Privacy policy

At Denis Harl s.p., Ulica Zofke Kukovič 15, Miklavž na Dravskem polju, 2204 Miklavž na Dravskem polju (hereinafter referred to as the provider), we handle personal data in accordance with the Personal Data Protection Act, the General Data Protection Regulation (GDPR), and our internal policy, which governs the processing of personal data, procedures, and security measures, as well as accountability and oversight in data processing. With this statement, the provider establishes the policy for the collection, use, and protection of personal data of users of the provider’s services.

Definition of terms:
Personal data – Any data relating to an individual, regardless of the form in which it is expressed.
Individual – A specific or identifiable natural person to whom personal data relates.
Contractual processor – A natural or legal person who processes personal data on behalf of and for the account of the data controller.
User of personal data – A natural or legal person or other entity in the public or private sector to whom personal data is disclosed or provided.
Data controller – A natural or legal person or other entity in the public or private sector who alone or together with others determines the purposes and means of personal data processing, or an entity designated by law that also determines the purposes and means of processing.
Personal consent of an individual – A voluntary declaration of intent by an individual that allows their personal data to be processed for a specific purpose, given based on the information provided by the controller under this law; personal consent can be written, verbal, or another appropriate form of consent.
Anonymization – A modification of personal data so that it can no longer be linked to an individual or can only be linked with disproportionate effort, cost, or time expenditure.

What data do we collect?
When ordering certain types of services, we may request the following personal data, which may include but are not limited to:
– First and last name
– Address (Street, house number, city, and country)
– Email address
– Telephone number
– IP address

We also collect company information, which is not considered personal data, as it is publicly available in the AJPES central business database.
This information includes but is not limited to:
– Company name
– Company phone number
– Company address
– Company tax number

How do we use personal data?
We use personal data to provide services and comply with the applicable legislation required for companies registered in Slovenia. We may use your personal data for marketing and informational purposes, but only if you have explicitly and unequivocally consented to it.

Purposes for using personal data:
Personal data may be used for the following purposes:
– Providing and maintaining our services
– Performing our services
– Issuing offers/pro forma invoices/invoices
– Providing customer support
– Detecting, preventing, and resolving technical issues

Consent for collecting personal data
The user allows the processing of personal data necessary for service operation at the time of ordering or through explicit consent.
The user allows the provider to:
– Collect, manage, use, process, and store personal data in personal data collections
– Conduct direct marketing activities upon prior consent
– Request the provider to stop using personal data for direct marketing purposes at any time

These provisions also apply to business transactions with legal entities.

Data retention
The provider will retain your personal data only for the necessary duration as specified in the privacy protection policy. Personal data is stored and used only for purposes required to fulfill legal obligations (e.g., compliance with valid regulations), resolving disputes, and enforcing legal terms and conditions.

Usage data may also be stored for internal analysis. In general, such data is retained for a short period unless needed for security improvements, service enhancements, or required by law.

Data transfer
Your data, including personal data, may be transferred and stored on computers located outside your country, province, or region, where different legal systems may apply.
By consenting to this privacy policy and submitting data, you agree to such data transfer.

The provider will take all necessary measures to ensure your data is handled securely and in compliance with this privacy policy, preventing personal data from being transferred to third parties or other countries unless adequate controls and security measures are in place.

Measures for protecting personal data
The provider is committed to protecting personal data of both individuals and legal entities received through its website, applications, or services. To prevent unauthorized access or disclosure, maintain accuracy, and ensure proper data processing, the provider uses appropriate technical and organizational security measures in accordance with the Personal Data Protection Act.

Right to correct personal data
Users whose personal data is processed and stored have the right to correct their personal information. This can be done within their user account at brightway-solar.si.
If unable or unwilling to make changes, users can email info@brightway-solar.si with the subject “Correction of personal data.”

Right to be forgotten
To request the deletion of personal data processed by the provider, visit brightway-solar.si.
How to remove personal data:
1. Log in to brightway-solar.s
2. Navigate to the “My Profile” tab
3. Select “Request deletion of personal data” in your user account

In some cases, data is retained for legitimate business or legal purposes, including:
– Security, fraud prevention, and abuse prevention
– Financial record-keeping
– Compliance with legal or regulatory requirements

If you encounter difficulties logging into your account or prefer not to use the online system, email info@brightway-solar.si with the subject “Deletion of personal data.”

Right to data portability
Users whose personal data is processed by the provider have the right to transfer their personal data to another provider.
To request data transfer, email info@brightway-solar.si. Within 72 hours, you will receive a full copy of your stored personal data, allowing you to transfer it to another provider.

Tracking and cookies
The provider uses necessary cookies on its websites, applications, and services to ensure functionality. Cookies are also used for site visit analysis, but they do not contain personal data. Visit data is anonymized so it cannot be linked to specific individuals. Cookies are only stored on the user’s device when explicit consent is given, except for essential cookies required for website functionality.

Visit analysis
For website, app, and service analytics, third-party solutions may be used.

Google Analytics:
A web application for analyzing visitor data on websites and apps. It provides insight into visitor behavior, page navigation, visit duration, device information, language, and geolocation. The data does not contain personal information and is stored in anonymized form.
For more information on Google’s privacy policy, visit: [https://policies.google.com/privacy?hl=sl](https://policies.google.com/privacy?hl=sl)

Targeted advertisin
The provider uses remarketing services for advertising its services on third-party websites after users visit its own site.
Cookies are used to notify, optimize, and display ads based on previous website visits.

Google Ads (AdWords)
Google AdWords remarketing services are provided by Google LLC.
To opt out of website analytics for ad display or customization in Google Ads, visit [Google’s Ad Settings](http://www.google.com/settings/ads).

Google also recommends installing the opt-out plugin: [https://tools.google.com/dlpage/gaoptout](https://tools.google.com/dlpage/gaoptout), which prevents Google Analytics from collecting and using your data.

For more details on Google LLC’s privacy policy, visit: [https://policies.google.com/privacy?hl=sl](https://policies.google.com/privacy?hl=sl)

Children’s privacy
Our services do not target individuals under 13 years old.
The provider does not knowingly collect personal data from children under 13. If you are a parent or guardian and aware that your child has shared personal data, please notify us immediately. If we find that personal data of children is being processed without parental consent, we will take appropriate steps to remove such data from our servers.

Links to external websites
Our services may contain links to third-party websites. Clicking on such a link will redirect you to an external site. We advise reviewing the privacy policy of each website you visit.

Changes to the privacy policy
The provider may update the privacy policy. Users will be informed of any changes through the website. We encourage periodic checks of this page to stay updated. All privacy policy changes take effect on the date they are published here.