Sodelovanje in produktivnost_hero image

Personal data protection policy

1. Introduction

At Kontron, d. o. o., Ljubljanska cesta 24a, 4000 Kranj (hereinafter referred to as “Kontron” or the “Controller”) is aware of our responsibility to handle the personal data of our customers, potential customers, visitors to Kontron websites and all individuals who disclose personal data to us upon contact (hereinafter referred to as: “Users”), and we therefore adopt this Personal Data Protection Policy (hereinafter: the “Policy”), which informs our Users in a transparent, comprehensible and simple manner about the purposes, the legal basis for the processing of their personal data and their rights in relation to the processing, as guaranteed by the Personal Data Protection Act (ZVOP-2, Official Gazette of the Republic of Lithuania, No. 163/2022) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1), as last corrected by the Corrigendum (OJ L 127, 23.5.2018, p. 2 (hereinafter referred to as the “General Data Protection Regulation”).

Terms such as “controller”, “processing”, “restriction of processing”, “processor”, “profiling”, “pseudonymisation”, “third party” and “company” used in this Policy shall have the meanings set out in the General Data Protection Regulation.

This Privacy Policy applies to anyone who, in accordance with the Terms of Use of, is deemed to be a user of the entire website, including its sub-sites.

A user is any legal or natural person who uses or visits the website (hereinafter referred to as “User”).
By using the Website, the User confirms that he/she agrees to the Privacy Policy. By continuing to use the Website, the User agrees to the changes.

The Policy, in accordance with the General Data Protection Regulation, governs the following areas:

  • Contact information of the controller and contact details of the Data Protection Officer,
  • the purposes and legal bases for the processing of different types of personal data of users, including profiling of personal data of users,
  • the users of the personal data, contractual processing, and transfer of data to third countries,
  • the retention period for each type of personal data,
  • concerns about the security of personal data.

2. Protection of personal data

Personal data is information that identifies you as an identified or identifiable individual. A user is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the user’s physical, physiological, genetic, mental, economic, cultural or social identity.

The Controller collects the following personal data in accordance with the purposes set out below in the Policy:

  • general information about the user (name, title, job title and other employer details),
  • contact details and details of the user’s communication with the controller (e-mail address, telephone number, date, time and content of postal or e-mail communication, date, time and duration of telephone calls),
  • information about your participation in events organised by Kontron (details of the event you attended, the place and date of the event),
  • the channel and campaign – the way in which the user was recruited or the source through which the user met with the controller (website and advertising campaign or campaign),
  • data on the user’s use of the website of the controller (dates and times of visits to the website, pages or URLs visited, time spent on each page, number of pages visited, total time spent on the website, settings made on the website), and data on the use of the communications received (emails) from the controller,
  • data from forms voluntarily filled in by the user, e.g. to receive certain professional content,
  • other data voluntarily provided by the user to the controller when requesting certain services that require this data.

3. Personal Data Controller

The controller of the personal data processed in accordance with the Personal Data Protection Regulation is Kontron, d. o. o., Ljubljanska cesta 24a, 4000 Kranj, Slovenia (hereinafter referred to as the “Controller”). The Controller does not collect or process the user’s personal data except when the user makes it possible for the Controller to do so or agrees to do so, i.e. when ordering products or services, subscribing to receive newsletters, participating in a prize draw, etc., where there is a lawful basis for the collection of personal data, where processing is necessary for the performance of a contractual obligation or where processing is necessary for the pursuit of legitimate interests pursued by the controller (“legitimate interest”).

4. Data Protection Contact Person

The Data Protection Contact Person can be contacted at

5. Contract processors

Kontron cooperates with third parties with whom we have concluded contracts for the processing of personal data (hereinafter referred to as “Contract Processors”). The Contract Processors have access only to the personal data which they strictly need to provide the services they perform for us and only for the purpose of carrying out tasks on our behalf and may not use it for any purpose other than those set out in the contract for the processing of personal data. The contract processors with whom we work are obliged to protect personal data.

6. Transfer of personal data to third parties, third countries or international organisations

Kontron does not transfer the personal data collected to third parties, third countries or international organisations.

The exception to this is the statistical data on the visit and use of the websites, for which the Google Analytics web platform and the ActiveCampaign web platform are used to send electronic notifications, newsletters, current offers, electronic invitations to events and e-publications of Kontron.

The Google Analytics and ActiveCampaign web platforms ensure in their General Terms and Conditions and Privacy Policy that they comply with the rules of the General Data Protection Regulation (GDPR) and confirm that they have been certified as compliant with the EU-U.S. Privacy Shield Framework.

