Privacy policy

Privacy Policy of Viral d.o.o.

1) About the Privacy Policy

The purpose of the Privacy Policy of Viral d.o.o. (hereinafter: "Privacy Policy") is to inform users of the services provided by Viral d.o.o. and other individuals (hereinafter also referred to as “individuals”) about the purposes and legal basis for the processing of personal data by Viral d.o.o., Podjelovo Brdo 19a, 4225 Sovodenj, Slovenia (EU) (hereinafter: "Company"), as well as the rights of individuals in this area.

The Company ensures special care for the security of your personal data. All personal data provided is treated confidentially and used solely for the purposes for which it was provided. We handle your personal data with the utmost care, complying with applicable legislation and the highest standards of processing. We ensure the security of your personal data through appropriate organizational measures, work procedures, advanced technological solutions, and external experts to provide the most effective protection for your personal data. This includes an appropriate level of protection and reasonable physical, electronic, and administrative measures to protect the collected data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access during transfer, storage, or processing.

This Privacy Policy also further explains the consent you have given for the processing of your personal data.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "General Data Protection Regulation"), this Privacy Policy includes the following information:

-    Contact information of the company
-    Purposes, legal bases, and types of processing of various types of personal data
-    Retention periods for different types of personal data
-    Rights of individuals concerning the processing of personal data
-    The right to file a complaint regarding personal data processing
-    Validity of the Privacy Policy

2) Personal data collected by the Company

If you are merely a visitor to the website, we collect data about you only through the use of cookies. If you are a user or subscriber of services provided by the Company, we also collect other personal data necessary for the provision of the services you have ordered or use. This personal data includes:
-    Name and surname
-    Contact email address
-    Contact telephone number
-    IP address
-    Data for issuing an offer based on your inquiry (your name, address, postal code, and city).

3) Data controller

The data controller for the personal data processed in accordance with this Privacy Policy is Viral d.o.o., Podjelovo Brdo 19a, 4225 Sovodenj, Slovenia (EU).

4) Categories of individuals whose personal data is processed

This Privacy Policy applies to anyone who has ordered and/or used our services or submitted an inquiry, as well as those who visit our website.

5) Purposes of processing and legal bases for data processing

5.1. Processing based on a contract:

Within the framework of exercising contractual rights and fulfilling contractual obligations, the Company processes your personal data for the following purposes: identifying individuals, preparing offers, concluding contracts, providing ordered services, informing about potential changes, additional details, and instructions for using services, resolving potential technical issues, objections, or complaints, invoicing services, and for other purposes necessary for the execution or conclusion of the contractual relationship between the Company and the individual.

For invoicing services, and in compliance with tax regulations, we also collect and process your address for the correct issuance of invoices.

5.2. Processing on the basis of legal obligations and legitimate interests:

On the basis of legitimate interest, we use your personal data to detect and prevent fraudulent use and misuse of services, ensure the stable and secure operation of our systems and services, and to implement information security measures.

We also process personal data for the purposes of fulfilling quality requirements and identifying technical defects in systems and services.

Based on legitimate interest, personal data may also be processed for enforcement, judicial, and extrajudicial debt recovery.

In accordance with the GDPR, in cases of suspected misuse, the Company may process data about individuals to identify and prevent potential fraud or misuse in a reasonable and proportionate manner. These data may also be shared with other service providers, business partners, law enforcement authorities, or other competent authorities, if deemed appropriate.

To prevent future misuse or fraud, data related to the history of established misuse or fraud may be retained for five years after the termination of the business relationship.

5.3. Processing based on consent for the processing of personal data:

Data processing may also be based on your consent provided to the Company.

Consent may relate to being informed about offers, benefits, and service improvements provided by the Company. The purpose of such notifications is to tailor the services as closely as possible to your needs and desires, thereby increasing their usefulness to you. Notifications are made through the channels selected in your consent.

You may withdraw your consent at any time, as described in the Privacy Policy.

Your consent can be withdrawn or amended in the same way it was given, or by another method defined in this Privacy Policy. The Company reserves the right to verify the identity of the individual. Consent modifications can also be made via email at info@racman.eu or in writing to the Company's registered address.

Withdrawal or amendment of consent applies only to data processed on the basis of your consent. The last consent received is valid. The possibility of withdrawing consent does not constitute a termination right in the business relationship with the Company.

Personal data for which you have provided consent will, in the absence of withdrawal, be processed for up to two years after the termination of the business relationship with the Company.

6) Restrictions on the disclosure of personal data

When necessary to perform specific tasks that contribute to our services, we may authorize other companies and individuals. In such cases, the company may share personal data with carefully selected external processors who will enter into a data processing agreement or a substantively equivalent arrangement or other binding document with the company (hereinafter referred to as the “Data Processing Agreement”). External processors will only be provided or granted access to personal data to the extent required for the specific purpose. These processors are prohibited from using the data for any other purpose and must comply with at least all the personal data processing standards prescribed by applicable law. External processors are contractually bound to maintain the confidentiality of your personal data.

The company may also disclose personal data to competent state authorities based on a justified request if such authorities have a legal basis for obtaining the data. For instance, the Company will respond to requests from courts, law enforcement agencies, and other state authorities, which may include authorities from other EU member states.

7) Period of personal data retention

The retention period of data is determined based on the category of individual data. Data is retained only for as long as necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the limitation periods for fulfilling obligations or the legally prescribed retention period.

Billing data and related contact information about individuals may be retained for the purpose of fulfilling contractual obligations until the full payment of the service or, at most, until the expiration of the limitation periods for individual claims, which may range from one to five years under the law. Invoices are retained for 10 years after the end of the year to which the invoice relates, in accordance with the law governing value-added tax.

