Terms and conditions

Terms and conditions

  1. INTRODUCTION
  • eIUS consulting, communications and informatics d.o.o. or shorter eIUS d.o.o. is a trust service provider that provides electronic registered delivery, verification and validation of electronic signatures and time stamping services.
  • These general terms and conditions represent the policy or business rules and are harmonized with the applicable legislation of the Republic of Slovenia and the European Union, and in accordance with ETSI technical requirements, RFC standard and the family of ISO / IEC standards and other related standards.
  • Upon registration or conclusion of a subscription relationship, the user undertakes to agree with all the provisions in the General Terms and Conditions of Use of Paid and Free SI Portal Services below.
  • The General Terms and Conditions for the Use of Services of the VEP.SI Information System determine the conditions, rights and obligations of users and the provider and the manner of using paid and free services and content on the VEP.SI website and represent a legally valid and binding agreement between the provider and
  • All provisions of these general terms and conditions are duly transposed and specified in the confidential internal rules of the trust service provider eIUS o.o., which define the infrastructure, the provisions regarding the staff of eIUS d.o.o. (competencies, tasks, powers and required conditions of individual staff members), physical security (access to premises, handling of hardware and software), software security (server security settings, backups, …) and internal control (control of physical access , powers, …). Internal rules and policies are a confidential document and represent a trade secret of eIUS d.o.o.
  • For questions regarding the General Terms and Conditions and the Internal Rules and Policies, you can contact the authorized persons of eIUS d.o.o., who can be reached at the address below and the telephone numbers listed below.

eIUS d.o.o.

Vrtna ulica 22

1000 LJUBLJANA Slovenia

 Tel .: (+386) 01 426 53 76 or (+386) 08 385 98 40

The language of communication of the provider with users is Slovenian.

 

  1. GENERAL PROVISIONS AND TERMINOLOGICAL DICTIONARY

 

  • The provider, owner of the web portal and services is EIUS doo, Vrtna ulica 22, 1000 Ljubljana (hereinafter the provider).

 

  • The VEP.SI portal is a web portal through which the provider EIUS doo provides paid and free services, especially electronic trust delivery services and qualified electronic registered delivery trust services (hereinafter VEP.SI), services for the creation, verification and validation of electronic signatures and electronic stamps and services for creating electronic stamps, creating an XML eInvoice, signing attached documents in pdf
  • The secure electronic mailbox VEP.SI is the electronic address of the user of electronic registered delivery in the information system managed by
  • The provider’s services are:

 

  • Trust services as electronic services, including the creation, verification and validation of electronic signatures, electronic stamps or electronic timestamps, electronic registered delivery services and certificates related to these services

Qualified electronic trust services, namely:

 

  • electronic registered deliveries,
  • validation of qualified electronic signatures; and
  • validation of qualified electronic stamps

 

Additional services of the provider are:

 

  • creating an eInvoice in a structured (XML) format,

 

  • signing attached documents in a readable (PDF) format,

 

  • verification of the validity of electronic signatures,

 

  • creation of electronic signatures,

 

  • secure electronic service.

 

  • The Subscriber is a legal or natural person who has signed a subscription contract for the use of the SI portal.

 

 

  • The user is a natural person who accesses the VEP.SI portal or its services on his own behalf or on behalf of a legal entity, and

 

 

  • Qualified electronic signature certificate means a certificate for electronic signatures issued by a qualified trust service provider that meets the following requirements:

 

  • an indication, at least in a format suitable for automated processing, that the certificate has been issued as a qualified electronic signature certificate;

 

  • a set of data that unambiguously represents the qualified trust service provider issuing the qualified certificates and includes at least the Member State in which the provider in question is established, and

 

  • for legal persons: the name and, where applicable, the registration number as given in the official records,

 

  • for natural persons: name of the person;

 

  • at least the name of the signatory or pseudonym; if a pseudonym is used, this shall be clearly stated;

 

  • data for certifying the validity of the electronic signature, which corresponds to the data for creating an electronic signature;

 

  • details of the entry into force and expiry of the certificate;

 

  • a certificate identification code that is unique to the qualified trust service provider;

 

  • an advanced electronic signature or an advanced electronic stamp of the qualified trust service provider issuing the certificate;

 

  • the location where the certificate supporting the advanced electronic signature or the advanced electronic stamp referred to in point (g) is available free of charge;

 

  • the location of the services by which the validity of the qualified certificate can be verified;

 

  • if the electronic signature creation data associated with the electronic signature validation data are located in a qualified electronic signature creation device, this shall be indicated accordingly at least in a format suitable for automated

 

 

  • A single-use mailbox is a secure electronic mailbox used by one person with one qualified electronic mailbox.

