Privacy Policy

This is English version. Original prevails.

LAST UPDATE ON: 12.3.2024

1. General information

1.1. Hopalai is committed to your online privacy rights and ensures transparency in the technologies it uses. In accordance with Articles 12, 13, and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), we provide you with basic information here about who is responsible for processing, who receives the data, what personal data we process, for what purposes, and for how long we retain the data. All personal data is processed in accordance with the GDPR, local laws and other applicable regulations.

1.2. Hopalai d.o.o., a company established in accordance with Slovenian legislation, registered in the Slovenian Business Register, registration number: 8381640000, tax number: 51614146, headquartered in Sežana, Ponikve 19, (hereinafter “Hopalai” or “we”), operates as the data controller in accordance with the GDPR, and the purpose of this privacy policy is to inform users about the procedures for collecting and processing personal data.

1.3. All your personal data that you entrust to us will be intended solely for Hopalai and will not be sold or transferred to third parties. In the event that data is shared with third parties, our subcontractors, we ensure that subcontractors act on our behalf and receive our instructions.

1.4. Hopalai wrote this policy to help you understand what personal information we collect, how we use it, your rights in connection with our collection and processing of the information and what choices you have. For your convenience we’ve tried our best to explain things in a simple and clear way.

1.5. We offer services to our users, through our:

  • Application KOBI v šoli (hereinafter “Application” or “APP”)

1.6. Hopalai is the responsible party and data controller with respect to personal information collected through the Application. If you want to exercise any of your rights in relation to our processing of your Personal Information, Hopalai d.o.o. shall be the responsible party.

1.7. Our primary goals in using your data and information are to create your account, provide services to you, improve our services, contact you and create anonymous statistical reports for internal and external use with our contractual partners.

1.8. Please note that the scope of this Privacy Policy is limited to information and data collected or received through your use of the Application. We are not responsible for the actions of third party individuals or companies, the content of their sites, the use of information or data you provide to them, or any products or services they may offer. Any links to those sites do not constitute our sponsorship of, or affiliation with, those individuals or companies.

1.9. If you do not agree to these Privacy policy, please do not use the Application.

1.10. For general information and privacy questions please feel free to contact us via

2. How we collect and use your information

2.1. In this Privacy Policy, the term “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name or an identification number. Specifically, we collect, process and use the following information from you, which may include or may be considered as a Personal Information:
name of the School;

  • name of the teacher;
  • email address of the teacher;
  • child account ID (alphanumeric string);
  • child sex;
  • date of the reading session;
  • book ID, Title;
  • length of a reading session;
  • number of words read;

2.2. We also collect from users analytical data (e.g. time spent on screen) that is used only to improve performance of the app. Analytical data that we collect are not considered as personal information as is not connected to any user ID and it is anonymised.

2.3. Registration for the use of our Services:

When creating a User account on the APP, each user needs to have a valid AAI (Authentication and authorization infrastructure) account registered as a staff member of a primary school in the Republic of Slovenia. Primary school AII account users will need to enter login data to enter in the APP.

We do not identify you personally to other users or make your account information available to any third parties in any way that could identify you without your prior consent. We will only share on request the raw datasets in a form of aggregate reports, where it will be impossible to match your personal data or child ID with your name or child name, as such data will not be shared.

2.4. Reader accounts

As a registered Application user, you can add Reader accounts. You’ll need to provide an alias of the reader. It is mandatory that you use reader aliases exclusively and only when creating reader accounts.

Information from your use of Application

a. Content
We collect the content you create, upload, or receive from others when using our Application.

b. Usage Information
These days, whenever you use an Application, visit a website or use any other online services, there’s certain information that almost always gets created and recorded automatically. The same is true when you use our Application. We track how, and how often you use our Application. We also collect certain information that your mobile device sends when you use them for our application. This includes information such as your device’s model, operating system type and version, and the dates and times of your requests. We use this information to provide you with optimal Services and customer support, and to collect anonymous statistics that helps us understand our user base.

2.6. Purposes of Data Processing

We use information collected through our Application for purposes described in this Privacy Policy or disclosed to you in connection with our service. For example, we may use your information to:

a. Operate and Improve our Application:

  • Enable registration for the use of our Application;
  • Understand you and your preferences to enhance and customize your experience and enjoyment using our Application;
  • Send you Service related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages; and
  • Any other processing necessary for the performance of a contract with you.

b. Ensure physical, network and information security and integrity:
This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, backup and archiving, preventing malware, viruses, bugs or other harmful code, preventing unauthorized access to our systems, and any form of attack on, or damage to, our IT systems and networks.

c. Deliver marketing and promotional information:
We might send to the users information about the events related to the app, like invitations to the seminars etc., but we will not send them any direct marketing messages without your explicit consent.

