The Spiritual Community of the Òrìṣà – Energies of Nature

Personal Data Protection Policy

Thank you for visiting our website. The protection of your personal data is very important to us. In addition to providing high-quality content, we also grant you the right to determine how your personal data is being used. This Privacy Policy governs the collection, storage, and processing of the user’s personal data collected by the controller.


Personal data controller

The controller is the company Duhovna skupnost Oriš – energij narave, Trg Prešernove brigade 8, 4000 Kranj, Slovenia.
The data protection officer is accessible by mobile phone at +38641810221 and via e-mail at info@orisa.si.
As a recipient or user, I allow the controller to collect, process, and store the personal data submitted, all in accordance with the applicable personal data protection legislation.


Personal Data categories

Personal data is any information in relation to a defined or definable individual; a definable individual is a person who can be indirectly or directly defined, especially by stating an identifier such as name, ID number, location data, or web identifier or one or more parameters typical of this individual’s physical, physiological, genetic, mental, economic, cultural, or societal identity.

We may collect personal data in the following cases:
• When you register to receive news and other marketing content,
• when you make an arrangement for a ritual, and when you submit your e-mail address, name, and other relevant data that enable us to adjust direct communication.

The data acquired and stored by the personal data controller:
• e-mail address,
• name and surname along with a title or gender to facilitate the creation of personalized e-mails,
• the membership application (for members of the Community).

The data pertaining to individuals who want to make arrangements for a ritual in Nigeria:
• e-mail address,
• name and surname and or gender due to personalized sending of e-messages,
• date of birth,
• mother’s name and maiden name,
• an identity photograph.


The Purposes and Foundations of Personal Data Processing

The data controller collects and processes personal data on the following legal bases:
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
• The data subject has given consent to the processing of their personal data for one or more specific purposes;
• Processing is necessary to protect the vital interests of the data subject or of another natural person.

The controller, i.e. the company Duhovna skupnost Oriš – energij narave, will use the data obtained from users for the following purposes:
• communication,
• notification and sending of newsletters, articles, and event notifications by e-mail.

Notification of individuals by sending emails, e.g. newsletters.
Based on legitimate interest, the data controller may inform clients, customers, and users of its services via their email addresses about its services, events, training sessions, offers, and other content. The individual may at any time request the cessation of such communication and the processing of personal data and withdraw from receiving messages by using the unsubscribe link in the received message or by submitting a request via email or regular mail to the controller’s address.

The legal bases for data processing are legitimate interest and consent. Personal data will be processed until the withdrawal of consent to receive messages, the revocation of consent, or the fulfillment of the processing purpose. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


Performance of the Contract

In cases where an individual enters into a contract with the data controller, the contract serves as the legal basis for processing personal data. The data controller may process personal data for the conclusion and performance of the contract, such as the sale of goods and services, preparation of offers, participation in various programs, etc. If the individual does not provide personal data, the controller cannot conclude the contract, nor can the controller perform the service or deliver the goods or other products under the contract, as it lacks the necessary data for execution. On this basis, the controller processes only and exclusively those personal data that are necessary for the conclusion and proper performance of contractual obligations.

The legal basis for data processing is the contract. The retention period is until the fulfillment of the contract’s purpose or up to 6 years after the contract’s termination, except in cases where there is a dispute between the individual and the controller regarding the contract. In such cases, the controller retains the data for 10 years after the finality of the court decision, arbitration, or court settlement, or, if there was no legal dispute, for 6 years from the day of the peaceful resolution of the dispute.


Processing on the Basis of Legitimate Interest

The controller may also process personal data on the basis of legitimate interest, provided that such interest is not overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relate, which require the protection of personal data. In the case of using legitimate interest, the controller conducts an assessment in accordance with the legislation. The processing of personal data for direct marketing purposes is considered to be conducted in legitimate interest.

The controller may process personal data of individuals collected from publicly accessible sources or within the framework of legitimate business activities, also for the purposes of offering goods, services, employment, informing about benefits, events, etc. For these purposes, the controller may use regular mail, telephone calls, emails, and other telecommunication means. For direct marketing purposes, the controller may process the following personal data of individuals: name and surname, address of permanent or temporary residence, telephone number, and email address. The aforementioned personal data may be processed by the controller for direct marketing purposes without the explicit consent of the individual. The individual may at any time request the cessation of such communication and the processing of personal data and withdraw from receiving messages via the unsubscribe link in the received message or by submitting a request via email or regular mail to the controller’s address.

The legal basis for data processing is legitimate interest. Data will be processed until the withdrawal of consent to receive messages or until the processing purpose is fulfilled. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.


Processing on the Basis of Consent

If the controller does not have a legal basis established by law, contractual obligation, legitimate interest, or the protection of the life of the individual, it may request the individual’s consent. The controller may thus process certain personal data of the individual for the following purposes, where the individual gives consent:
• Address of residence and email address (for notification and communication purposes);
• Photographs, videos, and other content relating to the individual (e.g., publication of individual’s images on the website for documenting activities and informing the public about the work and events of the controller);
• Other purposes for which the individual agrees with consent.

If the individual provides consent for the processing of personal data and at some point no longer wishes to do so, they may request the cessation of data processing by submitting a request via email or regular mail to the controller’s address. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After receiving the withdrawal or request for deletion, the data will be deleted no later than within 15 days. The controller may also delete the data before the withdrawal if the purpose of the data processing has been achieved or if so required by law.

Exceptionally, the controller may refuse a request for deletion for reasons set out in the General Regulation in cases of exercising the right to freedom of expression and information, compliance with a legal obligation requiring processing, reasons of public interest in the area of public health, purposes of archiving in the public interest, scientific or historical research purposes, statistical purposes, or for the establishment, exercise, or defense of legal claims.

