Controller of personal data collection (Data Controller): Slovenska tiskovna agencija d.o.o. Ljubljana, Tivolska 48, Ljubljana, e-mail: marketing sta si, telephone (01) 24 10 126
Contact of the Data Protection Officer (DPO): N/A
This website uses cookies. You can manage and customise them at any time using the options below:
Cookies managed by STA d.o.o.:
| Cookie name | Cookie description | Duration |
|---|---|---|
| mainsess | Session identifier for basic operation and login/user session. | Session |
| uid, cid | Internal user identifier for reading statistics/visits on STA and security of user accounts. | 1 year |
| *_ac | Cookie settings | 1 year |
Essential cookies also include those from Cloudflare, Vimeo, and Dailymotion services.
Google Analytics is used for analytics.
This group includes cookies from YouTube, Facebook, X and SoundCloud.
Cookies that are loaded along with certain ad banners. Since they depend on the respective advertiser, they have not been listed.
Only basic subscriber data is stored on the web server: company name, address, username, and password. Passwords are set by STA. A forgotten password is sent to the subscriber upon request by email, but only to the address (domain) that corresponds to the company name. Subscribers are advised not to use the password received from STA for any other website or service.
STA stores data on news read for analytical purposes.
Registration is required to pay for news and/or photos with tokens. Upon registration, the user provides their email address and chooses a username and password. The password is stored on the server as a cryptographic hash.
By registering, the user accepts the general terms and conditions (for news or for photos) and agrees that STA may occasionally send them informational material or offers. The legal basis for sending such materials and offers is the second paragraph of Article 226 of the Electronic Communications Act (ZEKom-2). Every copy of the material or offer will provide a clear and explicit option to object to such use of their email address easily and free of charge, assuming they have not rejected such use upon registration.
A user may revoke permission for sending emails at any time via the »My Account« link (for news or for photos).
The purchase of tokens is processed via external payment processors – VALÚ Monete or Braintree. When purchasing tokens, the user is redirected to the payment processor's website. The privacy policy and terms of business of the payment processor apply during the visit to their website.
If payment is successful, STA does not receive any personal data of the payer from VALÚ Moneta. Information about the telephone number used to make the purchase is available to STA via the VALÚ Moneta portal. STA accesses this data in case of complaints.
From Braintree, the following payer data is received: first name, last name, address, city, country. STA does not receive the credit card number.
STA stores data on token payments and data on token usage for the purchase of news and/or photos, as well as the time and IP address from which the transactions were made.
Organisations that subscribe to distribute their messages via the O-STA service provide the agency with a completed order form or sign a contract containing all data required for invoicing purposes: company name, address, tax number, contact person and email address. The subscriber selects a username and password. The password is stored on the server in the form of a cryptographic hash.
Anyone may subscribe to receive O-STA messages free of charge. Upon registration, the individual must provide their name and email address and may also provide the company name and registered office, business activity and telephone number. During registration, the user selects the categories of interest and the language (Slovenian and/or English).
Message recipients may unsubscribe at any time on the O-STA website.
Anyone may subscribe to receive newsletters (STAkrog, STAmisli, STAznanost and STApartner) free of charge. Upon registration, the user must provide an email address. Newsletter recipients may unsubscribe at any time via the link provided at the bottom of each newsletter.
The website https://dogodki.sta.si contains a link to https://dogodki.siol.net/dodaj, through which the Controller, in cooperation with TSmedia, enables the submission of events. Event organisers enter the required data into the published form, including certain personal data: the author or copyright holder of any photographs submitted for publication, the name of the event organiser if the organiser is a natural person, the email address if it relates to a natural person, and any other personal data provided via the form. The Controller will use these data exclusively for the purpose of publishing an event announcement. The personal data provided will be published and/or made publicly accessible, except for the email address, which will be used exclusively for communication between the Siol.net teams and the Controller for the purposes of publishing the event announcement.
STA processes your personal data when you do business with us, use our websites or applications, or otherwise cooperate with us, including for the following purposes:
Protection of persons and property and protection of the Controller’s legal interests (e.g. handling requests for withdrawal or correction under the Media Act, handling claims in judicial and other proceedings related to the Controller’s activities, such as claims relating to the publication of court decisions, handling user complaints regarding our services, etc.).
The Controller processes personal data on the basis of its legitimate interests unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Prior to processing personal data on the basis of legitimate interest, the Controller carries out a Legitimate Interest Assessment (LIA).
The company does not disclose customers’ personal data to third parties, except to:
In certain cases, the Controller transfers collected personal data to the United States, exclusively to companies that have joined the EU–US Data Privacy Framework (EU–US DPF). By joining the Framework, these companies have committed to complying with a set of privacy protection obligations which the European Commission has determined ensure an adequate level of personal data protection comparable to that provided in the EU.
Your personal data will be processed only to the extent necessary to achieve the purposes of processing and for as long as required to fulfil those purposes.
Personal data are processed until the purpose for which they were collected has been fulfilled, in particular where processing is necessary due to or in connection with a contract concluded with us, unless a longer retention period is prescribed by law. In such cases, personal data are retained in accordance with applicable legal provisions.
Personal data collected and processed solely on the basis of your consent will cease to be processed upon withdrawal of consent.
Unless otherwise provided by this privacy policy or by other laws, executive regulations or internal acts, the purpose of processing personal data is deemed fulfilled upon expiry of the longest statutory limitation period for asserting or defending claims arising from a specific factual situation (the general limitation period is five years; exceptionally shorter periods of one or three years apply, or longer periods of ten years).
By submitting a written request to the Controller’s address or by email to marketing sta si, a data subject may request access to, supplementation, rectification, blocking or restriction of processing, or erasure of personal data, object to the processing of their data, and request data portability. The Controller will decide on the request based on the legal basis applicable to the processing of the specific personal data.
Requests for the exercise of individual rights must be reasoned, must specify the reason for exercising the right and indicate which right is being exercised. The request must be signed. Anonymous requests will not be considered. If the Controller doubts the identity of the individual submitting the request, it may require additional proof or justification of identity, including inspection of an identity document. False or malicious requests may be reported to the competent supervisory authorities and/or law-enforcement authorities.
Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
You may lodge a complaint with the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, email:gp.ip ip-rs si telephone: (01) 230 9730, website: www.ip-rs.si).
Is the data subject obliged to provide personal data and the possible consequences of failure to do so:
Personal data collected on the basis of an existing or potential contractual relationship (i.e. data required to provide a requested service or to respond to an enquiry) must be provided; otherwise, we cannot provide the service or respond to the enquiry.
The same applies to personal data collected to fulfil our legal obligations (this is an obligation that we are required to fulfil according to law). Failure to provide such data makes cooperation impossible.
1Article 6(1)(f) of the GDPR.
2Article 4(9) of the GDPR.