Privacy Policy

This Privacy Policy explains how AWA Group processes personal data in connection with its website and related activities, in accordance with the General Data Protection Regulation (GDPR) and applicable EU and national laws.

This website serves informational and pre-contractual purposes. AWA Group is a Independent Professional initiative preparing and supporting cross-border consulting, operational coordination, and digital service activities within the European Union.

Data Controller

AWA Group acts as the data controller within the meaning of Art. 4(7) GDPR for personal data processed in connection with this website and related business activities.

For data protection inquiries or to exercise your rights:

• via Contact Form
• via email: info@awa.si

Data Protection Officer

A Data Protection Officer has not been appointed, as the legal requirements under Art. 37 GDPR are currently not met.

All data protection matters can be addressed via:
info@awa.si

Scope of Processing

This Privacy Policy applies to personal data processed in connection with:

• use of the website
• communication and inquiries
• consulting, coordination, and project-related activities
• operational and technical support processes
• system integration and implementation-related activities

Where necessary within the agreed project scope, systems and related operational data may be accessed or processed for coordination, implementation, monitoring, or support purposes.

Processing is carried out strictly within defined contractual, operational, and legal boundaries.

Types of Personal Data

Depending on the context, the following categories of personal data may be processed:

• identification and contact data (e.g. name, email address, phone number)
• professional or organizational data (e.g. company, role, project context)
• technical data (e.g. IP address, browser type, device information)
• communication data (e.g. emails, messages, notes)

Special categories of personal data within the meaning of Art. 9 GDPR are not intentionally processed unless explicitly required and subject to appropriate safeguards.

Purposes of Processing

Personal data is processed only to the extent necessary for:

• communication and handling inquiries
• preparation and performance of contractual relationships
• consulting, coordination, and operational support activities
• system design, integration, and implementation
• ensuring system security, monitoring, and reliability
• compliance with legal obligations

Legal Basis

Processing is carried out on the following legal bases:

• Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures
• Art. 6(1)(f) GDPR – legitimate interests, including communication, operational coordination, service continuity, and IT security
• Art. 6(1)(a) GDPR – consent, where explicitly obtained

Where processing is based on legitimate interests, these interests consist in ensuring reliable communication, secure operations, technical stability, and efficient project coordination.

Hosting & Infrastructure

This website and related systems are hosted primarily within the European Union or European Economic Area.

Service providers acting on behalf of AWA Group operate under contractual agreements pursuant to Art. 28 GDPR and are required to implement appropriate technical and organizational safeguards.

These safeguards include, where applicable:

• processing only on documented instructions
• confidentiality obligations
• appropriate technical and organizational security measures

Processors & External Parties

Personal data may be processed by the following categories of recipients:

Processors

(e.g. hosting, infrastructure, communication, or email providers)

• engaged under data processing agreements pursuant to Art. 28 GDPR
• processing limited to defined purposes and operational scope
• subject to appropriate confidentiality and security obligations

External Parties

Where operationally necessary, external professionals or regional support providers (e.g. legal advisors, accountants, or operational coordinators) may be involved.

In such cases:

• access is limited to what is operationally necessary
• applicable confidentiality and data protection obligations apply
• parties act either as independent controllers or processors depending on context
• unless explicitly agreed otherwise, such parties are not considered representatives or agents of AWA Group

International Data Transfers

Personal data is processed within the EU/EEA wherever reasonably possible.

Where transfers to third countries are necessary, they take place only where appropriate safeguards exist, including:

• adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• supplementary safeguards where required

Data Retention

Personal data is retained only for as long as necessary for the respective purposes or as required by applicable law.

Typical retention periods may include:

• communication data: generally up to 12 months after completion
• contractual and accounting data: according to statutory retention obligations (typically 6–10 years)
• technical and log data: generally 30–90 days unless security-related retention is required

After expiry, personal data is deleted, anonymized, or restricted unless continued retention is legally required.

Disclosure of Data

Personal data is not sold and is not used for unrelated advertising purposes.

Disclosure takes place only:

• where legally required
• where necessary for contractual or operational purposes
• where processors or external parties are involved under appropriate legal arrangements

Cookies & Similar Technologies

Technically necessary cookies and related technologies may be used to ensure secure, stable, and functional operation of the website.

Analytics, tracking, or comparable technologies are only used subject to applicable legal requirements and, where necessary, prior user consent.

Consent mechanisms are implemented in accordance with GDPR and applicable ePrivacy requirements.

Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

Professional Use

This website and related services are intended primarily for professional and business-related use.

Personal data of minors is not knowingly processed.

Data Subject Rights

Data subjects have the following rights under the GDPR:

• right of access (Art. 15 GDPR)
• right to rectification (Art. 16 GDPR)
• right to erasure (Art. 17 GDPR)
• right to restriction of processing (Art. 18 GDPR)
• right to data portability (Art. 20 GDPR)
• right to object (Art. 21 GDPR)
• right to withdraw consent at any time (Art. 7(3) GDPR)

Requests can be submitted via the Contact Form or via email: info@awa.si.

Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with a competent supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.

Provision of Personal Data

Provision of certain personal data may be necessary for:

• communication and project coordination
• entering into contractual relationships
• fulfillment of contractual or legal obligations

If required data is not provided, certain services, communication, or contractual relationships may not be possible.

Data Sources

Where personal data is not collected directly from the data subject, it may originate from:

• business partners
• project participants or stakeholders
• publicly accessible professional sources

Processing remains limited to professional, contractual, or business-related contexts.

Security Measures

Appropriate technical and organizational measures are implemented in accordance with Art. 32 GDPR, including where appropriate:

• encryption (e.g. TLS/SSL)
• access control and authentication mechanisms
• monitoring and logging systems
• data minimization and segregation measures

Security measures are reviewed and updated where necessary.

While reasonable efforts are made to protect systems and data, absolute security cannot be guaranteed.

Data Protection Principles

Processing is carried out in accordance with the principles set out in Art. 5 GDPR:

• lawfulness, fairness, and transparency
• purpose limitation
• data minimization
• accuracy
• storage limitation
• integrity and confidentiality

Updates

This Privacy Policy may be updated to reflect legal, regulatory, operational, or technical changes.

The current version published on this page applies.

Last updated: 2026-06-20