Privacy policy

Privacy policy proposal

(GDPR consent)

This privacy policy shall apply to all users of the website with the following URL: https://www.potmedkrosnjamipohorje.si in addition to any additional sub-sites and mobile applications associated therewith.

“User” means any natural or legal person that uses or visits the aforementioned website or its sub-sites or mobile applications (hereinafter referred to as “User”).

By using these websites, the User confirms its agreement with the Privacy Policy. By continuing to use the websites, the User shall be deemed to agree to any amendments thereto.

PERSONAL DATA PROTECTION

Pot med krošnjami Pohorje, d.o.o. (Pohorje Treetop Walk, Ltd.) respects your privacy and security of your personal data.

We hereby undertake to use your personal data exclusively for the purposes specified herein below. Your personal data shall be duly protected in compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “General Data Protection Regulation”) and other legal provisions regulating personal data protection.

I. Personal data controller

The controller of personal data collected at the above website and its sub-sites and mobile applications is the economic operator Pot med krošnjami Pohorje, dejavnosti za prosti čas, d.o.o., Poljanski nasip 6, 1000 Ljubljana, Slovenia, registration number: 8252858000 and tax number: SI 83762795 (hereinafter referred to as “Controller”).

The contact address of the Controller is info@potpohorje.si.

II. Data Protection Officer

No Data Protection Officer has been appointed.

III. Transfer of personal data to third parties, third countries and international organisations

The Controller shall not transfer any personal data to third parties, third countries and international organisations,

with the exception of statistical data on website traffic and use for which the following online platforms are used: Google Analytics, Content Insights, AdYouLike, Apester, Twitter, Facebook, YouTube, Instagram, Pinterest, LinkedIn, Vimeo, Rumble, SoundCloud, Infogram, in addition to the MailChimp online platform used for sending e-communications on current promotional offers and prize games, new features and offers, e-invitations to events and e-publications of the Controller.

In its Terms of Service and Privacy Policy, the online platforms Google Analytics and MailChimp, respectively, provide for compliance with the rules contained in the General Data Protection Regulation (GDPR) and confirm to have obtained a certificate of compliance with the EU-U.S. Privacy Shield Framework).

Google Analytics allows its users to manage their own data processing settings by using the Google Analytics tool. For more information on Google’s Terms of Service and Privacy Policy, please refer to the following websites:

• Google Analytics Terms of Service
• Privacy policy

In exceptional cases, personal data shall also be transferred to foreign postal service providers in third countries.

IV. Categories of personal data, legal grounds and processing purposes

The Controller shall collect and process personal data subject to the following:

• - the consent of data subjects,
• - concluded agreements or for the performance of activities prior to agreement conclusions;
• - legitimate interests we pursue, and
• - to comply with applicable statutory obligations.

IV. I. Data processing subject to consent

Data subjects whose personal data shall be processed subject to their consent may consent to the processing of personal data by each purpose separately.

Data subjects may, at any time, withdraw their consent by each purpose separately in a simple and easily accessible manner.

A. Sending of news, communications, promotional offers, etc., provision of direct marketing (sending of commercial communications and newsletter)

• sending e-communications on current prize games and promotional offers of the Controller;
• sending e-communications on new features and promotional offers of the Controller;
• sending e-invitations to events of the Controller;
• sending invitations via mail to events of the Controller;
• collecting orders via telephone or e-mail;
• sending e-publications of the Controller.

Subject to consent by each purpose separately, the Controller shall collect and process the following personal data of data subjects: name, surname and e-mail address.

B. Obtaining demographic reports on statistical data and website traffic

Subject to consent, the Controller shall collect and process the following personal data of data subjects: name, surname and e-mail address.

C. Social media tools

Subject to consent, the Controller shall collect and process the following personal data of data subjects: name, surname and e-mail address.

IV. ii. Data processing subject to a concluded agreement

The Controller shall collect and process personal data of data subjects subject to an agreement (order) or for the performance of activities prior to the conclusion of an agreement (order) for the purposes of performing activities of the Controller.

A. Ticket and gift voucher orders

The Controller shall process personal data of data subjects subject to ticket or voucher order (concluded agreement) for the purposes of performing activities of the Controller.

Personal data of data subjects which are entered into the contact form thereby and which shall be processed for the purpose of performing our activities are as follows:

required data: name, surname and e-mail address

optional data: telephone number, address (street name and number, town)

B. Submission and provision of ordered tickets (gift vouchers) to the address of the client

For the purposes of delivering or providing the ordered tickets (gift vouchers) to the client’s address, the Controller shall process the following personal data: name, surname, full address.

IV. iii. Data processing subject to legitimate interests pursued

The Controller shall collect and process personal data subject to legitimate interests pursued.