Google Analytics allows users to make their own settings regarding the processing of their data using the Google Analytics tool. More information about Google’s terms of service and privacy policy can be found at the following links:

Terms of Service
Privacy Policy

7. Data processing

Processing based on consent or acquiescence

Kontron will process your personal data based on your given consent for the following purposes:

  • to send e-mails (e-mails) to inform you about new developments in the portfolio of products and solutions that are meaningful for a specific segment of users,
  • to contact you by telephone for the purpose of introducing the company, products and solutions (at your express request or by prior agreement by e-mail),
  • to monitor the reading of the emails sent to you, i.e. which emails you have or have not opened, which links you have opened or selected (which content you have read or viewed), how long you have read them or viewed each content,
  • to segment users based on the facts set out in the previous bullet point and to send further personalised (individualised) emails, which means that different users may receive emails with different content in order to provide better (more meaningful) information and to achieve a higher response rate to the emails sent,
  • for the purpose of analysing the user’s life path on the website: from where the user arrived on the website (traffic source), to monitor the user’s stay on the website, which web pages he/she has visited, what content he/she has downloaded or viewed,
  • to segment users based on the facts mentioned in the previous bullet point and to further send tailored (individualised) messages through multi-channel communication, which means that different users can receive messages with different content in order to better (more meaningful) inform individuals and achieve higher levels of user engagement,
  • for any other purpose for which you specifically agree to cooperate with the Controller.

In all cases where you have given your consent to the processing of your personal data, you may withdraw this consent at any time by emailing

Processing based on legitimate interests

Kontron collects and processes personal data based on legitimate interests pursued by us. We collect personal data based on legitimate interests for the following purposes:

  • statistical analysis of visits to Kontron’s websites,
  • providing and improving our services,
  • providing and developing innovative and personalised services to our customers and users of Kontron’s websites,
  • to ensure the security of our services and websites, and to protect against fraud, spam, abuse, etc.

For the above purposes, we collect and process the following personal data: the IP address, statistics on visits to Kontron websites, data on the number of clicks, click times, data on the incoming and outgoing websites, data on the type of client.

The personal data processed for the above purposes are not linked to the personal data of identifiable individuals.

Processing based on a contract

Kontron collects and processes personal data of individuals based on a contract or for the purpose of concluding a contract (sending offers) for the provision of a service.

Personal data collected based on a contract is necessary for the performance of the contractual obligation to supply the ordered service or to perform the ordered service in the context of the offer or the sending of the offer.

For this purpose, Kontron collects and processes the following data from the individual (person): name, surname, email address, street, postcode, city and country, as well as information about the payment, in case of collaboration.

For the purposes of business communication, Kontron collects and processes the following personal data: name and surname, email address, company name and country.

Processing based on a legitimate interest pursued by the controller

Kontron may also process data based on legitimate interest, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. Where legitimate interest applies, the controller shall always carry out an assessment in accordance with the General Data Protection Regulation.

In certain cases, Kontron may adopt certain safeguards for the protection of your personal data, such as pseudonymisation, encryption, processing in aggregate form and/or removing certain types of personal data, to further process your personal data based on a legitimate interest collected on one of the above-mentioned legal bases (consent, contract).

Kontron will process your personal data based on legitimate interest for the following purposes:

Marketing, business and other technical analysis, such as analysing and identifying which organisations visitors to Kontron websites at industry events come from and what roles they hold in those organisations.

Preventing abuse, ensuring security, asserting or defending claims in administrative and judicial proceedings. Thus, in the event of suspected abuse, the controller may process your personal data to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, also transmit such data to the police, public prosecutor’s office or other competent authorities.

Direct marketing, including the creation of user profiles, based on personal data lawfully obtained in advance. You may object to the above processing at any time in accordance with the Right to object section of this Policy.

8. Commitment to the security of personal data

Kontron is committed to protecting your personal data. It prevents unauthorised access, use and disclosure by taking the following measures:

  • data is protected by premises, equipment and system software, including input/output units,
  • the data shall be protected by the application software used to process the personal data,
  • Kontron shall prevent unauthorised access to personal data during their transmission, including transmission by telecommunications means and networks,
  • Kontron shall provide an effective means of blocking, destroying, erasing, or anonymising personal data once the purpose for which they were collected has ceased,
  • Kontron shall make it possible to determine when individual data have entered the system, been used, transmitted or otherwise processed in a personal data file and by whom.
  • Unauthorised access, use and disclosure of personal data is prevented by Kontron through the following security technologies and procedures:
  • physical access control,
  • locking rooms, cupboards, computers,
  • storing personal data media in secure areas,
  • preventing access to personal data by maintenance personnel, customers and other visitors to the premises of the contractual processor,
  • preventing the use of passwords by persons to whom the password has not been directly assigned or for a purpose other than that specified,
  • restricting the export of data by employees,
  • controlling copies and exports of data,
  • restricted, recorded and secured data transmission over telecommunications networks,
  • the withdrawal of data from persons whose contract with the contractual processor is terminated,
  • strict limitation of access to the data by potential other controllers.

9. Data retention period

The controller shall not process personal data for longer than is necessary to achieve the purposes for which the personal data were collected and further processed.

