Privacy Policy

These privacy rules (Rules) determine how Agilcon Group, as defined below, obtains, stores, and uses your personal data. Agilcon Group is composed of a number of legal entities, including:

• Agilcon d.o.o., Letališka cesta 32, 1000 Ljubljana, Slovenija
• Gecko HRM d.o.o., Letališka cesta 32, 1000 Ljubljana, Slovenija
• Agilcon d.o.o., Roberta Frangeša Mihanovića 9, 10000, Zagreb, Hrvatska
• Agilcon d.o.o., Sazonova 3, 11000 Beograd, Republika Srbija.

All entities (collectively, “Group or individually “Group entity”).

These rules on privacy are in force for:

• Our web pages https://www.agilcon.si/ and https://www.geckohrm.com (hereinafter together: webpage) and our social media,
• Organisation and execution of Agilcon Group corporate and business events (webinars included)
• Registration for receiving information on novelties and our offer of services
• Acquisition of our products and solutions, including our professional services
• Inquiries for the Salesforce and Gecko HRM solutions and services through email, telephone, and forms on our web pages, social channels, and applications
• Transfers of the documents that are at the disposal of our web pages and
• Your use of any other, present or future web on non-web service, technical support, or offer, discussions of the Group (hereinafter altogether: Services)

Group entities are joint data controllers in relation to personal data collected via the Services.

Where legal entities within the Group jointly determine the purpose and means of data processing their respective responsibilities as joint controllers for compliance with the obligations under the respective data privacy laws, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to (for example: in Articles 13 and 14 of the GDPR) are regulated by means of an intra-group data processing contract. A summary of such an arrangement may be provided through a written request sent to privacy@agilcon.com.

Any regulatory specifics in relation to a jurisdiction where an Agilcon Group entity has been incorporated are stated in the Regional Specific Provisions at the end of this Privacy Policy.

Data controllers that are part of a group of undertakings or institutions affiliated to a central body have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including processing clients’ personal data. The Agilcon Group utilized various centrally managed information technology systems and solutions to manage its relationship with customers, sales leads, and suppliers.

Where legal entities within Agilcon Group jointly determine the purpose and means of data processing their respective responsibilities as joint controllers for compliance with the obligations under the respective data privacy laws, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to (for example: in Articles 13 and 14 of the GDPR) are regulated by means of an intra-group data processing contract. A summary of such an arrangement may be provided to you by way of a written request sent to privacy@agilcon.com.

The original date of entry into force of the Rules is 26 April 2018.

The rules were amended on 21.08.2021, 01.10.2023, 13.01.2025, and 28.05.2025.

We ask you to thoroughly read our rules on privacy.

In case of questions or queries, please contact us by sending an email to privacy@agilcon.com.

Group processes your personal data when required or permitted by law, when you have provided us with personal data yourself, or we have obtained it to exercise our legitimate interest or to perform a contract (e.g., purchase of our products or professional services).

Legislation allows us to collect certain personal data for clearly defined purposes. It also determines the retention period, the method of handling this data, and the fulfillment of other security requirements (e.g., video surveillance in our premises).

You gave us your consent to the processing of personal data by agreeing on our websites, through one of the forms or via e-mail, that we can provide you with the service for the stated purpose. For example, if you sign up to receive content such as an e-newsletter or e-magazine, invitations to events, publications, and services, or register to use certain services. We also obtain consent for certain other business contacts when we cannot assert a legitimate interest. Any consent we seek from you must be express and unequivocal. In the case of children’s participation in programs and in the provision of other services, we require consent, which must also be signed by the holder of parental responsibility for the child. In our database, we will document information about the revocation of consent (for example, about your registration and unsubscribing from the e-newsletter). The retention period, the separate purpose(s), and the possibility of revocation are always clearly defined with each consent. Before consent is given, the individual is informed in writing or in another appropriate way about the purpose of processing their personal data. A possible withdrawal of consent does not affect the legality of the processing of your personal data at the time before the withdrawal was given.

A contract with you is created when you submit a purchase order via the website, when binding contracts are signed, and during negotiations on the conclusion of contracts. We process your stated personal data in order to fulfill the concluded contract.

Legitimate interest is the legal basis on which we process personal data of individuals, mostly in connection with our legitimate interests in information security, fraud prevention, or when individuals legitimately expect that their personal data will be processed. We also inform individuals about this. We always consider whether our legal (legitimate) interest is justified and take your interests into account in every processing.

