Privacy policy

1 The summary of our privacy policy

Your privacy and the security of your personal data are our top priorities. Our goal is to maintain your trust, respect your personal data, and put you in full control of it. Therefore, we never ask you for any personal data that we do not need, and we manage and protect personal data that we do have about you with the utmost care.

While you are browsing through any of our websites, we (XLAB d.o.o.) do not automatically or by default collect any of your personal data, except what we utterly need (i.e., standard server logs) to deliver continuous and secure service. We really only process what you send us voluntarily either through forms available on our website or via emails. In this case, we handle your personal data with care and only as intended, and we never share it with anyone else. We do not intentionally or knowingly process personal data of any individual under the age of 16.

We collaborate with many different organizations from around the world who are either our customers, subscribers, contractors or partners in research and innovation projects. To this end, we are processing some personal data of individuals who are employed by these organizations. These data are obtained directly from these individuals or in a way so that these individuals are aware of it. These data are processed in accordance with the data protection laws, the laws of the Republic of Slovenia and in accordance with the regulations of the European Union.

Below you will find our full Privacy Policy regarding your visit of our website and our work with our collaborators, which we ask you to carefully read before using our website. This Privacy Policy applies to this particular website as well as any other website or application branded as XLAB or owned and operated by us. We also kindly ask you to carefully read our Terms of Use, Security Policy and Cookie Policy. If you have any further questions or you wonder about your personal data in our possession, please contact our Data Protection Officer at

Note that, from time to time, we may change our Privacy Policy. We reserve the right to do so at any point for whichever reason, with or without notice. If and when we do so, we will notify you by posting an announcement on our websites. If we ever make any major changes to our data management and data protection practices, we will let you know with an announcement on our websites. If necessary, we will also ask for your permission.

Our Privacy Policy as well as privacy practices are in full compliance with the General Data Protection Regulation (Regulation (EU) 2016/679), the Directive on electronic communications (Directive 2009/136/EC), the rules on the processing of Slovenian personal data and the provisions of the Information Commissioner of the Republic of Slovenia (

These terms are effective as of 29 December 2018.

2 What personal data do we have and where do we get it?

While you are browsing through our websites, we do not collect any personal data about you except what is absolutely needed to ensure that the delivered services are continuous, secure, and of the best quality. To this end, we log your IP address as part of the standard server logs. We may also collect anonymous data (HTTP requests with sent parameters, status, and size of response, browser type, browser language, timestamp) from our visitors.

If you decide to get in touch with us, there may be some personal data collected from you:
1. When you call us: Your phone number may be recorded with your call.
2. When you send us an email: Your email address, your name, your IP address, and other personal contact details may be recorded with your email.
3. When you fill out an online form (available here): Your name and email address will be recorded through the form. Your place of work and your phone number may be recorded through the form.
4. When you initiate a live chat (through this service): Your name will be recorded via the online chat service. Your email address may be recorded via the live chat service.

In all cases above, we may ask you for additional personal data (name, phone number, email address, home address, or similar) with the sole purpose of fulfilling your request. We only collect and process these data with your permission and/or on the basis of a legal obligation to which we are subject.

Our website also uses cookies. However, no personal data are collected or stored with these cookies. For more details, please refer to our Cookie Policy.

We also use Google Analytics on our website to gather some page-view statistics. However, in order to keep your privacy intact, we anonymize your IP address as described in the IP anonymization documentation available here. Please see our Cookie Policy to find more details on how we actually use Google Analytics.

When working with business partners and clients, we store and use the following information about their employees:
1. Information on partners and clients: Information about the legal entity, information about contact persons and correspondence with them, data on business cooperation (on joint project proposals, on joint projects, on existing contracts and agreements, on issued invoices).
2. Security and privacy information: Data on detected security incidents and data breaches, data on requests for the exercise of rights of data subjects, information on the legal entities and natural persons concerned.

In the above cases, data are processed on the basis of a contract to which the data subject is party or on the basis of a procedure prior to entering such a contract (when data subjects are our customers), on the basis of a consent (when communication is initiated by clients or partners), on the basis of a legal obligation (to prove compliance with applicable law), on the basis of our legitimate interest in complying with a contract with clients and partners or our legitimate interest to maintain good relations with them.

3 What do we do with your personal data and why?

Personal data that we collect through standard server logs (IP addresses), we use for the sole purpose of delivering a continuous and secure service (in our case, detecting and preventing fraud and unauthorized access to our systems).

We process your personal data, for the sole purpose of managing your requests received from you through phone, email, online form, or live chat, for the sole intention of managing your requests. Purposes Specific purposes for which we process your personal data may be different and depend on your requests. For example, processing of your personal data may be needed to provide you information about our website, products, services, and career opportunities, or to set up job interviews or business meetings.

The processing of your personal data in all these cases is in our legitimate business interest as it is necessary to:
1. Provide you a service that you have explicitly requested (for example, provide you information about a job offering or information about one of our products).
2. Execute an agreement with you (for example, set up a job interview).

We use personal data of our clients and partners to prepare project proposals, carry out tasks on existing projects, implement contracts with clients, manage accounting records, keep records of security incidents, data breaches, and claims for exercising rights of data subjects, and for giving gifts to our closest partners and the most loyal customers.

The personal data we have at our disposal is kept only for as long as it is required to achieve the purposes outlined in this policy. After the expiry of the retention period, the personal data we process will be deleted or otherwise rendered anonymous in an irreversible way.
Please note that on the basis of your personal information or personal information of our clients and partners we do not perform tracking, profiling, or automated analysis of personal data. We do not use your personal information or personal information of our clients and partners will never be used for any commercial or promotional purposes without prior consent.
We have various technical and organisational security measures in place to protect your information. For details, please refer to our Security Policy

4 Who do we share your personal data with?

Any personal data that you share with us via phone, email, website forms or online chat will only be processed by our personnel or by the personnel of our partners that help us in achieving the purposes described in this policy. A third party could only access these data only if required by law. Our partners and third parties are bound to the same data protection obligations as we are.

Note that our website offers links to other websites not owned or operated by us. Your use of these third-party services is entirely optional and at your own risk. We are not responsible for the privacy policies and/or practices of these third-party services and you are fully responsible for reading and understanding their privacy policies. Note that we never share any personal information with those third-party services.

Personal data of our partners and clients may be disclosed to external users, but only on the basis of their justified request or the consent of the data subject concerned. For example, if there is a serious data breach or a serious security incident, we must, according to the law, disclose information about the event to an information commissioner, National Cyber Security Incident Response Center (SI-CERT). Information on issued invoices, which may contain personal data of our clients or business partners, must be disclosed to the Financial Administration of the Republic of Slovenia by law.

5 What are your rights?

Any data subject whose personal data we process may, at any time:
1. Know which types of personal data we have in our possession, how we obtained it, how we protect it, and how we process it.
2. Request a copy of their personal data in our possession.
3. Rectify/complete any incorrect/incomplete parts of their personal data in our possession.
4. Request the erasure of their personal data in our possession.
5. Restrict the processing of their personal data in our possession or object to it.
6. Request the transmission of their personal data to a third party.

For the aforementioned requests, please contact our Data Protection Officer at Please note that we can only fulfil received requests if permitted so by law and if the implementation of the received request does not interfere with the rights and freedoms of other individuals.

If you believe that we have processed your personal data illegally, you can, at any point, file a complaint with one of the supervisory authorities responsible for compliance with the data protection rules. In Slovenia, the complaint can be presented to the Information Commissioner of the Republic of Slovenia (