Terms and Conditions for the Use of the Product, Services and Information Systems of the Company Eurofaktura Ltd. (including the Privacy Policy and the Data Processing Agreement)
The General Terms and Conditions of Use and the Privacy Policy set out below shall apply to all Users who obtain a User Account for the use of the Product, Online Services and Programs of the company Eurofaktura Ltd. from _________ onwards and shall replace any previously applicable Terms, Conditions and Privacy Policies of that company. These Terms shall also apply to existing Subscribers or existing Subscriptions, also from _________ onwards, that is, the date of the publication on the Provider’s Websites. The Provider shall undertake to inform the existing Subscribers about the change of the Terms, either by means of a general publication on the Websites or individually, each customer (Subscriber) being informed separately, upon their first log-in to the system following the above date.
Access and use of the Provider’s Websites, Information Systems, Software and/or the Provider’s Services are set out in, and subject to, these Terms and Conditions of Use, as well as the applicable Regulations of the Republic of Slovenia and the EU.
By registering, adding credit to the account, and/or subscribing, you consent and agree explicitly to the content of this document and conclude a contractual relationship with the Provider. By confirming that you have read these General Terms and Conditions (appearing upon your first log-in to the Program), and that you agree with them, the registration is complete and the Agreement between the Provider and the Subscriber is validly concluded.
___________________________________________________________________
Definitions
The following definitions shall apply to this Agreement:
• THE PROVIDER is the company Eurofaktura Ltd., registered with the Maribor District Court, Registration number 1619675000, Tax number SI95985352, which offers the possibility of using the Information Systems www.evrofaktura.bg and other Programs for conducting company business on its Websites;
• THE SUBSCRIBER is a legal entity or sole proprietor or any other business entity engaged in a business activity and ordering a Product/Service/Program for Conducting Company Business from the Provider for bookkeeping purposes or using a Product/Service/Program of the Provider free of charge, in a reduced form, after the expiry of the Test Period;
• THE USER is a legal entity (Subscriber) and any natural person who, in the name and for the account of the Subscriber, by virtue of being authorised or employed by the Subscriber, uses the Provider’s Product, Websites and/or Information Systems;
• SUBSCRIPTION ADMINISTRATOR is a User upon whom the right has been conferred to perform certain tasks within the Provider’s Product, Program or System for the management of the Subscription taken out with the Provider, such as:
◦ Plan upgrade and subscription renewal;
◦ Adding credit to the account for additional services;
◦ Connection to an accounting service provider (data shall be made available to an authorised accountant),
◦ The grant of user privileges and access for other Users;
◦ Deletion of all data;
◦ Account suspension;
◦ Change of the Subscriber’s contact details etc.;
• RENEWAL PERIOD refers to any consecutive period of 12 months (or any other period as individually agreed by the Parties) after the expiry of the initial Subscription Period;
• THE PRODUCT is a Provider’s Website, including Online Information Systems, user documentation, video instructions and installation software;
• SPECIAL CONDITIONS refer to individually agreed changes, modifications and/or supplements to these Terms, or the terms of an order, and shall be deemed to be included in this Agreement;
• TEST PERIOD refer to any periodic Product issues for the purposes that provide minor improvements and/or improvements, corrections, or the like, or the resolution of technological issues related to the then Product version;
• THE VERSION refers to a new Product issue involving a major revision, modification, improvement, or similar of the current issue;
• RAZLIČICA pomeni novo izdajo produkta, ki vključuje veliko revizijo, spremembo, izboljšanje, spremembo ali podobno, trenutne izdaje;
• THE PROVIDER’S WEBSITE refers to the Website or Web Pages of the Service Provider on which the Service is generally made accessible by the Service Provider on the Internet;
• THE AGREEMENT refers to the terms set out in this document, the valid purchase order and the specific terms (if they exist) agreed between the Provider and the Subscriber. In the event of a conflict between the documents covering this Agreement, the documents containing the Agreement shall prevail in the following order of priority: 1st Special Conditions; 2nd these Operating Conditions and 3rd Purchase Order;
• GDPR is the designation for the European General Data Protection Regulation (GDPR, EU 2016/679 of 27 April 2016), as amended and supplemented.
___________________________________________________________________
1. Content and scope of the Terms of Use
(1) These Terms and Conditions set out the rights and obligations of the Provider and the rights and obligations of the User in relation to the use of the Provider’s Product, Services and Information Systems, which are accessible on the Provider’s Websites, and also apply to the Programs installed by Users on their device(s) (e.g. mobile applications and Users` Windows applications).
(2) The Provider shall provide data processing services on its servers over the Internet. Users shall be given the opportunity to access the Services and use the Product to the extent specified by their User privileges. The Provider’s service consists of the grant of the possibility to use the Service over the Internet on servers that are in the Service Provider’s sphere to which the User receives access and use rights as necessary. When using the Software as a Service (SaaS), the User shall be able to enter data and use various functions.
(3) A prerequisite for the use of the Service is a reliable continuous Internet connection to the servers of the Service Provider. The Subscribers shall provide and establish this connection by themselves, by means of their own devices.
(4) The use of the Product shall be exclusively subject to these Terms and Conditions of Use. Any other Terms and Conditions shall be invalid unless they are explicitly agreed in writing between the Subscriber and the Provider. In the event that a particular Article of these General Terms ceases being valid, the remaining Articles shall remain in force.
(5) The Provider shall offer its Services exclusively to sole proprietors and companies, therefore the Product and Services shall be available exclusively to business customers (B2B) and not to consumers. The use of the Product is thus not subject to Consumer Rights Protection legislation.
______________________________________________________
2. Acceptance of Terms and Conditions of Use (conclusion of an Agreement)
(1) Unless explicitly agreed otherwise, the Agreement shall be concluded and the Terms and Conditions of Use shall be effective only after the successful completion of the registration procedure, i.e. after clicking on acceptance of the Terms of Use after the User’s log-in to the Product, and after the Provider’s confirmation to the User (by e-mail, or by providing the Service for the use of the Product) of successful registration.
(2) The User shall have the option to print the text of the Agreement – Terms and Conditions of Use, including the Privacy Policy and the Data Processing Agreement from the Website during the registration procedure and prior to the conclusion of the Agreement.
(3) The Provider may refuse to conclude the Agreement without giving any reason.
(4) By registering for the use of the Product and obtaining a User Account, the User gives explicit consent that the Provider may process the personal data of the User for the purpose of providing the Services in accordance with GDPR terms.
(5) The consent to receiving e-mails or text messages from the Provider shall not be a condition for subscribing or using the Product, however, in order to improve User experience, the Provider recommends that the User shall give consent to receiving notifications from the Provider. The notifications shall be of a solely commercial and technical nature.
(6) To use our Services, you shall fully agree to the Privacy Policy together with the Terms and Conditions. Users shall explicitly declare that they have read and understood the text contained in this document.
