Privacy Policy

Welcome to the sub-site of, where the owner of the website, JonatanMars, Management of Alternative Investment Funds, Ltd, Dunajska cesta 167, Ljubljana, Slovenia in order to protect your personal data and to disclose your rights concerning them, presents how your data is processed, i.e. obtained, stored and used.

Please read our personal data protection rules carefully and save/print them, especially if you have already given us a valid consent to use your personal data, or if you intend to do so.

Information about the manager, contractual data processors and the person authorized for data protection

Manager and processor of personal data: JonatanMars, Management of Alternative Investment Funds, Ltd, Dunajska cesta 167, Ljubljana, Slovenia (hereinafter: the company).

Subject of protection: An individual who provides the company with personal data, whether or not he/she grants his/her consent to the use of personal data (hereinafter: the user).

Contractual processors: VZAJEMCI SKUPINA d.o.o. and its related companies VZAJEMCI d.o.o., VZAJEMCI SVETOVANJE d.o.o., VZAJEMCI NALOŽBE d.o.o., KREATORIJ d.o.o. and PLAN C d.o.o., all located at the address Litostrojska cesta 52, Ljubljana.

A list of the company’s other potential contractual processors can be obtained on request by contacting the authorized data protection officer via e-mail.

Authorized data protection officer’s contact:

Privacy policy enforcementdate: 13.3.2019

The company reserves the right to amend or supplement these privacy rules in order to ensure compliance with applicable regulations.

Basic terms

Personal data: any information from which we can directly or indirectly identify an individual.

Processing: any act or set of actions carried out in connection with personal data or sets of personal data with or without automated means, such as collecting, recording, editing, structuring, storing, adjusting or modifying, recalling, viewing, using, disclosing by transmitting, disseminating or otherwise providing access, customizing or combining, limiting, deleting or destroying.

Special types of personal data (so far, i.e. sensitive data): data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, sexual orientation, health data, various genetic and biometric data.

Profiling or profile creation: any form of automated processing of personal data involving the use of personal data for assessing certain personal aspects relating to an individual, in particular for the analysis or anticipation of performance at work, economic situation, personal taste, interests, reliability, behavior, location or movement of that individual.

Collection: any structured set of personal data accessible according to specific criteria. The set may be centralized, decentralized or dispersed on a functional or geographical basis.

Manager: a natural or legal person, a public authority, an agency or another body which, alone or jointly with others, determines the purposes and means of processing.

Processor: a natural or legal person, a public authority, an agency or another body processing personal data on behalf of the manager.

Violation of the protection of personal data: breach of security which causes the unintentional or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data which are sent, stored or otherwise processed.

Anonymization: conversion of personal data in a way that the data subject is no longer identifiable.

Pseudonymization: replacing a personally identifiable material with artificial identifiers.

Obtaining personal data

We collect your personal data directly from your use of our website, by subscribing to newsletters, prize games and other events in the organization or co-organization of the company, by your demand for services or offer of the company via phone, e-mail, in writing or via social networks, by concluding contracts and other business cooperation with the company, and by giving consent for the processing of personal data, and indirectly with your use of any current or future services provided by the company. Your data can also be obtained from publicly available information or resources, when permitted by law.

Types of personal data that we collect and process

In the context of performing its activities and the provision of its services, the company collects and processes the following personal and other data: name, surname, address and contact address, if different from the address of residence, telephone number, e-mail address, birth data, sex, Identity number, tax number, bank account number and bank, type, number, validity and issuer of identity document, products. The sole responsibility for the credibility, accuracy and promptness of the provided data shall be carried by the user. The company does not process special types of personal data.

We also collect information about your use of our website with cookies (your IP address, browser type, type of device, which pages you have viewed and when), with your data being anonymized by reset. For example, your IP address would be used only in case of problems with the server and when editing a website. You can get more information about cookies in our cookies policy.

Our websites also include links to third party sites, and the company does not assume responsibility for the respect for privacy and the content of those sites.

The purpose of processing your personal data

The company undertakes to manage user data carefully and in accordance with the applicable regulations governing the field of personal data protection, i.e. with the General Data Protection Regulation (GDPR; Regulation 2016/679/EU) and the Personal Data Protection Act (ZVOP-1; Official Gazette of the Republic of Slovenia, No. 86/04, as amended and supplemented).

All collected personal and other data is processed in the course of performing our activity and in relation to the services provided by the company, and is used for one or more of the following purposes:

  • to implement a contract concluded between the company and the user;
  • for purposes related to the use of our services;
  • for the purposes of direct marketing on the basis of valid approval or consent of the user, which includes: informing about the situation in financial markets and other news, promotion activities of the company and prize games, automated and non-automated statistical processing and production of market research, sampling and segmentation, following the use of our services, sending invitations, offers, greeting cards, magazines and newspapers, and telephone, written and electronic surveys;
  • for the purpose of improving our website and adapting user experience, and improving or adapting services based on our legitimate interest in adapting the website and services according to the needs and wishes of the users;
  • for the purpose of fulfilling our legal obligations, for example, in the field of tax legislation and prevention of money laundering and terrorism financing;
  • for the purposes of identifying potential criminal offenses, for example, fraud, or threats to public safety to the competent authority on the basis of the general public interest;
  • to ensure the security of the information system;
  • to communicate with our business advisers and legal representatives on the basis of a legitimate interest in obtaining legal or other professional advice (using measures such as minimizing or anonymizing the given data, and by signing an appropriate non-disclosure agreement);
  • due to the needs of any legal or administrative procedure based on our legitimate interest in ensuring the success of our business and the settlement of disputes.