 

  • A multi-user mailbox is a secure electronic mailbox of the subscriber that he can reach

 

 

access by several persons with different qualified electronic signature certificates.

 

  1. INFRASTRUCTURE

 

  • eIUS doo provides trust services with the help of a secure and reliable information and communication infrastructure and plans and implements all security measures in accordance with the family of standards ISO / IEC 27000, FIPS 140-2 level 3 and / or Common Criteria EAL4 + and ETSI technical requirements. The infrastructure is located in special, dedicated premises of an external contractor and is secured with several levels of physical and anti-burglary technical protection. The equipment is protected against unauthorized access. Access to the infrastructure shall be granted only to authorized persons of the trust service provider in accordance with their tasks and authorizations. It is also secured and protected by a fire protection system, an anti-spill system, a ventilation system and an uninterruptible power supply system. All infrastructure is adequate
  • eIUS doo performs data processing in such a way that the loss, intrusion or unauthorized use or alteration of stored data is prevented to the greatest extent possible. Backups are provided on physically remote eIUSs for data storage and recovery

doo ensures the safe removal and destruction of documents in physical and electronic form.

 

  • The detailed description of the infrastructure of eIUS doo, operational operation, infrastructure management procedures and control over the security policy of its operation are determined by its internal
  • eIUS doo employs reliable and professionally trained staff who have not been punished for any criminal offense. All staff are regularly trained and gain additional knowledge in their field of expertise. Sanctions in the event of unauthorized or negligent performance of tasks are performed for authorized persons of the trust service provider in accordance with the applicable regulations and internal rules of the trust service provider eIUS doo. The staff of the trust service provider eIUS doo covers the following content areas:
  • system management of the information system and ensuring security,

 

  • development of information solutions,

 

  • office, user work and data protection and project management,

 

  • legal tasks,

 

  • internal

 

  • For each application, the internal rules of eIUS doo specify which one it is or is not compatible with. Some require the presence of at least two authorized persons (four-eye principle). In the event of the unforeseen absence of certain employees, their roles shall be taken over by other employees, unless this is incompatible under internal rules.
  • The operational, organizational and professional correct operation of the trust service provider is supervised by the company’s procurator, authorized for internal control, who does not perform

 

 

operational tasks related to trust services. The procurator performs the inspection at least once a year. In the event of identified deficiencies or errors, the internal control officer shall order appropriate measures to eliminate these deficiencies, which eIUS doo is obliged to implement, and supervise the implementation of the ordered measures. The implementation of measures is specified in detail in the internal rules of the trust service provider eIUS doo. The results of the inspections are kept by the trust service provider eIUS doo.

  • Potential outsourcers are subject to the same requirements as authorized persons of the eIUS oo trust service provider.
  • The authorized persons of the trust service provider shall have at their disposal all the necessary documentation in accordance with their duties and
  • The trust service provider eIUS doo regularly (daily) checks and records everything that significantly affects:
    • infrastructure security,
    • smooth operation of all security systems and
    • whether there has been an intrusion or attempted intrusion of unauthorized persons into the equipment in the meantime, or

 

  • Detailed information on this is set out in the internal rules of the trust service provider eIUS doo. Data is collected either automatically or manually, depending on the type of data. The most important logs are highly secure and kept permanently, and all others for at least seven (7) years after their creation. Log backups are performed
  • The analysis of logs and control over the implementation of all procedures is performed regularly by authorized persons of the trust service provider or automatically by other security mechanisms on all information and communication devices under the responsibility of the trust service provider. Vulnerability assessment is performed based on the analysis of logs, security events and other relevant ones
  • Business continuity and recovery from emergencies are ensured, which is set out in the internal rules of the trust service provider eIUS oo.