When this is permitted by law, we can also acquire information about you from other public sources.

We also collect information about your use of our webpage with cookies and similar technologies. Our policy on cookies, which is described below, determines more information about how we use cookies and similar technologies for collecting information about you.

The types of information we collect about you can include information, such as:

• Your name and last name.
• Your business email address or any other email address you passed to us
• The company you work for or you worked for.
• Your business position in the company.
• Your telephone number.
• Information on your computer or mobile device (e.g., your IP address, browser and device type).
• Information on how you use our webpage (e.g., what pages you checked, the time when you were checking them, and what you clicked on.
• Photography or promotional video.
• Video from security feed – Ljubljana office.

We can also acquire your personal data from certain publicly accessible sources, including (but not limited to) public online databases, business directories, media publications, social media, web pages, and other publicly and legitimately accessible sources.

The group does not process sensitive types of personal data.

Your personal data can be used for one or several of the following purposes:

1) In connection with the use of Services and by adapting the user experience to your needs and goals:

• Management and improvement of our websites, including the adaptation of the user experience of our website. This is necessary for our legitimate interest to better understand the desires of our customers and potential buyers and adapt our websites, products, and services with regard to your needs and desires.
• Management of relations of Agilcon Group with the current and potential customers. We do this by analyzing the data on the history of the relationship of our buyers with the intention to improve business relationships with the customers, with the emphasis on preserving the customers and the final growth of the sales. This is necessary for our legitimate interest to better understand the desires of our customers and for the efficient management and administration of our business conduct.
• Segmenting the data about you enables us to offer our services, which are adapted to you and for the purpose of internal statistical reports on the use of our Services.
• Communicating directly with you in connection with the updates on our website, purchases of our services and responding to inquiries which we receive from you. This will be necessary to inform you of the changes to our websites occasionally to perform the contract which we concluded with you, to prepare the offer, or, for our legitimate interest of fulfilling and confirming your demands, to ensure that we provide our services and respond to the questions which we receive from you.
• Concluding the contract and preparing the offer. If you do not pass your personal data, if this is necessary for such a purpose, we will not be able to conclude or perform the contract with you or to offer you products and services which you demanded. We can also postpone or revoke all the orders that you set and enforce our legal rights against you (e.g., if we had costs or expenditures in preparation or fulfilling any orders you gave).
• Protection of our business conduct and our business interests, including the purpose of checking the credit and previous experiences, preventing fraud, and debt collection. This is necessary for the protection of our legal interests of preventing criminal activities, such as fraud or money laundering, to ensure that our website and Services are not misused and to protect our business conduct. Such checking will be performed only if this is allowed by the legislation.
• Communicating with our business advisors and legal counselors. This is necessary for our legitimate interests in acquiring legal or professional business advice. We will only pass your personal data if this is necessary, to the least extent which is necessary, and anonymized whenever this is possible, and with the condition of concluding contracts on non-disclosure.
• Sharing personal data with third parties (hereinafter: our sub-processors) that are connected with us for ensuring the services, such as our business partners, other Agilcon entities within the Agilcon Group, email providers, web hosting providers, and the providers of various services of information and communication technologies. This will be necessary for the performance of the contract which we concluded with you (or for the preparation of the offer), for our legitimate interest of the efficient management and the administration of our business conduct, for the compliance with legal obligations which bind us, or for our own purposes of direct marketing. When we share your personal data, we will do this consistently on the basis of the need for familiarization in compliance with the appropriate limitations of confidentiality on an anonymized basis as much as possible and only to the extent which is essential for any of these purposes.
• Enforcing our legal rights and respecting the laws, regulations, and other legal demands. This is necessary for our legitimate interest in protecting our business conduct and enforcing our contract and other legal rights. To ensure physical, network, and information security and integrity. This is necessary for our legal interest to ensure a safe and non-compromised IT system and networks, including with the backup copying and filing, preventing malevolent programming equipment, viruses, errors, and other harmful codes, preventing the unauthorized access to our systems, and all the forms of the attacks or damages of our IT systems and networks. Perhaps, we will have to use and process your personal data to be in compliance with the legal obligations that we have to respect. For example, we can demand that you pass your particular personal data for the purposes of performing the legal obligation of preventing money laundering or that you reveal your data to the court after receiving a court order. Your personal data may also be needed for fulfilling the applicable legal obligations, such as tax legislation and other regulations that bind us.
• In connection with the demands for disclosure in the case of the sale of Agilcon Group or any other corporate restructuring. This is necessary for our legitimate interests of sales and/or preserving and ensuring the success of our business conduct.
• For statistical and research purposes. We will anonymize the data and use it for the legitimate interests of processing personal data for research purposes, including market research, a better understanding of our customers, and adapting our products and services to your needs.
• Identification of possible criminal activities or threats to public safety to the prosecuting authority. This is necessary for our legal interest of encouraging the success of our business conduct, preventing crime, for the fulfillment of legal obligations, for the general public interest, or for the legal interests of governmental bodies and prosecuting authorities, which prevent criminal activities.
• In connection with any legal or possible legal action or procedure. This is necessary for our legitimate interest of encouraging and assuring the success of our business conduct, solving disputes, and giving such disclosures as the laws require or as we believe are reasonable, according to the law.

