Category: Slovenia

ODI Law has advised Slovenian diagnostic company MESI on the EUR 18 million investment received from SHS Capital’s SHS VI Healthcare Investments fund. Wolf Theiss advised the investor. 

MESI Medical is a developer of medical devices committed to digitalizing healthcare at the primary level and beyond. According to an SHS press statement, MESI’s core product, the mTABLET, “enabled them to introduce a new diagnostic category: predictive medical assessment. This is a combination of digital diagnostic measurements, immediate storage and availability of patient records, clinical support tools, and clinical AI recommendations on one device. Through considerable expansion over the last few years, MESI’s award-winning products are now present in more than 50 countries.”

Founded in 1993, Tuebingen-based SHS is an investor specializing in the healthcare sector and aiming to build European healthcare champions. It focuses on expansion financing, shareholder changes, and succession situations.

According to SHS, the MESI investment “was provided after a strong growth and medtech entrepreneur Oliver Heine joining the company as an investor and strategic advisor in 2022. Empowered by the investment and a strong advisory board, MESI will be able to expand its sales organization and its portfolio of products and services. This includes AI-powered predictive applications and makes a real contribution to the digitization of healthcare.”

ODI Law also advised MESI on Oliver Heine’s original investment a year earlier (as reported by CEE Legal Matters on June 14, 2022). 

“We are thrilled that our European and global efforts have resulted in a partnership with SHS,” MESI CEO Jakob Susteric commented. “The aim of our innovation is to facilitate access to relevant diagnostic data. This speeds up the diagnostic process for the patient, resulting in faster treatment and prevention of adverse events. The SHS investment will allow us to continue developing new ways for healthcare professionals to predict, diagnose, and manage various conditions with greater accuracy and efficiency.”

The ODI Law team was led by partner Primoz Mikolic and included Senior Associate Klemen Erzen and Associate Eva Hafnar.

The Wolf Theiss team was led by Partner Markus Bruckmueller and included Partner Teja Balazic Jerovsek, Counsels Tjasa Lahovnik, Petra Jermol, and Ziga Dolhar, Senior Associate Neja Nastran, Associates Ana Zorn, Larisa Primozic, and Barbara Pirnat, and Legal Trainees Klara Matic and Zala Majhenic.

Selih & Partnerji has advised Nova KBM on its sale of the Tabor II shopping center in Maribor, Slovenia, to Boscarol d.o.o. through an auction process. The Premrl Law Office advised the acquiring company and its shareholder, Ivo Boscarol, on the acquisition.

According to Selih & Partnerji, “Boscarol was selected as the most successful bidder in the Nova KBM bank’s sale procedure.”

According to the Premrl Law Office, the “Tabor II shopping center is among the three largest shopping centers in Slovenia. It is located in the housing suburb Tabor, in Maribor, in an excellent location with several major transport links. It was built in 2011 and covers a 41,425-square-meter plot of land. It has 22,995 square meters of usable space intended for shops, services, and restaurant activities and more than 800 parking spaces, of which 570 are in a covered garage.”

The Selih & Partnerji team was led by Partner Blaz Ogorevc.

The Premrl Law Office team was led by Partner Matija Premrl and included Attorney Ziva Babic.

A couple of legislative changes that affect working parents, foreign employees and posted employees recently came into effect in Slovenia.

Key changes:

• Slovenian law is now aligned with the requirements of the EU Directive on work-life balance for working parents (2019/1158), which aims to ensure greater gender equality and equal treatment of employees. As of 1 April 2023, parental leave increased from 130 days to 160 days. (60 of those days (compared to 30 prior to the legislative change) are non-transferable parental leave for each parent. Parental leave for fathers was reduced from 30 days to 15.

• From 27 April 2023 foreign employees enjoy a simplified procedure to switch employers in Slovenia and move between job positions. They will no longer be required to obtain a new work permit, only consent from the local employment services office is required. 

• Foreign employers must register employees posted to Slovenia with the local employment service starting on 18 April 2023. The lower threshold for social security contribution calculations for employees posted abroad by Slovenian employers will no longer apply as of 1 January 2024. 

