Topfibra’s Privacy Notice

At TOPFIBRA d.o.o., we acknowledge the fundamental human right to privacy, and as such, we are committed to collecting, storing, and using your personal data with responsibility, diligence, and utmost care in accordance with the provisions outlined in this Privacy Notice, General Data Protection Regulation of the European Union (referred to as “GDPR“), the Slovene Personal Data Protection Act, and other relevant regulations governing the domain of personal data protection.

We are dedicated to safeguarding the personal data of our website users, ensuring adequate security and confidentiality while preventing unauthorized access to personal data. We also enforce strict confidentiality obligations on individuals and business partners authorized to handle personal data.

Our Privacy Notice offers an overview of the information we gather/acquire through our website and its landing pages, our procedures for processing the personal data you provide, our commitment to protecting this data, and the entitlements you possess to manage your personal data and preserve your privacy when you visit our website and/or when you submit a (contact) form to schedule an appointment or receive our content, including newsletters, news updates, articles, papers, publications, and other materials.

Data controller & Accountability

When you, our website user (referred to as the “data subject“), utilize our website, we serve as a data controller and determine the purposes and means of the processing of your personal data. Consequently, in our capacity as the data controller, we hold complete responsibility for the compliance of the processing of personal data concerning you.

When operating in accordance with this Privacy Notice as the controller of your personal data, you may contact us at the following address:

Ulica 25. maja 27
6258 Prestranek
Registration number: 6296351000
Telephone: +386 8 200 1500
e-mail: [email protected]

Legal bases used for processing personal data

We process certain data only based on your prior express and written consent, while the processing of some personal data is necessary for the fulfillment of the legal obligations or our demonstrated legitimate interest.

  • Consent: The data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) of the GDPR);
  • Contract negotiations or performance of contract: Processing is necessary for the performance of the contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR);
  • Legal obligations: Processing is necessary for compliance with a legal obligation to which we as a controller are subject (Article 6(1)(c) of the GDPR); and
  • Legitimate interest: Processing is necessary for the legitimate interests pursued by us as the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR).

What personal data we collect, the purpose and the basis of data processing

Website visits

When you visit our website, we may collect limited information about your internet connection, the equipment you use to access our website, and usage details.

On the web server hosting the website, data about website visits are recorded, including visitors’ IP addresses, browser versions, date and time, and information about repeat connections. We do not process these collected data separately and do not link them to other data. The data processor (web server hosting provider) processes personal data only for the purpose of providing maintenance services for the website at

We process this data based on our legitimate interest as per Article 6(1)(f) of the GDPR. The purpose of these procedures is to ensure network and information security, specifically to enable the detection and prevention of unauthorized access that may compromise the availability, integrity, and confidentiality of stored or transmitted personal data, as well as the security of related services accessible through these networks and systems. The data is mainly acquired through cookies, collected automatically during your website visit. For more details, please refer to our separate Cookie Notice available in this link.

Use of website forms

  • Contact form

You have the option to reach out to us directly through the contact form found on our website or by scheduling an appointment via the online landing page forms. During this process, you may share the following personal data and information that includes your first and last name, e-mail address, and the content of your message.

The data is acquired directly from you when you raise inquiries via the “contact form” at our website. In case the inquiry pursues purchase of our products and services, then we collect and process the personal data and information provided by you via the contact forms based on legal basis used for contract negotiations or performance of contract (Article 6(1)(b) of the GDPR). If the inquiry is of general nature, then we collect and process the personal data based on our legitimate interest (Article 6(1)(f) of the GDPR). Based on the inquiry, we may ask for additional information needed to book an appointment or other information necessary to respond to your query.

  • Subscription to our e-newsletter or other publications

If you wish to receive our e-newsletter, you can subscribe through the subscription form available on our website. When subscribing, you will be asked to provide your first and last name, email address, and consent. By subscribing, you grant us permission to send you news, articles, papers, publications, and other materials relevant to our business. In addition to providing our e-newsletter service, we process information to analyze reader responses.

For e-newsletter subscriptions, we employ a double opt-in procedure. Once you subscribe on our website, we will send a confirmation message to the email address you provided. If you do not confirm your subscription, it will be automatically deleted. To protect your personal data from misuse, we log your subscription and confirmation, including your IP address, the time of subscription and confirmation, the messages sent by us regarding your subscription, and the wording of your subscription and confirmation.

We utilize Keap as software for sending our e-newsletter. As part of reader response analysis, we track specific data of our e-newsletter subscribers, including the date and time of email openings, date and time of material downloads, unopened emails, and clicked links. These details are collected and processed exclusively to provide recipients with tailored and relevant content.

You have the right to revoke your consent to receive our e-newsletter at any time. You can do so without providing a reason by clicking the “Unsubscribe” link provided at the end of each email communication or by contacting us at [email protected]. In such cases, we will promptly delete the data associated with your subscription. Revoking your consent does not affect the legality of the processing of your personal data prior to revocation.


We may collect and process the personal data you provide during your job application and the employment recruitment process. Our goal is to facilitate the signing of an employment or collaboration agreement. Throughout this process, you may share the following personal data and information with us first and last name, date of birth, address, e-mail, contact number, education history, employment history, language, areas of interest, and any other information you provide in your job application.