2) For the purposes of direct marketing and with your explicit consent for the purposes of e-marketing to inform you about our services, novelties, event organization, to offer you our services, and other forms of e-marketing.

When we process your personal data on the basis of your consent, you may withdraw your consent for the aforementioned purposes, either temporarily or permanently, at any time. Additionally, you may request access, supplementation, correction, restriction of processing, or deletion of personal data, or file an objection against the processing of personal data relating to you. Such requests should be submitted in writing to the address set above or via email at info@agilcon.com.

Withdrawal of consent does not affect the lawfulness of data processing carried out based on the consent provided prior to its withdrawal. The supervisory authority for personal data protection in Slovenia is the Information Commissioner of the Republic of Slovenia. You have the right to file a complaint with the Commissioner if you believe your personal data is being processed in violation of the applicable regulations governing data protection.

You may contact the Data Protection Officer at Agilcon Group via email at privacy@agilcon.com. The date of enforcing such withdrawal is 30 working days from the day we received your request.

Agilcon Group stores your personal data on the servers of the IT providers of services in the cloud, which are located in the member states of the EU. Occasionally, processing of your personal data can also occur outside of the European Union. Outside of the EU, there can be occasional processing of your personal data by Salesforce in connection with the CRM System of Salesforce and Pardot.

Agilcon Group will process your personal data within the scope which is relevant and limited to what is necessary for the purposes for which they are processed, i.e. the purpose(s) for which we process your personal data, e.g. whether it is still necessary to store these data in order to fulfill our obligations according to the contract with you or for our legitimate interests, whether we have any legal obligation to proceed with the processing of your data, such as any obligations of keeping records which are determined by the legislation in force, and whether we have a legal foundation to further process your personal data, such as your consent.

If you wish more information on where and how long your personal data is stored ,and for more information on your right to deletion and transferability of the personal data, contact us at privacy@agilcon.com.

We have taken appropriate technical and organizational measures for the protection of your personal data and their protection against unauthorized use or processing and against coincidental loss or destruction, or damage to your personal data, including:

• The principle of the minimal scope of data and processing on an anonymized basis whenever this is possible
• Training of our employees on the significance of confidentiality, preserving privacy, and security of your data
• Commitment to the adoption of the appropriate disciplinary measures for the assertion of responsibility of the employees in connection with the privacy
• Standing and comprehensive updating, and testing of our security technology
• Thorough and responsible selection of our sub-processors
• Using safe servers for storing your personal data
• Naming an authorized person for the protection of the personal data
• Demanding proof of identity from every individual who demands access to personal data.

 All members of Agilcon Group have been certified and hold ISO 27001:2013, a standard for information security management systems, annually renewed and audited by an independent institution.

We wish to notify you that the transfer of information (including personal data) through the internet is not always entirely safe. If you pass us any information through the internet (through an email or our webpage, or in any other way), you do this entirely at your own risk. We cannot be held responsible for any costs, expenditures, loss of profit, damage to reputation, responsibility, or any other form of loss or damage you suffered because of your passing data through the internet.

Salesforce CRM

We use Salesforce.com, Inc., USA, solution for the customer relationship management (CRM). We concluded the data processing agreement with the company Salesforce.com, Inc. According to the contract, Salesforce.com is obliged to respect the EU rules of personal data protection. International transfer of personal data by Salesforce.com, Inc. proceeds on the basis of the Binding Corporate Rules. The use of CRM services is performed on the basis of Article 6 (1) (f) of the GDPR. We have a legitimate interest in optimizing our services and for better management of our relations with the customers.

