1. General provisions
2. What personal data do we collect?
We collect information from you when you visit our websites or premises, purchase something from us, enquire in person about our services, contact us by telephone, e-mail or other means, or respond to a communication from us.
Through the reservation process we collect your name and surname, address, e-mail address, phone number and credit card information. Depending on the reservation, we may also ask for your gender, nationality, ID or passport number, date and place of birth and the same information from the guests that are travelling with you.
Furthermore, when you visit our website, we automatically receive and save information from your computer and browser through »cookies«, including your IP address, operating system, browser type, software and hardware information, requested page, language settings and the date and time of access to the website.
3. Why do we use your personal data?
We use your personal data:
- for the needs of carrying out our services pursuant to the contract and applicable general terms and conditions;
- for the purpose of direct marketing, market research, customer segmentation, statistical processing,
- for website analysis,
- to provide you with updates,
- to invite you to our events,
- to manage any promotions that you have chosen to participate in,
- to communicate with you about products, services, offers, promotions,
- to monitor technical performance of our services,
- to offer better services for the next visitors,
- to safeguard our premises and property.
4. What is the legal background for us to collect your personal data?
We collect and retain your personal information on several legal bases:
- Contractual obligation: whenever the treatment of your personal data is necessary for the execution, implementation and management of the contract executed with us.
- Legal obligation: in some cases, it is required by the law to collect and store your personal information.
- Legitimate interest: for some data, we have good and fair reason to use it in such ways that do not hurt your interests and rights.
5. How do we ensure the security of your personal data?
We understand that security of your personal information is especially important and that is why we take a variety of security measures to protect your personal data.
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your personal data under the Personal Data Protection Act and the EU Regulation GDPR at all times.
Our use of your personal data will always have a lawful basis as previously mentioned above.
Only authorized personnel are permitted to access your personal data.
In the event that personal information is compromised as a result of a breach of security, we will promptly notify those persons whose personal information has been compromised, in accordance with Personal Data Protection Act and the EU Regulation GDPR or as otherwise required by applicable law.
As we develop our business, we may buy or sell assets or business offerings. Customer and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
We do not rent or sell your personal data to others.
6. Disclosure to third parties
We might share your personal data to the relevant third parties.
For example, when you use the credit card to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution to handle this payment.
We might also need to disclose your personal data with Competent authorities, to law enforcement authorities as it is required by law or is strictly necessary for the prevention, detection or prosectuion of criminal acts or fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or the rights of our business partners.
We may transfer data to trusted third-party providers (such as management companies or mailing houses) in order for them to provide services to us, help up develop our website, marketing activities or business.
Moreover we may also share your personal data to relevant third parties such as boat providers you booked with. The primary purpose is to process your vessel reservation, share your data relevant for your trip, or validating the correctness (for example e-mail address you provided during the reservation).
Any third-party service providers are bound by confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by us. Only personal data that is necessary to fulfill the purposes stated above will be provided to these third-party providers.
7. Transferring your information outside of Europe
As part of the services offered to you through our website, the information you give to us may be transferred to the countries outside the European Union and we are therefore unable to provide the same level of security as provided under the regulation of the EU and its Member States.
8. How long and where do we store your personal data?
We only keep your personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it. Some of your personal data will be stored as long as required by different laws we need to comply with.
After the completion of the service we will only store and use the e-mail address for the needs of communication for purposes mentioned in Article III of this policy. All other personal data will be deleted.
9. What are your »data rights«?
Under the EU Regulation GDPR you have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold. If you wish to exercise any of the rights you may at any time, contact us (contact details infra). The exercise of these rights is free of charge, except if your request is »manifestly unfounded or excessive« (for example, if you make repetitive requests). In this case a fee may be charged to cover our administrative costs in responding.
a. The right of access
If you want to know whether or not your personal data are being processed and what personal data we have about you, you can ask us for details of it and a copy of it. You can request an overview of your personal data by emailing us on email@example.com. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
b. The right of rectification
You can always inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details.
When exercising this right, we kindly ask you to be as specific as possible.
c. The right to erasure (»right to be forgotten«)
This means the right to ask us to delete, block, restrict or otherwise dispose any of your personal data we have in the following situations:
• if personal data is no longer necessary for the purpose for which it was collected or treated,
• if the consent on which the data treatment is based is withdrawn and there is no other legal basis for it,
• if the personal data has been unlawfully treated,
• if the personal data has to be erased as a result of a legal obligation.
Please keep in mind that we may not be in a position to erase your personal data, if for example we need to comply with a legal obligation or exercise or defend legal claims.
d. The right to restriction of processing
You have the right to ask us to restrict the processing of your personal data. This right applies where our processing of your personal data is necessary for our legitimate interest.
e. The right to object
You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on a legitimate interest.
f. The right to data portability
This means the right to obtain a copy of your personal data to re-use with another service or organisation.
If you request access to personal data about you that yourself have provided to us, and if the personal data is being processed automatically and in accordance with a contract between you and us, you may request that the personal data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
If you exercise this right, you should specify the type of information you would like to receive where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means.
g. The right to withdraw your consent
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you decide to withdraw your consent, we will stop processing your personal data for that purpose. Your withdrawal of your consent will not impact any of our processing up to that point.
h. The right to avoid automated decision-making
We kindly recommend that you check this page regularly to keep up-to-date.
To contact us about anything to do with your personal data and data protection please use the following details:
E-mail address: firstname.lastname@example.org
Telephone number: +386 1 620 8891
Postal address: Taborska cesta 1, 1290 Grosuplje, Slovenia.