Data Protection Officer
Vesna Uršič Simoniti
CONTACT
m: 030 362 048
e: osebni.podatki@rs-rs.si
Protection of personal data
The Court of Audit is the highest authority for supervising state accounts, the state budget and all public spending in the Republic of Slovenia. When carrying out its audit authority and other tasks related to business operation, it processes personal data.
The Court of Audit is aware of the importance of protection of personal data, thus it handles them with due care. It has adopted many measures to protect them in order to prevent unauthorised access to personal data, to safeguard confidentiality and integrity, as well to prevent their loss or unintentional destruction throughout the processing.
General Data Protection Regulation (GDPR) defines personal data as any information about an individual. Personal data are therefore collected and processed only for the defined purposes and in the minimum possible scope.
1. Purposes of processing personal data and legal bases
Data are processed lawfully if the processing is necessary:
- for compliance with a legal obligation (i.e. implementation of an audit according to the Court of Audit Act),
- before concluding or for implementation of a contract (i.e. public procurement),
- for implementation of public interest tasks or when carrying out public authority (informing journalists via business e-mail),
- if an individual agreed to processing of their personal data (notifications on audits in progress via e-mail),
- due to legitimate interests pursued by the Court of Audit.
2. Retention periods for personal data
The Court of Audit keeps personal data only for a period of time defined by the regulation or as long as it is necessary to meet the purpose for which they were collected. Retention period for personal data is defined according to types of documents that include personal data in line with the Protection of Documents and Archives and Archival Institutions Act, namely Plan of classification signs and Instructions on retention periods.
3. Transfer of personal data to third countries or international organisations
The Court of Audit does not transfer any personal data to third countries or international organisations.
4. Data Protection Officer
Vesna Uršič Simoniti
Mobile: 030 362 048
e-mail: osebni.podatki@rs-rs.si
You can contact the person authorised for data protection any time you have a question related to protection of your personal data processed by the Court of Audit.
5. Rights of the data subject
An individual has a right to:
- obtain a confirmation if the Court of Audit processes their data,
- be informed if their personal data are transferred to a third county or an international organisation,
- receive a copy of processed personal data (also in electronic form),
- a correction (if processed personal data are not accurate),
- a deletion (if there are no legal bases or consent for personal data processing),
- a complaint at Information Commissioner when they believe that personal data processing breaches the General Data Protection Regulation.
The exercise of the right can be demanded by filing an application form at the Court of Audit (obrazci za vložitev zahtev) or authorised person for data protection. Personal identification is obligatory. The deadline for the response is 1 month. The Court of Audit can reject the application if it is obviously unjustified, excessive or reoccurring or if it rightly doubts the identity of an individual exercising their right.
Competent authority for control procedures and breach notification:
Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana
phone: +386 1 230 97 30
e-mail: gp.ip@ip-rs.si