The user of the website or customer is informed that the provider processes their personal data in the manner and for the purposes specified in the Privacy Policy.

1. Responsibility

The online store is open every day, 24 hours a day. Due to various technical reasons, operation through the online store or even access to the store may sometimes be impossible; therefore, the provider reserves the right to restrict or suspend access to the online store for a definite or indefinite period.

The provider is not responsible for the store’s downtime due to user ignorance, any consequences of misuse of the online store, service downtime caused by network outages, power failures, or other technical disruptions that may temporarily or even for an extended period affect usage. If the user does not use the latest browser versions, the provider is not responsible for improper functioning or display of the website, online store, and their content.

The provider strives to ensure the accuracy and timeliness of the data published on the website and in the online store. Nevertheless, it is possible that the nature of services or products changes so quickly that it is impossible to update the data in the provider’s online store in time. In such cases, the provider will inform the customer of the changes and allow them to cancel the order or exchange the ordered product.

The provider endeavors to ensure the proper presentation of all services and products in the online store but allows for the possibility of inaccuracies in data, images, or textual material in the provider’s online store. For detailed descriptions and information, you can contact us anytime via email at info@cresus.si or by phone at +386 41 426 303 during our working hours, which are published on the last page of these General Terms and Conditions.

The provider does not guarantee that the website, online store, and services will always be available or that the use of the website and online store will be safe and uninterrupted. The provider is also not responsible for network and telephone connections, including coverage area or connection interruptions, nor for any damage resulting from the use of the website, such as data loss, loss of programs, connection costs, or similar damages. The provider’s liability is limited to intentional misconduct and gross negligence, and any compensation is limited to foreseeable typical damage, except in cases of claims for injury to life, body, health, or product liability claims.

A user who causes damage to the provider or third parties while using the service is obliged to compensate it under general rules of liability for damages.

2. Security and Third Parties

The provider has established technology and rules to protect users’ privacy from unauthorized access and misuse. The provider will update measures in accordance with technological development.

3. Advice to Users

Users are advised to use the online store in accordance with these General Terms and Conditions. Users must be aware that, despite care and supervision, misuse of the website by third parties is possible, for which the provider is not responsible.

4. Changes and Violations of Terms

The terms are prepared based on the applicable legislation. The provider may occasionally update these General Terms and Conditions in accordance with changes in services and activities and based on user feedback. When the provider does so, the date of the last update at the end of the terms will also change. The provider reserves the right to change the General Terms and Conditions at any time without prior notice, and the change takes effect upon publication.

The provider recommends that users regularly review these General Terms and Conditions to stay informed about the current terms of use and how the provider protects their privacy. The provider reserves the right to block access to content or the website to users who violate the General Terms and Conditions or act against them. If a user causes any damage to the provider through their conduct, they are fully morally, materially, and criminally liable for it.

Any violations of the website and services by other users can be reported to info@cresuus.si or to the address:
CRESUS d.o.o., Robindvor 140, 2370 Dravograd.

5. Customer Support and Contact with the Provider

In case of any questions regarding these General Terms and Conditions, General Conditions, Cookie Policy, Privacy Policy, orders, payments and payment terms, complaints, or other issues related to the website, online store, and services of the provider, including any compliments, comments, or complaints, we are available at:

Email: info@cresus.si;

Mail address: CRESUS d.o.o., Robindvor 140, 2370 Dravograd; or

Phone numbers: +386 41 306 213 and +386 41 426 303, Monday to Friday from 8:00 AM to 2:00 PM.

6. Dispute Resolution and Applicable Law

The provider, in accordance with Slovenian legislation, does not recognize any out-of-court consumer dispute resolution body as competent to resolve any potential consumer dispute that a consumer might raise under the Act on Out-of-Court Settlement of Consumer Disputes. As a provider of online services, and in accordance with the provisions of relevant legislation, we publish an electronic link to the platform for online dispute resolution (ODR). The platform is available to consumers at the following electronic address: http://ec.europa.eu/odr.

