Article 6 of the GDPR:
| Processing Activity | Legal Basis | GDPR Reference |
|---|---|---|
| Contact form submissions | Legitimate interest / Consent | Art. 6(1)(f) / Art. 6(1)(a) |
| Feedback survey responses | Consent | Art. 6(1)(a) |
| Technical server logs | Legitimate interest | Art. 6(1)(f) |
| Functional cookies | Legitimate interest | Art. 6(1)(f) |
Where processing is based on consent, you retain the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. Withdrawal requests may be submitted via the mechanism described in Article 13.
Categories of Data Collected
The following categories of personal data may be collected in connection with the operation of this Website:
- Identity data: Full name, as voluntarily submitted through the contact form.
- Contact data: Email address, as voluntarily submitted through the contact form.
- Communication data: The content of messages and inquiries submitted via the contact form, including the selected subject matter.
- Survey data: Anonymous ratings, topic preferences, and optional free-text responses submitted via the feedback survey.
- Technical data: IP address, browser type and version, device type, operating system, referring URLs, and pages visited — collected automatically via server infrastructure.
- Preference data: Interface settings such as display theme and language selection, stored via cookies or local storage.
No special categories of personal data within the meaning of Article 9 GDPR — including but not limited to data concerning health, racial or ethnic origin, political opinions, religious beliefs, or biometric data — are collected or processed through this Website.
Purposes of Processing
Personal data is processed exclusively for the following specified, explicit, and legitimate purposes in accordance with Article 5(1)(b) GDPR:
- Responding to and managing inquiries submitted via the contact form.
- Analysing aggregated and anonymised feedback survey data for the purpose of improving Website content, structure, and usability.
- Maintaining the security, integrity, and technical operation of the Website through server log analysis.
- Retaining user interface preferences between sessions to improve the user experience.
Personal data will not be used for automated decision-making or profiling within the meaning of Article 22 GDPR, nor for any purpose incompatible with those stated above. Data will not be used for direct marketing, behavioural advertising, or any commercial purpose.
Storage & Security
Personal data submitted through the contact form and feedback survey is transmitted via Transport Layer Security (TLS) encrypted SMTP and delivered to a private, access-controlled email inbox. No submission data is persisted in an external database, customer relationship management system, or third-party data storage platform.
The Website is hosted on infrastructure operated by Vercel Inc., which applies technical and organisational security measures including HTTPS/TLS encryption, access controls, and infrastructure-level security monitoring. The data controller implements additional precautions consistent with the nature and volume of data processed.
Notwithstanding the above, no method of electronic transmission or storage can be guaranteed to be unconditionally secure. In the event of a personal data breach likely to result in a high risk to the rights and freedoms of natural persons, affected data subjects will be notified in accordance with Article 34 GDPR.
Third-Party Data Processors
Personal data is not sold, licensed, rented, or otherwise commercially disclosed to third parties. Limited technical data is processed by the following sub-processors solely to the extent necessary for the operation of the Website:
| Processor | Purpose | Jurisdiction |
|---|---|---|
| Vercel Inc. | Website hosting, content delivery, and server infrastructure | United States (SCCs apply) |
| Google LLC (Gmail/SMTP) | Encrypted transmission of contact and feedback form submissions | United States (SCCs apply) |
Each processor is bound by contractual data processing agreements and their respective privacy policies. Transfers to processors established outside the European Economic Area are subject to appropriate safeguards as described in Article 10.
Personal data will be disclosed to public authorities or law enforcement bodies only where required to do so by applicable law, and solely to the extent mandated by such legal obligation.
Retention Periods
Personal data is retained only for as long as is necessary to fulfil the purposes for which it was collected, in accordance with the principle of storage limitation under Article 5(1)(e) GDPR.
| Data Category | Retention Period | Basis |
|---|---|---|
| Contact form submissions | Maximum 24 months from receipt | Operational necessity |
| Feedback survey responses | Maximum 12 months from submission | Analytical purpose |
| Server / technical logs | Maximum 90 days | Security & integrity |
| Preference data (cookies) | 30 days or until manually cleared | User experience |
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised such that re-identification is not reasonably possible.
Data Subject Rights
As a data subject under the GDPR, you are entitled to exercise the following rights in respect of your personal data. Requests must be submitted in writing via the mechanism described in Article 13 and will be responded to within 30 calendar days in accordance with Article 12 GDPR.
Right of Access
Obtain confirmation of whether your personal data is being processed and receive a copy thereof. (Art. 15 GDPR)
Right to Rectification
Request correction of inaccurate or completion of incomplete personal data. (Art. 16 GDPR)
Right to Erasure
Request deletion of your personal data where no legitimate ground for continued processing exists. (Art. 17 GDPR)
Right to Restriction
Request that processing of your data be restricted to storage only in specified circumstances. (Art. 18 GDPR)
Right to Portability
Receive your personal data in a structured, commonly used, machine-readable format. (Art. 20 GDPR)
Right to Object
Object to processing based on legitimate interest on grounds relating to your particular situation. (Art. 21 GDPR)
Where processing is based on consent, you additionally retain the right to withdraw consent at any time pursuant to Article 7(3) GDPR, without prejudice to the lawfulness of processing carried out prior to withdrawal.
International Data Transfers
Certain sub-processors identified in Article 06 are established in the United States of America, which is not recognised by the European Commission as providing an adequate level of data protection equivalent to that guaranteed within the European Economic Area.
Transfers to such processors are carried out subject to appropriate safeguards pursuant to Article 46 GDPR, specifically the Standard Contractual Clauses adopted by the European Commission. Vercel Inc. and Google LLC participate in data transfer frameworks and maintain Standard Contractual Clauses as part of their data processing agreements.
Minors
This Website is not directed at children under the age of 16 years. Personal data of individuals under the age of 16 is not knowingly collected or processed. If it comes to the attention of the data controller that personal data has been submitted by an individual under the age of 16 without verifiable parental or guardian consent, such data will be deleted promptly upon notification.
If you believe that a minor has submitted personal data through this Website, please notify the data controller via the mechanism described in Article 13.
Policy Amendments
This Privacy Policy may be revised periodically to reflect amendments in applicable law, changes to the technical infrastructure of the Website, or updates to data processing practices. The version number and date of most recent amendment are indicated at the head of this document.
Material amendments to this policy will be indicated by an updated effective date. Continued use of the Website following the publication of an amended policy constitutes acceptance of the revised terms. Users are encouraged to review this page periodically. Prior versions of this policy are available upon written request.
Contact & Supervisory Authority
All requests relating to the exercise of data subject rights, withdrawal of consent, data breach notifications, or general inquiries regarding this Privacy Policy should be submitted in writing via the contact form on this Website. Requests will be acknowledged within 72 hours and responded to substantively within 30 calendar days.
Without prejudice to any other administrative or judicial remedy, you retain the right to lodge a complaint with the competent supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement. In the Republic of Slovenia, the competent supervisory authority is:
Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) Dunajska cesta 22, 1000 Ljubljana, Slovenia Web: www.ip-rs.si
Legal Documentation
Privacy Policy
All requests relating to the exercise of data subject rights, withdrawal of consent, data breach notifications, or general inquiries regarding this Privacy Policy should be submitted in writing via the contact form on this Website. Requests will be acknowledged within 72 hours and responded to substantively within 30 calendar days.