 

 

  1. SECURITY TIME STAMPING ACTIVITY

 

  • CONCLUSION OF A SUBSCRIPTION RELATIONSHIP
    • Client – a natural person may enter into a subscription relationship: if he / she is of legal age,

if it proves itself with a qualified electronic signature certificate, if it is solvent,

 

 

if it has no outstanding liabilities to the provider.

 

 

  • The Client – a legal entity may conclude a subscription contract:

if the subscription contract is concluded on its behalf and for its account by a representative who proves himself in the registration procedure with a qualified electronic signature certificate issued in his name and is entered as a representative of the legal entity in the court register or other official register (records), powers,

if it is entered in a business register or other official register (records) in accordance with the applicable regulations and is established in the territory of the European Union,

if it provides the provider with all information regarding its status, representatives and other information on the basis of which the provider can determine that it meets all the conditions for concluding a subscription contract,

if he submits the relevant documents or documents on the basis of which it is possible to check or. confirm the accuracy and completeness of all submitted data,

if it is solvent,

if it has no outstanding liabilities to the provider.

 

 

  • The Subscriber is obliged to notify the Bidder of this information by written notice sent to the Bidder’s secure e-mail box or by registered mail to the Bidder’s postal address or e-mail address no later than eight days after the change of any information provided within its subscription relationship with the Bidder. change. Until the receipt of this notification, it is considered that the existing data, which the contracting authority has already provided to the tenderer, are accurate and complete, and all consequences of any discrepancies are borne exclusively by the contracting authority or.
  • The subscription contract for natural persons is signed in the registration process with a qualified certificate for the electronic signature of the subscriber. With his qualified certificate for electronic signature, the signatory guarantees the correctness of the stated data and agrees with the general conditions and price list of services, which are an integral part of the
  • The subscription contract for legal entities or natural persons performing an activity shall be drawn up in the registration procedure in electronic or written form in the event that it is not signed in electronic form by the representative of the legal entity. The contract is signed in electronic form in the registration process by the authorized person of the legal entity with his qualified certificate for electronic signature. With his qualified certificate for electronic signature, the signatory guarantees the correctness of the stated data and agrees with the general conditions, price list of services and special conditions of use of services, which are an integral part of the subscription
  • Extraordinary termination of subscription:

 

The bidder may reject the request for concluding a subscription relationship or terminate the already concluded subscription relationship if it finds that the contracting authority has acted in contravention of the provisions of these general terms and conditions.

 

 

conditions or if he has breached the subscription contract or applicable regulations, in particular in the following cases:

 

if it provides incomplete information or does not provide the required evidence,

if the subscription relationship with the provider has been terminated in the past due to a breach of contractual provisions,

if there is any doubt about the authenticity of the identity of the client or. his legal capacity, his business activity or his mandate,

if the Client informs us that a compulsory settlement, bankruptcy, liquidation or deletion procedure from the court register, or any similar procedure, has been initiated or completed against the Client and wishes to terminate the subscription relationship,

if he considers that the interested person has abused the rights arising from the subscription relationship,

if it considers that the user of its services will not be an interested person but a third party who does not meet the conditions for concluding a subscription relationship,

if the services are used in contravention of applicable law,

if it fails to settle its financial obligations to use the services within the prescribed period.

 

 

  • The right to use VEP.SI is acquired by a legal or natural person by signing a subscription contract and also by a certain person trusted by the subscriber.
  • The user undertakes to:

 

use VEP.SI services in accordance with the general conditions,

met financial obligations for the use of VEP.SI services within the deadline, followed the instructions for the use of VEP.SI.

 

  • The bidder undertakes to:

 

protect hardware, software and data in the VEP.SI system in accordance with the rules of the profession and applicable legislation,

carefully protect the personal data of users, keep shipments for at least 3 months after receipt, except:

  • in the event that their deletion is explicitly requested by the client

 

  • the provider terminates

 

In the latter case, operation shall be ensured for 45 days after the notification of the parties, with the issuers of court shipments not being able to send shipments after 30 days, and access to shipments shall be provided for another 45 days.

