This privacy policy contains information about the processing of personal data carried out by GORR d.o.o. (hereinafter referred to as the “Controller”, “we” or “us”). It provides information on the purposes of the processing, the legal basis, the types of personal data, the retention period, and your rights in relation to the processing.

We encourage you to read the policy carefully.

Personal data is considered to be any information that relates to an individual, regardless of the form in which it is presented, and which can directly or indirectly identify that individual.  

Who is the Controller of the personal data?

The Controller of your personal data is:

Prevajalska agencija GORR d.o.o., Brezje pri Grosupljem 90, 1290 Grosuplje, Slovenija



As the Controller of your personal data, we are committed to processing and storing your personal data in a responsible, lawful, and transparent manner.

How do you obtain my personal data?

We obtain your personal data directly from you. You are only obliged to provide personal data when required to do so by law. In other cases, the disclosure of personal data is optional, but in these cases there is a possibility that we may not be able to provide you with certain services. 

We use the personal data collected through cookies to carry out automated decision-making and profiling, and this data is encrypted. We carry out profiling for the purpose of serving you ads that are relevant to your interests. For more information on the processing of personal data using cookies, please see our Cookie Policy.

The Controller does not carry out other automated decision-making and profiling.

How is personal data processed by the Controller?

We only process the personal data we collect where we have an appropriate legal basis for doing so and for certain legitimate purposes (i.e. the grounds for processing). We always take care to choose the minimum amount of personal data that is necessary to achieve a particular purpose. We use different legal bases, namely contractual relationships, the law, legitimate interest, or your explicit consent. If you have given your consent to the processing of your personal data, you always have the possibility to withdraw your consent.

We only keep personal data for as long as is necessary to fulfil the purpose for which we collected it. After the retention period has expired, the personal data shall be erased or destroyed in such a way that its recovery and reconstruction is no longer possible.

For more details, see the table below.

Purpose of processingCategory of personal dataLegal basisRetention period
Communication on the basis of your enquiry (completed form on the website)Name and surname, email address, company name, registered office, company tax number, content of the message, information in any files submittedLegitimate interest in effective communication with potential usersTwo months from the end of the communication
Making an offer based on your enquiryName, email address, telephone number, company name, registered office, company tax number, information in the files submitted, other required informationfor preparing an offerPre-contractual relationshipSix months after submission of the offer
Provision of services (translation, certified translation, bilingual review and proofreading, interpreting, localisation, machine translation, editing of machine translations, other language services)Name and surname, company details, registered office, email address, telephone number, information in the submitted files, information required for payment – bank accountContractual relationshipFive years after termination of the contract (payment data is kept for 10 years in accordance with tax legislation)
Providing information andassistance to users of our servicesName and surname of the signatory to the contract, company name, registered office, email address, telephone numberContractual relationshipFive years after termination of the contract
Notifying and sending out newsletters to our users and subscribers about new blog postsName and surname / company name, email addressLawUntil revoked
Notifying and sending out newsletters about new blog posts to other recipientsName and surname, email addressConsentUntil revoked
Carrying out analyses for research and statistical purposesPersonal data is in an anonymised formLegitimate interest in carrying out analyses to keep statistics for our own needs and to improve the services we offer Until revoked

Do you send my data to third parties?

Only authorised persons (employees, contractual partners) have access to the personal data collected. However, we will only disclose data to third parties where this is necessary for the purpose of processing personal data.

Third parties with whom we share your personal data:

  • Contractors who provide us with certain services (accounting services, IT services, legal assistance, etc.),
  • Outsourced workers who provide translation, proofreading, and certified translations for us,
  • Accounting services,
  • State authorities, where required by law (FURS, judicial courts).

How do you protect my personal data?

We use a variety of organisational and technical measures to protect personal data to ensure the highest possible level of security and to protect personal data against loss, manipulation, destruction, or unauthorised access.

We store personal data in physical and electronic form. Accordingly, we have adopted various security measures, including:

  • Locking the business premises,
  • Limiting access to personal data to authorised persons,
  • Providing staff training on how to protect personal data,
  • Careful selection and monitoring of third-party contractors,
  • Regularly updating the hardware and software used to store your data,
  • Regular backups, use of a firewall, use of password protection,
  • Collecting the minimum amount of personal data.

In the event of a personal data breach, the Controller shall without delay notify the Information Commissioner, the competent supervisory authority for Slovenia, of any such breach.

In the event of a data breach that may result in a high risk to the rights and freedoms of individuals, the Controller will immediately inform you of the breach.

What about the use of social networks?

The Controller allows individuals to interact via the social networks Facebook, LinkedIn, and Twitter. Social networks operate in accordance with their own privacy and personal data processing rules, for which the Controller is not responsible. We urge you to read the terms and conditions of the relevant social networks before you decide to interact with them in any way. Please note that you are solely responsible for any posts you make via social networks. The Controller accepts no liability whatsoever in connection with an individual’s activities on social networks.

To make it easier for you to access the relevant information, we provide links to the privacy policies of each social network:


You have the following rights in relation to the processing of your personal data:

  • Right of access to your personal data: you can request information about whether we are processing your personal data and about the processing we are carrying out.
  • Right to correction of your personal data: in the event of incomplete or inaccurate data, you may request a correction.
  • Right to obtain a copy of your personal data: you may request that we provide you with a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to restriction of processing of your personal data: you may request that we temporarily restrict the processing of your personal data, e.g. for the duration of the correction of the personal data we process about you. In this case, we will temporarily stop using your personal data, but we will not delete it.
  • Right to object to the processing of your personal data: where we process your personal data on the basis of legitimate interest or in the case of marketing communications, you have the right to object to such processing.
  • Right to the deletion of your personal data: you may request deletion, but we may not delete data that we process on the basis of a contractual relationship (that is still in force) and data that we process on legal grounds, unless the retention period has expired.
  • Right to revoke your consent: where the processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal of consent shall be effected without any negative consequences for you. However, there is a possibility that we may not be able to provide you with certain services after the withdrawal.
  • Right to data portability: you may request that we transfer the personal data we process about you to another data controller. This can only be done where it is technically feasible.

You can exercise these rights by writing to us at or by post to Brezje pri Grosupljem 90, 1290 Grosuplje, Slovenia.

If we receive a request concerning the exercise of a right, but cannot reliably identify the individual, we reserve the right to ask you to provide us with relevant personal data that will enable us to identify you reliably. If you do not provide this information, we will not process your request.

In all other cases, we will respond to requests within 30 days of receipt, except in the case of large requests, for which we will need more time to prepare a response. We will inform you in advance of any such extension to the deadline.

All information, responses and actions taken by the Controller with regard to the exercise of rights and requests in the scope of personal data protection shall be provided free of charge. However, we reserve the right to charge the individual reasonable costs for requests that are manifestly unfounded or excessive, in particular where they are repetitive.

If you believe that the Controller has infringed the protection of your personal data, you have the right to lodge a complaint with the competent supervisory authority, which in Slovenia is the Information Commissioner.


We reserve the right to change our privacy policy. The latest version of the privacy policy will always be available on the website:

This privacy policy is effective as of 29th May 2023.

This site is protected by reCAPTCHA and the Google. Privacy Policy and Terms of Service.

© 2023 GORR. All Rights Reserved.