PRIVACY POLICY

This English version is provided for information only. The Slovenian version is the legally binding text under the laws of the Republic of Slovenia.

1. Introduction

This privacy policy describes how the FinPortal.si website (hereinafter: the "website" or "operator") processes users' personal data in accordance with applicable law, including Regulation (EU) 2016/679 (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

By using the website, you confirm that you are familiar with this privacy policy and accept it.

2. Personal data controller

The personal data controller is:

Žiga Sitar (natural person)

Ljubljana, Slovenia

e-mail: info@finportal.si

Contact person for inquiries and complaints: Žiga Sitar

3. What data we collect

The operator may collect the following types of data:

3.1. Data you provide yourself

full name (if you submit an inquiry)
e-mail address
content of the message or inquiry
other data you voluntarily provide

3.2. Automatically collected data

When visiting the website, the following are collected automatically:

IP address
device and browser information
visit time and duration
pages viewed
technical operation data (e.g. errors, response times)

3.3. Cookies and analytics tools

The website uses cookies for:

basic site operation
visit analytics (e.g. Google Analytics)
improving the user experience

Details are described in the Cookie Policy.

4. Purpose and legal basis of processing

We process personal data for the following purposes:

4.1. Responding to inquiries

purpose: communication with users and forwarding of inquiries to the chosen bank(s)
legal basis: your consent (Art. 6(1)(a) GDPR)

4.2. Improving the website

purpose: usage analysis, content optimisation, and technical stability
legal basis: legitimate interest of the operator (Art. 6(1)(f) GDPR)

4.3. Ensuring security

purpose: prevention of abuse, technical protection of the system
legal basis: legitimate interest of the operator

4.4. Complying with legal obligations

purpose: fulfilling legal obligations
legal basis: Art. 6(1)(c) GDPR

5. Retention of personal data

We retain personal data for the following periods:

inquiries (leads) and related contact data: up to 90 days from submission of the inquiry
communication with users: up to 12 months after the end of the communication
analytics data: in accordance with the provider's policy (e.g. Google Analytics)
technical logs: up to 6 months
data required by law: for the period prescribed by law

Once the period expires, data is permanently deleted or anonymised.

6. Disclosure of data to third parties

We do not sell personal data and do not disclose it to unauthorised persons.

Data may be disclosed to:

hosting providers
analytics tool providers (e.g. Google Analytics)
IT maintenance providers
state authorities, when required by law

If a user submits an inquiry, the operator may, based on the user's selection, forward contact details and basic information about the inquiry to the bank or banks chosen by the user, so that the user may more easily obtain an offer. The forwarding occurs once (e.g. by e-mail) and only to the extent the user enters into the inquiry form.

Banks or providers that receive an inquiry may act as independent personal data controllers for further processing within their own procedures.

The operator may receive a fee for forwarding inquiries (e.g. based on the number of forwarded inquiries).

All contractual processors ensure an appropriate level of data protection.

7. Users' rights

Under the GDPR, you have the following rights:

right to access your data
right to rectify inaccurate data
right to erasure ("right to be forgotten")
right to restrict processing
right to object to processing
right to data portability
right to withdraw consent (when consent is the legal basis)

You can send a request to: info@finportal.si

The operator will respond within 30 days.

If you believe your personal data is being processed in violation of the regulations, you may lodge a complaint with the supervisory authority: Information Commissioner of the Republic of Slovenia (IP-RS), Dunajska cesta 22, 1000 Ljubljana, Slovenia, website: ip-rs.si.

8. Data security

The operator uses technical and organisational measures to protect personal data, including:

encryption of communication (HTTPS)
access controls
backups
protection of servers and applications

Nevertheless, no system is completely secure, so the operator cannot guarantee complete protection against all risks.

9. External links

The website may contain links to other websites. We are not responsible for the content, security, or privacy policy of those sites.

10. Changes to this privacy policy

The operator reserves the right to amend this privacy policy at any time. The updated version will be published on this page with the date of the last change.

11. Applicable law and competent court

This privacy policy is governed by the law of the Republic of Slovenia. The court with subject-matter jurisdiction in Ljubljana shall be competent for the resolution of any disputes.