4.2 AVAILABILITY OF VEP.SI SERVICES

 

 

  • As a rule, the services on the VEP.SI portal are available 24 hours a day, every day of the year. The provider reserves the right to short stops in access to the portal due to technical reasons of maintenance and replacement of equipment. Maintenance and all planned works on those parts of the information system that are related to the provision of agreed services are usually carried out between 6 pm and 6 am
  • As a rule, shipments are delivered immediately to the end user or provider

 

 

  • Maintenance interventions are announced on the VEP.SI portal. The provider does not guarantee the availability of services in the event of outages in the networks of route providers, or any outages, errors, other technical disturbances or interruptions of third parties and higher

 

 

4.3 SERVICES AND PRICE LIST

 

  • The subscriber for the use of VEP.SI pays the price for the transmission of electronic shipments according to the valid price list of the provider. When billing the eInvoices service, it is paid by leasing the number of sent eInvoices per year. The list of services and the price list is published on the VEP.SI portal. Changes to the price list will be published by the Bidder within the prescribed time limits and in the prescribed manner, in accordance with applicable laws and regulations, which means that it will notify subscribers of any changes by publishing them on its website. withdraw from the subscription
  • The subscription for the eInvoices service is charged annually, one year in advance. The subscription for other services of the provider is charged monthly, unless otherwise agreed.
  • The deadline for payment of the invoice is 15 days after receipt, unless otherwise specified in the subscription contract. In case of non-payment, the provider will send to the subscriber

 

 

4.4 USER REGISTRATION AND OPENING A SAFE ELECTRONIC BOX

 

  • The user who wants to use the services of the VEP.SI portal must first have a qualified electronic signature certificate issued by an accredited certification service provider. Upon the first login to the VEP.SI system, the user must enter all mandatory data, get acquainted with the general terms and conditions and sign the subscription contract with

their qualified electronic signature certificate.

 

  • If the client is a natural person, enter: the address of the secure electronic mailbox in the form y@vep.si,name and surname (data is automatically captured from a qualified certificate for electronic signature), address, tax number and e-mail. In case the client wants

 

 

(natural or legal person) also use the service of forwarding eInvoices to budget users, it is mandatory to enter the transaction account number.

  • If the client is a business entity entered in the Business Register of Slovenia, enter: the proposed address of the secure electronic mailbox in the form y@vep.si,name, data, identification number, tax number, transaction account, VAT status, address and e-mail. Clients have access to a link with the Business Register of Slovenia.
  • If the subscriber is a natural person, VEP.SI can start using immediately after the registration and signing of the contract with its qualified electronic signature certificate. A natural person uses his / her secure electronic mailbox exclusively for personal use
  • If the client is a business entity entered in the Business Register of Slovenia and the contract is signed by a person authorized to represent with his qualified certificate for electronic signature, the secure electronic mailbox is immediately opened. Otherwise, a temporary secure electronic mailbox will be opened, the contracting authority must print two copies of the contract during the registration process and, signed by the person authorized to represent, send it to the bidder’s address within 8 days. signed contract to the official email address of the bidder, followed by sending the original of the signed contract to the official address
  • The administrator of the mailbox automatically becomes the person (owner of the qualified electronic signature certificate) who opened the mailbox. The mailbox administrator can add or revoke authorization for other people to access the mailbox. The subscriber and the administrator of the drawer are responsible for the users of the drawer to act in accordance with their powers in legal
  • The addresses of secure electronic mailboxes of business entities are available in the directory, unless the subscriber explicitly forbids it
  • Addresses of secure electronic mailboxes of natural persons are not public, except with explicit consent in the settings of secure electronic
  • eIUS doo may publish a reference list of business entities that use VEP.SI services.

 

 

4.5 USE OF VEP.SI SERVICE

 

 

  • The user of the VEP.SI service proves himself with his qualified certificate for electronic signature every time he enters the system. If the user has access to several secure electronic mailboxes, upon entering the system he chooses which mailbox he wants to work with. Upon termination of use, the user must log out of
  • The administrator of the mailbox can change the settings of the system operation and edit its data within its powers. In the event of a change in the registration data, the administrator must edit the change in the settings of the web interface or notify it in writing.