By Teja Balazic Jerovsek, Partner, Ziga Dolhar, Counsel, Simon Tecco, Senior Associate, Wolf Theiss

Slovenia strongly emphasizes infrastructure development as an integral component of its commitment to the green transition, together with developments in solar, wind, geothermal, and hydrogen energy projects, according to Selih & Partnerji Partner Blaz Ogorevc.

“Infrastructure is a major focus for the energy transition in Slovenia,” Ogorevc begins. “The government has been making concerted efforts to keep pace with other markets and is actively promoting new infrastructural developments.” He says that, according to the Ministry of Infrastructure, “while the country made significant progress in developing our road network, society recognizes that the future of the green transition lies in investments in railroads and energy.” To this end, Ogorevc adds that Slovenia has undertaken a major project to build a second railway line from the Port of Koper to the mainland and expand its rail connections from the airport to Ljubljana.

“In addition, there has been discussion about solar projects, for which it is currently still a favorable time for private solar investment, though the grid capacity might be limited in certain areas,” Ogorevc adds. “However, this limitation may soon impact smaller projects such as those for homeowners and shopping centers. Therefore, the government has acknowledged the limitations of the grid infrastructure and is making significant efforts to expand it to keep pace with the rate of development.”

Additionally, Ogorevc highlights that “in Slovenia, currently, there are only two wind turbines, and there is a relevant potential in that regard, along with the anticipated expansion of a second-stage nuclear power plant.” According to him, “the North Adriatic Hydrogen Valley initiative, involving Slovenia, the Italian region of Friuli-Venezia Giulia, and Croatia, aims to establish infrastructure for the production and distribution of hydrogen. This project is designed to balance the excess production from renewable sources.”

As for the other market trends, Ogorevc highlights there has been significant M&A activity in the small and medium-sized deal space. “Moreover, the OTP acquisition of NKBM will result in consolidation of the largest (one of the two) banks in Slovenia once the merger with SKB is finalized,” he notes. “We are also seeing many private and family companies either exiting or partnering with private equity funds, with venture capital transactions remaining highly prominent.”

Furthermore, Ogorevc says, “Slovenia’s reputation is primarily built on its logistics developments. While the state has made efforts to reduce administrative barriers, there is still room for improvement. This pertains also to the fact that 37% of the country is still covered by Natura 2000 sites.” Therefore, he highlights “the importance of updating the current legislative framework and establishing a flexible system in which development and environmental efforts go hand in hand and do not act like arch-enemies.”

Ogorevc also notes that the new FDI regulation will soon be implemented: “Over the past three years, we have had a particular piece of legislation regarding FDI adopted in the context of the COVID-19 pandemic. However, it is now being replaced by a more transparent law that should make it easier for EU investors to come to Slovenia.”

Several years have passed since the General Data Protection Regulation (“GDPR”) has been in force in the EU, regulating personal data protection. Although the GDPR is directly applicable, the act governing the matter of personal data protection must nevertheless be adopted in each member state, as some areas in the GDPR are left to be governed by the national law of each country.In addition, the adoption of a national law is a precondition for imposing fines and appointing a supervisory authority. Those are the main reasons for systematic regulation of the field of data protection in Slovenia by the new Personal Data Protection Act (“Act”). The Act will apply as of 26 January 2023.

The following is a brief description of some of the most important changes introduced with the Act. 

Age limit for the consent of minors

The Act prescribes a limit of 15 years or more for the consent of minors. Consent of minors below the age of 15 is valid only if it is given or approved by one of the legal representatives. The service provider may also set a higher age limit in the terms of use, whereas such a higher set limit prevails.

Transmission of personal data of deceased individuals

The Act sets out the conditions for the transmission of personal data of deceased individuals, which are applicable for 20 years after the death of an individual. The protection no longer applies to such data after 20 years. However, the personal data of deceased individuals are also regulated by other, sectoral laws, which are specific in relation to the Act and therefore prevail.

