Privacy Policy

Last updated: September 22, 2024

Introduction

This Privacy Policy describes how Svetlikus, Oblikovalska Praksa in Svetovanje, Žiga Svetlik s.p. ("Svetlikus", "we", "us", "our") collects, uses, and protects your information when you use our design services and website svetlikus.com.

This Privacy Policy explains what information of yours will be collected, how the information will be used, and how you can control the collection, correction, and/or deletion of information. We will not knowingly use or share your information with anyone except as described in this Privacy Policy.

1. Data Controller Information

The Data Controller for the purposes of GDPR and other applicable data protection laws is:

Svetlikus, Oblikovalska Praksa in Svetovanje, Žiga Svetlik s.p.
Address: Dolsko 14a, 1262 Dol pri Ljubljani, Slovenia - EU
Tax ID: SI52214281
Registration Number: 316-02-00021-2022
Email: ziga@svetlikus.com

2. Information We Collect

2.1 Information You Provide

When using our services, you may provide us with:

1. Personal Information:
   • Name
   • Email address
   • Phone number
   • Company information
   • Professional role/title
   • Payment information
2. Project Information:
   • Design briefs
   • Brand guidelines
   • Reference materials
   • Feedback and comments
   • Project specifications

2.2 Information Collected Through Our Tools

We collect and process information through our professional service platforms:

1. Project Management (Productive.io):
   • Project timelines
   • Task assignments
   • Time tracking data
   • Project communications
   • Milestone tracking
2. Design Collaboration (Figma):
   • Design feedback
   • Design iterations
   • Comments and annotations
   • Design asset management
3. Communication (Slack):
   • Project discussions
   • File sharing records
   • Team communications
   • Meeting notes
4. Payment Processing (Stripe):
   • Payment information
   • Billing addresses
   • Transaction history
   • Subscription data

3. How We Use Your Information

3.1 Primary Purposes

We use your information for:

1. Service Delivery:
   • Providing design services
   • Project management
   • Client communication
   • Quality assurance
2. Account Management:
   • Account setup and maintenance
   • Authentication and security
   • Service personalization
   • Technical support
3. Business Operations:
   • Billing and accounting
   • Service improvement
   • Legal compliance
   • Security maintenance

3.2 Legal Basis for Processing

We process your information under the following legal bases:

1. Contract Performance:
   • Delivering agreed services
   • Processing payments
   • Managing subscriptions
   • Providing support
2. Legal Obligations:
   • Tax compliance
   • Business regulations
   • Data protection laws
   • Professional standards
3. Legitimate Interests:
   • Service improvement
   • Security measures
   • Business development
   • Portfolio management
4. Consent:
   • Marketing communications
   • Optional features
   • Data sharing
   • Analytics

4. Data Storage and Security

4.1 Storage Methods

We store your information:

1. On secure servers within the EU
2. Using encrypted transmission
3. With access controls
4. In compliance with GDPR

4.2 Security Measures

We implement:

1. Technical Measures:
   • Data encryption
   • Firewall protection
   • Access logging
   • Regular backups
2. Organizational Measures:
   • Staff training
   • Access controls
   • Security policies
   • Regular audits

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with:

1. Project Management:
   • Productive.io
2. Design Tools:
   • Figma
3. Communication:
   • Slack
4. Payment Processing:
   • Stripe

5.2 Data Protection Agreements

All third-party providers:

1. Are GDPR compliant
2. Have data processing agreements
3. Implement security measures
4. Follow data protection standards

6. Your Rights Under GDPR

6.1 Core Rights

You have the right to:

1. Access your data
2. Rectify inaccurate data
3. Erase your data
4. Restrict processing
5. Data portability
6. Object to processing
7. Withdraw consent

6.2 Exercising Your Rights

To exercise these rights:

1. Contact us at ziga@svetlikus.com
2. Provide identity verification
3. Specify your request
4. Receive response within 30 days

7. Data Retention

7.1 Retention Periods

We retain data for:

1. Active Clients:
   • Duration of service
   • Legal requirements
   • Business purposes
2. Former Clients:
   • Legal obligations
   • Tax requirements
   • Portfolio purposes

7.2 Data Deletion

We delete data:

1. Upon request (where legal)
2. After retention period
3. When no longer needed
4. Following legal requirements

8. International Transfers

8.1 Transfer Mechanisms

We transfer data using:

1. EU Standard Contractual Clauses
2. Adequacy decisions
3. Appropriate safeguards
4. Privacy Shield (where applicable)

8.2 Transfer Safeguards

We ensure:

1. Adequate protection levels
2. Security measures
3. Data processing agreements
4. Compliance monitoring

9. Children's Privacy

We do not knowingly:

1. Collect data from under-16s
2. Target services to children
3. Process children's data
4. Market to children

10. Changes to This Policy

10.1 Updates

We may update this policy:

1. To reflect service changes
2. For legal compliance
3. To improve clarity
4. For operational needs

10.2 Notification

We will notify you of changes through:

1. Email notification
2. Website notices
3. Service announcements
4. Account updates

11. Contact Information

For privacy inquiries:

Email: ziga@svetlikus.com
Svetlikus, Oblikovalska Praksa in Svetovanje, Žiga Svetlik s.p.
Address: Dolsko 14a, 1262 Dol pri Ljubljani, Slovenia - EU
Tax ID: SI52214281
Registration Number: 316-02-00021-2022
Registration Authority: AJPES

12. Supervisory Authority

You have the right to lodge a complaint with:

Information Commissioner of the Republic of Slovenia
Address: Dunajska cesta 22, 1000 Ljubljana, Slovenia -EU
Website: https://www.ip-rs.si/

13. Effective Date

This Privacy Policy is effective as of September 22, 2024.