Privacy policy
This Privacy Policy explains how Odvetniška družba Krištof o.p., d.o.o. processes the personal data of website visitors, prospective clients and clients.
This Privacy Policy explains what personal data Odvetniška družba Krištof o.p., d.o.o. processes, for what purposes, on what legal bases, how long it is retained and what rights you have in relation to your personal data.
Data controller
The controller of personal data is:
Odvetniška družba Krištof o.p., d.o.o.
Tivolska cesta 48, 1000 Ljubljana, Slovenia
Novo mesto office: Novi trg 11, 8000 Novo mesto
Registration number: 9310894000
VAT ID: SI72887656
E-mail: domen.kristof@domenkristof.si, tjasa.ozimek@domenkristof.si
Telephone: +386 51 420 700
Website: domenkristof.si
The company is entered in the court register at the District Court in Ljubljana.
For any questions regarding the protection of personal data, you may contact us at: domen.kristof@domenkristof.si.
What personal data we process
We process personal data that you provide to us yourself, data generated through the use of the website, and data we obtain or create in the course of legal advice and representation.
We may process in particular the following types of personal data:
- identification and contact data, such as name, surname, address, e-mail address, telephone number, company or organisation name;
- data from enquiries that you send us via the contact form, e-mail, telephone or in another way;
- data needed to assess whether we can take on a matter, to check for any conflict of interest and to communicate with you;
- data of clients, opposing parties and other persons that is necessary for legal advice, representation, preparation of legal documents, conduct of proceedings or other legal work;
- data from judicial, administrative, enforcement, land-registry, registry, tax, inheritance, contractual, corporate, real-estate, damages or other matters;
- technical data about your visit to the website, such as IP address, time of visit, browser, device and operating-system data, and security log data;
- basic statistical data about website visits, obtained through cookieless analytics.
In the course of legal advice and representation we may, depending on the nature of the matter, also process special categories of personal data where this is necessary for the establishment, exercise or defence of legal claims or for providing legal advice or representation. This may include in particular data on health, family circumstances, property, employment, social situation or other sensitive data, where relevant to the specific matter.
Where necessary and permitted under applicable law given the nature of the matter, we may also process data relating to criminal, misdemeanour, disciplinary or other proceedings before competent authorities.
Sources of personal data
We generally obtain personal data directly from you or from the client who instructs us for legal advice or representation.
Depending on the nature of the matter, we may also obtain data from public records, judicial and administrative files, the land register, the business register, other official records, and from courts, state authorities, notaries, enforcement officers, experts, banks, employers, opposing parties, their representatives or other persons, where this is necessary to provide legal advice or representation or to protect the rights and interests of the client.
Purposes and legal bases of processing
We process personal data for the following purposes:
- responding to your enquiry, communicating with you and taking pre-contractual steps at your request;
- assessing whether we can take on a matter and checking for any conflict of interest;
- legal advice, representation, preparation of legal documents, conduct of proceedings and provision of legal services;
- complying with statutory, tax, accounting, professional and other prescribed obligations;
- protecting the rights and legal interests of clients and the establishment, exercise or defence of legal claims;
- operation, maintenance, security and protection of the website;
- basic website-visit statistics through cookieless analytics;
- keeping a record of communication and enquiries.
The legal bases for processing are in particular:
- taking steps prior to entering into a contract at the request of the individual, and performance of a contract;
- compliance with legal obligations;
- legitimate interest in the secure operation of the website, communication, protection of rights, prevention of abuse and keeping a basic record of communication;
- the establishment, exercise or defence of legal claims, where necessary given the nature of the matter;
- consent, where it would be expressly required for a particular processing operation.
Contact form
If you send us an enquiry via the contact form, we process the data you enter in the form, in particular your name and surname, e-mail address, telephone number, any company and the content of your message.
Enquiries sent via the contact form are forwarded to our e-mail address and may also be stored in the administrative part of the website for the reliability of processing, a record of communication and further handling.
Sending an enquiry via the form does not mean that we have taken the matter on, and does not in itself establish an attorney–client relationship.
Attorney–client privilege
As a law firm we are bound to protect attorney–client privilege. We protect with the highest degree of confidentiality the data, information and documents entrusted to us by clients or of which we become aware in the course of practising law.
Access to data is available only to the attorneys and, where necessary, associates or external providers who are bound by confidentiality, and only to the extent necessary to handle the matter, operate the firm or comply with statutory obligations.
Recipients and processors
We do not sell personal data and do not pass it on to third parties for their own independent marketing purposes.
Personal data may be accessed or processed by:
- Neoserv, as the provider of website hosting and related technical services;
- Microsoft 365 / Exchange Online, as the provider of e-mail services;
- an external accounting service, where necessary to meet accounting and tax obligations;
- providers of technical maintenance of the website and information systems, where necessary for the secure and proper operation of the services;
- courts, state authorities, notaries, enforcement officers, experts, opposing parties, their representatives and other persons, where necessary to handle the matter or where required by law.
For basic visit statistics we use Matomo for WordPress, configured without cookies and with IP-address anonymisation. The data is processed within the WordPress installation on the website's hosting.
For storing submitted contact enquiries, Flamingo may be used, which operates within the website's WordPress installation.
Transfers to third countries
We generally process personal data within the European Union or the European Economic Area.
When using Microsoft 365 and other major technology providers, processing or access outside the EU/EEA may occur in certain cases. In such cases, appropriate safeguards are applied in accordance with the applicable data-protection legislation.
Retention periods
We retain personal data for as long as necessary for the purpose for which it was collected, or for as long as required by applicable law, professional rules for attorneys, limitation periods or the protection of the rights and interests of clients.
We generally apply the following retention periods:
- enquiries that do not lead to engagement: up to 12 months after the end of communication;
- enquiries that lead to engagement: as part of the matter or file;
- client documentation and files: generally up to 10 years after the conclusion of the matter, and possibly longer where necessary due to legislation, pending proceedings, limitation periods, tax obligations, the establishment or defence of legal claims or the protection of the client's rights;
- accounting and tax documentation: in accordance with tax and accounting legislation, generally 10 years;
- server technical logs and security records: up to 12 months, or in accordance with the technical settings and the hosting provider's policy, where longer or shorter retention is necessary for security, evidencing abuse or the proper operation of the services.
Your rights
In accordance with applicable legislation, you have the right to request access to your personal data, rectification of inaccurate or incomplete data, erasure of data, restriction of processing, data portability and to object to processing, where the statutory conditions are met.
Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.
You may send a request to exercise your rights to: domen.kristof@domenkristof.si.
When exercising your rights, please note that access to certain data may be restricted in order to protect attorney–client privilege, the rights of other persons, the confidentiality of proceedings, statutory obligations or the establishment, exercise or defence of legal claims.
Right to lodge a complaint
If you consider that the processing of your personal data infringes data-protection legislation, you may lodge a complaint with the supervisory authority:
Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec)
Dunajska cesta 22
1000 Ljubljana, Slovenia
E-mail: gp.ip@ip-rs.si
Automated decision-making
We do not carry out automated decision-making that produces legal or similarly significant effects for the individual, and we do not carry out profiling for marketing purposes.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time due to changes in legislation, technical solutions or the way personal data is processed. The current version is always published on this page.
Last updated: 17 June 2026.