Privacy Policy

1. Who is Responsible

Website: valentindominko.com

Controller: Valentin Dominko

Registered seat: 1000 Ljubljana, Slovenia

Contact for privacy matters: info@valentindominko.com | +386 31 238 190

This privacy policy applies to visitors of the website and people who submit contact or newsletter forms.

2. What Data is Collected

Personal data you may process through the site and MailerLite:

• Identification and contact data: name, email address, phone number (optional), company name or role (if provided).
• Communication data: messages sent via contact forms, notes about calls or coaching sessions.
• Newsletter/marketing data: email address, subscription status, time and IP of subscription (stored in MailerLite for proof of consent).
• Technical data: IP address, device/browser information, pages visited, and basic analytics cookies (details in our separate Cookie Policy).
• Billing data (if applicable in future): name, address, company details, VAT ID, and payment metadata (processed by third-party payment providers).

We do not intentionally collect special categories of personal data (e.g., health, sensitive information, or data revealing political opinions, religious beliefs, or ethnic origin).

3. Why and on What Legal Basis

Main purposes and corresponding legal bases under GDPR:

• Responding to inquiries and booking calls (contact form, email, phone): Performance of a contract or steps at the request of the data subject (GDPR Article 6(1)(b)).
• Sending newsletters and educational content: Consent (GDPR Article 6(1)(a)) collected via MailerLite double opt-in forms; recipients can unsubscribe anytime.
• Running the website, security, and basic statistics: Legitimate interest in maintaining a secure, functional website and understanding aggregated usage patterns (GDPR Article 6(1)(f)).
• Fulfilling legal obligations (e.g., tax and accounting records): Legal obligation (GDPR Article 6(1)(c)).

4. Use of MailerLite and Other Processors

Your email forms and newsletters are handled through MailerLite, which acts as a data processor. MailerLite stores subscriber data (email, name if provided, IP and timestamp of subscription, engagement metrics) on EU-based servers. MailerLite is GDPR-compliant and offers a Data Processing Addendum (DPA) with appropriate technical and organizational security measures. Emails are routed via servers located in the EU.

Other tools and processors we use:

• Hosting provider: NEOSERV (Slovenian company, EU-based servers) – hosts the website, email, document storage.
• Scheduling: Calendly – for managing call bookings.
• Video calls: Zoom and Google Meet – for coaching sessions and calls.
• Note-taking and client management: Obsidian, Microsoft – for storing and processing session documentation.
• Analytics (future): When added, analytics tools will be privacy-friendly (e.g., Plausible or Matomo) and detailed in our Cookie Policy.

5. How Long Data is Stored

Retention is limited to what is necessary for each purpose:

• Contact inquiries: Usually up to 2 years after the last communication, unless needed for legal claims.
• Newsletter subscribers: Until withdrawal of consent (unsubscribe) or 24 months of inactivity, after which data is deleted or anonymized.
• Client and billing data: For the duration of the coaching relationship and as long as required by Slovenian tax law (typically 6 years).
• Server logs and security data: Typically a few weeks to a few months, unless needed to investigate incidents.

When retention periods expire, data is deleted or securely anonymized.

6. Who Receives the Data

Personal data may be shared only when necessary:

• Service providers (processors): Hosting, email marketing (MailerLite), scheduling (Calendly), analytics, video calls, IT support, and other vendors listed above.
• Professional advisers: Accountants, legal advisers, or other consultants when needed to fulfill legal obligations or protect rights.
• Public authorities: Only when required by applicable law or to protect rights, safety, and property.

Personal data is not sold or rented to third parties.

7. International Transfers

Where processors transfer personal data outside the EU/EEA, they implement appropriate safeguards including Standard Contractual Clauses (SCC) to ensure data protection equivalent to GDPR standards.

8. Data Subject Rights

Under GDPR and Slovenian law (ZVOP-2), individuals whose data we process have the following rights:

• Right of access to their personal data.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") in certain situations.
• Right to restriction of processing in specific circumstances.
• Right to data portability for data processed on the basis of consent or contract.
• Right to object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent at any time without affecting lawfulness of prior processing.

Requests can be sent to info@valentindominko.com and will be handled within GDPR time limits (typically one month).

9. Complaints and Supervisory Authority

If someone believes their data protection rights were infringed, they can:

• Contact us directly at info@valentindominko.com to resolve the issue.
• Lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec), the competent supervisory authority for data protection in Slovenia.

10. Security Measures

We apply appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Examples include:

• Secure hosting with access control and regular updates.
• Restricted access to MailerLite and other tools (strong passwords, 2FA where available).
• Minimization of collected data and regular review of who has access.

11. Links, Cookies, and Changes

The website may contain links to other sites (e.g., LinkedIn, X/Twitter). Visitors are encouraged to read the privacy policies of those sites, as this policy applies only to valentindominko.com.

Details about cookies, including types, purposes, and consent management, will be described in a separate Cookie Policy and presented via a cookie banner in line with GDPR and ePrivacy rules.

This privacy policy may be updated occasionally; the "last updated" date at the top of the page will always show the current version.