(7) A pre-condition for registration is that the Users have full legal capacity and the capacity to contract, that the Users are at least 18 years old, sole proprietors, legal representatives of a legal entity (company, association or institution), company officers or other authorised persons vested with the power of representation, private undertakings from the sphere of self-employed professions (e.g. doctors, lawyers etc.) or other business entities with a self-employed status, and use the Services exclusively for business purposes – which is subject to the User’s approval under criminal and material (civil) liability upon the first registration. Minors shall be prohibited from registration. In the event of a legal entity, the registration shall be carried out by a natural person authorised to represent the business entity (the Subscriber) without any restriction.
The User declares to have capacity to contract and legal capacity, and to be authorised by the Subscriber for concluding this transaction, to be of age and use the Product independently or under the authority of the Subscriber for purely commercial purposes.
(8) In the event that the Subscriber provides bookkeeping and/or accounting services to third parties and the third party is designated as a contracting party, the Subscriber shall be obliged to inform the third party in advance of the Terms and Conditions of Use of the Product, and to obtain appropriate consent to use the Product for providing bookkeeping and/or accounting services to a third party. In the event that the Subscriber does not obtain the required consent, the Provider may terminate the Subscriber’s use of the Product for third party data processing due to the exceptional circumstances of unlawful data processing.
___________________________________________________________________
3. The Product content and the range of the Provider’s Services
(1) The Provider shall provide Users with Online Software and Services designed for data processing for the purposes of conducting company business (invoicing, bookkeeping, accounting, stock management, VAT return, payroll accounting etc.).
(2) The exact scope and content of the Product and Services shall be determined by the Data Plan for which the Subscription is taken out between the Subscriber and the Provider. A detailed specification of Data Plans, including the price list, is published on the Provider’s Websites.
(3) The Provider may offer the User free trial access to the Product for a predetermined period of time. Within the Test Period, the use of the Product is free of charge. If Subscribers wish to continue to use the Product after the expiration of the Test Period, they have to subscribe to the selected Data Plan. If they do not subscribe after the expiration of the Test Period, the Program may continue to be used in the reduced free Version.
(4) The Provider shall offer a Product and Services in the form of a Subscription taken out between the Subscriber and the Provider.
(5) The right to use the Product after the expiration of the Test Period is reserved exclusively to Users whose User Accounts are linked to a Subscriber with a valid Subscription for the Product. These free Users shall also be considered and treated as Subscribers for the purpose of these Terms and Conditions of Use.
___________________________________________________________________
4. User obligations
(1) Upon the first registration of the User Account, the User shall provide true information about themselves and the business entity they represent, which will be the holder of the Subscription. In the event that the User presents themselves with false information, the Provider may block them from using the Product without prior warning.
(2) For the purposes of self-testing or teaching internal users, the User or the Subscriber may create additional test User Accounts as part of the Subscription using fictitious data. In the event of entry of test users and/or organisations, the Provider shall charge the use of the Program in accordance with the price list, irrespective of the Subscriber’s intended use of the Program. The Subscriber or responsible person of the Subscriber shall be fully responsible for the use of the Program by test/fictional users.
(3) For the purposes of using Online Services (API interface), the Subscriber may create a specific User Account for automatic computer processing. Such User Account shall not be linked to a natural person. The API User shall be obliged to strictly observe the technical conditions provided by the Provider for the use of Online Services.
(4) The User may use the Product only for the purpose for which it is intended.
(5) When using the Product, the User shall undertake to comply with the legislation in force in the Republic of Slovenia and the European Union.
(6) The User shall undertake to choose a secure and strong login password, and to keep their User names and passwords secret, and not forward them to third parties and send them by e-mail. The User shall be obliged to deal with their login information with due care, and prevent misuse of login information by third parties. The User shall also be obliged to ensure that they have entered their contact e-mail address and phone number in the Program correctly, as this is required to recover the password, should they lose it accidentally, or for 2FA-2-factor authentication (in case the Provider detects suspicious activities or log-ins to the Program). In the event of a password being lost or stolen, the User shall be obliged to inform the Provider immediately, who can assist in assigning a new password and tracing possible intrusion into the Subscriber’s data using a special procedure to recover the forgotten password. This procedure is automated by sending the User a one-time link to click on and then set a new password on a secure page by themselves. The User shall also have the option of 2FA-2-factor authentication, which means that they can only log into the Program with an entry password and a code received by text message to a phone number. Should the User not have the correct e-mail address and the correct mobile number entered in the Program, they cannot obtain the new password automatically as described above, and the recovery of the new password will have to be requested by a legal representative from the Provider in writing. If the rules for protecting access passwords are not observed by the User, they shall be solely liable for any damage that they might incur due to the destruction or disclosure of information.
(7) The User shall undertake to submit to the Provider, and to use the Product for processing, only those personal and/or business data which they manage on the relevant legal basis, and/or on the basis of a legally obtained consent for processing personal data.
(8) The User shall undertake not to use the Product, Network and Service in a malicious way, and to refrain from any activity that would impede the functioning of the Product and/or Service or the technical infrastructure designated by it. The User shall not undertake any network activities that could obscure the network connection and/or overload the Internet network and/or Product, and/or compromise the security and/or operation of the Provider’s computers or equipment or third-party computers. In the event of a breach, the Provider shall immediately and without prior warning break the connection, and deny the User access to the Product until the breach has been remedied.
(9) By using the Product, it is prohibited to publish, transmit, distribute any information or material which is illegal, false, obscene, offensive, or spread racial, sexual or any other intolerance. It is also prohibited to disseminate any other communication which is inconsistent with the normal purpose of using the Product.
(10) The User shall undertake not to transfer to the Provider’s server files containing viruses or other malware that could harm the Provider’s and/or other Users’ software.
(11) The User shall be obliged to respect the intellectual property of the Provider. Content owned by the Provider may only be used for the purpose of managing the operations of organisations managed by the User. The use of content in a manner that violates the copyright of the Provider shall be prohibited. In particular, the collection of information on the operation of the Product intended for the use of the content in other similar commercial or non-commercial services and/or program products shall be prohibited. In the event of a breach of this Article, the User and/or the Subscriber shall be liable for compensation.
(12) The User shall be solely responsible for fulfilling their obligations regarding data retention deadlines. The User shall ensure that documents and data are processed on legitimate grounds. In the case of inspection or investigation procedures, the User shall be obliged to make their own data available or to provide their own data to officials.
(13) In the event of termination of the Subscription or termination of the Subscriber’s operations, the authorised User shall be obliged to ensure the transfer of data for the purpose of archiving or giving the information to a successor in title (e.g. insolvency administrator in the event of bankruptcy of the business entity).
___________________________________________________________________
5. Prices and terms of payment, account blocking and price corrections
(1) The Provider shall offer their Services in a variety of free and payable Data Plans. The prices for each individual Plan and payment terms shall be determined by a valid Price List published on the Provider’s Website.