YouTube

Our website uses plug-ins from YouTube managed by Google. The administrator of the page is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website, which contains a plug-in for YouTube, the connection is made with YouTube’s servers. YouTube is informed about our webpage that you visited.

If you are registered in the account for YouTube, YouTube enables you you connect your behavior of browsing behavior directly to your personal profile. You can prevent this by signing out of your YouTube account. YouTube helps us make our website is attractive. This is a legitimate interest in compliance with Article 6 (1) (f) of the General Data Protection Regulation (hereinafter: GDPR). Additional information on handling the user data is available in the statement on data protection on YouTube.

Google Maps

Our website uses the cartographic service Google Maps through the API. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. If you wish to use Google Maps, it is necessary to save your IP address. This information is usually transferred to the Google server in the USA and is saved there. The provider of this page has no influence on the data transfer.

The use of Google Maps is in the interest of our webpage to attract and relieve the location of the places that you determine on the website. This is a legitimate interest in compliance with Article 6 (1) (f) of the GDPR. Additional information on handling the user data is available in the statement on data protection in Google.

Slack

We use the communication tool Slack of the company Slack Technologies, 500 Howard Street, San Francisco, CA 94105, USA (hereinafter: Slack Technologies) for internal communication. For this reason, personal data of the customers, users, and coworkers or contractual partners can be transferred to the servers of Slack Technologies, which are located outside the European Economic Area.

We concluded the contract on data processing with Slack Technologies. According to the contract, Slack Technologies is obliged to respect the EU law on data protection. With regards to the international data transfer, we concluded the contract on the data transfer with the so-called Standard Contracting Clauses. According to the contract, Slack Technologies is obliged to ensure that international data transfers of personal data are conducted in compliance with the EU rules of personal data protection.

Slack Technologies is registered for the DPF Programme regarding international data transfers. The processing of personal data through the Slack tools is performed on the basis of our legitimate interest according to Article 6 (1) (f) of the GDPR.

Jira Service Desk

For the support services when you have purchased any of our products or professional services, we use the SaaS solution Jira Service Desk, of the company Atlassian, which is registered for the DPF Program regarding the international data transfers. Thus, the company is obliged to respect the EU rules of data protection.

More on Jira Service Desk rules of privacy on https://www.atlassian.com/trust/privacy.

The use of the programming solution Jira Service Desk is performed on the basis of Article 6 (1) (f) of the GDPR. We have a legitimate interest in selecting the technological providers that offer us tools that help optimize our business conduct.

Google Workspace

We use the Google Drive service for the storage and editing of documents. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

The use of Google Drive is our legitimate interest in compliance with Article 6 (1) (f) of the GDPR for the optimized business conduct of our company. Additional information on handling the user data is available in the statement on data protection in Google at the address https://policies.google.com/privacy.

Cookies are the data files which were sent from the website to the browser to record information about the users of the website. On our websites, we use cookies and similar technologies. For non-essential cookies, your consent is required.

You can reject some or all (except the essential) cookies we use on our websites by changing the settings of your browser. However, this can reduce your ability to use our websites or some or all of their functions. For additional information on cookies, including how to change the settings of the browser, visit www.allaboutcookies.org.

On our websites, we use Google Analytics and Salesforce Pardot to understand you better.

Pardot Marketing Automation System

We use Pardot Marketing Automation System (“Pardot MAS”), Pardot LLC, 950 East Paces Ferry Road, Suite 3300, Atlanta, GA 30326, USA. Pardot MAS is special programming equipment for capturing and analyzing moving profiles of the visitors of our websites.

We use Pardot MAS also for recording user interactions and for communicating with website users. We use Salesforce for user support and performing live chats within the framework of the supporting work of our website. Unless otherwise revealed, these confidential third companies have no rights to use your personal data which exceed that what is necessary the help ensure the best possible service. If we share personal data with these third parties, we demand that they fulfill the requests of the data processor within the GDPR.