Other data obtained on the basis of your consent is retained for the duration of the business relationship and for an additional 2 years after its termination, unless a longer retention period is prescribed by law. If an individual who has given consent for the processing of personal data has not entered into a business relationship with us, their consent is valid for 2 years from the time it was given or until it is revoked.

Upon the expiration of the retention period, data is deleted, destroyed, blocked, or anonymized unless the law specifies otherwise for a specific type of data.

8) Rights of individuals regarding the processing of personal data

We ensure the exercise of your rights regarding the processing of your personal data without undue delay. We will decide on your request within one month of receiving it. In the case of complexity and a large number of requests, the deadline may be extended by a maximum of two additional months. If the deadline is extended, we will inform you of such an extension within one month of receiving your request, along with the reasons for the delay.

Requests related to the exercise of your rights can be submitted via email to info@racman.eu or by mail to Viral d.o.o., Podjelovo Brdo 19a, 4225 Sovodenj, Slovenia (EU).

If you submit a request electronically, we will, where possible, provide the information by electronic means unless you request otherwise.

If there is reasonable doubt regarding the identity of the individual submitting a request concerning any of their rights, we may request the provision of additional information necessary to confirm the identity of the individual to whom the personal data pertains.

If the requests of the individual concerning personal data are clearly unfounded or excessive, particularly due to their repetitive nature, the company may:

-    charge a reasonable fee, taking into account the administrative costs of providing the information, communication, or implementing the requested action, or
-    refuse to act on the request.

We enable you to exercise the following rights regarding the processing of your personal data:

(i) the right of access to data
(ii) the right to rectification
(iii) the right to erasure ("right to be forgotten")
(iv) the right to restriction of processing
(v) the right to data portability
(vi) the right to object

(i) Right of access to data

You always have the right to know whether personal data concerning you is being processed and, if so, access to the personal data and the following information:

-    the purposes of the processing,
-    the categories of personal data being processed,
-    the recipients or categories of recipients to whom personal data has been or will be disclosed,
-    the expected period for which the personal data will be stored or, if not possible, the criteria used to determine that period,
-    the existence of the right to request from the controller rectification or erasure of personal data or restriction of the processing of your personal data or the right to object to such processing,
-    the right to lodge a complaint with a supervisory authority,
-    where personal data is not collected from you, any available information regarding its source.

(ii) Right to Rectification

You have the right to have inaccurate personal data concerning you corrected without undue delay, and considering the purposes of the processing, the right to have incomplete personal data completed, including by providing a supplementary statement.

(iii) Right to Erasure ("Right to be Forgotten")

You have the right to have your personal data erased without undue delay where one of the following reasons applies:

-    the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
-    you withdraw your consent on which the processing is based, and there is no other legal basis for the processing,
-    you object to the processing, and there are no overriding legitimate grounds for the processing,
-    the personal data has been unlawfully processed,
-    the personal data must be erased to comply with a legal obligation under EU or Slovenian law.

(iv) Right to restriction of processing

You have the right to obtain the restriction of the processing of your personal data in any of the following cases:

-    where you contest the accuracy of the data, for a period enabling the controller to verify the accuracy of the personal data,
-    the processing is unlawful, and you oppose the erasure of the personal data and request instead the restriction of its use,
-    the controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims,
-    you have objected to the processing based on legitimate interests, pending verification of whether the controller’s legitimate grounds override your interests, rights, and freedoms.

Where the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, except for storage, shall only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person.

Before lifting the restriction on the processing of your personal data, you must be notified.

(v) Right to data portability

You have the right to receive the personal data that you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from the company, where the processing is based on your consent and is carried out by automated means. Upon your request, where technically feasible, personal data may be transmitted directly to another controller.

(vi) Right to object

Where we process your data based on legitimate interests for marketing purposes, you can object to such processing at any time.

We will stop processing your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

9) Right to lodge a complaint regarding the processing of personal data

You may send any complaint regarding the processing of your personal data to the email address info@racman.eu or by mail to Viral d.o.o., Podjelovo Brdo 19a, 4225 Sovodenj, Slovenia (EU).

If we fail to make a decision on your request within the statutory deadline or refuse your request, you have the right to lodge a complaint with the Information Commissioner.

You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data infringes Slovenian or EU data protection laws.

If you have exercised the right of access to data and after receiving the decision, you believe that the personal data you received is not the data you requested, or you did not receive all the requested personal data, you may, before lodging a complaint with the Information Commissioner, submit a substantiated complaint to the company within 15 days. We must make a decision on your complaint as a new request within five working days.

10) Newsletter Subscription Terms and Conditions

By subscribing to the newsletter, the subscriber agrees that the personal data provided during subscription will be used and processed for sending messages related to the provider's activities (promotions, updates, advertisements, news, etc.) to their email address, no more than twice a month.

The subscriber may withdraw their consent for receiving newsletters at any time. To unsubscribe, simply click the "unsubscribe" link located at the bottom of any newsletter email you receive from us. Alternatively, the withdrawal can also be sent via email at info@racman.eu.

The terms of newsletter subscription are part of the Terms of Service of the website.

11) Final provisions

For everything not covered by this Privacy Policy, the applicable legislation applies.

The company reserves the right to amend this Privacy Policy. We will inform you of material changes to this Privacy Policy by posting the updated version on the official website of Viral d.o.o. before such changes take effect.

If you have any questions about this Privacy Policy or the data we hold about you, please write to us at the email address info@racman.eu.

12) Validity of the Privacy Policy

This Privacy Policy is published on the website of Viral d.o.o. and comes into effect on March 25th, 2026.

Viral d.o.o.