 

 

  • The provider does not take responsibility in the event that the user does not receive an e-mail notification of the arrival of the shipment, as the e-mail does not provide reliable
  • Users of VEP.SI services have access to the directory of addresses of secure electronic mailboxes of business entities and natural persons, which are published in the directory
  • The client can also send an electronic invoice via the VEP.si system. Sending the invoice is done by uploading the invoice, which is compiled in the prescribed form on the VEP.si portal, attaching attachments and signing the entire shipment with a qualified certificate for the electronic signature of the sender. The user also has a tool for composing an e-invoice in the web interface.
  • When sending an e-invoice, the user signs it with his qualified electronic signature certificate. The user can authorize the provider to sign the e-invoice on his behalf. The user manages his authority in the mailbox settings in the web interface.
  • E-invoice or E-SLOG must be signed with one of the qualified certificates for electronic signature of the Slovenian issuer, which has the KeyUsage property DigitalSignature. In the event that the issuer does not have a qualified digital certificate from a Slovenian issuer, it may authorize the e-mail provider to sign it in its

4.6 TRANSMISSION OPTIONS

 

4.6.1 The following two sending options are available for sending proof messages:

“Registered item” or “acknowledgment of receipt”. A public body that has the right to formal service in accordance with Slovenian legislation on civil procedure or the Act on Administrative Procedures and Enforcement Procedure may request a “receipt”. That

“Receipt-return receipt” is considered proof of delivery of an electronic document. The condition for a “receipt” is that the recipient has applied with a qualified electronic signature certificate, which enables a qualified electronic signature.

4.7 QUALIFIED ELECTRONIC SIGNATURE

 

  • A qualified electronic signature in the electronic world is equivalent to a traditional signature. It enables long-term verification of the authorship of a certain statement in electronic data traffic, e.g. e-mail or other documents. With the help of such a signature, it is possible to determine with certainty who created a certain document and to ensure that this document will not be changed later. Thus, the provider can electronically sign the shipping certificates and
  • For all transactions, the system verifies that the electronic signature certificates are qualified and a signature verification tool is available to the user. In case the user’s electronic signature certificate is not qualified, the service is performed

4.8 VEP.SI DIRECTORY SERVICES

 

 

4.8.1 The VEP.si directory has the function of a public directory, which is only available to registered VEP.si users. The user can cancel the publication in the directory via the mailbox settings in the web interface.

4.9 MEASURES TO PREVENT ACCESS TO UNAUTHORIZED PERSONS FROM THE SAFE ELECTRONIC DRAWER VEP.si

  • Secure login

 

  • You need a qualified electronic signature certificate to log in to your online account. Login with the username (secure mailbox address) and administrator password is mandatory in the case of the first addition of access to the user’s access proxies (trust persons) and in the addition of a new qualified certificate for electronic signature of the mailbox administrator or persons
  • Access data must always be kept securely out of the reach of third parties. If you suspect that unauthorized persons know them, please change them immediately and notify the provider immediately. Misuse of your account may result in damage to you or other persons, which in certain circumstances may also have legal consequences for which the Provider does not
  • Tips for safe use of the services you

 

  • It is important that users themselves provide adequate protection when using el. handed over. By following the following examples of good practice, we can make it very difficult for an attacker to infect a computer in the first phase and consequently break into your e-mail. drawer:
  • keep the operating system, browser and all its plug-ins up to date.

 

  • use an antivirus program and do it regularly

 

  • separate business and family computer or use separate browsers for general use and use of VEP.si.
  • choose strong

 

  • after using el. Always log out of the mailbox and close the browser and ensure that the digital certificates are properly protected – store them on an external device (smart card or smart USB key), which you must unplug from your computer after use.
    • Encryption of communication and content

 

  • Communication between the user or. during web access via a web browser and el. the drawer is protected by the Transport Layer Security (TLS) protocol. TLS involves point-to-point encryption between the user’s web browser used and the Service Provider’s servers. The content of messages is encrypted both with the Service Provider and during their transmission to another
  • End-to-end encryption

 

 

  • In addition, the message can be transmitted protected by end-to-end encryption. The data is already encrypted by the sender of the message and can only be decrypted again only by its recipient. This requires prior exchange of the appropriate keys between the sender and