Personal data subject to legitimate interests pursued shall be collected for the following purposes:

• statistical analysis of website traffic
• provision and improvement of services
• provision and development of innovative and tailored services for our clients and users
• provision of safety of our services and websites and protection against fraud, spam, abuse, etc.

For these purposes, the following personal data shall be collected and processed: IP address, statistical data on website traffic, number of clicks, duration of clicks, inbound and outbound links, type of client.

Personal data processed for these purposes shall not be linked with identifiable natural persons.

V. Personal data protection

The Controller shall adopt all the required physical, technical, logistical and organisational personal data protection measures and procedures subject to adopted internal acts and in compliance with good information protection practices or via contractual partners and shall thus:

• protect application software used to process personal data;
• prevent unauthorised access to personal data during their transfer, including during transfer over telecommunication media and networks;
• ensure an affective data processing archiving, destruction, erasure and anonymisation method;
• secure its premises, hardware and software;
• facilitate subsequent identification of the time of personal data processing and the person in charge thereof, namely for the period for which any data are stored.

VI. Personal data retention period

Personal data of data subjects collected subject to consent shall be stored for a period of 5 years as of your consent withdrawal.

Personal data of data subjects collected subject to an order or agreement, may be stored for a period of 10 years as of the fulfilment of obligations of both contracting parties, whereas in the event of recovering duties not collected, for a period of 10 years following the completion of the legal proceedings.

Personal data of data subjects collected subject to legitimate interests pursued shall be stored until the exercise of rights of the data subject or for as long the purpose for which they had been originally collected continues to exist.

VII. Rights of data subjects

In compliance with legislation regulating personal data protection in force, data subjects shall hold the following rights:

• right of access: data subjects shall hold the right to obtain confirmation from the Controller whether any personal data associated therewith are collected and, if so, to gain access to these personal data;
• right of rectification: data subjects shall hold the right to have the Controller, without undue delay, rectify incorrect personal data associated therewith. Data subjects shall, by taking into consideration the purposes of processing, hold the right to have incomplete personal data completed;
• right to erasure: data subjects shall hold the right to have the Controller, without undue delay, erase personal data associated therewith, whereas the Controller shall be obliged to erase these without undue delay;
• right to restriction of processing: data subjects shall hold the right to have the Controller restrict the processing of personal data associated therewith provided that the data subject contests the accuracy thereof, their processing is unlawful, the data subject opposes their erasure but demands restriction of use thereof instead, the data subjects lodges an objection to their processing or if the Controller no longer needs these personal data for the purposes of processing but, instead, the data subjects requires them for the establishment, exercise or defence of legal claims;
• right to data portability: data subjects shall hold the right to obtain personal data associated therewith that had been provided to the Controller in a structured, commonly used and machine-readable format and the right to provide these data to another controller without any impediments by the controller who had been provided therewith;
• right to object: on grounds relating to his or her particular situation, data subjects shall have the right to, at any time, object to processing of personal data concerning him or her, based on the processing required for legitimate interests of the Controller, including profiling;
• automated individual decision-making, including profiling: data subjects shall hold the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
• right to lodge a complaint with a supervisory authority: data subjects shall hold the right to lodge a complaint regarding the processing of their personal data directly to the competent supervisory authority, i.e. The Information Commissioner of the Republic of Slovenia.

VIII. Modalities for exercising the rights of data subjects

Data subjects may, at any time, exercise rights conferred on them in compliance with the General Data Protection Regulation.

These shall be exercises by sending a request for exercising individual rights conferred thereon to the address of the contact person of the Controller.

IX. Cookies

The website of the Controller requires so-called cookies for uninterrupted functioning. Cookies are files stored on the device of the User from where they access the website. They are used to store unique User data or selected settings on the website on the device of the User.

For more information on cookies and how to manage them, please refer to the Cookie Blocking Instructions.

The User may consent to and enable all or only some cookies (so-called third-party cookies). If the User disables or rejects the use of various cookies, this can affect the scope and usefulness of the Controller’s website and their services.

At all times, the User maintains full control over cookies which can be erased, restricted or fully disabled at any time. Instructions for the above vary between devices and are available on the website of the relevant software producer. It is up to you to decide whether you shall allow the storage of cookies on your computer. All cookie settings can be adjusted and controlled in your web browser.

• Chrome
• Firefox
• Internet Explorer 9
• Internet Explorer 7 in 8
• Opera (text provided in English)
• Safari (text provided in English)

X. Final Provisions

By sending a completed online order or enquiry form, the User confirms that they are familiar with the Terms and Conditions and Privacy Policy of the website and that they fully agree therewith and accept them in their entirety.

The Controller shall reserve the right to amend the Privacy Policy at any time. All individuals concerned shall be notified of any such amendment via a post on its website and communications to e-mail addresses of Users.

The Privacy Policy is in force as of 15/ 11/ 2019.