Privacy policy

In this Privacy policy, we want to inform you which personal data we can process, why we process it and how we ensure respect for your rights and privacy.

Data controller

The controller of your personal data is:

Gostol TST d.d.
Čiginj 63, 5220 Tolmin
Phone: 05 / 380 12 80

Types of personal data, purpose of processing and legal bases

Personal data is any information that identifies you as an identified or identifiable individual. And individual is identifiable when he or she can be identified, directly or indirectly, in particular by reference to and identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

The purposes for which we use your personal data are set out in the list below, and we may use your personal data for one or more of these purposes. Each purpose also identifies the categories of personal data that are processed within that purpose. We may use each category of personal data for different purposes.

We collect data for the following purposes:

  • Contact form
  • Inquiry form
  • Catalogue download form
  • Newsletter subscription form
  • Job application form
  • Scholarship application form
  • Holiday work or traineeship application form

We only process your personal data where we have an adequate legal basis to do so. The legislation provides for several legal bases, namely:

  • Processing on the basis of a contract. We process your personal data where such processing is necessary for the conclusion and performance of a contract.
  • Processing based on consent. We may process your personal data where you have given your explicit consent to this processing, which you have the right to withdraw at any time.
  • Processing based on legitimate interest. We may process your personal data where we have a legitimate interest in doing so which overrides your interests. In the event of such processing, you have the right to object (for more information on this right, please see the section Rights of the individual).
  • Processing of personal data based on the law. We may process your personal data where such processing is required by the law to which we are subject (e.g., tax law requires us to keep invoices). We process this personal data in accordance with the requirements of the law.

To whom can your data be disclosed?

If it is necessary to achieve the above-mentioned purpose of processing or if required by law, we may disclose your personal data to individual or legal entities, public authorities or other bodies (external users). Regardless of to which external users we provide your personal data, we will only provide the information that is necessary to achieve the specified purpose of processing.

We may provide information to the following external users:

  • Data processing and IT service companies that ensure the smooth operation of the website and its improvements (server hosting, e-mail marketing, etc.)
  • Marketing agencies for remarketing purposes (in encrypted form)
  • To authorised institutions, if required by law (court, etc.)

Where, in accordance with the regulations, we engage other individuals or legal entities to process your personal data solely on our behalf and in accordance with our instructions (processors), we will only engage processors who can ensure that appropriate technical and organisational measures are in place to meet the requirements of the General data protection regulation and data protection regulations and to ensure that your rights are adequately protected.

Where is your data processed?

Your personal data is processed only within European Economic Area (EEA).

If the need arises for us to transfer your personal data to recipients in third countries, we will only do so if the European Commission has issued a decision that these are countries which ensure and adequate level of protection of personal data as required by the General Data Protection Regulation or if there are appropriate safeguards in place (e.g. Standard contractual clauses)

How long do we keep your personal data?

The period for retention of personal data depends on the basis of the processing and the purpose of the processing of each category of personal data. Personal data shall be kept only for as long as is necessary to achieve the purpose for which it was collected or further processed.

Personal data shall be erased, destroyed, blocked or anonymised after the purpose of the processing has been fulfilled, unless there is another legal basis or if necessary for the establishment, exercise of defence of legal claims. 

What are your rights regarding the processing of your personal data?

As the person whose personal data we process, we would like to inform you that you have the following rights with regard to the processing of your personal data, under the conditions set out in the General data protection regulation:

Right of access or information

The individual has the right of access to the personal data collected in relation to him/her, in order to obtain information about the processing and to verify its lawfulness.

Right to rectification

The individual has the right to have his or her information updated and inaccurate information corrected to ensure that we always have the correct information about him or her.

Right to erasure

The individual has the right to obtain the erasure of personal data concerning him or her by the controller without undue delay, where one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • The individual withdraws the consent on the basis of which the processing is carried out and where there is no other legal basis for the processing,
  • The individual objects to the processing and there are no overriding legitimate grounds for the processing,
  • The personal data have been unlawfully processed,
  • If the law so provides.

Right to object

You can always object to the processing of your personal data for direct marketing purposes. This means that if you object, we will stop using your personal data for direct marketing purposes. You also have the right to object to any processing we carry out on the basis of legitimate interest. If you object, you must specify exactly what you are objecting to and why. You must then demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual or show that our processing is for the establishment, enforcement or defence of legal claims.

Right to restriction

You have the right to request a temporary restriction of the processing of your personal data. Processing may be restricted in the following cases:

  • Individual contests the accuracy of the data, for a period which allows the controller to verify the accuracy of the personal data,
  • The processing is unlawful and the individual objects to the erasure of the personal data and instead requests the restriction of its use,
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, enforcement or defence of legal claims,
  • The individual has lodged an objection in accordance with the provision of the law governing the protection of personal data GDPR in relation to the processing of the data, pending verification whether the legitimate grounds of the controller override those of the data subject.

Right to data transfer

You have the right to obtain the data you have provided to us in order to use it elsewhere. This right applies only in cases where our processing of your personal data is based on your consent to the processing of personal data or when you signed a contract with us.

Right to file a complaint with a supervisory authority

If you believe that the processing of personal data violates the provisions in the field of personal data protection, you have the right to file a complaint with the supervisory authority. In Slovenia, this is the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, e-mail:, phone: +386 1 230 97 30, website:

Gostol TST reserves the right to amend or supplement this general information to ensure compliance with regulations in the field of personal data protection.


This Privacy policy of Gostol TST d.d. will be updated on this subpage if necessary. Please check our Privacy policy regularly for any updates or changes.

The policy is published on the website and is valid from 09.10.2023 onwards. This policy was last updated on 09.10.2023. 

Čiginj, 09.10.2023

The website uses cookies to make the website work properly and improve your experience. More information can be found in Cookie policy.