The legal basis for data processing is consent. Data will be processed until the withdrawal of consent or until the fulfillment of the processing purpose. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


Protection of Vital Interests of the Individual

The controller may process personal data of the individual to whom the personal data relate if it is necessary to protect their vital interests. In urgent cases, the controller may seek the individual’s personal identification document, check whether that person exists in their data records, review their medical history, or contact their relatives, for which the controller does not need the individual’s consent. This applies in cases where it is urgently necessary to protect the vital interests of the individual.


Storage Period

The data controller will retain personal data only for as long as necessary to fulfill the purpose for which the personal data was collected and processed. If the controller processes data based on the law, it will retain the data for the period prescribed by law. Some data are retained for the duration of cooperation with the controller, while other data must be retained permanently.

Personal data processed by the controller based on a contractual relationship with the individual will be retained for the period necessary to fulfill the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the controller regarding the contract. In such cases, the controller retains the data for 10 years after the finality of the court decision, arbitration, or court settlement, or, if there was no legal dispute, for 6 years from the day of peaceful resolution of the dispute.

Personal data processed by the controller based on the individual’s consent or legitimate interest will be retained until the withdrawal of consent or the request for deletion of the data. After receiving the withdrawal or request for deletion, the data will be deleted without undue delay. The controller may also delete the data before the withdrawal if the purpose of the personal data processing has been achieved or if so required by law. In the event of the individual’s exercise of rights, the controller will retain the personal data until the matter is finally resolved, and after the final resolution, in accordance with the final decision in the matter.

Exceptionally, the controller may refuse a request for deletion for reasons such as the exercise of the right to freedom of expression and information, compliance with a legal obligation to process data, reasons of public interest in the area of public health, purposes of archiving in the public interest, scientific or historical research purposes, or statistical purposes, as well as the establishment, exercise, or defense of legal claims. After the retention period has expired, the controller must effectively and permanently delete or anonymize the personal data so that it can no longer be associated with a specific individual.


Personal Data Protection

The controller will protect the obtained data in accordance with the applicable personal data protection legislation and in accordance with internal acts implemented on the basis of the law. The controller will provide adequate organizational and technical protection and will not submit or disclose the obtained data to third persons under any circumstances. The company Duhovna skupnost Oriš – energij narave initiates and maintains appropriate technical and organizational measures to protect personal data. However, no one can guarantee one hundred percent safety when transferring data online.


User Rights

The provisions of the EU General Data Protection Regulation (GDPR) stipulate that the personal data controller must, at the user’s request:
• confirm whether the data related to the user is being processed or not and enable the user to access their data;
• provide a copy of the personal data related to the user;
• allow the user to correct or amend their personal data;
• allow the user to partially or completely delete their personal data;
• allow the user to transfer their personal data to another provider of similar services;
• allow the user to partially or completely revoke their consent to personal data processing.

The controller will honor your wish to revoke your consent and finalize the revocation of your consent to personal data processing within 15 days.

Any individual who feels that their rights in relation to personal data protection have been breached by the controller may file a complaint with the supervisory authority (the Information Commissioner of the Republic of Slovenia) at any given time.

Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, Slovenija, T: + 386 1 230 97 30, E-pošta: gp.ip@ip-rs.si.
Every user has the option of sending an e-mail with the revocation as an answer to a received e-mail.


Contractual Processors and Storage Area

The controller forwards the collected personal data to the contractual processors who may process the data solely within the scope of the controller’s instructions and authorizations and who are obliged by a written contract concluded with the controller to provide an adequate level of personal data protection for an e-mail marketing system, for on-line live streaming of the Community’s events and courses, and for enabling users to access the materials. The provider stores personal data files in the EU and does not export them to third countries.

If personal data must be transferred to third countries that are not members of the EU or the EEA in order to perform operational tasks, the transfer of personal data shall be considered necessary in order to fulfill contractual obligations performed by the company Duhovna skupnost Oriš – energij narave (contractual legal basis).

In the event that personal data is transferred to third countries for the purposes that fall outside the scope of service provision, the consent of the data subject must be obtained prior to the transfer of data. Prior to obtaining the consent, the data subject must be made aware of the fact that the third country to which personal data is being transferred to does not provide the same level of data protection as the EU and EEA member states.

Relationships with contract processors from the United States are regulated based on standard contractual clauses (model contracts adopted by the European Commission) and/or binding corporate rules (adopted by the controller and approved by the supervisory authorities in the EU).


Cookie Notice

The Cookie Notice is available at the following link: https://orisa.si/en/cookie-policy/


Legal Notice

The entire graphic design of the website, including all graphic elements and all contents published on www.orisa.si, is owned by the company Duhovna skupnost Oriš – energij narave and subject to copyright protection or another form of intellectual property protection. The contents must not be copied, disseminated, or distributed in any way without authorization by the company Duhovna skupnost Oriš – energij narave. It is forbidden to use the content in any way, including but not limited to alteration, copying, and publication of any content in its entirety or in parts unless the controller issues a written authorization. The company Duhovna skupnost Oriš – energij narave shall not be held responsible for any potential issues related to website functionality. The company Duhovna skupnost Oriš – energij narave reserves the right to potential errors in the content published on the www.orisa.si website and the right to alter or remove the content of the website regardless of the reason and without prior notice. The visitors use the published contents on their own responsibility.

Duhovna skupnost Oriš – energij narave
Trg Prešernove brigade 8
4000 Kranj
Slovenia
EU


Kranj, September 2024