The law of the Republic of Slovenia applies to all relations between the provider and users.

The provider and the user undertake to resolve any disputes amicably and by agreement. If this is not possible, the competent court with jurisdiction over the matter will decide on the dispute.

These terms apply from the date of acceptance until cancellation or possible amendment.

The terms were last updated on January 6, 2025.

Dravograd, January 6, 2025

CRESUS d.o.o.

Protection of personal data

1. Personal Data Collections

CRESUS, financial consulting, d.o.o. respects your privacy and is committed to collecting, storing, and processing personal data carefully and in accordance with applicable data protection regulations. Since there may be links on our website to other, external websites that are not directly related to financial consulting activities, we do not assume responsibility for data protection on those websites.

CRESUS d.o.o. processes data for the purpose of conducting business activities and informing individuals about its offerings by collecting their personal data.

The controller of personal data is:

CRESUS, finančno svetovanje, d.o.o.
Robindvor 140
2370 Dravograd
Slovenia

2. What Types of Data Do We Collect?

We process your data to provide the services, activities, and products of Cresus d.o.o. The types of data we collect depend on your use of our services and/or products.

Direct Marketing
Data: First name, last name, and email address.
Purpose: We process this data solely to inform you about updates, webinars, promotional offers, news, and fresh content from the company. We also use email communication to direct you to various events and promotional campaigns related to the company’s activities.

Subscription
Data: First name, last name, billing address, email address, and data related to transactions conducted via our services.
Purpose: If you use our services as a subscriber or make purchases or other financial transactions via our website (e.g., completing a purchase), we also collect data related to the transaction. We process this data to fulfill our contractual obligations. This includes payment data such as name, address, and other account and authentication details, as well as invoicing data.

Cookie Data
Data: Cookie data stored on your device, including cookie IDs and settings.
Purpose: For more information about how we use cookies, please refer to our Cookie Policy.

3. Sharing Data with Contractual Processors and Independent Partners

We strictly limit how our partners and contractual processors may use and disclose the data we share with them. We enter into data processing agreements with each contractual processor, ensuring the implementation of appropriate technical and organizational measures to protect your personal data. We do not process data for profiling purposes.

Suppliers and Service Providers
We share data and content with suppliers and service providers who provide services to us (e.g., technical infrastructure support, analytics of our services usage, customer services, surveys).

Researchers
We also provide data and content to research partners to conduct studies that support science and innovation, contribute to societal benefit, technological progress, public interest, health, and well-being. However, this data is shared only in pseudonymized form, which does not reveal any personal information to the researchers.

4. What is our legal basis for processing data?
   We collect, use, and share data as described above:

based on your consent, which you may withdraw at any time;

as necessary for the performance of a contract;

as necessary to comply with our legal obligations;

in accordance with our legitimate interests, which include our interests in providing innovative, personalized, secure, and profitable services to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms requiring the protection of personal data.

5. Data retention, deactivation, and account deletion
   We retain your personal data in a form that permits your identification only for as long as necessary to fulfill the purpose for which it was processed. In line with the principles of purpose limitation and data minimization, we collect and process personal data solely for a clearly defined purpose and only to the extent necessary to achieve that purpose.

Before processing personal data for a purpose other than that for which it was originally collected, we conduct a compatibility test, assessing the relationship between the processing purposes, the nature of the data, the context and manner of collection and processing, possible consequences of the new use, and the application of appropriate safeguards. Throughout the processing, we ensure personal data is accurate and up to date. Personal data collected based on your consent is deleted upon your withdrawal of consent, provided there is no other legal basis for continued processing.

Notwithstanding the above, if certain personal data is required to protect our legal rights, we will retain such data until the end of the legal proceedings in which it is needed or, if proceedings have not yet commenced, until the expiration of the statute of limitations. The general limitation period in Slovenia is 5 years, with some exceptions. In addition, all personal data relevant for tax purposes is usually kept for a longer period, typically 10 years.