(2) Unless otherwise stipulated in the Data Plan, the Subscription is paid in advance for the selected period, subject to monthly, quarterly, semi-annual or annual payment, depending on the duration of the Agreement (Plan) chosen by the User. The payment shall be made via an online pro-forma invoice by means of a transfer to the bank account of the Provider. The Provider may offer the following payment methods: By credit card or PayPal, or by another pre-agreed method or payment instrument, depending on the country in which the Subscriber operates. The possible payment methods shall be described in more detail in the Provider’s Price List, and shall form a part of the Price List.
The billing period shall run one month, three months, half a year or one year in advance from the date on which the User registers successfully for payable Versions. The Service Provider shall reserve the right to introduce the possibility of purchasing Subscriptions for different periods (e.g. quarterly) or linked Services offering other billing models.
If the User wants to switch from a monthly, quarterly, or semi-annual to annual Subscription, this shall be possible with effect from the first day of the next billing month. The same shall apply to the change from annual to semi-annual, quarterly or monthly Subscription. A similar mechanism shall apply if the Service Provider introduces a different billing period.
(3) The Subscription invoice shall be due on the due date indicated on the invoice. If the Subscriber is more than 2 days late with the Subscription payment, the Provider shall issue a reminder to the User being the holder of the Subscription when logging in to the Product. After 10 days following the issue of the reminder, the Provider shall block access for all User Accounts under the Subscription.
If, in the case of payment by credit card, the Subscription cannot be debited on time from a credit card or bank account, the Subscriber or User shall then be obliged to transfer the total amount due to the Provider’s bank account within 4 working days, otherwise the Provider shall proceed in the manner described in the preceding paragraph.
(4) The Subscriber shall explicitly agree for the Provider to send invoices (and reminders in the event of non-timely payment) to their e-mail address or via text message to their mobile phone number.
(5) If the User Accounts have been blocked, the block shall be released when all outstanding liabilities to the Provider have been settled by the Subscriber.
(6) In the event of termination or early termination of the Subscription, the Provider shall refund to the Subscriber the amount of the pre-paid Subscription for the period from the date of termination of the Subscription to the end of the pre-charged period. An over-paid Subscription shall be returned to the Subscriber based on a refund claim, addressed and sent to the Provider’s address, which shall be signed by the legal representative and clearly indicating the Subscriber’s bank account number to which the transfer is to be made. In the event of a duly completed refund claim, the Provider shall issue the Subscriber a Credit Note. The Subscriber shall return the Credit Note to the Provider and confirm by signature and stamp that they have taken account of the reduction in the deduction of input VAT. In this case, the difference in the overpaid Subscription shall be returned to the Subscriber’s account within 45 days from receipt of the confirmed Credit Note. The Subscriber shall not be entitled to a refund of default interest. If the transfer is made to accounts abroad or outside SEPA, the customer alone shall bear the bank charges for the transfer of the refund. The Subscriber may not claim a refund for amounts lower than EUR15.00, due to the cost of issuing the Credit Note and processing the refund.
(7) If the User deletes the Account before the end of the Agreement, the account shall be inaccessible (blocked) as soon as it is deleted. In this case, and even if a new Account is created, the remaining maturity cannot be credited to the new Account.
(8) The Provider shall have the right to change the prices of the existing Data Plans and Services or the currency of billing of Plans and Services, with the change having to be published on their Website at least 30 days before the entry into force of the new Price List or the new currency. The change in the currency in which the Subscription or Service is accounted for shall be made at the central rate of the Bank of Slovenia in force at the date of the change.
In the case of prepaid Subscription, the new Price List shall only apply when the invoice is issued for the next billing period. New Data Plans and new payable Services that do not affect the existing Subscribers may be added by the Provider to the Price List at any time without restriction.
(9) The Provider shall have the right to transfer at any time the billing of the Subscription for the use of the Product/Service to another legal entity or a related business entity within the Eurofaktura group, or to any other legal entity or company of the Provider’s choice, without the consent of the Subscriber, with the Provider being obliged to inform the Subscriber accordingly.
The Provider shall also have the right to transfer the entire Agreement and offering of the Product and/or Service to another legal entity or related business entity within the Eurofaktura group, or any other legal entity or company of the Provider’s choice, without the consent of the Subscriber, with the Provider being obliged to inform the Subscriber accordingly.
(10) If, for a particular Data Plan, the Provider offers the most favourable price guarantee, the Provider shall grant the Subscriber a lower price for the Product, if the Subscriber presents a competitive offer for the purchase or rental of an equivalent business program, from which the total costs for the Subscriber for 36 months after the purchase or rental of the software arise.
(11) The Subscriber can make a complaint about the invoiced Services within 15 calendar days from the invoice date. After the expiry of this deadline, the Provider shall no longer be obliged to consider the complaint.
(12) In the event that a claim, inquiry, tax return is sent to the Provider or a member of the Eurofaktura group, or a violations procedure or any matter related to the use of the Program on the Subscriber’s database is initiated by a tax authority or any other official body of a Member State or by an EU body or a third party, and such procedure does not result in a proven fault of the Provider, the Provider shall be entitled to recover from the Subscriber all the costs of procedure incurred to them in this respect (user support, system analysis, system administration, legal fees and expenses, administration costs etc.). The costs of preparing a reply in the context of tax and criminal investigations shall also be charged to the Subscriber. The Provider must inform the Subscriber in advance of receipt of any such letter/inquiry, and that the costs for preparing a reply to the letter and any other costs which may be incurred in connection with such procedure will be charged to the Subscriber.
___________________________________________________________________
6. Termination of the Agreement, termination of the Subscription and deletion of the User Account
(1) A User who has registered for the free use of the Program may use the Program for 30 days in the full Version (depending on the extent of the Data Plan functionality), and shall have no obligations to the Provider after the expiry of the Test Period. During the Test or Free Period, it shall not be possible to use the variable Price List features that require additional payment (e.g. OCR processing, sending text messages, sending electronic invoices via payable service providers and other similar transactions). After the end of the Test Period, the Subscriber shall have the option either to pay the Subscription or to continue using the Program in the reduced free Version. Access to the Program/Service shall automatically terminate at the end of the relevant Test Period, and shall not require for the Provider to be informed specifically of the termination of the contract.
(2) Unless otherwise agreed when taking out the Subscription for the selected Data Plan, the payable Subscription shall be terminated automatically with the expiry of the period of the Selected Plan. When the Subscription expires, the User may renew the Subscription for the next period. In so far as the payable Data Plan is not renewed at the end of the period, such payable Data Plan shall be converted into a free Subscription and, in such case, the Terms and Conditions set out (to the extent relating to free Services) shall continue to apply.
(3) Unless otherwise agreed when taking out the Subscription, the Subscriber may terminate the Subscription at any time without notice, even before the period of the selected Plan has expired.
