Privacy policy

 

 

This website www.mccann.si is operated by a Ginger Communication Hub, poslovno svetovanje, d.o.o., Company Registration Number: 6330932000, with its registered office at  Trstenjakova ulica 14, 1000 Ljubljana, Slovenia (hereinafter referred to as the “Controller” or the “Company”).

 

Company is committed to preserving the privacy of all visitors to www.mccann.si and to protecting any personal data that you may provide to us in compliance with the applicable regulations.

 

The Controller retains all copyright rights related to the use of photographs, texts, and other published materials, in accordance with the applicable legal regulations of the Republic of Slovenia. Photographs, texts, and other materials may not be published, sold, made available publicly or privately, or otherwise used without our prior consent. Failure to comply with these conditions entails liability and the obligation to compensate the Controller for any material damage resulting from violations of applicable law.

 

  1. Introductory Provision 

 

  1. This Privacy Policy governs the collection and processing of data within the website www.mccann.si.

 

  1. The definitions and terms used in this Privacy Policy correspond to those contained in the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and Personal Data Protection Act – ZVOP-2 (Uradni list RS, št. 163/22 in 40/25 – ZInfV-1) (hereinafter referred to as: “Law”). The Controller is committed to complying with the legislation of the Republic of Slovenia governing personal data protection, as well as to respecting the protection of fundamental human rights and freedoms, particularly the right to privacy of individuals whose personal data is processed by the Company.

 

  1. Clicking the “Accept Cookies” button, or any other similarly labeled button with an equivalent function, in the pop-up window displayed to new users upon their first visit to the website www.mccann.si, shall be considered an active and voluntary action aimed at establishing a lawful legal basis for the collection and processing of data in the manner and for the purposes described in this Privacy Policy, without any reservations. The Controller shall be able to demonstrate, through an electronic record (log) or by other means, that the data subject has performed the aforementioned active and voluntary action, thereby confirming that they have been informed of and agree with this Privacy Policy. The said electronic record (log) shall be deemed a legally valid and sufficient proof of consent, in accordance with the Law.

 

  1. This Privacy Policy may be amended at any time, with any changes being displayed on the homepage of www.mccann.si. In such cases, data subjects will be asked to provide renewed consent for the processing of personal data, in accordance with the amendments made to this Privacy Policy.

 

  1. The rules governing the collection of personal data through Cookies shall be specified in a separate Cookie Policy. All provisions related to giving consent to this Privacy Policy via the designated pop-up window, including the retention of proof in the form of an electronic record (log), as well as the procedure for modifying and notifying data subjects of any changes, shall apply equally to the use of Cookies.

 

  1. For any additional questions regarding the rules and provisions of this Privacy Policy, you may contact us by sending an inquiry to the following address:dpo@amagroup.net

 

  1. Data Processed by the Controller

 

  1. The Controller may collect various categories of personal data, which are used for different purposes and based on different legal grounds. Typically, this includes a set of data that enables the identification of the data subject, the establishment of communication with the data subject, or data necessary for providing a specific service upon the request of the data subject, or for fulfilling the Controller’s legal obligations. This includes, but is not limited to: 

  1. Data that the visitor may voluntarily provide to the Controller by sending an email to the address indicated in the “Contact” section, for the purpose of establishing business communication with the Controller, or for a job application;

  2. Data collected electronically on visitor identification (IP address, etc.);

  3. Data collected through cookies that the user has enabled or consented to, as described in the separate Cookie Policy.

 

  1. Personal data is collected only to the extent necessary for the achievement of a specific purpose.

 

  1. The website www.mccann.si contains a links to the Controller’s pages on social networks. All data collected by the said platform during your visit, as well as any data you voluntarily provide on that platform, shall be subject not only to this Privacy Policy but also to the rules established by the platform itself (such as its Terms of Service/Terms of Use, Privacy Policy, Cookie Policy, etc.). The Controller shall not be held liable for any form of unlawful use of personal data committed by the company that owns or controls the said platform. The privacy policy of the here mentioned platforms can be accessed via the following links: 

  1. https://www.linkedin.com/legal/user-agreement

  2. https://www.facebook.com/policy.php

  3. https://help.instagram.com/519522125107875/?maybe_redirect_pol=0 

 

  1. Legal Basis for Data Processing

 

1.  The legal basis for the processing of personal data is the freely given and informed consent of the data subject, i.e. their agreement for the purposes defined in this Privacy Policy, in accordance with the Law.