We acquire this data directly from you when you submit your application for job vacancies via email or a special tool on our website. The collection and processing of this personal data and information are performed based on the legal basis for contract negotiations or the performance of a contract, as specified in Article 6(1)(b) of the GDPR.


When you make purchases from us, we may request additional personal and financial information necessary for transaction processing. We collect this data directly from you as our customer, and this collection is based on the legal basis for contract negotiations or the performance of a contract, as defined in Article 6(1)(b) of the GDPR.

Social Media

In addition to this website, we connect with our audience through various social media platforms, including LinkedIn, Facebook, YouTube, and Twitter.

When you connect with us on any of above social media, please note that you may share personal data with us. The types of personal data we may collect and process through our social media channels include:

  • Your Public Profile Information: This includes details such as your name and profile picture, which are publicly accessible.
  • Voluntarily Shared Information: Any data that you willingly provide to us through direct messages or public posts.
  • Platform-Provided Data and Analytics: This category comprises demographic information and user engagement data supplied by the social media platform.

We collect this data directly from you when you interact with our content or send us messages and process them similarly to the processing of personal data acquired through the contact forms as outlined above.

Personal data sharing

We deeply value the trust you show us by sharing your personal data, and we are committed to safeguarding it. Your personal data will not be disclosed or shared with unauthorized third parties. However, we may share your personal data with our contracted processors who are authorized to process data exclusively on our behalf. Under no circumstances will personal data be utilized for personal interests.

All our partners are subject to strict scrutiny before we engage our collaboration, especially in terms of data privacy standards and safety measures they exercise while processing personal data. We use Infusionsoft as software for our newsletter service described above. Infusionsoft is, therefore, utilized as our data processor. Based on our data processor agreement, they will only process personal data upon and strictly in accordance with our documented instructions. Our relationship with Infusionsoft as our processor located in the United States is governed by the data processing agreement that also includes standard contractual clauses as a transfer tool under Chapter V of the GDPR.

When required, we may share your personal data with law enforcement bodies and other governmental bodies that are eligible to such disclosure assuming such sharing is authorized by the law, usually due to being necessary to prevent, discover and prosecute criminal offences. We ensure to only disclose personal data to governmental authorities when and where we are mandatorily required to do so by the law.

Processing of personal data is strictly limited to staff required to provide the service. In no circumstances do we sell or rent your personal data.

Data transfer to third countries and international organizations

Transfer of personal data to any country outside the European Economic Area (“EEA”) is only possible under strict terms and conditions enforced to protect your personal data. We may transfer your personal data to third countries if that is required to respond to your inquires and or process the recruitment procedures.

When internationally transferring your personal data, we always take adequate organisational and technical measures to ensure protection of your personal data. All our business and web applications and partners use adequate measures to prevent unauthorized access or use of all information, including your personal data. To protect and safekeep your personal data, we use due business organisation measures and procedures, including safeguards to physically protect personal data stored in our servers (e.g., fire safety equipment etc.). Under no condition is the personal data transferred in a country outside of EEA, unless an appropriate safeguard in terms of Chapter V of the General Data Protection Regulation is in place (e.g., adequacy decision, standard contractual clauses, etc.).

Data retention periods

Your personal data is kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed. In accordance with the purpose limitation and data minimisation principles, we collect and process personal data for the specified purpose only and exclusively personal data that is relevant and necessary for the purpose. To determine if personal data may be processed further, we use a compatibility test to look for link between purposes, nature of the data, method of collection, consequences of secondary uses and safeguards. We pay extra care to ensure that all personal data is accurate and up-to-date.

In accordance with the above, we delete the personal data needed for the recruitment procedure after the end of the selection procedure. If the candidate is selected, we will continue to process their personal data under the terms of the internal privacy policy applicable to employees. On the other hand, the personal data of non-selected candidates are deleted immediately after 30 days from delivery of our rejection notice unless the candidate gives us their consent to use the personal data from their job application for future vacancies.

Personal data that is processed on the basis of consent are deleted when and in the moment data subjects withdraws their consent. Where certain personal data is necessary for protection of Porton’s rights, such personal data may be stored until the end of litigation started in pursue of the right such personal data relate to or until the expiration of the statute of limitation period, if the litigation was not started by then. In Slovenia, general statute of limitation is 5 years (exceptions may apply). For data retention periods applicable to personal data collected based on the use of cookies please see our Cookie Notice available at this link.

The retention period for personal data obtained through your inquiries via the contact form varies based on the nature of the inquiry. For instance, if the inquiry leads to contact negotiations that result in the signing of a contract, we may retain the necessary personal data required for the performance of the contract until it’s fully executed, with an extension to cover the applicable statute of limitations for potential disputes (typically 3 years). On the other hand, if the contact negotiation does not result in signing a contract, we would usually retain the personal data relevant to the negotiations until the expiry of the statute of limitations, which begins immediately after the negotiations have concluded. Personal data collected via general inquiries is retained on a case-by-case basis, taking into account all the circumstances of the communication and adhering to the applicable GDPR data retention rules.