(4) In the event that the Subscriber terminates the User Account, or the User Account is terminated in any other way, the Provider shall be obliged to keep the data in respect of the Subscriber for as long as this is imposed by the applicable legislation.
(5) If the Subscriber has not used the Program for 1 year or more, the Subscription shall be automatically terminated and the Provider shall be entitled to delete the User Account after informing the Subscriber by e-mail or otherwise that their User Account and all their data will be deleted. The data shall then be deleted within 60 days after such notification, unless otherwise imposed on the Provider by the applicable legislation.
(6) In so far as the Subscription Agreement is concluded for an indefinite period and the Data Plan provides for the monthly payment of the Subscription on a retrospective basis, the Subscription Agreement shall be terminated by a written declaration from the authorised person of the Subscriber using a pre-determined Subscription termination form.
(7) The Provider reserves the right to delete the Subscriber’s data regardless of the reason for the termination of the Subscription. The Provider shall not be obliged to keep the Subscriber’s data following the expiry of 30 days from the termination of the Subscription unless otherwise imposed on the Provider by applicable legislation. Upon termination of the Subscription, the Provider shall keep only the data on the Subscriber and Users required for the legitimate protection of the Provider’s claims against the Subscriber and/or Users.
___________________________________________________________________
7. Obligations and limitations of the Provider’s liability
(1) The Provider’s Product and Services shall be provided “as given” and the Provider shall explicitly dismiss any guarantee of their correctness and functionality in the User’s work. The Subscriber shall use the information on the Provider’s Websites at their own risk which means that the Provider shall not be liable for the misuse of the Subscriber’s Product and/or Service, nor shall the Provider be liable for any Subscriber’s misuse of the Provider’s program, or use in a manner for which it was not intended. The Provider shall not be liable for any direct or indirect damage suffered by the User and/or the Subscriber as a result of any Product, Program, Service defaults or errors or inaccurate data published on the Provider’s Websites.
In the event that the Product and/or Service allows the User to comment on or add content to the Website (e.g. on a content-sharing site), the Provider shall not accept any responsibility for publications that may be considered offensive, harmful, inaccurate or otherwise inappropriate or misleading. The content of third-party publications on the Website shall only reflect their opinion and not the Provider’s opinion, and the Provider therefore shall not accept responsibility for such content.
(2) The Provider shall ensure the functioning of the Product and Services in their data centre. To use the Product and Services, the User has to meet general technical conditions for accessing the Internet and using Internet programs (Internet connection, network hardware, computer hardware, operating system, Internet browser, PDF viewer etc.). In the event of non-compliance with the technical conditions, the User shall have no right to make a complaint about the Product or Service.
(3) The Provider shall ensure the functioning of the Product and Internet Services, except in the case of:
• Non-compliance with the technical conditions by the User (second point of this Article),
• Equipment failure, software or hardware upgrades and other maintenance (scheduled and unforeseen) on the Provider’s hardware or software,
• Internet connection failure,
• Prolonged power loss,
• Force majeure.
In the event of a failure of the Product and/or Services due to force majeure or any other reason referred to under this point, the Provider shall not be obliged to refund the paid Subscription for the use of the Product or Service.
(4) The Provider shall not assume any responsibility for the functionality of connection to their servers in the event of power loss and server failures that are beyond their control, and shall not be liable for any damage suffered by the User or Subscriber as a result of the failure of the Product and/or Services.
(5) The Provider shall be entitled to operational changes for the improvement of the system in principle without prior notice to the Subscriber. In circumstances where access to the system has to be suspended, the Provider shall undertake to inform the Subscribers of anticipated longer downtime of the Product or Service at least 6 hours before the scheduled downtime. Scheduled interventions shall be performed by the Provider on working days between 23:00 CET and 4:00 CET, and on Sundays or holidays after 16:00 CET. The indicative time and duration of the planned interventions shall be announced by the Provider in advance. Shorter downtime of up to 15 minutes due to regular software upgrades, which take place between 23:30 and 03:00 CET, shall not be required to be announced in advance by the Provider. The Provider shall not be liable for the consequences of such suspension.
(6) The User undertakes to notify the Provider as soon as possible of any operational failure and/or defect in the Product and/or information on the Provider’s Websites, thus enabling the Provider to carry out the necessary maintenance or corrective work in a timely manner. The Provider undertakes to remedy any failure or discovered defect in the Product, software, hardware, and/or data as soon as possible. The Provider shall not be liable for any damage caused by errors in the software or data that may occur on the part of the User or Subscriber.
(7) The Provider undertakes to adapt the Product and Services in accordance with the applicable legislation of the Republic of Slovenia and the EU for the purposes and applications foreseen for the existing Product. The Provider undertakes to monitor changes in legal regulations within reasonable time limits and to upgrade the Product in line with such changes in legislation. This shall enable the Provider to exclude certain functions from the Data Plan or include and charge them additionally. In so far as changes to the legislation would require Product adjustments that exceed the economically acceptable financial frameworks, the Provider shall inform the User or Subscriber of the planned changes to the Price List and Data Plans.
(8) The Provider shall regularly adapt the Product and Services they offer via the Internet according to their own judgement, technological development, and market needs, in order to meet the intended use in accordance with the Product/Service description and the appropriate quality of the user experience. This may involve changing the content of an existing Product or Service (e.g. a new or modified functionality or adaptation to new technologies) or introducing new Products or Services. Changes in the Product and Service shall be considered an integral part of the Product’s life cycle. Since these changes are by their nature improvements, the User or Subscriber may not assert any claims against the Provider as a result of changes introduced by the Provider on the Product or Service, or as a result of new Products and Services.
(9) The Provider is entitled to add new payable Products to the offer at any time and/or to cease providing free Services and/or Products. The Service Provider shall, therefore, be entitled to offer the new Product and/or Service to the Subscriber against payment, and to cease the provision of free Services. In addition, the Provider may add additional payable Products/Services to current payable Products or Services. When switching payable services, the Service Provider shall pay particular attention to the legitimate interests of Users and announce them on time.
(10) In the event of a change in the Price List, the Provider shall inform the Subscriber on their Websites at least 30 days before the new Price List takes effect.
(11) There is no guarantee as to the availability and/or proper functioning for Products and/or Services offered for free use by the Provider.
(12) Claims for damages may only be asserted by the User or Subscriber if they have evidence that the Provider has acted with gross negligence (culpa lata).
(13) The Provider shall not guarantee the accuracy of the information published on the Provider’s Websites.
(14) The Provider shall not be liable for the loss and/or disclosure of information. If the User changes or deletes their data when using the Product, the Provider shall not be obliged to return them back to their original state. The User shall be aware of the fact that restoring data to its original state is a complex technical task that the Provider shall attempt to perform by transferring data from a backup only in the event of a pre-order by the User or Subscriber. The Subscriber undertakes to pay full costs incurred in the restoration of the data contained in the backup archive.
(15) The Provider shall not be liable for the loss and/or disclosure of information resulting from the use of unprotected communication channels by the User.