 

2. Your Personal Data obtained based on your consent will be processed and stored as long as your consent exists, that is, until your consent is revoked. You can revoke your consent to the collection, processing and use of your data at any time by sending an electronic request to the email address: dpo@amagroup.net.

 

3. The revocation of consent does not affect the permissibility of processing Personal Data based on your consent before the revocation.

 

  1.  Purpose of Data Processing

 

  1. The Controller uses data for various purposes, which are always directly related to the legal basis for processing. The Controller offers different types of services to other entities, and in order to establish a business relationship, collects and processes certain personal data. This particularly applies to data submitted via the website www.mccann.si by visitors seeking to establish business contact with the Controller and to receive a non-binding service offer. Data may also be processed for the purpose of contacting individuals in order to negotiate contract terms and fulfill other potential obligations arising from a contractual relationship. If a business relationship is subsequently established, the Controller will provide the business partner with a notice on personal data processing. For any additional processing purposes that may arise, the data subject will be informed of all necessary details prior to the commencement of such processing activities, and the processing will be based on an appropriate legal basis, in accordance with the law. The purpose of processing in relation to cookies is defined in the separate Cookie Policy. 

 

  1. Disclosure and Transfer of Personal Data

 

  1. Data may be disclosed to employees of the Controller, professional advisors, service providers, IT technicians, government authorities, and individuals who are contractually engaged with the Controller (Data Processors) and entrusted with specific data processing activities (all in accordance with legally prescribed conditions related to information security, confidentiality obligations, and contractual regulation of rights and responsibilities). Your personal data may also be shared with companies within the AMA Group, which includes Company. All parties are required to handle personal data in accordance with all provisions of the Law regarding the security of personal data processing.

 

  1. Regulary the Controller will not transfer personal data outside the borders of the EU but since Company is member of AMA Group which operates in many countries, your personal data, in particular the data which you upload through the Contact section of the website, may be accessed by staff of AMA Group, transferred to, and/or stored at, a destination outside the EU in which data protection laws may be of a lower standard than in the EU. However we always seek to ensure that your personal data receives the same level of protection as it would had it stayed within the EU, including seeking to ensure that it is kept secure and used only in accordance with our instructions and for the agreed purpose(s). For avoid of any doubt, the Controller will undertake all activities required in accordance with the Law if it is necessary to export some data outside the EU.

 

  1. Rights of Data Subjects in Relation to the Processing of Personal Data

 

  1. The data subject whose personal data is processed by the Controller may request the following:1) access to personal data, 2) correction of personal data, and 3) deletion of personal data. In addition, the following rights may also be exercised:1) the right to restrict the processing of personal data, 2) the right to data portability, and 3) the right to lodge a complaint with the national data protection authority. To exercise these rights, a request should be submitted to the following email address: dpo@amagroup.net.

 

  1. Certain rights (e.g., the right to erasure) may, in specific situations, be subject to legal limitations, and exercising such rights may lead to various legal consequences in accordance with the law (e.g., inability to continue providing certain services, obligation to compensate for incurred damages, etc.).

 

  1. Personal Data Protection

 

  1. Within its business organization, the Controller strives to apply the highest possible standards in the field of personal data protection. Accordingly, it implements all necessary organizational measures (such as signing confidentiality statements or incorporating appropriate confidentiality clauses into contracts, signing relevant data processing agreements, and conducting periodic training sessions to remind employees of their data protection obligations), as well as technical measures (such as physical access control using keys, access control systems, mandatory use of passwords, etc.).

 

  1. In accordance with the above, the policy of the Controller is that, within the framework of technical measures, the creation, storage, processing and access to data, documents and information is carried out on the company’s document management systems (among others: Microsoft Sharepoint portal, File Server, Archive Server, Microsoft NAV, Pantheon, etc.). The Controller takes care that its employees are obliged to create and process data, documents and information on company computers and associated storage devices, while storing confidential data and documents is prohibited on the same. Additionally, data on document management and ERP solutions are stored within predefined structures of locations, sites and document libraries that have predefined access rights. All company computers and external storage devices are protected by “bitlocker” encryption. Users access all IT services based on a multi-layer authentication system (“MFA”) controlled by the “Microsoft Active Directory” and “Network Access Protection (NAP)” systems. In addition to the above, the Controller ensures that its employees do not use certain systems arbitrarily, and internal procedures prohibit the use of private, public and cloud computer resources and storage systems for the processes of creating, processing, saving and accessing data, documents and information. Finally, the Controller periodically conducts employee education regarding the security of using system applications.

 

  1. All data processors and/or other recipients of personal data are also required to implement all prescribed protection measures, in accordance with the signed agreement with the Controller and the standards and obligations set forth by law.

 

  1. Personal Data Retention Period

 

  1. The Controller strives to retain data only for the period necessary to fulfill a specific, defined purpose of processing, after which the data is either deleted or rendered unrecognizable (through anonymization measures). The exact retention period, or the criteria by which it can be determined, depends on the purpose for which the personal data is being processed.

 

  1. When personal data is processed by the Controller based on consent, the data collected for the purpose of establishing business contact is retained in the Controller’s databases until the consent is withdrawn.

 

  1. Personal data of the Company’s clients is processed for as long as the processing is necessary to provide services to the Company’s client.

 

  1. Data collected through web browsers and cookies is retained for the duration specified by the cookies accepted by the data subject, as described in the Controller’s Cookie Policy.

 

  1. Additional information regarding retention periods and methods of data storage can be found in separate notices.

 

  1. Additional Information 

 

  1. Personal data collected through the website www.mccann.si is not transferred outside the Republic of Slovenia, except in cases previously mentiond in this Policy or involving the use of third-party cookies, for which the Controller cannot be held responsible. The servers used for data transfer are located within EEA countries where an adequate level of personal data protection is ensured. In exceptional cases where data transfer occurs via servers outside the EEA, such transfer will be carried out with the application of appropriate protection measures, in accordance with the law.

 

  1. In cases where personal data needs to be transferred to another country, i.e., outside the territory of the Republic of Slovenia, the transfer will be carried out in accordance with all rules prescribed by the applicable law, or by applying another appropriate transfer mechanism (for example, a decision confirming that an adequate level of personal data protection is ensured in a specific country).

 

  1. Providing personal data by the subject of data is neither a legal nor a contractual obligation when using the functionalities offered by the website. Failure to provide the requested data may result only in the inability to establish the requested contact necessary for further communication via this channel, or the inability to use services available through the website www.mccann.si.

 

  1. When processing data collected through the website, the Controller does not use any automated decision-making or profiling of the data subject.

 

  1. Your Personal Data will be treated as confidential information, and Controlor will take appropriate necessary measures to protect it in accordance with the Law. Access to them will be granted only to persons who, considering the description of the work they perform, should be familiar with your Personal Data and only to the extent necessary for the performance of their work.

 

  1. If Controller decide to change this Privacy Policy, the changes will be posted and published on the website www.mccann.si. This Privacy Policy is available on the website www.mccann.si.

Ljubljana, 24/02/2026

Contact

Facebook-square
Instagram
Linkedin