Please note that where necessary under mandatory laws, we may store your personal data under different time limits (e.g., when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping). Namely, some accountancy information may even be subject to permanent storage; however, neither website users’ or job candidates’ personal data are normally part of accountancy documentation.

After the expiry of designated retention period, we either permanently delete your data or we anonymise it (i.e., process of taking away information necessary for the information to be relating to an identified or identifiable natural person). When deleting your personal data, we take special care to ensure your personal data is safely and completely removed from our servers or retained only in anonymized form. We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when we delete something and when copies are deleted from our active and backup systems.

As with any deletion process, things like routine maintenance, unexpected outages, or bugs may cause delays in the processes and timeframes defined herein. We maintain systems designed to detect and remediate such issues.

Please note that in accordance with the data minimisation principle, we only store personal data that is relevant and necessary for the purpose. This means that when specific personal data becomes unnecessary for pursuing a particular purpose, we strive to delete it immediately after. This also means, for instance, when retaining personal data for litigation and pursuing legal claims, we only keep personal data that we deem essential for successful dispute resolution.

Data subject’s rights

In this section, we present the rights you have regarding the personal data concerning you that we process and the processing thereof. You may exercise your rights by sending us an email at [email protected].

In case you need additional information regarding your rights, you can always ask for additional information or explanation via the said email address [email protected].

a) Right to withdraw consent

Where your personal data are being processed based on a given consent, you may always decide to withdraw it by sending a written request to the above email address.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you chose to withdraw your consent, you may and will not be subject to any detrimental consequences.

b) Right to access

You can obtain our confirmation as to whether or not we process personal data concerning you, and where that is the case, obtain a copy of your personal data, as well as other supplementary information listed by Article 15 of the General Data Protection Regulation (e.g., purposes of the processing, retention periods, international transfers, etc.).

Please note that we may deny the right to access if and to the extent of such disclosure adversely affecting the right and freedoms of others.

c) Right to rectification

You can rectify any inaccurate or incomplete personal data concerning you. Upon your request for rectification, we will without undue delay rectify any inaccurate personal data concerning you.

d) Right to erasure (right to be forgotten)

Upon your request, we will, without undue delay and subject to examination of merits of your request, delete any personal data concerning you, which:

  • are no longer required for the purposes they were initially collected or otherwise processed;
  • are processed based on a withdrawn consent and there is no other legal bases for their processing;
  • were subject to objects to the processing and there are no overriding legitimate grounds for the processing; or
  • were unlawfully processed.

e) Right to restriction of processing

This right is not absolute and only applies in certain circumstances. When processing is restricted, we remain permitted to store the personal data, but are not allowed to use it.

Upon your request, we will, without undue delay and subject to examination of merits of your request, will restrict processing of personal data concerning you in case:

  • you contested accuracy of the personal data (restriction for a period enabling the controller to verify the accuracy of personal data);
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  • you objected to processing based on your right to object (restriction for a period required to verify whether the legitimate grounds of the controller override those of the data subject).

For the time processing is restricted, we don’t process the restricted data in any way except to store it, unless it is processed:

  • upon your consent;
  • for the establishment, exercise or defence of legal claims;
  • for the protection of the rights of another person (natural or legal); or
  • for reasons of important public interest.

Before lifting the restriction of processing, we will always duly inform you about it.

f) Right to data portability

Upon you request, we may transfer personal data concerning you to another controller, when processing is based on consent or agreement and when it is technically feasible.

g) Right to object

The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing. You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes. You can also object if the processing is for our legitimate interest; however, in this case the right to object is not absolute.

You must give specific reasons why you are objecting to the processing of your data, based upon your situation. Upon your request, we will stop processing your personal data, unless we will have compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise, or defence of legal claims.

Right to file a complaint at the information commissioner

If we fail to provide information or action taken on your request to exercise any of your above listed rights in one month of receipt of the request or deny it, you may file a complaint at the Information Commissioner – the data protection supervisory authority.

You can submit your complaint by using special forms published by the Information Commissioner at its website:

Information Commissioner contact details are:
Informacijski Pooblaščenec Republike Slovenije
Dunajska cesta 22
1000 Ljubljana
E-mail: [email protected]
Phone number: +386/1 23 09 730

Data privacy and security recommendations

We highly recommend and encourage you to always protect your privacy and personal data and take adequate measures yourself as well.

Every data subject is responsible for ensuring adequate antivirus protection of their computer or other multimedia devices.

Amendments of this privacy notice

We reserve the right to update this Privacy Notice to keep it up to date and in accordance with the specifics of our data processing activities.

Any amendments become effective upon publication on our website. The date of the last update is always specified at the end of the Privacy Notice.

We, therefore, recommend that you regularly visit this Privacy Notice to keep yourself informed on possible updates.

Additional information and contact details

For additional information regarding our processing of personal data and suggestions for improvement please contact us at [email protected] or TOPFIBRA d.o.o., Ulica 25. maja 27, 6258 Prestranek, Slovenia.

This Privacy Notice is effective and binding from the date hereof until replaced or amended.

Last updated: 9/11/2023