top of page

Privacy Policy

Last Updated: 20.10.2025
Applies to: https://www.zyflow.eu

1. Data Controller

The controller responsible for processing your personal data in connection with the website https://www.zyflow.eu and other interactions with the company is:

Herko d.o.o.
Pševska cesta 10, 4000 Kranj, Slovenia
Company Registration Number: 8830045000
VAT Number: SI56613555
Email: privacy@zyflow.eu
Website: https://www.zyflow.eu
(“we”, “us”, “our”, or “Zyflow”)

At this time, we have not appointed a Data Protection Officer (DPO). All data privacy-related inquiries can be addressed to privacy@zyflow.eu.

2. Introduction & Purpose of this Notice

Zyflow is committed to protecting your privacy. This notice explains how we collect and process your personal data when you interact with us through our website or digital channels.

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)

  • Local Slovenian data protection laws (e.g., ZVOP-2)


This Privacy Notice applies to:

  • Visitors of our website

  • Individuals submitting forms or contacting us

  • Email subscribers

  • Job applicants

  • Any other persons interacting with Zyflow as a data subject

3. Definitions

Unless otherwise stated, the terms used in this document (e.g., personal data, controller, processing, etc.) have the meaning defined in Article 4 of the GDPR.

The term “website” refers to https://www.zyflow.eu, including all its subpages, features, and third-party integrations (e.g., Wix-hosted tools, embedded apps, forms).

Words in the singular include the plural and vice versa. Gendered terms include all genders.

4. Categories of Personal Data We Process

5. Legal Grounds for Processing

We may process your personal data based on the following legal grounds:

  • Consent – for newsletters or optional tracking cookies.

  • Contractual necessity – when you engage with us to deliver a service or request.

  • Legal obligation – such as tax or accounting requirements.

  • Legitimate interest – e.g., to respond to inquiries, prevent fraud, improve our website, or protect legal claims.

6. Retention Periods

Personal data is stored only as long as necessary to fulfill the purpose for which it was collected or to comply with legal obligations:

  • Newsletter subscribers: Until unsubscription.

  • Contact form and communication data: Up to 4 years after last contact.

  • Job applicants: Until the end of the selection process (unless consent for longer is obtained).

  • Billing/contractual data: Up to 10 years due to legal retention requirements (e.g., VAT laws).


You may request deletion earlier unless retention is legally required.

7. Data Sharing and Processors

Your data may be accessed by:

  • Authorized Zyflow employees

  • External service providers (e.g., hosting, analytics, communications tools)


All data processors operate under a written agreement, comply with GDPR, and act only on our instructions.

Examples include:

  • Wix.com Ltd. – Website builder and hosting provider

  • Google LLC – Analytics (only with consent)

  • Mailchimp/Brevo/etc. – Email marketing platforms (if used)


We do not sell your data or transfer it to unauthorized third parties.

8. International Transfers

Some data (e.g., via Wix or Google) may be transferred to third countries (e.g., the United States). In these cases, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)

  • Valid adequacy decisions

  • Certification mechanisms (e.g., Data Privacy Framework)

9. Protection of Special Categories of Data

We do not collect or process sensitive personal data (e.g., health data, political opinions, religious beliefs) via our website. If such data is received unintentionally, we will ensure it is deleted or anonymized.
 

10. Data Subject Rights

Under GDPR, you have the following rights:

  • Right to be informed – about how your data is used.

  • Right of access – to obtain a copy of your personal data.

  • Right to rectification – of inaccurate or incomplete data.

  • Right to erasure – (the “right to be forgotten”) in certain circumstances.

  • Right to restrict processing – under specific conditions.

  • Right to data portability – for data provided on the basis of consent or contract.

  • Right to object – to processing based on legitimate interests.

  • Right to withdraw consent – at any time without affecting prior processing.

  • Right to lodge a complaint – with the Information Commissioner (see below).


To exercise any of these rights, contact us at privacy@zyflow.eu.

11. Supervisory Authority

If you believe your data has been processed unlawfully, you can contact the Slovenian supervisory authority:

Information Commissioner
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Email: gp.ip@ip-rs.si
Phone: +386 1 230 97 30
Website: www.ip-rs.si

12. Children’s Data

Our services are not intended for users under the age of 15. We do not knowingly collect data from minors without parental consent. If we become aware that a child has submitted personal data, we will promptly delete it.
 

13. Automated Decision-Making

We do not perform any automated decision-making or profiling that significantly affects individuals.
 

14. Security Measures

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration, including:
    •    Access control and secure hosting via Wix
    •    Regular software updates
    •    SSL encryption
    •    Internal data access limitations

We expect the same security standards from our data processors.
 

15. Changes to This Notice

We may update this notice to reflect changes in legal requirements, our data practices, or services. When we do, we will post the updated version on this page and indicate the effective date.
 

Contact

If you have any questions about this notice or how we handle your personal data, contact:

Email: privacy@zyflow.eu
Company: Herko d.o.o.
Website: https://www.zyflow.eu
 

bottom of page