SUPPORT

Privacy Policy for Holders of Rekono Qualified Certificates for Use on Personal Devices

NOTICE TO INDIVIDUALS PURSUANT TO ARTICLE 13 OF THE GENERAL DATA PROTECTION REGULATION (GDPR) REGARDING THE PROCESSING OF PERSONAL DATA

Rekono, sistemske integracije, d.o.o. is committed to protecting the privacy of its users when providing products and services. This notice is prepared in accordance with Article 13 of the General Data Protection Regulation (GDPR) and discloses the type, legal basis, and purpose of personal data collected by Rekono on its websites or processed when providing Rekono services, including information on the exercise of individual rights.

I) Rekono's Responsibility

Rekono respects your privacy and acts diligently and in accordance with applicable personal data protection regulations when collecting, storing, and processing your personal data.

As Rekono’s online information system contains links to external websites not directly related to Rekono, we do not assume responsibility for data protection on those websites.

To prevent unauthorized access to or disclosure of obtained data, maintain the accuracy of personal data, and ensure its proper use, we use appropriate technical and organizational procedures to protect the data collected.

Rekono will make every effort to ensure that the information on its websites is accurate and up to date but cannot guarantee its accuracy or completeness and accepts no responsibility for it. All users access and use published content at their own risk.

Rekono reserves the right to change the content of these web pages at any time, in any way, for any reason, and without prior notice.

Neither Rekono nor any other legal or natural person involved in the creation or production of these web pages shall be liable to third parties for any damage arising from or related to the existence, access to, or use of these web pages and/or the information contained therein, or the inability to use the information on these web pages, or any errors or omissions in their content, regardless of whether they have been advised of the possibility of such damage.

These websites also provide links to third-party websites and/or contain information about third parties. Since certain links on this site lead to resources located on servers maintained by third parties over which Rekono has no control, we cannot guarantee and do not accept or forward complaints regarding the accuracy of any website to which we provide a link or reference.

Key elements of the processing of personal data of individuals who are holders of qualified certificates for use on a personal device:

Types of Personal Data

Purposes of Processing

Legal Basis

Retention Periods

  • Personal data as specified in Article 25 of the ZEISZ
  • Personal data as specified in Article 26 of the ZEISZ

  • Issuing qualified certificates for electronic signatures and electronic seals and providing trust services in accordance with the Rekono. TSP Operating Rules and related services (e.g., technical support; communication with the holder of a qualified certificate)

To fulfill the legal obligations of the controller, in accordance with point c) of Article 6(1) of the General Regulation

10 years after the expiry of the issued qualified certificate or 10 years after the end of the procedure if the procedure did not result in the issuance of a qualified certificate.

II) Personal Data Controller

Rekono d.o.o., Ukmarjeva ulica 2, 1000 Ljubljana.

Contact email address of the controller: info@rekono.si.

III) Contact Details of the Data Protection Officer (DPO)

Pursuant to Article 37 of the General Data Protection Regulation and the first paragraph of Article 45 of the Personal Data Protection Act, an external data protection officer has been appointed.

The DPO’s contact email address is: podpora@rekono.si

IV) Information on the Existence of Individual Rights

The controller guarantees individuals all rights relating to the processing of personal data under applicable regulations, namely:

  • the right to withdraw consent for the processing of personal data,
  • the right to be informed about the processing of your personal data and to access your personal data,
  • the right to rectification,
  • the right to erasure (the right to be forgotten),
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object to the processing of personal data on the basis of the legitimate interests of the controller.


To exercise these rights, individuals may contact the controller or the authorized person (DPO) at the contact email address.

V) Information on the Right to Lodge a Complaint with the Supervisory Authority

An individual may lodge a complaint with the supervisory authority: Information Commissioner of the Republic of Slovenia (address: Dunajska 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si, telephone: (01) 230 97 30, website: www.ip-rs.si).

VI) Types of Personal Data Subject to Processing

The controller processes personal data of holders of qualified certificates for use on personal devices.