Pardot MAS will save the cookies on the hard drive of your computer in order to follow your operations and the use of the website. However, it will not save or collect personal data. You can stop or prevent saving cookies anytime by configuring your internet browser so that the cookies of the domain “pardot.com” will not be accepted. However, we would like to stress that in this case, you will perhaps not be able to use all the functions of this website. The privacy policy of the company Pardot is available here. The cookies Pardot MAS are saved on the basis of Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of user behavior in order to optimize our website and our advertising.

Google Analytics 

This website uses the service Google Analytics GA4, a web analysis. It is managed by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses the so-called “cookies”. The data acquired by cookies on your use of this website is usually transferred to the Google server in the USA and saved there.

The cookies of the basic Google Analytics service are stored on the basis of Article 6 (1) (f) of the GDPR. We have a legitimate interest in the analysis of user behavior in order to optimize our website and our advertising.

If we transfer your personal data outside the European Economic Area, we will do this after a careful review of the appropriate legal grounds and protective measures, such as:

• Policies of data protection known as the “Binding Corporate Rules” or “BCR”
• Standard Contractual Clauses, adopted by the European Commission or accepted by the Information Commissioner and approved by the European Commission in compliance with the corresponding law
• Code or codes of practice, prepared by the association or another institution approved by the Information Commissioner;
• Approved certification mechanisms (such as the DPF Program)
• Or when this is allowed by the Information Commissioner, contractual clauses between the administrator or the data processor, and the data administrator, processor, or recipient of the personal data in the third country or in the international organization.

We notify you about the following rights in connection with your personal data, which you can perform so that you send an email to privacy@agilcon.com:

• Demand access to your personal data and information in connection with our use and processing of your personal data
• Demand the correction or deletion of your personal data
• Demand that we restrict your personal data
• Demand your personal data, which you passed to us and which we will pass to you in a structured and machine-readable form (e.g., MS Excel table,) and the right you transfer these personal data to another personal data processor.
• Object to the processing of your personal data for certain purposes (for further information with regards to the bottom section titled “Your right to object to the processing of your personal data for certain purposes”) and
• Demand the withdrawal of the consent to our use of your personal data where we rely on your consent. If you withdraw your consent, this will not influence the legality of our use and processing of your personal data on the basis of your consent before the day when you withdraw your consent.

You also have the right to file a complaint with the supervisory authority, which is the Information Commissioner of the Republic of Slovenia, whose contact information is available here.

For additional information regarding your rights in connection with your personal data, including certain limitations, in force for some of these rights, see Articles 12 to 23 of the GDPR, which is available here.

You have the following rights in connection with your personal data, which you can perform in the same way as they are exercised in the previous chapter (your rights in connection with your personal data):

• Object to the use or processing of your personal data when we use it or process it in order to perform the task in public interest, if we process your personal data for our legal interests, including the “profiling” (e.g., predicting your behavior on the basis of your personal data); and
• To object to the processing of your personal data for the purposes of direct marketing (including every automated evaluation that is performed about you or any of your characteristics as a person if this is connected with such direct marketing).

At the same time, you can exercise your right to object to the use or processing of your personal data for the purposes of direct advertising so that:

• You click the connection for the cancellation, which is at the bottom of any marketing email that we sent to you, and follow the instructions that appear in the browser after clicking this connection OR
• Send an email to privacy@agilcon.com where you demand that we stop sending marketing emails, or with the words “OPT OUT”.

Every time when you oppose to the direct marketing from us with a different method as in the case of marketing messages which you received from us you have to pass your name and sufficient data which enable us to identify you in the connection with the messages you received (e.g. if you received an SMS and wish to unsubscribe through an email you will perhaps have to send also your telephone number in this email).

From time to time, we can change our rules on privacy. We will notify you about that. If you continue with access to our website on that date or after that date, you agree that you are obliged by the new version of the rules on privacy.

Where we intend to use your personal data for a new purpose, we will provide you with some information about the purpose and any other important information before we use your personal data for this new purpose.

We ask you to let us know about any changes in your personal data that we have about you so that the data we have about you is accurate and up-to-date.

The data protection officer in Agilcon Group is Vesna Stanković, ITLAW, legal consultancy, Ljubljana. You can contact her at vesna.stankovic@agilcon.com.

For the purposes of data subjects originating from the Republic of Croatia, the regulatory authority is Agencija za zaštitu osobnih podataka, Selska cesta 136, HR – 10 000 Zagreb.

For the purposes of data subjects originating from the Republic of Serbia, the regulatory authority is Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, Beograd 11120.