We use cookies on our website.
Some of them are necessary for the functioning of the site, but you can decide about others. View more
This Privacy Policy ("Policy"), together with the terms of use of this website and any other referenced documents, outlines the types of personal data that are processed, the manner and scope of processing, and information on data sharing, as well as your rights in relation to such processing. This Policy is in accordance with the provisions of the General Data Protection Regulation ("GDPR") and applicable national data protection laws. The terms used in this Policy have the same meaning as defined under the GDPR..
The data controller is Law Firm Ilić & Partners LLP, located at Gosposvetska cesta 11, 1000 Ljubljana, registration number 3468526000, with the general contact telephone number +386 590 866 00 and email address slovenia@odilaw.com (hereinafter referred to as “ODI” or “we”).
As a law firm, we process personal data of clients and other individuals involved in legal matters for various purposes essential to the provision of our services. The collection and processing of personal data are carried out in strict confidentiality and are necessary for fulfilling our contractual and legal obligations, as well as, in certain cases, for pursuing our legitimate interests. Below are the key purposes for which we process your personal data:
If you provide us with sensitive business information, trade secrets, or personal data concerning individuals such as your employees, counterparties, advisors, or suppliers for the purpose of legal services, we will process such data exclusively to provide our services in accordance with the applicable regulations governing legal practice, while ensuring strict confidentiality. Any information obtained from you is considered a trade secret and is protected in accordance with the Trade Secrets Act and other relevant legislation.
In most cases, we collect your personal data directly from you. However, in certain instances, we may obtain your data indirectly from the following sources:
The provision of your personal data is generally both a contractual and statutory requirement. As explained in this Policy, we require certain personal data to enter into a contract with you and to fulfil our contractual obligations. Additionally, we are legally required to process certain data in compliance with applicable laws.
If we are legally obliged to collect personal data or if we process such data based on your instructions or a contract concluded with you, and you fail to provide the requested data, we may be unable to carry out your instructions or fulfil our contractual obligations. In such cases, we may be required to cancel our agreement or terminate the contract we have concluded or are attempting to conclude with you. However, you will always be duly informed of such a decision.
Your personal data will not be used for automated decision-making or profiling.
Your personal data may be disclosed to the following recipients:
As a general rule, we do not transfer your personal data to third countries or countries outside the European Economic Area (EEA). In exceptional cases where such transfers occur, we ensure that an adequate level of protection is maintained in accordance with the GDPR and national data protection regulations.
When transferring your data to other countries, we process, share, and protect it in line with this Privacy Policy. Data is transferred to third countries only when necessary for the legal services we provide to you, or for the assertion, exercise, or defence of legal claims, and only if appropriate safeguards are in place to protect your personal data. Such safeguards include the Standard Contractual Clauses (SCCs) approved by the European Commission. SCCs are legally binding agreements that ensure any data transferred outside the EEA maintains the level of protection required under the GDPR. The content of the SCCs is available here.
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, accounting, or reporting obligations. Where required, ODI will also retain data to assert or defend against legal claims until the end of the relevant retention period or until the claims in question are settled.
Matters where the purpose of processing has been fulfilled will be stored in our archives for an additional five years, in accordance with the Attorney Act, after which they will be securely destroyed.
If we process your personal data, you have the right to request access to your personal data, as well as to rectify, erase, or restrict its processing. You also have the right to object to the processing of your data and to request data portability.
To exercise your rights, please send your request to slovenia@odilaw.com or contact us at +386 59 866 00. We will make every effort to process your request as promptly as possible, but no later than the timeframes prescribed by the GDPR, i.e. within one month, with the possibility of an exceptional extension if necessary.
Please note that the exercise of certain GDPR rights may be limited if you are not our client, as we are bound by legal professional privilege and confidentiality obligations under the regulations governing legal practice. Furthermore, we are required to enforce GDPR rights in a manner that does not negatively impact the rights and freedoms of others. On this basis, we may decline your request for access to personal data.
If you have given your consent for the collection, processing, and transfer of your personal data, you have the right to withdraw your consent, in whole or in part, at any time. Upon receiving a withdrawal notice, we will cease processing your data for the purpose(s) for which you originally consented, unless there is another legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If you believe that there has been non-compliance in the processing of your personal data, you may file a complaint with the supervisory authority for data protection: Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, Slovenia, email: gp.ip@ip-rs.si, telephone: +386 1 230 97 30.