(16) Any claim for compensation by the User or Subscriber shall be limited by the amount of the Subscription fee paid by the User or Subscriber for a period of 12 months prior to the event for which compensation is claimed.
(17) The User or the Subscriber cannot claim any compensation from the Provider if more than three (3) months have elapsed since the event occurred, unless the User or the Subscriber has been unable to claim compensation within the aforementioned period without their will or fault.
(18) Certain links from the Provider’s Websites lead to other websites the content of which is not managed, controlled, or verified by the Provider. The Provider shall provide these links to the User only as a useful add-in. Those links to other websites shall not mean that the Provider approves of those Products, Services or information, and shall not constitute any links between the Provider and the operators of those linked websites.
(19) The Provider shall provide support or assistance to Users via e-mail and phone. User support shall only be available to employees or personnel working for the Subscriber. Users shall be charged for support services in accordance with the Price List for the User support services. Unless otherwise agreed in the Price List, the Provider shall not be obliged to reply to all received e-mails or phone calls, and the Subscriber or User cannot rely on the fact that the Provider should reply to an e-mail sent to the User Support.
(20) User support via phone shall be considered priority support and charged accordingly. In order to prove that phone support has been provided and to ensure the quality of the service rendered, the Provider may record conversations with the User Support. Recordings of conversations shall be deleted after the expiry of the accounting period or the deadline for making a complaint about the charged Service.
(21) The information provided by the User Support shall be provided “as given” and shall not necessarily constitute the position of the Provider. As to the information provided by User Support, the Provider does not warrant that services rendered are accurate, timely, accessible, functional, or in compliance with laws. The User shall assume the risk that the information may be incomplete, inaccurate or not fully adequate to their needs and requirements. The information provided by the User Support shall not be deemed as tax or accounting advice, and shall not be a substitute for a tax advisor. If you have any problem of a legal or accounting nature, you should consult your accountant or lawyer or another suitably qualified person. The Provider shall not be liable for any damage that may result from reliance on any information provided by the User Support. The Provider shall deny any liability for any direct, indirect, incidental, consequential or other damage, lost opportunities, lost profits or other forms of loss or damage. Any questions, comments, suggestions or other communication, including any ideas, inventions, concepts, techniques or knowledge passed on to the Provider’s User Support by e-mail or by any other means shall not be deemed as confidential because they were not sent in a confidential manner (such as: e.g., unprotected e-mail correspondence, general user support, multiple e-mail recipients etc.), and will become the property of the Provider.
___________________________________________________________________
8. The Right to use the Product
(1) For the duration of Subscription, the Service Provider shall grant the User a spatially unlimited, non-transferable and unlicensed personal right to use the Service Provider’s Software used by it to provide its Services in accordance with the purpose of the Product and the General Terms and Conditions of Use.
The right to use the Product may not be transferred to a third party unless otherwise specified in a particular Data Plan, or in other cases only if the Provider explicitly agrees.
The Subscriber, User or the Subscription Administrator may add new User Accounts for their employees, as well as for external staff. They may also add new databases for other business entities for which they act as contractors – processors (e.g. accountant) as part of their Subscription. Within the database of another business entity, they may reopen new User Accounts for the employees of the entity for which they keep accounts. In such a case, the Subscriber may recharge the costs of Program use to a third party on an optional basis as a complete Service, e.g. “online accounting” as part of invoicing their accounting services.
(2) The User or Persons employed by the Subscriber may process exclusively the data of their organisation using the Provider’s Product/Service. Data from other organisations may only be processed if they have subscribed to a Data Plan intended for the management of several organisations.
(3) The Subscriber may use the Product, Services and Software only for business purposes.
(4) The Subscriber and User shall not be granted intellectual property rights. The content, logo, and trademark shall be the intellectual property of the owner of the Website – the Provider. Personalised software shall remain the property of the Provider unless explicitly stated in writing otherwise. The Provider shall be the sole owner of all copyright and intellectual property in connection with the Product and Service.
(5) By transferring files and entering data in the Provider’s Programs and the Provider’s servers, the Subscriber and the User shall irrevocably authorise the Provider to collect these data for processing and storage on the Provider’s servers. The Subscriber and User shall warrant that the data and files they transfer to the Provider’s servers do not infringe any copyrights of third parties, and do not contain any content that is contrary to applicable law.
(6) The Subscriber and User shall authorise the Provider to transfer the data to contractual processors or related persons within the Provider’s group or a third party, where appropriate, provided that the contractual processor falls within EU jurisdiction and meets the conditions laid down in the GDPR.
(7) The Subscriber and User shall explicitly authorise the Provider to procure, in certain cases, processing or Software implementation services from subcontractors within the EU with whom it has signed appropriate personal Data Protection Agreements.
(8) The Provider shall not be obliged to disclose the source code of the Product. The Product and all information submitted to the Provider’s Websites, with the exception of the Subscriber’s data, shall be the intellectual property of the Provider.
___________________________________________________________________
9. Privacy and data protection
(1) The provider shall collect, process and store only those personal data of Users which are strictly necessary for the operation of the Product and Services, and/or are necessary for keeping statutory records. The Provider shall treat the personal data confidentially and in accordance with relevant legislation. It shall not disclose personal data to third parties unless provided for by a Contract or other legal decision to disclose information (e.g. Judgement).
(2) In order to ensure the audit processing of data, the Provider shall record the events of input, changes and deletion of data records and other business events for which an audit trail is required. The audit trail shall contain the event tag, document tag, User name, User session identifier, and the date and time the event occurred.
(3) The use of the Product or Service may require the Provider to process personal data on behalf of the Subscriber or User. For this purpose, the Subscriber and the Provider shall conclude a separate Personal Data Processing Agreement annexed to these General Conditions. The Contracting Parties shall agree that the Subscriber shall act as the personal data administrator for all information it transfers to the Provider. In all cases, the Provider shall act exclusively as a contractual processor, and shall process the data in accordance with the authorisation of the User or Subscriber.
(4) The user or Subscriber shall ensure that they have the authorisation to transfer data to the contractual processor, and that all instructions from the Subscriber concerning data processing are given on a lawful basis.
(5) The Provider of the Product and Service shall process the data only in accordance with the instructions of the User or Subscriber.
(6) In the contractual relationship between the Provider and the Subscriber, the Subscriber shall be considered the sole owner of the data transferred to the Provider of the Product and Service. The Product shall enable the Subscriber to export data located on the Provider’s server independently in digital form. The Subscriber shall be obliged to export its data from the Provider’s servers before the termination of the Subscription or other contractual relationship.
(7) Information on the processing of data shall be submitted by the Provider only to the extent necessary for the lawful provision of Services and/or required by the official bodies.