Security obligations

For certain filing systems that are considered particularly sensitive due to their size, content, or other characteristics, the Act provides a special regime of measures to prevent unauthorized disclosure. Among others, this includes filing systems in the field of health care and health insurance, regardless of the size of the filing system.

Some data controllers and processors will be required to keep a processing log if:

• such obligation will be required by law;
• in event of extensive processing of special categories of personal data;
• in event of regular and systematic monitoring of individuals; or
• when an impact assessment has identified a risk that may be eliminated by the processing log.

Such a processing log allows for subsequent analysis of the legality of the processing and must record collection, change, access, disclosure, deletion, and other processing activities determined by law. Processing logs may be kept for a maximum of two years from the end of the year in which the processing operations were recorded unless another law provides otherwise.

Security of personal data in the area of special processing in certain information systems will not only have to be ensured in line with the GDPR but also with security and incident reporting measures pursuant to the Slovenian Information Security Act.

General judicial protection

General judicial protection of the rights of the individual may be used without prior use of other legal remedies. An individual lawsuit may be filed with the Administrative court by any individual who considers that his/her data protection rights are or have been violated. The individual may request cessation of a breach, compliance with the legislation, and compensation for the damage that occurred, and if the violation has already ceased, a finding that data protection rights have been violated.

Data Protection Officer

The data protection officer must be appointed to assist the controller or processor in ensuring compliance with the data protection legislation, whereas the appointed person must have knowledge and experience in the field of data protection which is required for the appointment. Several controllers or processors may jointly appoint a data protection officer.

Video surveillance and biometrics

The provisions on video surveillance have been renewed by the Act. The content of the video surveillance notice is specified. Such notice may also be published on the website; therefore, the notice must at least indicate the web address containing the information. The processing of personal data using biometrics is also regulated.

Fines

The supervisory authority regarding GDPR and the Act remains the Information Commissioner. The penalty provisions provide for the possibility of imposing fines for infringements on legal persons and on the responsible persons of legal persons. Penalties for infringements provided for in the GDPR will be imposed on legal persons, sole proprietors, and self-employed persons, in the amounts and within the ranges provided for in the GDPR (up to EUR 10 million, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher). For other infringements, for which no fine range is laid down in the GDPR or for infringements of provisions introduced by the Act, the fines are set in a range, with a maximum of EUR 40,000 for a legal person, and EUR 8,000 for the responsible person of a legal person.

By Kevin Rihtar, Senior Associate, Ketler & Partners, member of Karanovic & Partners

CMS has advised Slovenia’s SID Bank on its EUR 140 million German law-governed issuance of senior unsecured fixed-rate bonds with a seven-year maturity.

Deutsche Bank AG acted as the agent for the issuance. The SID Bank is a promotional development and export bank fully owned by the Republic of Slovenia.

According to CMS, “the bond, which will be guaranteed by the Republic of Slovenia in accordance with the Slovene Export and Development Bank Act, was assigned an investment grade rating of ‘AA-‘ by international rating agency S&P Global […] The bond will be listed in the Open Market segment of the Frankfurt Stock Exchange.”

The CMS team included Slovenia-based Partner Maja Erker Zgajnar, Counsel Irena Sik Bukovnik, and Associate Neza Voncina, with further team members in Germany.

CMS was unable to provide additional information on the deal.

The country’s real estate and energy sectors remain rather resilient, but a crisis is looming in Slovenia’s public sector, according to Kavcic, Bracun & Partners Partner Simon Bracun.

“Recently, there has been controversy about pay grades in the public sector,” Bracun begins. “The current pay grades in the public sector have been deemed to be insufficient, causing worries among different pay groups and the possibility of strikes.” According to him, the government plans to revise the current system, which will have an impact on costs and public expenses. “One group in the public sector – doctors and employees in the health system in general – is particularly insistent on the changes to public sector pay grades,” he adds. “The government has also announced the introduction of certain changes in taxation, causing speculation on what effects this might have on the economy.”