4.10 TERMINATION OF USE AND OPERATION OF VEP.SI SERVICE

 

  • The Client may at any time request the termination of the VEP.SI service by sending a signed request with a qualified certificate for electronic signature from its secure mailbox to the Contractor (eius@vep.si) or by regular mail to the address
  • The provider cancels the secure electronic mailbox:

 

if the client does not settle the obligation within 30 days,

if the contracting authority does not have a valid qualified electronic signature certificate, if the contracting authority no longer exists as a legal person,

if the user acts in contravention of the general terms and conditions or the subscription agreement.

 

 

  • After the termination of the contract, the user does not have access to a secure mailbox and his messages, except in the case of a written request on the basis of which he may be granted temporary access to already received and sent messages and no longer than three months after termination. It is no longer possible to receive or send after the termination of the contract.
  • Failure of service provider

 

  • In the event of a failure of the provider’s services, the provider undertakes to restore the smooth operation of the system within 12 hours. The time frame from the last backup is a maximum of 6 hours, so in the event of a major incident, data generated in the last 6 hours may be lost. In the event of a major incident, users are notified by email and on the provider’s website that the operation has been disrupted and that users should check that all messages and invoices sent

4.11 SERVICE ERROR REPORTS

 

  • The provider handles user requests regarding the reporting of an error in chronological order according to the impact of the error on the operation of the service, and divides them into the following stages:
  • urgent (they seriously limit the operation of a large number of users, the elimination of the error is necessary for operation, as there is no alternative solution)
  • critical (error seriously prevents the use of the service, its operation is possible but with limited functionality)
  • uncritical (all other errors, queries, ().

 

  • Depending on the level, the Bidder handles the requests by reacting to the urgent ones within 2 hours and resolving them within hours. It responds to critical requests within 4 hours and resolves them in one day. On

 

 

uncritical claims are responded to in one day and resolved within 30 days. The reaction of the Bidder is considered to be the Bidder’s written response that the request was received electronically by which it receives the user’s request.

  • eIUS doo must immediately inform the Ministry of Public Administration and all contracting authorities prior to the cessation of operations and ensure that all its rights and obligations regarding issued time stamps and evidence regarding electronic registered delivery are assumed by another trust service provider. He must hand over all the documentation he has kept so far to another provider of trust services, who will take over all the rights and obligations of the previous provider of trust services, or to the ministry, if such provider

 

 

4.12 SETTLEMENT OF DISPUTES

 

4.12.1 All complaints of the clients are resolved by the Legal Adviser at the Bidder.

 

  • The parties will settle any disputes amicably. In the event that the dispute cannot be resolved amicably, the court in Ljubljana shall have jurisdiction to resolve the dispute. All provisions shall be interpreted in accordance with the purpose for which the contract was concluded and in accordance with the law of the Republic
  • The invalidity of certain provisions of the contract resulting from legal amendments or the designation of eligible bodies or from the decision of both parties does not affect the validity of other provisions of the contract. The contracting parties undertake to replace the invalid provision without unnecessary ones
  • The bidder is liable for damage caused intentionally or through negligence to a natural or legal person due to non-fulfillment of its obligations. The company always has sufficient financial resources at its disposal to cover the stated liability, and the company is liable with 30 times the value to cover an individual loss event.

4.13 PROVISIONS CONCERNING INTELLECTUAL PROPERTY RIGHTS

 

The content of shipments made via electronic mailbox is the property of the sender.

 

4.13 PROTECTION OF PERSONAL DATA

 

  • The provider processes all personal data of subscribers and users in accordance with the publicly published Terms of processing the protection of personal data.
  1. FINAL AND TRANSITIONAL PROVISIONS

 

  • The provider reserves the right to change the general conditions. The amended general terms and conditions are valid from the publication on the siwebsite The client has the option to withdraw from the contract without notice if he does not agree with the proposed changes within 30 days of entry into force. The right of withdrawal does not affect the due and unpaid obligations of users and the fulfillment of other contractual obligations of the subscriber.

