The protection of your privacy and your personal data is of the utmost importance for us at Turistična agencija Sonček. We devote a lot of attention to this aspect in our online activities. Our Data Protection Policy therefore complies with the applicable provisions governing the area of personal data protection and other legal provisions applying in the Republic of Slovenia as well as Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR).
In order to protect your data as effectively as possible against accidental or intentional manipulation, loss, destruction or to prevent access to your data by unauthorised third parties, we employ technical and organisational protection measures which we upgrade subject to technical development and legislative amendments.
We will explain at this point which of your personal data we collect and what we use them for. Below, we explain where we obtain personal data, how we protect them, to whom we transmit them and how we ensure the exercise of your rights relating to personal data protection.
Personal data means information that can be used to ascertain your identity. Such information includes for example your name, address, post code, date of birth and gender, IP address, telephone number or your e-mail, payment information, etc.
Information that is not directly related to your actual identity (such as favourite websites or the number of website users) does not fall into this category.
We collect personal data upon the booking of tourism services, i.e. either in person at a branch office, via the call centre, on the website or in the application, or when you pay for services and when you participate in prize competitions or register for the newsletter. We also collect personal data when you visit our website.
We specifically collect the following categories of personal data:
Your data may be used for the following purposes:
Your personal data are processed exclusively based on the legal basis for the processing. The legal basis depends on the purpose, for which we obtained the data.
In the majority of cases, your personal data are processed for the purpose of fulfilling your travel contract.
Personal data may also be processed for the following purposes:
We shall not store your data longer than required for the fulfilment of the purpose, for which they are processed. In order to determine a suitable retention period, we consider the scope, nature and sensitivity of personal data, the purposes, for which they are processed, and whether we can achieve these purposes by other means.
When determining a suitable retention period, we must consider the legal periods such as those laid down in the Value Added Tax Act, the statute of limitations or the period for the consideration of complaints.
When we no longer require your personal data, we will securely erase or destroy them.
We may transmit your personal data for the purposes outlined in these Rules to the following third parties:
The agency offers tourism services practically everywhere in the world meaning that it is sometimes necessary to send personal data to third parties, which are listed in the first indent, outside the European Economic Area (EEA) for the purpose of fulfilling the travel contract. Because personal data protection in other countries is not as high as it is in the EEA, we request all service providers to process data securely and in accordance with the legislation on data protection applying in the Republic of Slovenia and in the EU.
In order to ensure the legality of data transmission outside the EEA, we use standard means for the protection of data outside the EEA.
We hereby explicitly declare that we do not sell personal data to third parties, which especially applies to addresses.
When storing and disclosing your personal data, we adhere to strict security procedures and protect data from accidental loss, destruction or damage. The data you send us are protected with the SSL technology (Secure Socket Layer). SSL is a standard industry method for encoding personal data and credit card data so that they can be safely transmitted over the Internet.
All payment data are transmitted via the SSL through the dedicated network infrastructure (MPLS) and stored in accordance with the payment card industry's data security standards (PCI DSS).
In regards to the protection of data relating to your credit card, we would like to explicitly warn you that – when effecting payments online – these data must be entered exclusively in the reservation form fields which are dedicated for this purpose. We can only ensure secure handling of your data if you yourself observe the correct method of data entry.
We may disclose your personal data to third parties exclusively for the purposes outlined in these Rules. We request all third parties to have suitable technical and operational safeguards in place for the protection of your personal data in accordance with the Personal Data Protection Act and the GDPR.
Under certain circumstances, you shall have the following rights under the law, i.e. the right to:
If you wish to exercise any of the abovementioned rights, send your request via e-mail to email@example.com or via regular mail to the address Turistična agencija Sonček, d. o. o., Glavni trg 17, 2000 Maribor.
You do not need to pay a fee for limiting access to personal data or to exercise of any other right. However, we may charge a reasonable fee if your request for access is manifestly unjustified or excessive. Another option that we have is to refuse the request under such circumstances.
In case of the exercise of rights for such reasons, we may have to request certain information from you that will help us confirm your identity, which is only a security measure that ensures that personal data are not disclosed to unauthorised persons.
Cookies that we use (small files containing configuration information) help us determine the frequency of use and the number of users of our website, while they allow you to use the entirety of our services. Cookies also enable us to send you personalized information in Sonček via e-mail, e.g. notifications about reservations, certain products or sales campaigns as well as recommendations about products or services that might be of interest to you.