Personal data processed by Kontron for the performance of contractual obligations shall be kept by Kontron for the period necessary for the performance of the contract and for 5 years after its termination, except in cases where there is a dispute between you and the controller in relation to the contract concluded. In such a case, Kontron shall retain the data for 5 years after the final judgment or arbitral award or settlement or, if there has been no litigation, for 5 years from the date of amicable settlement of the dispute.

Personal data processed by Kontron based on law shall be kept by Kontron for the period prescribed the applicable law.

Personal data processed by Kontron based on your personal consent or legitimate interest shall be retained by Kontron on a permanent basis, until your consent is withdrawn or until you request that the processing be discontinued. Kontron shall delete such data before revocation only if the purpose of the processing of the personal data has already been achieved or if required by law.

After the retention period has expired, Kontron will effectively and permanently delete or anonymise your personal data so that it can no longer be linked to you.

9. Right of access to data

You have the right to obtain confirmation from Kontron as to whether Kontron is processing your personal data and, where this is the case, to obtain access to your personal data and the following information in relation to the processing of your personal data:

  • the purposes of the processing,
  • the types of personal data,
  • the users or categories of user to whom your personal data have been or will be disclosed, users in third countries or international organisations,
  • where possible, the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period,
  • the existence of a right to obtain from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject, or the existence of a right to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
    where the personal data are not collected from the user, any available information concerning their source,
  • the existence of automated decision-making, including profiling, and meaningful information on the grounds for it, as well as the meaning and foreseeable consequences of such processing for the user.

Upon your request, Kontron will provide you with one (1) free copy of your personal data being processed. For additional copies of the data requested or if the request is manifestly unfounded or excessive, if such requests are repetitive, Kontron will charge you reasonable costs.

11. Right to a correction

You have the right to request Kontron to correct inaccurate personal data concerning you without undue delay. Considering the purposes of the processing, you have the right to have incomplete personal data completed, including by submitting a supplementary declaration.

12. Right to have your data erased (“right to be forgotten”)

You have the right to request Kontron to delete personal data relating to you without undue delay and Kontron must delete your personal data without undue delay in the following cases:

  • where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • where you withdraw the consent on which the processing of your personal data is based and there is no other legal basis for the processing,
  • where you object to processing based on a legitimate interest of the controller and there are no overriding legitimate grounds for processing,
  • where you object to processing for direct marketing purposes,
  • where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law.

Where Kontron publishes your personal data in accordance with the Policy, Kontron shall take reasonable steps, including technical measures, to inform the controllers processing your personal data that the data subject has requested them to delete any links to, or copies of, that personal data.

13. Right to restriction of processing

You have the right to request that Kontron restrict the processing of your personal data where one of the following applies:

  • where you contest the accuracy of the data, for a period which allows the controller to verify the accuracy of your personal data,
  • where the processing is unlawful and you object to the erasure of your personal data and request instead that its use be restricted,
    where Kontron no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims,
  • where you have raised an objection to processing, until it is verified whether the legitimate grounds of the controller override your grounds.

14. Right to data portability

You have the right to receive personal data relating to you held by Kontron in a structured, commonly used and machine-readable format and to transmit that data to another controller without being prevented from doing so by Kontron, to which the personal data have been provided, where:

  • the processing is based on your consent or on a contract; and
    the processing is carried out by automated means.

15. Right to object

You have the right, on grounds relating to your situation, to object at any time to processing of your personal data, provided that the processing is based on legitimate interests pursued by Kontron or a third party. Kontron will cease processing personal data unless it demonstrates compelling reasons for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such marketing, including profiling where it is related to such direct marketing. If the direct marketing is based on consent, the right to object may be exercised by withdrawing the personal consent given.

16. Procedure for exercising data protection rights

All the above requests concerning the exercise of rights in relation to your personal data may be addressed in writing to the Controller, either by e-mail to or by post to Kontron, d. o. o., Ljubljanska cesta 24a, 4000 Kranj.

If you make a request pursuant to the above paragraph by electronic means, the information will, as far as possible, be provided to you by electronic means, unless you request otherwise.

For the purposes of reliable identification, the controller may request from you, in order to exercise your rights relating to personal data, additional information necessary to confirm your identity, and may refuse to take action under this Chapter only if it demonstrates that it cannot identify you reliably.

The controller will respond to your request to exercise your rights in relation to your personal data without undue delay and at the latest within one month of receipt of the request. Kontron may extend the time limit for exercising the rights by a maximum of two additional months, taking into account the complexity and number of requests. If Kontron extends the time limit, it will notify you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Right to file a complaint concerning the processing of personal data
In the event that the controller fails to respond to a data subject’s request to exercise the rights which he or she has under data protection law or the controller fails to act on a data subject’s request, the data subject shall have the possibility to file a complaint with a supervisory authority:

The Republic of Slovenia
the Information Commissioner
Dunajska cesta 22
1000 Ljubljana

Telephone: 01 230 97 30