 

 

CONDITIONS OF PERSONAL DATA PROCESSING

 

 

 

  • INTRODUCTION

 

EIUS doo provides qualified trust services in the field of electronic registered delivery, verification and validation of electronic signatures and electronic stamps. It collects data in order to provide safe and quality services to all subscribers and users and third parties who rely on services.

2 DATA CONTENT

 

To identify users, EIUS doo collects and processes the following data: personal name, address for sending traditional mail, tax number, telephone number, mobile telephone number, e-mail address, business entity name, business entity identification number, business entity address, business entity tax number , serial number of the qualified electronic signature certificate, date of issue and validity of the qualified electronic signature certificate.

3 DATA COLLECTION

 

We collect data in the following ways:

 

directly from persons – for the purposes of identifying the future, current or past user and concluding or managing a contractual relationship with the client, we process data from the subscription contract. Subscribers themselves enter the data in the registration form or subsequently change them (Editing personal data) in the web application VEP.si .;

data from public records – the correctness of data is checked with public records (Business Register of Slovenia);

device data – for the purposes of mobile electronic signature security in the cloud, we automatically collect data related to an individual mobile device (hardware model, operating system version, unique device identifiers and mobile network data, including telephone number);

audit trails – we automatically collect data on the operation of information systems EIUS doo and access to them and the data contained in them (server logs, application logs and the like);

local storage – we collect some personal data and store it locally on your device when signing electronically in the cloud;

cookies and related technologies – when visiting our websites, we use various technologies to collect and store data (eg cookies and related technologies for statistical monitoring, identification of your browser or device).

 

4 USE OF DATA

 

The data collected in all EIUS doo trust services and when visiting the EIUS doo website is used to provide, maintain, protect and develop services, ensure trust in electronic services and manage the contractual relationship.

We use statistics to design and improve our services and websites.

All other data not published in accordance with the General Terms and Conditions are strictly protected in accordance with data protection regulations and will not be used for other purposes not agreed in the contract or the General Terms and Conditions.

 

5 DATA RETENTION DEADLINE

 

The processing of personal data lasts from the beginning of the procurement procedure until a maximum of 10 years after the termination of the contractual relationship, unless applicable law provides otherwise regarding the retention of data.

 

6 DATA TRANSMISSION

 

In accordance with applicable regulations and the consent of individuals, only information that can be made public is passed on to third parties who rely on electronic services and need this information to verify the validity of the electronic signature and the associated qualified certificate or electronic shipment.

If required by applicable regulations, we provide the data to domestic or foreign state bodies, holders of public authority, public service providers or out-of-court dispute resolution providers. Before intervening, we always carefully check that the request is correct and legal.

7 DATA SECURITY

 

eIUS doo implements appropriate technical and organizational measures to ensure a high level of security of personal data and guarantee the rights of data subjects, and respects the principles of built-in and default privacy in its information systems.

We allow access to protected personal data only to authorized persons of eIUS doo All these persons are bound by strict contractual obligations regarding the protection of personal and other sensitive data and are liable for any breaches of work, civil and criminal.

In EIUS doo, the procurator regularly checks the compliance of the applicable European and Slovenian regulations, international standards and recommendations, as well as the policies and internal acts of EIUS doo

 

8 EXERCISING RIGHTS RELATED TO DATA PROTECTION

 

All information regarding the protection of personal data is available on 01 426 53 76. For all questions and for the exercise of their rights (giving or revoking consent, access to personal data, monitoring access to personal data, etc.), anyone can contact the Commissioner for data protection and compliance. Anyone can revoke their consent in writing at any time, but this can have consequences for the implementation of the trust service, as security and trust cannot be provided without all the necessary information.

In the event of a breach of personal data protection, the provider shall notify the Information Commissioner without delay but no later than 72 hours after becoming aware of the breach. Where notification to the Information Commissioner is not given within 72 hours, he shall be accompanied by the reasons for the delay.

 

9 SETTLEMENT OF DISPUTES

 

The court in Ljubljana is competent for all possible disputes under the law of the Republic of Slovenia. In addition to judicial dispute resolution, we also provide out-of-court dispute resolution.

 

These general terms and conditions enter into force on 20.7. 2018

 

 

eIUS, doo 

mag. Pavel Reberc, director