Privacy policy
The information on privacy protection written below gathers in one place key information about the security of personal data of Domačia Šeruga, which of your personal data we collect and why we process it, to whom we pass it on, which data is yours, related to personal rights, and how you can realize.
MANAGER OF PERSONAL DATA
The data manager is Domačija Šeruga, Sela pri Ratežu 15, 8222 Otočec.
COLLECTION OF PERSONAL DATA
If you are only a visitor to the website, we only collect data about you through the use of cookies. If you are a user of services or the services of a client that offers a homestay, do we also collect other personal data that we need to perform the service you ordered or that you use. These personal data therefore:
- Personal data for the reservation (First and last name, Date of birth, gender, citizenship, number and type of identification document, email address, telephone number, home address),
- Credit card information (card type, card number, name on the card, validity date and security code),
- Information about the guest’s stay (Date of arrival and departure, special requests and service preference),
- Information about the event (name and surname, company date and time of the start and end of the event, duration of the event, number of participants),
- Data regarding advertising preferences (during surveys, contests or promotions).
PURPOSE OF PERSONAL DATA PROCESSING
Personal data is collected and processed for the purpose of providing services in accordance with the registration of Domačija Šeruga.
Domačija Šeruga collects and processes data on the basis of a legal basis. The legal basis depends on the purpose for which we obtained the data. We use them for the following purposes:
3.1. Statutory legal basis
- to conclude a contract with an individual for the uninterrupted provision of accommodation and catering services,
- for the needs of communication related to possible changes to the reservation,
- to verify credit card payments for accounting purposes,
- to resolve disputes or complaints,
- to communicate with customers for the purposes of improving our services,
- for statistical analysis purposes,
- for processing for the purpose of identification, prevention of errors and fraud.
3.2. Personal consent of the guest
- to participate in surveys.
Providing personal consent is completely voluntary and is not a condition for concluding a contract. In these cases, the processing takes place within the scope of the stated purpose and the agreed methods of notification, until cancellation.
TRANSMISSION OF PERSONAL DATA
We want to earn and keep your trust, so we treat your data with the utmost care. In principle, your personal data is processed only by our employees, who are bound to confidentiality and who are regularly educated and trained in safe handling of data.
We do not pass on your personal data to anyone, unless we are required to do so by law or if you expressly allow us to do so or if you authorize a third party to pass on your data to them.
Due to a legal obligation, we forward some data about your overnight stay to AJPES, and based on a reasoned written request, also to other state authorities who request it from us for the purposes of conducting specific procedures.
If necessary, we will authorize other companies and individuals to perform certain tasks that contribute to our services. In such a case, the company may also forward your personal data to such carefully selected external processors who will enter into a contract with the company on the processing of personal data, or an agreement or other binding document (Processing Agreement) with the same content. We will forward this type of data to external processors or make them accessible only to the extent required for a specific purpose. This data may not be used by the external processor for any other purposes, meeting at least all personal data processing standards provided for by applicable legislation. External processors are contractually obligated to the company to respect the confidentiality of your personal data.
PROTECTION OF PERSONAL DATA
We use strict security procedures to protect your personal information from accidental loss, destruction or misuse.
The premises where the physical carriers of personal data, hardware and software are located are protected by organizational and technical measures that prevent unauthorized persons from accessing the data. The premises are locked, and the lists of personal data on the devices are protected by passwords.
STORAGE PERIOD OF PERSONAL DATA
The data retention period is determined according to the category of individual data. We keep the data for as long as is necessary to achieve the purpose for which it was collected or further processed, or until the expiration of the statute of limitations for the fulfillment of obligations or the statutory retention period.
Billing data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until full payment for the service or, at the latest, until the expiry of the statute of limitations in relation to an individual claim, which can range from one to five years by law. Invoices are kept for 10 years after the end of the year to which the invoice refers in accordance with the law governing value added tax.
We keep other data that we obtained based on your consent for the duration of the business relationship and for 5 years after termination, unless the law stipulates a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 5 years from the time it was given or until it is revoked.
After the expiration of the retention period, the data is deleted, destroyed, blocked or anonymized, unless otherwise stipulated by law for the individual type of data.
RIGHT OF THE INDIVIDUAL IN RELATION TO DATA PROCESSING
We grant you the following rights in relation to the processing of your personal data:
- the right to access data: you can familiarize yourself with all your personal data that has been collected in relation to you, as well as its processing, and verify its legality;
- the right to correction or additions to personal data: without undue delay we will correct or supplemented your inaccurate personal data;
- the right to delete personal data: we will delete personal data about you without undue delay, to the extent permitted by applicable law (data we need to perform the contract you have entered into with us and data we need to carry out our legal obligations, we will not be able to delete it, despite your request);
- the right to limit the processing of personal data: you can request that we limit the processing of your personal data (when you dispute the accuracy of personal data, when the processing is illegal, in cases where Domačija Šeruga no longer needs your data for processing, but you need them for enforcement, implementation or the defense of legal claims or if you have objected to processing based on legitimate business interests until it is verified that our legitimate reasons override your reasons);
- the right to data portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without the company preventing you from doing so, when the processing is based on your consent and the processing is carried out by automated means. At your request, when technically feasible, personal data may be transferred directly to another controller.
- the right to object: you can also object to the processing of your personal data at any time when it is processed for the purposes of direct marketing, including the creation of profiles, if this is related to such direct marketing.
Rights in relation to your personal data can only be exercised by you personally, and another person on your behalf only on the basis of your written authorization.
Any complaint or request regarding the processing of your personal data can be sent to the email address info@seruga.si or to Domačija Šeruga, Sela pri Ratežu 15, 8222 Otočec.
You have the right to file a complaint directly with the information commissioner if you believe that the processing of personal data concerning you violates Slovenian or EU regulations in the field of personal data protection.
VALIDITY OF THE PRIVACY POLICY
The personal data protection policy is published on the website of Domačie Šeruga. It comes into effect on June 1, 2024 and is valid until canceled and may be amended or supplemented at any time.