Despite that fracas, Bracun highlights some recent interesting developments in real estate. “The real estate industry has experienced growth over the past five years, with numerous successful real estate projects closing and ongoing in and around Ljubljana,” he points out. “However, the latest inflation and rising interest rates have led to a decrease in housing loans, with the curve of new loans declining in the last quarter. This has affected buyers and might cause the real estate market to cool down a bit, although not as drastically and as fast as in other countries. In Ljubljana, the median price has slightly fallen in the last quarter and there are fewer real estate transactions compared to previous months.” According to him, “despite these changes, there are still many interesting real estate projects and we believe that the Slovenian real estate market could stay resilient.”

Bracun adds that energy in Europe is still being affected by the war. “Slovenia was no different to other EU countries and the government has taken several measures to address the situation,” he notes. “Government interventions and a milder-than-average winter have helped the economy to maintain stability and it is less likely that Slovenia could quickly enter into a recession. However, there is still a lingering fear of what will happen with prices when the subsidies and price caps are removed.”

“The government has taken some legal actions to provide aid and mitigate the impact on companies,” Bracun continues. “With the Act on the Aid to the Economy to Mitigate the Effects of the Energy Crisis, subsidies are being provided to almost the whole economy, with the stipulation that the largest companies receiving subsidies must invest in reducing their carbon footprint and protecting the environment. The government is also promoting the use of renewable energy sources, with subsidies for installations for the production of electricity or the storage of electricity or thermal energy with an installed capacity of between 50 kilowatts and one megawatt, for the production of renewable hydrogen and biogas and biomethane from waste, and certain community projects.”

Finally, Bracun highlights that there have been a few new laws introduced in the past few months. “The Personal Data Protection Act, which was discussed for many years, has been renovated and implemented with all the EU GDPR conditions,” he notes, adding that, unfortunately, there are already many public debates about what is allowed and what is not. “The Competition Act has been updated and certain EU directives have been transposed, leading to an evolution of the procedures before the Slovenian authority, which now has more power,” he notes. “Additionally, the recently adopted Consumer Protection Act finally (correctly) transposed the EU directives.”

Fatur Menard has advised the Europacific Group on its acquisition of Slovenian trucking company Artcom Trans.

According to Fatur Menard, “the acquisition of a well-established trucking company in Artcom Trans will enable the Europacific Group to expand its trucking business operations, contributing to the overall operations and development of the Europacific Group.”

The Europacific Group is a logistics group that specializes in organizing land, sea, and air transport and has subsidiaries in South-Eastern Europe and worldwide.

The Fatur Menard team was led by Partner Maja Menard and Senior Associate Lea Vatovec Miklavcic and included Senior Associates Martin Carni and Rok Reja and Junior Associates Klara Jerman and Andrej Fatur.

After a more than 4-year delay, Slovenia has finally adopted the new Data Protection Act (“DPA”), which will apply as of 26 January 2023 and replace the existing Data Protection Act from 2004.

Under the new DPA, the Slovenian Information Commissioner will now have the authority to impose fines pursuant to the General Data Protection Regulation (“GDPR”). More than 100 articles of the new DPA also introduce several new rules.

The new DPA brings about not only the derogation provisions of the GDPR but also introduces rules on the age limit for a child’s consent, processing for the purpose of scientific research, use of CCTV and biometric data and certain additional security obligations to be ensured by the companies carrying out processing of personal data on a large scale.

The following provisions are particularly noteworthy and will be described in more detail below:

• response to a data subject’s request;
• additional security obligations;
• age limit for a child’s consent;
• processing of publicly available contact details; and
• fines for non-compliance.

The new DPA covers much more than just the derogation provisions of the GDPR.

Response to a data subject’s request
In addition to the GDPR’s requirements, the DPA specifies that a response to a data subject’s request must include a justification and the information on the data subject’s right to lodge a complaint with the supervisory authority (i.e. the Information Commissioner) within 15 days from acknowledgment of the respective response. This applies to a data subject’s request regarding her/his rights pursuant to Art. 15 – 22 of the GDPR as well as any other requests related to the protection of personal data. All such responses must be provided free of charge.

