1. DATA CONTROLLER
Zavod WIN Association
Trpčane 37A
6250 Ilirska Bistrica
Slovenia
Email: info@win-association.si
Phone: +386 68 131 507We have not appointed a Data Protection Officer. You may contact us directly regarding all personal data matters.The supervisory authority in Slovenia is the Information Commissioner (Informacijski pooblaščenec).

2. PERSONAL DATA WE COLLECT
Contact data
- Email address
- phone number
- Application data
- Age,
- professional info
- business information, answers to membership questions
- Website analytics data
‍
We do not collect special categories of sensitive personal data.We do not knowingly collect personal data relating to individuals under 15 years old.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING
We process personal data only when we have a valid legal basis and a clear purpose.

‍Email address (first step):
We use your email address to communicate with you about the WIN program and your membership application process.
Legal basis: Consent, which you provide voluntarily. You can withdraw your consent at any time by contacting us.

Application data (phone number, age, professional and business information, and other answers in the membership forms):
We process this information to evaluate your eligibility for the WIN Association and to manage your membership if you are accepted into the program.
Legal basis: Legitimate interests in reviewing applications, and performance of a contract once you become a member.

‍Website analytics data collected via Microsoft Clarity:
We process information such as interactions with pages and general usage behavior to improve website performance and the user experience.
Legal basis: Legitimate interests in optimizing and maintaining our services. You may object to this processing at any time.

4. COOKIES & TRACKING TECHNOLOGIES
Our website uses Microsoft Clarity for analytics and session behavior data.Analytics cookies are used based on our legitimate interest in improving user experience. Users have the right to object. Information on cookie compliance in Slovenia and under EU communications law confirms this requirement.You can manage tracking and cookies through browser settings.

5. DATA RETENTION
Personal data is stored for up to 10 years, unless a longer period is required for defense of legal claims or compliance with law.If consent is withdrawn or you request deletion, we will delete data earlier unless legally prohibited.Retention transparency is required by GDPR.

6. SHARING OF PERSONAL DATA‍
We may share your personal data with trusted service providers who act as data processors on our behalf. These providers are only permitted to process personal data according to our instructions and must implement appropriate security measures.

We currently use the following categories of processors:

‍Email service provider (Brevo / Sendinblue): used for storing email contact data and sending communication related to the application and membership.
‍
Form submission services (Google Forms and YouForm): used for securely collecting and storing information submitted through application forms.

We do not sell personal data.
We do not transfer personal data outside the EU/EEA without appropriate safeguards in place.
Data is only shared when necessary for the functioning of our services and communication.

7. SECURITY MEASURES
We apply appropriate technical and organizational measures, including:
- Secure access controls
-Encrypted data transmission wherever supported
-Regular review of security practices
Simplified disclosure of security measures is allowed under GDPR.

8. AUTOMATED DECISION-MAKING & PROFILING‍
We do not engage in automated decision-making that produces legal or similar significant effects.Membership applications are reviewed by humans.

9. DATA SUBJECT RIGHTS‍
Under GDPR, you have the following rights:
- Right of access to personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to object to processing for our legitimate interests
- Right to data portability
- Right to withdraw consent at any time
Users may lodge a complaint with the Information Commissioner (Informacijski pooblaščenec) if they believe their data has been misused.