Privacy Policy

Effective date: 18. 2. 2026

1. Data Controller

The data controller responsible for the processing of personal data is:

MILACO Group

Registered office: Slovenia, European Union

Email: info@milacogroup.com

Hereinafter referred to as the “Controller”.

2. Purpose of This Policy

This Privacy Policy sets out the principles governing the collection, processing, storage, and protection of personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)

  • Applicable legislation of the Republic of Slovenia

  • Other relevant data protection laws

This Policy applies to all individuals who access www.milacogroup.com or otherwise communicate with the Controller.

3. Categories of Personal Data

The Controller may process the following categories of personal data:

3.1 Data provided voluntarily by the individual:

  • Full name

  • Company name

  • Email address

  • Telephone number

  • Message content

  • Business or financial documents voluntarily submitted

3.2 Technical data:

  • IP address

  • Browser type and device information

  • Date and time of access

  • Basic website usage data

4. Purpose and Legal Basis for Processing

Personal data may be processed for the following purposes:

  • Establishing and maintaining business communication

  • Evaluating potential acquisition or investment opportunities

  • Conducting pre-contractual procedures

  • Complying with legal obligations

  • Protecting the legitimate interests of the Controller

The legal bases for processing are:

  • Article 6(1)(a) GDPR – Consent

  • Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures

  • Article 6(1)(c) GDPR – Legal obligation

  • Article 6(1)(f) GDPR – Legitimate interest

5. Data Retention

Personal data shall be retained:

  • For as long as necessary to fulfill the purpose for which it was collected

  • In accordance with statutory retention requirements

  • As long as the Controller has a legitimate interest in its retention

Upon expiration of the retention period, data will be securely deleted or anonymized.

6. Disclosure to Third Parties

Personal data may be disclosed to:

  • Legal, tax, and financial advisors

  • Professional service providers involved in potential transactions

  • Competent public authorities where required by law

The Controller does not sell personal data.

7. International Data Transfers

The Controller does not generally transfer personal data outside the European Union.

If such transfer occurs (e.g., due to use of technological service providers), appropriate safeguards shall be implemented in accordance with GDPR.

8. Data Security

The Controller implements appropriate technical and organizational measures to protect personal data, including:

  • Restricted access controls

  • Encrypted communication channels

  • Internal procedures to prevent unauthorized disclosure

However, no method of data transmission over the internet can be guaranteed to be fully secure.

9. Rights of Data Subjects

Under GDPR, individuals have the right to:

  • Access their personal data

  • Request rectification

  • Request erasure (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Lodge a complaint with the competent supervisory authority

Requests may be submitted to: info@milacogroup.com

In Slovenia, the competent supervisory authority is the Information Commissioner of the Republic of Slovenia.

10. Cookies

The Website uses essential cookies necessary for proper operation and may use analytical tools to improve user experience.

Further details may be provided in a separate Cookie Policy.

11. Limitation of Liability

The Controller shall not be liable for misuse of the Website or data by third parties beyond its reasonable control.

12. Amendments

The Controller reserves the right to amend this Privacy Policy at any time. Updates shall become effective upon publication on the Website.