We will communicate to you about our offers, promotions, rewards, and other news about our Services and products only upon your explicit consent.

d. For statistical and research purposes:
We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Application to their needs;
Sharing aggregated data with business partners.

e. For compliance and legal purposes:
Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with a legal obligation to which we are subject;
In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.

f. For business or share sale purposes:
In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business.

3. How we may share your Personal Information with third parties

3.1. We may share your data (including Personal Information) with our affiliates or Data Processing Partners, which are:
a. Analytic partners:

  • Mixpanel Analytics, not using Process IDentifier; and
  • Google Analytics, not using Process IDentifier.

b. Functional partners:

  • Google Firebase Authentication, providing authentication possibility;
  • Google Cloud Firestore, database storage; and
  • Google Firebase Crashlytics, crash reports.

3.2. The privacy policies of Data Processing Partners may include additional terms and disclosures regarding their data collection and use practices and tracking technologies, and we encourage you to check those privacy policies to learn more about their data collection and use practices, use of cookies and other similar tracking technologies.

3.3. We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners.

3.4. We may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organizations for fraud protection.

4. Cookies and similar technologies

We and our analytics service providers use technologies such as cookies, scripts, advertising IDs and tags to identify a user’s device and to remember things about your visit. For details please consult our Cookie Policy.

5. Your rights in relation to your data

5.1. You have the following rights in relation to your personal information, which you can exercise by writing to the following address

  • To request access to your personal information and information related to our use and processing of your personal information;
  • To request the correction or deletion of your personal information;
  • To request that we restrict our use of your personal information if technically viable;
  • To receive personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third party data controller);
  • To object to the processing of your personal information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your personal information for certain purposes”);
  • To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent.

5.2. You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of Slovenia, is the Information Commissioner, the contact details of which are available here:

5.3. For further information about your rights in relation to your personal information, including certain limitations, which apply to some of those rights please see Articles 12 to 23 of the General Data Protection Regulation (GDPR), which is available here:

5.4. We will respond to your access request within a reasonable timeframe.

We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

6. Your right to object to the processing of your data for certain purposes

6.1. You have the following rights in relation to your personal information, which you may exercise in the same way as you may exercise the rights in the preceding section (Your rights in relation to your personal information):
a. To object to us using or processing your personal information where we use or process it in order to carry out a task in the public interest, where we do so in the exercise of official authority or for our legitimate interests, including “profiling” (i.e. predicting your behaviour based on your personal information) based on any of these purposes.

6.2 You may also exercise your right to object to us using or processing your personal information for communication purposes by:

a. Clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions, which appear in your browser following your clicking on that link; or
Sending an email to asking that we stop sending you communications.

b. Whenever you object to any communication from us by a different communication method to that of the communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received.

7. Security safeguards

7.1 We take appropriate technical and organizational measures to secure your personal information and to protect it against unauthorized or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:

  • Only sharing and providing access to your personal information to the minimum extent necessary and subject to confidentiality restrictions;
  • Training our employees about the importance of confidentiality and maintaining the privacy and security of your information;
  • Committing to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities;
  • Updating and testing our security technology on an ongoing basis;
  • Using secure server providers to store your personal information;
  • Requiring proof of identity from any individual who requests access to personal information.

7.2. Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

8. Data retention

8.1. We retain your information:

  • For as long as you have not deleted your account;
  • For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law or whether we have any legal basis to continue to process your personal information, such as your consent;
  • To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements;
  • as long as the Ministry of Education of the Republic of Slovenia, that is the client of this application, has a valid contract for the application and all related licenses.

8.2. As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at

9. International transfer

9.1. We may transfer information that we collect about you to affiliated entities, or to Data Processing Partners across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction, and we take steps to ensure adequate safeguards are in place to enable transfer of information to your country and the use and disclosure of information about you, including personal information, as described in this Privacy Policy.

9.2. If we will transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organization), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:

  • Data protection policies adhered to by the data controller and other companies and entities within our corporate group from time to time, which comply with applicable laws, known as “binding corporate rules” or “BCRs”;
  • Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner and approved by the European Commission in accordance with relevant law;
  • A code or codes of conduct produced by an association or other body approved by the Information Commissioner;
  • An approved certification mechanism (such as the EU-US Privacy Shield); or
  • Where authorised by the Information Commissioner, contractual clauses between the data controller or processor and the data controller, processor or recipient of the personal information in the third country or international organisation.

10. Changes to this Privacy Policy

10.1. We will occasionally update this Privacy Policy as necessary to protect our users, furnish current information, and respond to legal and technical changes. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Website prior to the change becoming effective. We encourage you to periodically review our Website for the latest information on our privacy practices.

10.2. If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at Customer support is available in English language.