(8) The Subscriber shall be aware of, and shall agree, that the Provider keeps copies of the Subscriber’s digital certificates on its servers for the proper functioning of certain Software functions. The Subscriber shall also be aware of and agree that, in certain cases, the Provider’s Software performs a registration on behalf of the Subscriber on Websites or third-party web services for the purpose of automatically transferring the Subscriber’s data to the Provider’s servers (e.g. connecting to electronic banking, AJPES (the Agency of the Republic of Slovenia for Public Legal Records and Related Services), the eDavki electronic tax management system etc.).
(9) The Provider shall protect the confidentiality of any Subscriber’s information submitted to the Provider by the User or the Subscriber strictly, except in the case of a third party making such information public. In the event that the Provider receives a request for submitting the Provider’s information from the investigating authority or court, the Provider shall, after previous verification of the legal merits of the request, provide the information to the minimum extent necessary to satisfy the request, and inform the Subscriber accordingly.
(10) The Provider shall take all possible technical, organisational and economically permissible measures to protect the Subscriber’s data against intentional or unintentional deletion, loss, defect and/or unauthorised disclosure of the data to a third party, and shall act in accordance with the GDPR. The Provider shall not be liable for the disclosure of the information if the third party were to be able to obtain that information in any way, legal or illegal (court decision, burglary etc.).
(11) The Provider shall ensure that all its employees and external personnel are familiar with the Data Protection procedures and rules.
___________________________________________________________________
10. Amendment to the General Terms and Conditions of Use
(1) The Provider shall reserve the right to change these Terms and Conditions of Use, including the Price Lists, at any time, with any date, without prior notice, with effectiveness even in the existing contractual relationships, without the Provider’s consent, in particular in so far as such change does not have a significant legal or economic impact on the Subscribers.
(2) Changes that have a significant impact on Subscribers and, in particular, changes in the Price List or the volume of the offer, shall be notified by the Provider to Subscribers at least 30 calendar days before the changes enter into force. Changes shall be notified to Subscribers by the Provider through its Websites and news within the Online Program. After 30 calendar days, the Subscription shall continue in accordance with the new Terms and Conditions of Use.
___________________________________________________________________
11. Final provisions
(1) The substantive and procedural law of the Republic of Slovenia and, in certain cases, if directly applicable, EU law, shall apply to all legal relationships relating to these Terms and Conditions of Use.
(2) The Contracting Parties shall agree to settle each dispute between them by mutual agreement. In the event of an inability to conclude an agreement, the court in Maribor shall have the exclusive jurisdiction to settle all disputes.
(3) In so far as a single Article of the Terms and Conditions of Use becomes invalid (legally invalid or ineffective), the validity of the remaining provisions shall not be affected.
Maribor, 3.5.2021 Eurofaktura Ltd.
__________________________________________________________
Annex 1: PRIVACY POLICY
Introduction
The Privacy Policy shall be intended to inform the Users and visitors of the Websites of the company E-RAČUNI d.o.o. and associated companies about the purposes and basis for processing personal data by the company E-RAČUNI d.o.o. and other related companies (hereinafter the Provider).
Our company, E-RAČUNI, spletni poslovni programi, d.o.o., Titova cesta 8, SI-2000 Maribor, Slovenia, is the operator of the Website e-racuni.si, as well as the Provider of the Services which are provided via Websites (e-racuni.com,e-bilanca.net and other programs for conducting company business). We shall be responsible for the collection, processing, and use of personal data in accordance with all Data Protection legislation: – General Data Protection Regulation (GDPR, Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016, OJ L 119, 4 May 2016 et seq.) and the legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 86/2004 et seq., ZVOP-1 – UPB-1, Official Gazette of the Republic of Slovenia, No. 94/07).
You, the customer, shall be the Data Controller and the company E-RAČUNI d.o.o., the Service Provider, shall be the Data Processor on your behalf. We shall use your data only in compliance with applicable Data Protection laws.
We use this Data Privacy Statement to inform you which of your personal data are collected and stored when you visit our Website or use our Services provided, as well as when you submit the information to the Provider by other means (by phone or post). In addition, you will receive information about how we use your data and what rights you have with regard to the use of your data.
Data transfer and connection security
Communication between the User and the Provider’s servers shall take place via a secure SSL connection, which is protected against unauthorised eavesdropping with 256-bit encryption. The Provider shall update the network equipment and software regularly in accordance with the security holes identified.
The data shall be stored by the Provider in a data centre located in a building with 24-hour physical security. Access to servers shall be protected by access control and video surveillance. The Provider shall ensure that appropriate technical measures are taken to ensure data security against accidental or deliberate alteration and the loss, deletion or destruction of data. To avoid data loss, data shall always be stored or mirrored in two separate locations with additional daily backup to a remote location. All User passwords shall be stored in encrypted form. The Provider shall never ask the User to provide the User password by e-mail or by phone. In the event that the User loses a user password, the Provider may not in any way disclose the old password to the User. In this case, the Provider shall reset the password to the User, and request that the User set a new password.
The Provider shall store the data exclusively within the EU and treat it confidentially. Data may only be accessed by a limited number of technical staff.
The collection and processing of personal data and the purpose of their use
The Provider shall collect and process personal data on the following legal bases:
• Law and contractual relationships,
• Consent of the individual, and
• Legitimate interest.
The Provider shall collect the following personal data:
• Basic information on the User (name and surname, e-mail address, telephone number, employer or organisation represented by the individual),
• Other contact details and information about your communication with the Controller (additional e-mail addresses, telephone numbers, date, time and content of e-mail communication, date, time and duration of phone calls, telephone call recordings),
• Information on the User’s use of the Product (date and time of logging in to the Online Program, log-out time, IP number, browser identification cookie, browser code, screen resolution, other information on the use of the Program required by accounting and tax legislation),
• Other information that the User voluntarily submits to the Provider when logging in to certain Services that require this information.
The provision of these personal data shall be a contractual or statutory obligation necessary for the conclusion and implementation of the Agreement with the Provider. If you do not provide your personal information, you may not enter into the Agreement with the Provider, and the Provider may not provide the Services or offer the use of the Online Products under the Agreement, because it does not have the necessary information for the implementation of the Agreement.
A/If you visit our Website:
You can visit the Provider’s Website without disclosing your identity. Your browser is only sending automatically collected data to our Website servers. This information is temporarily stored in a so-called daily file. These are the data that are collected automatically and stored until they are automatically deleted:
• The IP address of the computer,
• Date and time of access,
• The name and URL of the available information,
• The Website from which the access was made (Referrer-URL).
This information is collected and processed for the purpose of enabling the use of our Website (establishing the connection) in order to ensure the security and stability of our system, as well as for the purposes of technical management of network infrastructure. We do not make any conclusions about you as a person.
We also use cookies, as well as online analytical and marketing tools.
B/If you register to our online Services:
On our Website, we offer Services for online billing and accounting. To use these Services, you have to register first. When you register, you have to enter an e-mail address and create a password so that we can create an account for you and you can sign in. To use the country-specific features, you have to select the country in which your company is located.