Where mandatory legal provisions prescribe different retention periods, we retain such personal data for the prescribed duration (e.g., where needed for legal or business purposes such as security, fraud prevention, and keeping financial records). For instance, some accounting data may be subject to permanent storage, although our customers’ personal data is generally not part of accounting records.

Once the applicable retention period expires, we delete or anonymize your personal data (i.e., we remove all identifiers that could link the data back to you as an individual). During deletion, we take special care to ensure that data is securely and completely removed from all our servers or retained only in anonymized form. We always strive to ensure that the operation of our services also ensures appropriate protection of your data against accidental or malicious destruction. For this reason, there may be a delay between the deletion of data and the removal of all copies from our systems and backups.

6. Data breach response
   In the event of a personal data breach, we will notify the competent authority without undue delay, and no later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify each affected individual without undue delay.

7. Your rights

Right to withdraw consent
Where we process your personal data based on your consent, you may withdraw that consent at any time by sending a written request to the email address provided above.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You will not receive any less favorable treatment or suffer any negative consequences as a result of withdrawing your consent.

Right of access
You have the right to obtain confirmation from us as to whether or not we are processing your personal data and, where that is the case, access to the data and certain additional information as set out in Article 15 of the General Data Protection Regulation (e.g., processing purposes, retention periods, existence of international transfers, etc.).

Please note that we may deny access if it would adversely affect the rights and freedoms of others.

Right to rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. Upon your request, we will correct or complete such inaccurate or outdated personal data without undue delay.

Right to erasure
Upon your request and subject to the validity of the request, we will erase your personal data without undue delay where:

it is no longer needed for the purposes for which it was collected or otherwise processed;

it was processed based on withdrawn consent and there is no other legal basis for processing;

you have objected to its processing and there are no overriding legitimate grounds for the processing;

it was unlawfully processed.

Right to restriction of processing
This right is not absolute and applies only in certain circumstances. During the restriction period, we may continue to store your personal data, but may not otherwise process it.

Upon your request, we will restrict the processing of your personal data without undue delay when:

you contest the accuracy of the data (processing will be restricted while we verify its accuracy);

processing is unlawful, but you oppose erasure and request restriction instead;

we no longer need the data for processing, but you require it for the establishment, exercise, or defense of legal claims; or

you object to processing, pending verification of whether our legitimate grounds override yours.

During the restriction period, such data will be processed only:

with your consent;

for the establishment, exercise, or defense of legal claims;

to protect the rights of another natural or legal person; or

for reasons of important public interest.
You will be informed before any restriction is lifted.

Right to data portability
Where processing is based on consent or contract and is carried out by automated means, you may request that we transfer your personal data to another controller, where technically feasible.

Right to object
This right is applicable in certain situations. Whether it applies depends on the purpose and legal basis of the processing. You have an absolute right to object to the processing of your personal data where the purpose is direct marketing. You may also object where processing is based on our legitimate interest, although in this case your right is not absolute.

When submitting an objection, you must specify your reasons. Based on your request, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for the establishment, exercise, or defense of legal claims.

Right to lodge a complaint
If we do not respond to your request within one month or if we reject your request, you may file a complaint with the Information Commissioner of the Republic of Slovenia — the supervisory authority for personal data protection.

Contact details of the Information Commissioner:

Information Commissioner of the Republic of Slovenia
Dunajska 22, 1000 Ljubljana
Phone: +386 1 230 97 30
Website: www.ip-rs.si
Email: gp.ip@ip-rs.si

8. Changes to the Privacy Policy
   CRESUS d.o.o. reserves the right to occasionally amend this Privacy Policy in order to update it or align it with the specific nature of our data processing activities.

The date of the latest update is always indicated at the end of the Privacy Policy.

We recommend that you regularly review this Privacy Policy to stay informed about which personal data we process and how we process it.

9. Additional information
   For additional information regarding the processing of personal data or to submit suggestions for improvement, please contact us at info@cresus.si or by post at Cresus d.o.o., Robindvor 140, 2370 Dravograd.

This Privacy Policy applies until revoked or amended.

Dravograd, January 2025