Privacy policy

In this Privacy Policy, “we”, “us” and “our” refer to the data controller:

KMA LEGAL
Barvarska ulica 5
SI-2000 Maribor
Slovenia
Email: office@kma-legal.com

1. Legal Basis for Processing Personal Data

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)

  • The Slovenian Personal Data Protection Act (ZVOP-2)

  • Other applicable legislation of the Republic of Slovenia and the European Union

Personal data is processed lawfully, fairly, and transparently, and only for specific, explicit, and legitimate purposes.

2. What Personal Data We Collect

Through website forms, electronic communication, or business cooperation, we may collect the following personal data:

  • First and last name

  • Email address

  • Postal address

  • ZIP code and city

  • Phone number

  • Company name

  • VAT number

  • Company registration details

  • Website and social media information

  • Business goals, interests, preferences, and notes

  • IP address

  • Technical data (browser type, device information, access time)

We collect only the data that is necessary for the specific purpose of processing.

3. Purposes and Legal Grounds for Processing

We process personal data for the following purposes:

Performance of a contract (Article 6(1)(b) GDPR)

  • Provision of ordered services

  • Communication with clients

  • Issuing invoices

  • Customer support

Compliance with legal obligations (Article 6(1)(c) GDPR)

  • Accounting and tax obligations

Legitimate interest (Article 6(1)(f) GDPR)

  • Ensuring website security

  • Preventing misuse

  • Basic business communication

Consent (Article 6(1)(a) GDPR)

  • Sending newsletters and promotional content

  • Informing about events

  • Providing personalized offers

Where processing is based on consent, it is always voluntary and may be withdrawn at any time.

4. Marketing Communications

We send electronic newsletters, offers, and promotional content only on the basis of prior explicit consent.

You may withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting us directly.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Data Retention Period

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contract and invoice-related data: in accordance with accounting legislation (5 to 10 years)

  • Marketing data: until consent is withdrawn

  • Inquiry data: up to 12 months after the last communication

After the retention period expires, personal data is permanently deleted or anonymized.

6. Data Sharing and Data Processors

Personal data may be shared with external data processors where necessary for service provision, such as:

  • Accounting service providers

  • Hosting and IT service providers

  • Email service providers

  • Payment service providers

  • Legal advisors

All processors are bound by appropriate data processing agreements in compliance with GDPR.

If personal data is transferred outside the EU or EEA, appropriate safeguards are implemented, such as Standard Contractual Clauses approved by the European Commission.

7. Your Rights

Under GDPR, you have the following rights:

  • The right of access to your personal data

  • The right to rectification

  • The right to erasure (“right to be forgotten”)

  • The right to restriction of processing

  • The right to data portability

  • The right to object to processing

  • The right to withdraw consent

We will respond to your request no later than one month from receipt.

You also have the right to lodge a complaint with the competent supervisory authority:

Information Commissioner of the Republic of Slovenia
https://www.ip-rs.si

8. Personal Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

However, no data transmission over the internet can be guaranteed to be completely secure.

9. Cookies

Our website uses cookies in accordance with applicable legislation and our Cookie Policy.

Non-essential cookies are installed only based on prior user consent.

10. Amendments to This Privacy Policy

We may update this Privacy Policy from time to time due to changes in legislation or business operations.

Last updated: 27 February 2026