More personal information may be required to use our Services to the full extent. For example, to create an account, you have to enter a company name, address, account number, and payment details etc.
We also use your name and your contact details:
• To know who our contractual partner and the User of the Service is;
• To justify, structure, process or change the contractual relationship with you regarding the use of our Services;
• To verify the authenticity of the data entered;
• To be able to contact you if necessary.
C/If you have signed up to receive news via newsletter or infomail:
If you have agreed to receive our news (newsletter/infomail), we can send you regular e-news, as well as information about our Services by e-mail. In order to receive e-news, we first need to obtain consent from you to agree to such communication. This consent can be selected during the login process. You may withdraw your consent to receive such messages at any time, either on your account, opt-out of your e-mail, or send us an e-mail to request that you no longer wish to receive such messages.
If you cancel receiving news, we will keep your e-mail address in our record only to ensure that you stop receiving these e-mails.
D/If you are an accountant:
With our services, you can enter third-party data, provide third parties access to your account, link your account to third parties, and offer your applications to third parties or use third-party applications. Of course, we also respect the privacy of information relating to third-party data that we can access by using our Service through you. Sometimes this may require a separate Agreement with you. If you think this is the case, please contact us.
Subject to the General Terms and Conditions of Use, you shall not be entitled to share your login information with third parties, and you shall be responsible for protecting your login information (user name and password) with due care and not transferring it to third parties. In addition, you shall be responsible for third-party data that you enter into the Provider’s system. Please note that we have no impact on Data Protection and security standards outside our Website and outside our application or the Services we provide. In such cases, you, or a third party to whom you have granted access to your data, shall be responsible for data protection.
Data transfer consent
We only share your personal data with third parties if you have requested from us to do so, if you have given us explicit consent, or if there are regulatory obligations to do so. The transfer of personal data to third parties for other purposes shall not take place. Your information shall not be disclosed to any third party without your permission unless the regulatory authorities require that this information be provided and only to the extent necessary.
Once you have completed your contractual relationship with the Provider, we shall only retain the minimum information that we need to maintain in order to comply with all legal requirements for a minimum period of time required.
Cookies
Our Website uses cookies. Cookies are small files that your browser creates automatically and are stored on your device (laptop, tablet, smart phone etc.) when you visit the site. Cookies are not harmful to your device and contain no viruses, Trojan, or other malicious software.
Cookies store information relating to your particular device. However, this does not mean that we are acquiring detailed knowledge of your identity.
The use of cookies serves the purpose of making the use of our services more comfortable. Therefore, we use so-called session cookies to identify whether you have visited individual sites on our Website, and/or have previously registered as a User of or Subscriber to our Services. The browser will delete them automatically after they expire.
For usability purposes, we use temporary cookies that are stored on your device for a certain period of time. If you go back to our Website to use our services, it will be recognised that you have already visited our Website and what settings and actions you have taken to avoid having to implement them again.
We also use cookies to track the use of our Website statistically and to optimise our offer for you. When you go back to our Website, these cookies allow us to recognise automatically that you have already visited our Website. After a certain period of time, cookies are deleted automatically.
Most browsers accept cookies automatically. You can configure your browser so that no cookie is stored on your computer, or so that an alert will always appear before you create a new cookie.
However, please note that full deactivation of cookies may also lead to limited functionality of our Website.
Retention of personal data
We shall only keep your personal information for as long as necessary to implement a contractual relationship with the Subscriber under the auspices of which you are acting as the User. We shall retain personal data for the period necessary for the performance of the Agreement and for 5 years after its termination, except in cases where there is a dispute between the User or the Subscriber and the Provider regarding the Agreement. In the event of a dispute, the Provider shall keep the information for 5 years after a Judgement or arbitral award or settlement has been final, or if there has been no judicial dispute, for 5 years from the date of the amicable settlement of the dispute.
Contractual Personal Data Processing
As the Provider, we may entrust specific tasks related to your data to other persons (contractual processors). Contractual processors may process the data entrusted exclusively on behalf of the Provider, within the limits of the Provider’s authorisation (in a written agreement or other legal act), and in accordance with the purposes set out in this Privacy Policy.
Contractual processors with which the Provider cooperates shall be:
• IT and communication system maintainers,
• E-mail providers,
• Technical staff in other companies within the Provider’s group.
The Provider shall not pass on personal data to third party unauthorised persons. Contractual Processors may process personal data only within the framework of the Controller’s instructions, and may not use personal data to pursue any of their own interests.
The rights of an individual with regard to data processing
In order to ensure fair and transparent processing of personal data, you, as an individual, shall have the following rights:
• The right to withdraw your consent: If you, as an individual, have consented to the processing of your personal data, you shall have the right to withdraw your consent at any time. Withdrawal of consent shall mean that your Provider will no longer be able to provide you with the web accounting program services;
• The right of access to personal data: As an individual, you shall have the right to obtain from the Provider (Personal Data Controller) confirmation of whether personal data relating to you are being processed, and, where this is the case, to obtain access to personal data and certain information (about the purposes of the processing, about the types of personal data, about the users, the retention periods or criteria for determining the periods, the existence of the right to correct or delete data, the right to restrict and object to the processing and the right to appeal to the supervisory authority, the source of the data, if the data were not collected from you, the existence of automated decision-making, including profiling, the reasons for it and the significance and consequences of such processing for you and other information pursuant to Article 15 of GDPR).
• The right to rectification of personal data: The User shall have the right to have inaccurate personal data of the User rectified by the Provider without undue delay. The User shall have the right to supplement incomplete information, including the submission of a supplementary statement. This right shall be limited exclusively to personal data entered by the authorised person of the Subscriber – the original registration of the User. If the User Account of the User has been created by the Subscriber, then the correct address for the purpose of exercising this right shall be the contact person of the Subscriber who is considered to be the Controller of the personal data relating to the User;
• The right to delete personal data (the right to forget): The User shall have the right to have any data on the User maintained by the Provider deleted by the Provider. The User shall exercise this right through an authorised person of the Subscriber who shall be considered the Personal Data Controller;
• The right to data portability: The Users shall have the right to receive their personal data which they have submitted to the Provider in a structured, commonly used and machine-readable form, and the right to pass these data on to another controller. As an individual, you shall have the right to have the personal data transferred directly from one Controller (the Provider) to another when technically feasible in the exercise of that portability right.
The Provider shall previously forward all requests for exercising the rights for approval to the authorised person of the Subscriber under the auspices of which the User Account for the individual is created. The Provider shall reply to a request from individuals who exercise their rights in relation to personal data within one month of receiving the request or a response from the Subscriber for which the Provider performs contractual processing of the business data of the organisation under the auspices of which the User operates.
Amendments to Privacy Policy
This Privacy Policy may be amended or supplemented at any time without prior warning or notice. By using the Provider’s Websites after modification or addition, individuals shall confirm their agreement to the amendments and supplements.
