CEFood Privacy Policy

This Privacy Policy governs the collection, storage, and processing of personal information that CEFood collects from you when you use the website https://cefood2022.si/ (hereinafter referred to as “website”) and other services, including programs and events that refer or link to this Privacy Policy (collectively “Service(s)”). User is any legal or natural person who uses or visits the websites (hereinafter referred to as “user”). The data controller of personal data within the meaning of the European General Data Protection Regulation and applicable Slovenian legislation on the protection of personal data is Borbona catering d.o.o., Parmova 53, 1000 Ljubljana, Slovenia, identification number: 6011292000, VAT number: SI61147737 (hereinafter referred to as “CEFood”, “provider”, “data controller” or “we”).

INFORMATION WE COLLECT

We collect information about you in three ways: directly from your input, from third-party sources, and through automated technologies.

Information you provide to us

The types of personal information that we collect directly from you depends on the content and features of the Service you use and how you otherwise interact with us and may include:

• Contact details, such as your name, email address, postal address, and phone number;
• Account login credentials, such as usernames and passwords, password hints and similar security information;
• Other account registration and profile information, including educational, professional and other background information, such as your field of study, current position, practice area and areas of interests, and gender;
• Content that you upload and share or store in your account, such as annotations, comments, contributions and replies;
• Payment information, such as a credit or debit card number;
• Information that you communicate to us, such as questions or information you send to customer support.

Data from your institution

We may obtain information about you from the institution with which you are employed or affiliated in order to activate and manage your access to and use of the institution’s subscription to the Service, including:

• Contact details, such as your name and institutional email address, postal address and phone number; and/or
• Other account registration information, such as job title.

Device and usage data

The Service may automatically collect information about how you and your device interact with the Service, such as:

• Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data;
• Usage data, such as the features you used, the settings you selected, URL click stream data, including date and time stamp and referring and exit pages, and pages you visited on the Service.

We collect this data through our servers and the use of cookies and other technologies. You can control cookies through your browser’s settings and other tools. However, if you choose to block certain cookies, you may not be able to register, login, or access certain parts or make full use of the Service. For more details, please see Section on Cookies in this Privacy Policy.

HOW WE USE YOUR INFORMATION

We are committed to delivering a relevant and useful experience to you. Depending on how you interact with us and the Service, we use your personal information to:

• Provide, activate and manage your access to and use of the Service;
• Process and fulfill a request, order, or other transaction in connection with the Service;
• Enhance and improve the Service, such as add new content and features;
• Notify you about changes, updates and other announcements related to the Service;
• Provide technical, product and other support and help to keep the Service working, safe and secure.

We may also use your personal information to:

• Respond to your requests, inquiries, comments or concerns;
• Invite you to submit or review manuscripts or otherwise participate in our Service;
• Issue payments and statements;
• Enhance and improve our products, events and services and develop new ones; and/or
• Comply with our legal obligations, resolve disputes and enforce our agreements.

SHARING OF YOUR INFORMATION

We share your personal information in the following ways and contexts.

Our service providers

Depending on the Service provided, we share your personal information with our:

• Suppliers and service providers, including editors, reviewers, payment processors, customer support, email service providers, access and authentication service providers, event venues and service providers, mailing houses, shipping agents and IT service providers;

to process the information as necessary to provide the Service, complete a transaction or fulfill your request or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

Legal reasons

We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:

• meet any applicable law, regulation, legal process or other legal obligation;
• detect, investigate and help prevent security, fraud or technical issues; and/or
• protect the rights, property or safety of CEFood, our users, employees or others..

Administrator data

If you are an administrator of an institution with a subscription to a Service, we will use your details to communicate with you about your institution’s subscription and related services. If you supply us contact information of your colleagues, we may include a reference to you when we contact those individuals with communications about the Service.

YOUR COMMUNICATIONS PREFERENCES

You can customize and manage your communications preferences and other settings when you register with the Service, by updating your account features and preferences, by using the “opt-in/out” or subscribe/unsubscribe mechanisms or other means provided within the communications that you receive from us or by contacting us. We reserve the right to notify you of changes or updates to the Service whenever necessary.

COOKIES

In addition to the Information which you supply to us, information and data may be automatically collected through the use of cookies. Cookies are small text files the website can use to recognise repeat users and allow us to observe behaviour and compile aggregate data in order to improve the website on your last visit. Cookies also allow us to count the number of unique and return visitors to our website. Some of our associated companies may themselves use cookies on their own websites. We have no access to, or control of these cookies, should this occur.

If you do not wish to receive cookies from us or any other website, you can turn cookies off on your web browser: please follow your browser provider’s instruction in order to do so. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

We use the following cookies:

Name	Expiration	Purpose
PH_HPXY_CHECK	Session	Used to detect and prevent brute force attacks on the website.

DATA RETENTION

We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

DATA SECURITY

We take precautions to safeguard your personal information against loss, theft and misuse and unauthorized access, disclosure, alteration and destruction through the use of appropriate technical and organizational measures.