The controller processes the following personal data in the register of holders of qualified certificates for electronic signatures:

  1. Identification data of the qualified certificate for electronic signatures
  2. Identification data of the device for creating a qualified electronic signature
  3. The holder’s personal name
  4. Type and number of the holder’s valid public document with a photograph issued by a state authority, or a reference to the procedure by which the holder was identified
  5. The holder’s EŠEI
  6. The holder’s tax number
  7. The holder’s date of birth
  8. The holder’s permanent residence or permanent address abroad, temporary residence or temporary address abroad, and address for service, if necessary to obtain a qualified certificate for electronic signature
  9. The holder’s telephone number, if provided by the holder or if necessary to obtain a qualified certificate for electronic signature
  10. The holder’s email address, if provided by the holder or if necessary to obtain a qualified certificate for electronic signature
  11. The status of the qualified certificate for electronic signature
  12. The period of validity of the qualified certificate for electronic signature
  13. The period of temporary revocation of the qualified certificate for electronic signature
  14. The date of revocation of the qualified certificate for electronic signature


If a qualified certificate for electronic signature is issued to a natural person at a business entity, the register of holders of qualified certificates shall, in addition to the data listed above, also contain the following data on the business entity:

  • Identification data of the device for creating a qualified electronic seal
  • Business name of the business entity
  • Tax and registration number of the business entity
  • Registered office of the business entity
  • Information on the authorized representative of the business entity, including: personal name, type and number of the authorized representative’s valid public document or a reference to the procedure by which the authorized representative was identified, and email address


The controller shall include the following information in the register of holders of qualified certificates for electronic seals:

  1. Identification data of the qualified certificate for electronic seals
  2. Identification data of the device for creating a qualified electronic seal
  3. Business name of the business entity
  4. Tax and registration number of the business entity
  5. Registered office of the business entity
  6. Information about its representatives, including their personal names and email addresses
  7. Information on the authorized representative of the business entity, including: personal name, type and number of the authorized representative’s valid public document or a reference to the procedure by which the authorized representative was identified, and email address
  8. EŠEI of the business entity
  9. Status of the qualified certificate for electronic stamping
  10. Period of validity of the qualified certificate for electronic stamping
  11. Period of temporary revocation of the qualified certificate for electronic stamping
  12. Date of revocation of the qualified certificate for electronic stamping

VII) Purposes of Personal Data Processing

The purpose of processing personal data of holders of qualified certificates for use on personal devices is to issue qualified certificates for electronic signatures and electronic seals and to provide trust services (such as electronic signatures, electronic seals, electronic identification, and authentication services) in accordance with the Rekono.TSP Operating Rules and related services, such as technical support for Rekono service users and communication with qualified certificate holders.

VIII) Legal Basis for the Processing of Personal Data

The controller processes the personal data of qualified certificate holders on the basis of Articles 25 and 26 of the Electronic Identification and Trust Services Act (ZEISZ) in accordance with point (c) of Article 6(1) of the General Data Protection Regulation: “Processing is necessary for compliance with a legal obligation to which the controller is subject.”

IX) Retention Periods

The personal data of holders of qualified certificates for use on a personal device are stored for 10 years after the expiry of the issued qualified certificate or for 10 years after the end of the procedure if the procedure did not result in the issuance of a qualified certificate.

X) Information on the Existence of Automated Decision-Making, Including Profiling

The processing of individuals’ personal data does not involve automated decision-making, including profiling.

XI) Information on Transfers of Personal Data to a Third Country or International Organization

Personal data of individuals is not transferred to a third country or international organization.

XII) Users or Categories of Users of Personal Data, if any

The personal data of Rekono account holders is transferred to a natural or legal person who relies on electronic identification using the Rekono identification means (a “relying party,” as defined in point 6 of Article 3 of the eIDAS Regulation).

XIII) Final Provisions

Rekono d.o.o. reserves the right to amend or supplement this Personal Data Protection Policy for holders of Rekono qualified certificates for use on personal devices whenever and to the extent necessary to ensure compliance with personal data protection regulations.

This Personal Data Protection Policy for holders of Rekono qualified certificates for use on personal devices applies and is effective from September 20, 2023.

Rekono, sistemske integracije, d.o.o.

Newsletter

Sign up for Rekono newsletter to stay informed about our offers, services, advice, current events, and trends in digital security.

Skip to content