Annex 2: PERSONAL DATA PROCESSING AGREEMENT
Introduction
The Personal Data Processing Agreement shall provide the basis for concluding a separate Personal Data Processing Agreement between the Contractual Processor (Provider) and the Personal Data Controller (Subscriber).
Due to a large number of Users of or Subscribers to the e-racuni.com web product and the specificity of the Subscribers’ requirements, we have prepared a model Agreement, which is supplemented by each Subscriber by specifying the type and processing of personal data that they control with the help of the Products and Services of the Provider (Contractual Processor). After the conclusion of the Agreement, it shall be considered an Annex to the Subscription Agreement for the Use of the Products and Services of the Provider.
Personal Data Processing Agreement
The Subscriber ________________ (name of legal entity), with registered office ________________________________________________________________________________________________ , Tax number: _____________ represented by _____________________ , (hereinafter referred to as the Controller)
and
the Provider E-RAČUNI d.o.o., Titova cesta 8, 2000 Maribor, Tax number SI95985352 (hereinafter the Contractual Processor)
shall agree on the conditions of processing and protection of personal data in relation to the processing of personal data, when the Subscriber shall act as Data Controller, and the company E-RAČUNI d.o.o. as Data Processor to fulfil service obligations under the Agreement on the Use of the Online Products/Services of the company e-RAČUNI
and to this end they shall conclude
THE PERSONAL DATA PROCESSING AGREEMENT
Article 1: (Purpose of the Agreement)
(1) The subject matter of this Agreement is the regulation of the contractual processing of personal data and the establishment of rights and obligations as laid down in Article 11 of the Personal Data Protection Act (hereinafter referred to as the ZVOP-1).
(2) The Contractual Processor shall perform the tasks with regard to the processing of personal data agreed upon with this Agreement for the Controller.
(3) The Controller shall ensure that the processing of all personal data referred to in Article 2 of this Agreement has a legal basis that is admissible.
(4) The Contractual Processor shall ensure that it is registered for the purpose of carrying out the activities referred to in Article 3 of this Agreement.
(5) Prior to the conclusion of the Personal Data Processing Agreement, the Controller shall be obliged to take out a Subscription for the use of the Services and/or Products of the Contractual Processor.
Article 2 (Subject of the Agreement)
(1) For the purpose of performing contractual processing under the provision of Article 11 of ZVOP-1, the Controller shall supply the following personal data to the Contractual Processor:
• The list of customers,
• The list of suppliers,
• The names and surnames of employees,
• The number of hours,
• The total number of full-time and part-time hours worked, with an indication of the type of working time worked,
• The number of hours worked during overtime,
• The number of hours not worked for which compensation for salary is received from the employer’s resources, with an indication of the type of the compensation,
• The number of hours not worked for which compensation for salary is paid by other organisations or employers and bodies, with an indication of the type of the compensation,
• The number of hours not worked for which no compensation for salary is paid,
• Bank account numbers,
• The number of gross salaries,
• Job title,
• etc.
(2) The personal data referred to in the previous paragraph are part of the database ________________ (e.g. on working time utilisation (please specify the name of the database as given in the catalogue of personal databases).
Article 3 (Purpose of contractual processing)
(1) The Contractual Processor shall perform only the following tasks for the Controller (specify which tasks the Controller shall entrust to the Contractual Processor – for example:
• Development and maintenance of the computer program for the calculation of wages,
• Development and maintenance of the computer program for the calculation of travel expenses,
• Development and maintenance of the computer program for the purposes of annual reporting for personal income tax,
• etc.
Article 4 (Obligations of the Contractual Processor)
The Contractual Processor shall be obliged to handle the obtained personal data in accordance with the provisions of ZVOP-1, and above all to use these personal data only for the purposes as defined in Article 3 of this Agreement.
Considering the technology available and the costs of the execution, extent, context and the purpose of processing, the Contractual Processor shall take all reasonable measures, including technical and organisational measures, to ensure a sufficient level of safety regarding the risk and category of the personal data that require protection.
The Contractual Processor and its employees shall ensure confidentiality with regard to the personal data processed in accordance with this Agreement. This provision shall continue to apply after the termination of the Agreement, irrespective of the reason for termination.
Article 5 (Protection)
(1) By signing this Agreement, the Parties shall undertake to ensure the appropriate procedures and measures referred to in Articles 24 and 25 of ZVOP-1.
(2) The Contractual Processor shall undertake to protect personal data in accordance with the Personal Data Protection Regulations, the provisions of this Agreement and the provisions of _____________________________________________________________________________________________ (provide the exact title of the internal Personal Data Protection Act adopted by the Controller, e.g. The Regulation on Personal Data Protection at the Controller), which shall form an integral part of this Agreement.
(3) The Contracting Parties shall agree specifically that the Contractual processor shall:
• Keep the personal data in locked rooms,
• Keep the personal data in a room protected by: Video surveillance system and alarm system,
• Ensure that the personal data are submitted by e-mail in encrypted attachments,
• Ensure that the transmission of sensitive personal data via telecommunication networks is protected by cryptography and electronic signature,
• Ensure that the personal data are only processed by specially authorised employees of the Contractual Processor.
(4) The Controller shall have the right to carry out once a year, at its expense, the supervision of the procedures and measures of the Contractual Processor referred to in the preceding paragraph of this Article. In so far as the supervision is carried out on premises, on software or hardware where third party data are stored, the Controller shall authorise an independent auditor to exercise the supervision on its behalf and at its expense. During the performance of the supervision, the Controller or the approved auditor shall not interfere with the normal workflow of the Contractual Processor. In so far as supervision costs are incurred by the Contractual Processor (working hours of specialist workers etc.), the Contractual Processor shall issue an invoice for the costs incurred, which the Controller shall be obliged to pay by the due date.
Article 6 (Responsibilities of the Data Controller)
By signing this Agreement, the Data Controller shall confirm that, when using the Provider’s application, its data may be processed freely in accordance with all legal requirements on Data Protection, including GDPR, and give its explicit consent to the processing of its personal data.
The Data Controller may withdraw this consent at any stage, but the Agreement shall terminate, and the Contractual Data Processor shall no longer be able to provide the Service. The basis for processing personal data is in the contractual use of the Products and Services of the Provider’s company.
The Data Controller shall be fully responsible for the accuracy, integrity, content, and reliability of the personal data processed by the Data Processor.
The Data Controller shall be fully responsible for the accuracy, integrity, content, and reliability of the personal data processed by the Data Processor.
The Parties shall settle any disputes amicably; however, if peaceful settlement shall not be possible, the court in Maribor shall have jurisdiction to settle the dispute.
Article 8 (Duration of the Agreement)
This Agreement shall enter into force upon its signing by both Parties. The Agreement shall only be valid if the Controller has a Subscription Agreement concluded and valid for the use of the Products and/or Services of the Contractual Processor.
Controller: Contractual Processor:
Date: