Aspira Institute (hereinafter referred to as the “Controller”) follows the principles of transparency and careful handling of personal data by the General Data Protection Regulation (GDPR) and the Personal Data Protection Act. Therefore we need your confirmation that we may use, store and process the personal data we have obtained from you by registering for our services for specific purposes. We will use the personal data collected solely for our services and take all necessary steps to protect it from breaches and misuse.


The controller of the personal data processed by the Personal Data Protection Policy is the Aspira Institute, Cesta Tončke Čeč 2, 1420
Trbovlje. If you have any questions, please send us an email at

Purposes of processing and grounds for data processing

We store and process your personal data for the purposes of online sales, email newsletters, and direct marketing. We collect personal data with the explicit consent or consent of individuals. Consents are stored together with their content and the content of the form used to obtain them.

To conduct online sales, email communications, and website traffic analysis, we store the following:

Email address,
name and surname,
home address,
mailing address,
telephone number,
company details,
information about your computer or mobile device (e.g., your IP address and browser type, device type),
information about how you use our Services (e.g., which pages you viewed, the time you viewed them, and what you clicked on),
other information that you voluntarily enter into forms in the online store.
Suppose our institution wishes to further process personal data for a purpose other than the purpose for which the personal data was
collected. In that case, we will provide the individual with information about that other purpose and any further relevant information as set out
in this document before further processing the data.

Retention of personal data and processing period

The controller stores your personal data on its own servers in Slovenia and on servers of cloud service providers in the EU Member States and
the USA.

The controller will not use this data for any purpose that would in any way harm the user or any other person involved. We will retain the data
subject’s personal data until the consent to store and process the data subject’s data is withdrawn. Upon revocation of the data subject’s
consent, we shall promptly delete the personal data in an effective and permanent manner. Invoices will be kept for ten years after the end of
the year to which the invoice relates by the law. Should the purposes for which we store and process personal data as described above cease in
our company, we will immediately and effectively delete the databases whose purpose has ended.

Rights of individuals regarding the processing of personal data

The Institute shall ensure that individuals exercise their rights without undue delay and, in any event, within one month of receipt of a
request. The controller shall provide individuals with the following rights regarding the processing of personal data:

the right of access to data,
the right to rectification,
the right to erasure (‘right to be forgotten),
the right to restriction of processing,
the right to data portability.
Please inform us of any changes to the personal data I hold about you to keep it accurate and up-to-date at all times.

Further explanations

If you have any questions, concerns, or comments about this Privacy Policy, you can email us at:

The policy will come into effect on 1st November 2022.