1. The validity and application of the policy
The policy applies to all users when they first visit the website, and to all subsequent visits. By using the website, the user confirms that he accepts and agrees to all the provisions of this policy.
The policy may be amended or supplemented at any time without notice. By using the website after changes in the policy have been made, the user confirms that he agrees to the changes.
2. About the protection of personal data
2.1. Data operator
The operator of personal data collected in connection with the provision of services and the use of the website www.hotel-stil.si is STIL INŽENIRING, a company for marketing, trade and tourism d.o.o., Litijska cesta 188, 1261 Ljubljana - Dobrunje, registration number: 5525861000, tax number: SI 47186194 (hereinafter: the supplier and the operator).
2.2. User data that is collected
For the purposes of providing the services it offers, the operator collects, manages, processes and stores the following user data:
- name and surname;
- company, or the name of the legal entity (if the individual is employed or in a comparable relationship with the legal entity);
- e-mail address;
- telephone number;
- country of residence;
- origin of the first visit to the website;
- number of website visits;
- other information that the user voluntarily enters in the contact forms on the website.
2.3. Purpose of data processing
The operator will use the collected user data exclusively for the following purposes:
- managing customer records,
- issuing invoices and complying with related tax and accounting requirements,
- provision of services and communication with users,
- for advertising independently or through advertising service providers (Facebook, Mailchimp and Google Analytics), sending advertising materials and messages (e-mails, SMS, MMS) to the user's address (physical and/or electronic) and telephone number, which the user provides to the operator,
- identification and verification of user data.
2.4. Data transmission
The operator will not transfer collected data to third parties, unless required by active regulations.
3. Data protection and retention time
The operator ensures the protection of personal data in accordance with the policy and with the requirements for personal data protection set by Slovenian legislation and EU regulations.
Personal data may only be stored until the purpose of their retention is realized (retention period).
After the expiry of the retention period, personal data shall be deleted, destroyed, blocked or anonymized, unless otherwise prescribed by law or other regulations for individual types of personal data.
Regarding deletion of data in electronic form, the operator employs a method that ensures that reconstruction of all or part of the deleted data is not possible.
4. User rights
The user, or data subject, may at any time revoke the given permission for the processing of his personal data.
The data subject has the right to obtain confirmation from the operator as to whether their personal data is being processed and, when appropriate, access to personal data.
The data subject has the right to have the operator correct inaccurate personal data regarding him or her without undue delay. The data subject has the right to supplement incomplete personal data, by submitting a supplementary statement. The data subject has the right to have the operator delete personal data concerning him without undue delay, and the data operator must delete the personal data without undue delay when one of the following reasons applies:
(a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(b) the data subject revokes their consent for their data being processed and there is no other legal basis for the processing;
(c) the data subject objects to the processing of the data and there are no other overriding legitimate reasons for processing it;
(d) personal data has been processed unlawfully;
(e) personal data must be deleted in order to fulfill a legal obligation under union law or the law of a member state applicable to the operator;
(f) personal data have been collected in relation with the offer of information society services.
(a) the data subject disputes the accuracy of the data, for which a period is prescribed to enable the operator to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the deletion of the personal data and instead requests that its use should be restricted;
(c) the operator no longer needs the personal data for the purposes of processing, but the data subject requires it in order to assert, enforce or defend legal claims;
(d) the data subject has submitted an objection regarding their data being processed, and it is yet to be verified that the legitimate reasons of the operator outweigh the reasons of the data subject.
The data subject has the right to receive personal data concerning him or her held by the operator in a structured, commonly used, and readable form, and the right to pass on this data to another operator without being hindered by the primary data operator to whom the personal data has been provided beforehand.
5. Action on suspicion of unauthorized access
Upon any suspicion of a personal data breach, the operator shall report such a breach to the national personal data protection supervisory authority, and in the event of a suspected criminal offense to the police or the prosecutor's office. When a personal data breach is likely to pose a significant risk to the rights and freedoms of individuals, the data operator shall without undue delay inform the data subject that a personal data breach has occurred.
The data subject has the right to submit a complaint to the supervisory authority in the member state in which he has his habitual residence, his place of work, or where the alleged breach took place, if he considers that the processing of the personal data in relation to him or her violates the rules of personal data protection.
In the event of perceived misuse of personal data, the operator shall without undue delay, but no later than 72 hours after becoming aware of the breach, notify the information commissioner of any breach of personal data protection it has detected if it is likely to pose a risk to human rights, or abuses fundamental freedoms, and the interests of data subjects.
Any use of personal data for purposes that are not in accordance with the purposes of data collection specified in the law, on the basis of which they are collected, or the purposes specified in the catalog of personal data is considered to be a misuse of personal data. An attempt to misuse personal data for unauthorized purposes is considered an attempted misuse.
6. Exclusion of liability
The operator is not responsible for the authenticity, accuracy, and up-to-dateness of personal data and contact data provided by the user. The user is obliged to take care of the accuracy of all transmitted data.
The operator is not liable for any damage caused to the user because he provided the operator with incorrect, incomplete, or out-of-date data during registration.
To ensure the functionality of all of the website’s features, the following cookies are used:
- cookies for analytical purposes;
- cookies to follow the itinerary of unregistered users.
- monitoring the use of the website, user habits, distinguishing between users and tracking them on the website,
- for the purposes of analyzing traffic (counting visitors, identifying browsers, keywords leading to the website, navigation difficulties),
- storage of user settings when using the website,
- ensuring the functionality of key features of the website,
- implementation of advertising campaigns enabled by other providers (Google, Facebook).
- Facebook button;
- Instagram follow button.
8. Final provisions
The invalidity of any provision of this policy, regardless of the reason for invalidity, does not imply the invalidity of this policy as a whole. In such a case, the invalid provision shall be deemed unwritten, and this policy shall continue to apply without that provision.
Slovenian law and the law of the European Communities apply to legal relations between users and the operator (including Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data). The court with jurisdiction to resolve any disputes is determined according to the seat of the company.
Valid from the 1th of April 2021