GROUNDS FOR PROCESSING

When we process any personal information within the scope of certain privacy and data protection laws, we do so:

• where necessary to provide the Service, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
• where necessary for our compliance with applicable law or other legal obligation;
• where applicable, with your consent; and/or
• as necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfill our other legitimate interests as described in the sections above, except where our interests are overridden by your privacy rights.

Where we rely on your consent to process personal information, YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME, and where we rely on legitimate interests, you may have the right to object to our processing.

THIRD PARTY WEBSITES

Our website may contain links to third party websites. These websites have their own privacy policies for which the CEFood does not assume any liability.

RIGHTS OF THE INDIVIDUAL REGARDING DATA PROCESSING

If you have any questions about our Privacy Policy or processing in regards to your personal data, you can contact us through email info@cefood2022.si. Based on your request we will notify you in writting and in accordance with applicable legislation.

As an individual, you have the following rights regarding data processing, based on the General Data Protection Regulation (hereinafter referred to as »GDPR«):

The right to withdraw consent: if you have, as an individual, consented to processing of personal data (for one or more purposes), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Consent can be withdrawn through a written statement that is sent to the provider to one of the contacts at provider’s website https://cefood2022.si/. Withdrawal of consent for personal data processing has no negative consequences or sanctions for the individual. However, it is possible that the data controller may not be able to offer one or more of its services after the withdrawal of consent, if those services cannot be performed without personal data.

The right to access personal data: as an individual, you have the right to obtain confirmation from the provider (processor of personal data) as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, its users, the period for which the personal data will be stored, or the criteria used to determine that period, the right to request rectification or erasure of personal data or restriction of or objection to processing of personal data, the right to lodge a complaint with a supervisory authority, the source of the data if the data were not collected from you, the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, in accordance with Article 15 of the GDPR.

The right to rectify personal data: as an individual, you have the right to obtain from the provider without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The right to deletion of personal data (“the right to be forgotten”): you have the right to obtain from the provider without undue delay the deletion of your personal data when one of the below reason exists:

(i) the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed,

(ii) you have withdrawn your consent, and there is no legal basis for further processing,

(ii) you have objected to the processing of your personal data, and there are no overriding legitimate grounds for the processing,

(iv) your personal data have been unlawfully processed,

(v) the personal data have to be erased for compliance with legal obligation in European Union or Member State law to which the provider is subject,

(vi) the personal data have been collected in relation to the offer of information society.

As an individual under certain circumstances, as defined in Article 17, paragraph 3 of the GDPR, you do not have the right to data deletion.

The right to restriction of processing: as an individual, you have the right to obtain from the provider restriction of processing where one of the following applies:

(i) you contest the accuracy of the personal data for a period enabling the provider to verify the accuracy of the personal data,

(ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,

(iii) the provider no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,

(iv) you have objected to processing pending the verification whether the legitimate grounds of the provider override yours.

The right to data portability: you have the right to receive the personal data concerning you, which you have provided to the provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the provider to which the personal data have been provided, where:

(i) the processing is based on consent or on a contract; and

(ii) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have your personal data transmitted directly from one data controller (provider) to another, where technically feasible.

The right to object to data processing: as an individual, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (Article 6 (1), point (e) of the GDPR), processing is necessary for the purposes of the legitimate interests pursued by the provider or by a third party (Article 6 (1) point (f) of the GDPR), including profiling based on the data; the provider shall no longer process your personal data unless the provider demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing; where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. Where data are processed for scientific or historical research purposes or statistical purposes, you have the right, on grounds relating to your particular situation, to object to processing of your data, unless it is necessary for the performance of a task carried out in the public interest.

The right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes data protection regulations.

Without prejudice to any other administrative or non-judicial remedy, you have the right to an effective judicial remedy, against a legally binding decision of a supervisory authority concerning it, as well as where the supervisory authority which is competent does not handle a complaint or does not inform you within three months on the progress or outcome of the complaint lodged. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

The individual may address all her or his requests regarding personal data in written form to the provider, through one of the contacts at the website https://cefood2022.si/.

In order to ensure reliable identification in case of a user exercising his or her rights regarding personal data, the provider may request additional data from the user and shall not refuse to act on the request of the individual, unless the provider demonstrates that it is not in a position to identify the user.

The provider must, by user’s request to exercise his or her rights in regards to data processing, provide information without undue delay and in any event within one month of receipt of the request.

CHANGES

We reserve the right to change this privacy policy from time to time as necessary to the actual situation and legislation in the field of personal data protection. Please visit our website regularly and check our respective current privacy policy before any personal data is provided so that you are aware of any changes and additions. We will also notify you in advance of any changes that significantly affect the processing of your personal data (e.g. by notification on our website, by email).

CONTACT

Please submit any questions, concerns, or comments you have about this Privacy Policy or any requests concerning your personal data by email to info@cefood2022.si.

The information you provide when contacting us will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

BORBONA CATERING D.O.O.

Last update: December 2021