For manifestly unfounded or excessive requests, the data controller may charge a reasonable fee. However, such fee may only include the actual costs of providing the information, response, communication or actions.

Additional security obligations
The new DPA introduces two additional security obligations: (i) administration of a traceability log and (ii) security of special processing activities. Both obligations will likely present a significant burden for companies, but these requirements will not become applicable in 2023, giving businesses some time to prepare. The obligation regarding the traceability logs will apply only from the second anniversary of application of the DPA (26 January 2025). The obligation concerning security of special processing activities will apply only from the third anniversary of application of the DPA (26 January 2026).

Special traceability logs will have to be administered by those data controllers who (i) carry out data processing of special categories of personal data on a large scale, or (ii) carry out regular and systematic monitoring of individuals, or (iii) in the context of data protection impact assessments, determine a risk which can be successfully mitigated with traceability logs, or (iv) in other instances if determined by law. The logs are to be used for accountability and internal audit purposes.

The traceability logs must record collection, change, access, disclosure, deletion and other processing activities determined by law. The traceability logs must be retained for a period of 2 years following the end of a calendar year in which they were recorded.

The security of special processing activities in certain information systems must not only be ensured in line with the GDPR, but also with security and incident reporting measures under the Slovenian Information Security Act (Zakon o informacijski varnosti – ZinfV; “Information Security Act“) (the act implementing the NIS Directive), which is otherwise applicable to operators of essential services and key digital service providers.

Subject to these additional security obligations under the Information Security Act are information systems, used for the processing of:

• personal data of more than 100,000 individuals on the basis of the law; or
• personal data of special categories of personal data on a large scale by processors or controllers, which carry out such processing as their main business operation; or
• special categories of personal data of more than 10,000 individuals.

Age limit for a child’s consent
In relation to the offer of information society services directly to a child, the DPA sets the age limit for a valid child’s consent for processing of his/her personal data at 15 years. If a higher age limit is determined in the terms of use of a service provider, such higher age limit prevails over the statutory age limit.

Use of publicly available personal data
The new DPA introduces two exceptions for the use of personal data collected from public sources or events:

• a company may use contact details collected from public sources or disclosed to it by individuals voluntarily or on the basis of consent for the purposes of organising official meetings, trainings, events, and providing public statements. Use for the purpose of direct marketing is excluded. Such personal data must be kept separately from other personal data held by the company.
• for the purpose of publications, a company may process and publish the name, title, photos and videos of individuals obtained during events, which are organised by such company in the course of its operations, provided that an individual did not prohibit such processing.

Fines for infringements
One of the most notable provisions to be introduced by the new DPA is the possibility for the Slovenian Information Commissioner to impose fines under the GDPR for infringements of the GDPR and the new DPA. Up until the applicability of the new DPA, the Information Commissioner could only impose fines for infringements under the existing Data Protection Act (ZVOP-1). Such fines were rather low and ranged from EUR 4,170 to EUR 12,510.

However, fines under the GDPR will not be imposed in the following cases:

• offence proceedings started prior to the applicability of the new DPA will end under the provisions of the existing Data Protection Act (ZVOP-1), unless the new DPA is more lenient for the infringing company. On the other hand, the ongoing inspection proceedings will continue in line with the new DPA;
• for infringements committed prior to the applicability of new DPA, the fines as determined under the GDPR will apply only if the GDPR can be considered the most lenient law for the infringing company as compared to other laws applicable since the date of infringement.

By Klemen Radosavljevic, Partner, Larisa Primozic, Associate, Wolf Theiss 

Sibincic Krizanec has appointed Matic Novak to Senior Partner and Dinar Rahmatullin to Junior Partner. The firm updated its name after the promotion round to Sibincic Krizanec Novak.

Novak specializes in corporate/M&A, banking/finance, capital markets, and IP.  He has been with the team since 2021 when he joined as a Senior Counsel from Rojs Peljhan Prelesnik and Partners. Prior to his move, he had been with RPPP for 12 years, joining the firm in 2008 as an Attorney Trainee and making Partner in 2015.

Rahmatullin specializes in corporate/M&A and competition.