Methods of processing your personal data

We use your contact information only to establish contact with you, and we do not disclose your personal and other information to third parties.

The company collects personal data according to the principles of minimizing the processing and anonymization of personal data and endeavors to obtain from users only the data which are strictly necessary for the provision of services for them. We use secure servers to store personal data, and we have also adopted other appropriate technical and organizational measures to protect your personal data and to secure them from unauthorized or illegal use or processing and against accidental loss or destruction or damage to your personal data.

Our contractual processors of personal data, who also have to carefully comply with the applicable legislation in the field of personal data protection, are carefully selected, and our employees who access personal data in accordance with the authorizations and assigned rights to access data, are regularly trained in the field of personal data protection.

If the user does not give consent to the company for the processing of his/her personal data for the purposes of direct marketing, which is necessary for the fulfillment of a business relationship between the company and the user, or if the given consent is canceled, the company may process only the data necessary for the implementation of the contract with the user, or informs the user through the methods which are permitted by applicable law in cases where there is no personal consent.

The consent of a user for the processing of personal data is a voluntary statement and is not a condition for the conclusion of a contract or a business relationship with the company. In cases of more than one consent only the last given consent is valid.

Upon giving consent the user is presented with the possibility that he/she can always cancel the given consent at any time in whole or in part, permanently or temporarily, which can be done by a written statement addressed to the company or by an e-mail to, wherein the company reserves the right to identify the user. The company will cease processing the data on the basis of the cancellation of the consent no later than 3 working days after receipt of the cancellation.

Storage of personal data and processing period

Your personal data is stored by the company with the contracted processor on servers of IT cloud service providers located in the EU Member States and the US. Occasionally processing of your personal data may also occur outside the EU.

The company will process your personal data to an extent relevant and limited to what is necessary for the purposes for which the data is processed.

The company processes your personal data for the entire duration of the business relationship and for another 5 years after the termination of the business relationship or termination of the contract. In the case of a given consent for processing, the consent automatically ceases to be valid after the expiration of 5 years after the termination of the business relationship or after the expiration of 5 years after the consent has been given, if the user has not concluded a business relationship with the company. In case of cancellation of the given consent for the processing of personal data, the company ceases its processing within 3 working days from the receipt of the cancellation.

Personal data shall be erased, destroyed, blocked or anonymized after the purpose of the processing is completed or after the storage period has expired, if they are not determined as archival material on the basis of the law governing archival material and archives, or if the law does not provide otherwise for the individual types of personal data.

User rights

Rights of the subject of the data in the processing:

  • the right to access personal data: the data subject has the right to access personal data, the purpose of their processing, the type of respective personal data, the users to whom personal data were or will be disclosed;
  • the right to amend or supplement in case of incorrect or inaccurate information about an individual without undue delay;
  • the right to forget, the right to be deleted: the right of an individual for the manager or processor to erase his/her personal data at his/her request irreversibly without undue delay in the event that personal data is no longer needed for the purposes for which they were collected, in case of unlawfully collected data or if the deletion of personal data is necessary for the fulfillment of other obligations under the law or a final court decision; if an individual revokes the given consent. An individual will not achieve a deletion if there are legitimate reasons for the processing of data (tax, labor law, defense of legal claims) or where other interests for processing are prevailing (public interest, right to information, historical research);
  • the right to know how long the personal data are being stored;
  • the right to limit processing when the user disputes the accuracy of the collected data for the period during which the company can verify the accuracy of personal data if the processing is illegal and the user opposes the deletion of data and instead only wants to limit the processing of the collected data, if the company no longer needs data, but the user needs them to enforce his/her legal claims; in case of limitation of the processing of personal data, they can only be stored and processed with the consent of the user;
  • the right to object to the processing of personal data for specific purposes where such data is processed on the basis of the legitimate interest of the manager and for the purposes of marketing;
  • the right to data transfer: the right of the individual and the duty of the manager to provide the individual with data relating to him/her that he/she has provided, in a structured, widely used and machine-readable form, and the right to forward this data to another manager, without being disrupted by the original manager;
  • the right to legal resources and sanctions: individuals have the right to file a complaint with the supervisory authority (Information Commissioner) in case of silence of the manager or against his refusal, as well as the right to legal resources against the decision of the supervisory authority, or in case of inaction of the supervisory authority, the right to compensation and responsibilities. Very strict administrative sanctions imposed by national data protection authorities are set against managers or processors who violate data protection rules.

Received user requests that can be sent by e-mail to the e-mail address of an authorized data protection officer are handled by an authorized data protection officer who must respond to an individual request no later than within 1 month from the receipt of the request.

Published: 13 March 2019