Privacy Policy

1. Introduction

This Privacy Policy sets out how SLOVENIA LAW BUSINESS & RESIDENCE, operated by POGODBA.NET, Tadej Možina, s. p. (hereinafter: SLBR), collects, processes, stores, and protects the personal data of website users and clients who use our legal advisory services.

SLBR is a legal advisory platform providing professional support in legal consulting, business entity formation in the Republic of Slovenia, obtaining residence permits, tax consulting, and other related activities.

The legal bases for processing personal data are:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR),
• Personal Data Protection Act (ZVOP-2), Official Gazette of the Republic of Slovenia, No. 163/22,
• Electronic Communications Act (ZEKom-2), Official Gazette of the Republic of Slovenia, No. 130/22, particularly provisions on cookies (Article 225).

2. Data Controller

The data controller within the meaning of Article 4(7) GDPR and Article 1 ZVOP-2 is:

For all inquiries regarding the processing of personal data, you may contact us at:

Email: office@slovenia-law.com

Phone: +386 40 753 123

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When using SLBR services, we may collect the following personal data:

a) Identification Data:

• Name and surname
• Date and place of birth
• Citizenship
• Personal document number (passport, ID card)
• Personal identification number (EMŠO for Slovenian citizens) or comparable identifiers for foreign nationals

b) Contact Data:

• Email address
• Phone number
• Postal address (permanent and temporary residence)

c) Business Data (for legal entities):

• Company name and legal form
• Registration and tax number
• Registered office
• Data about legal representatives and shareholders

d) Financial Data:

• Data for invoice issuance
• Payment transaction data

e) Service-Related Data:

• Documentation for obtaining residence permits
• Business activity data
• Family member data (when relevant to the service)

3.2 Data We Collect Automatically

When visiting our website, we automatically collect:

• IP address
• Browser type and version
• Operating system
• Date and time of access
• Visited subpages
• Referrer URL

4. Purposes and Legal Bases for Processing

We process personal data exclusively for specific, explicit, and legitimate purposes in accordance with Article 5(1)(b) GDPR:

5. Cookies

5.1 Legal Basis

In accordance with Article 225 of ZEKom-2, storing data or gaining access to data stored in the user's terminal equipment is permitted only on the condition that the user has consented after being clearly informed about the controller and the purposes of processing.

5.2 Types of Cookies

a) Strictly Necessary Cookies (without consent - Article 225(2) ZEKom-2):

• Session cookies
• Security cookies
• Cookies for storing user's cookie preferences

b) Analytical Cookies (with consent):

• Google Analytics or comparable services for visit analysis

c) Marketing Cookies (with consent):

• Cookies for displaying personalized content and advertising

5.3 Consent Management

Upon first visit to our website, a cookie notice appears where you can:

• Accept all cookies
• Reject non-essential cookies
• Customize settings by individual categories

You may withdraw or change your consent at any time through settings on our website or through your browser settings.

6. Recipients of Personal Data

Based on your consent, we may share personal data with the following categories of recipients:

a) State Authorities and Institutions:

• Administrative Units of the Republic of Slovenia (residence permit procedures)
• AJPES (business entity registration)
• FURS (tax obligations)
• Other competent authorities when required by law

b) Contractual Processors:

• IT service providers (website hosting)
• Email service providers
• Accounting services (exclusively for business documentation management)

We have concluded data processing agreements with all processors in accordance with Article 28 GDPR, ensuring an appropriate level of protection.

c) Third Parties Based on Your Consent:

• Notaries, translators, other professionals involved in service delivery

We do not transfer personal data to third countries outside the EU/EEA without appropriate safeguards in accordance with Articles 44-49 GDPR.

7. Retention Period

We retain personal data only for as long as necessary to achieve the purposes for which they were collected:

After the specified periods expire, we securely delete or anonymize the data.

8. Individual Rights

In accordance with GDPR and ZVOP-2, you have the following rights:

8.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you are being processed, and access to such data.

8.2 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate personal data and completion of incomplete data.

8.3 Right to Erasure (Article 17 GDPR)

You have the right to request erasure of personal data when legal conditions are met (e.g., data are no longer necessary for the purpose for which they were collected).

8.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing in certain cases.

8.5 Right to Data Portability (Article 20 GDPR)

When processing is based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format.

8.6 Right to Object (Article 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

8.8 Exercising Your Rights

You may submit a request to exercise your rights:

By email: office@slovenia-law.com

We will respond to your request within one month. The period may be extended by a maximum of two additional months considering the complexity and number of requests.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data violates GDPR or ZVOP-2, you have the right to lodge a complaint with the competent supervisory authority:

In accordance with Article 11 of ZVOP-2, you also have the right to judicial protection of your rights before the competent administrative court.

10. Security of Personal Data

In accordance with Article 32 GDPR and Article 5 ZVOP-2, we implement appropriate technical and organizational measures to ensure the security of personal data:

• Encrypted communication (SSL/TLS)
• Restricted access to personal data to authorized persons only
• Regular security backups
• Physical security of premises
• Employee training on data protection
• Record of processing activities in accordance with Article 30 GDPR

11. Automated Decision-Making and Profiling

SLBR does not engage in automated decision-making, including profiling, that would have legal or similarly significant effects on individuals within the meaning of Article 22 GDPR.

12. Links to External Websites

Our website may contain links to external websites. We are not responsible for the protection of personal data on these sites. We recommend that you read their privacy policies before using external sites.

13. Changes to the Privacy Policy

We may occasionally update this Privacy Policy. Significant changes will be published on our website. We recommend that you regularly check this page for any updates.

Effective Date of this Policy: January 1, 2026

14. Contact

For all questions, suggestions, or requests regarding data protection, please contact:

This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act (ZVOP-2), and the Electronic Communications Act (ZEKom-2).