Most of the browsers are set up to accept cookies automatically. Despite this however, you can turn of the acceptance of cookies or set up your browser so that it notifies you about the sending of cookies. There is also the option of deleting the stored cookies from your hard drive yourself at any time.
Cookies are absolutely required for making reservations. Our services can be used to a limited degree even without cookies.
If you require more information on cookies and on how to prevent the installation of cookies on your computer, visit the following website: http://www.allaboutcookies.org.
In order to monitor traffic patterns and website usage, we use tracking software that helps us develop the design and layout of the website. The abovementioned software does not enable recording of the passengers' personal data.
General information is stored (e.g. number of visitors and duration of the visit to individual pages, etc.) upon each access to the content of our online offer. These are not personal data and are therefore processed in anonymised form. We use these types of data exclusively for statistical purposes so they help us optimise our online offer.
This website uses the Google Analytics service, which is a service for web analytics provided by Google Inc. (hereinafter: Google). Google Analytics uses the so-called "cookies", text files that are stored on your computer and enable the analysis of your use of the website. Information on your usage of the website (including your IP address), which is recorded by the cookie, is transferred to the server of the Google company in the USA where the information is stored.
Google will use that information to analyse your usage of the website, produce reports on website activities for website operators and to perform other services associated with the use of the website and the Internet. Google will transmit the information to third parties as appropriate, i.e. within the legally prescribed scope or if said third parties process the information based on the order placed by Google. In no case will Google merge your IP address with other Google data. You can disable cookie installation with the appropriate setup of your browser's software. We should, however, warn you that you will in such an event not be able to use all of the functions of the website in their full scope. By using this website, you declare that you agree to Google processing the data concerning you in a manner previously described and for the abovementioned purpose.
Our website uses the anonymisation function that is provided by the Google Analytics service. Because of this, IP addresses are therefore stored and processed only in abbreviated form so that they cannot be linked to the identity of a particular person.
Our website has plug-ins (hereinafter: Plug-ins) installed for the facebook.com social network which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter: Facebook).
You will recognise Facebook Plug-ins by one of the logos of the Facebook application (white "f" in a blue square or raised thumb symbol) or by the "Facebook Social Plugin" designation. You can view the list and appearance of Facebook Plug-ins by clicking the link below: http://developers.facebook.com/plugins.
If you open a page on our website that has such a Plug-in installed, your browser will establish a direct connection to Facebook's servers. The Plug-in content is transmitted via Facebook directly to your browser via which it is installed in the website. For this reason, we have no control over the volume and content of the data collected by Facebook using these Plug-ins and we therefore only provide you with the information at our disposal (http://www.facebook.com/help/?faq=186325668085084):
Through the integration of the Plug-ins, Facebook receives information that you visited a certain page of our website. If you are logged into Facebook, Facebook can link your visit to your Facebook account. If you use Plug-ins, e.g. if you click the "Like" button or submit a comment, the relevant information from your browser is transferred directly to Facebook where it is stored. Even if you are not a member of the Facebook network, there is a way for Facebook to obtain your IP address and store it.
You can read in Facebook's privacy protection statement about the purpose and scope of data collection and further processing and use of the data by Facebook as well as about your rights in this regard and the possible settings for the protection of your privacy: http://www.facebook.com/policy.php.
If you are registered in Facebook and do not wish Facebook to collect data concerning you through our website and link them to your data stored in the Facebook network, you must log out of Facebook and delete the cookies before visiting our website. You can find more information about cookies in this Data Protection Statement.
You can block Facebook Plug-ins, among others by installing an add-on for your browser such as "Facebook Blocker".
Our online offer contains links to other websites. This Data Protection Statement does not apply to other providers. Because we have no control over whether the operators of such websites observe the provisions on data protection, we assume no responsibility for the correctness, currency and completeness of the information they provide on their web pages.
Turistična agencija Sonček, d. o. o. is responsible for storing and processing personal data and is at the same time a service provider. You can find detailed information about the company and how to get in touch with us in the impressum.
If you have any questions or wish to submit your wishes or comments relating to data protection, write us at firstname.lastname@example.org.
Owing to the amendments to the legislation governing personal data protection, we must occasionally adapt the provisions relating to such protection. We will inform you of eventual changes here.
Turistična agencija Sonček, d.o.o., Glavni trg 17, 2000 Maribor
VAT ID No.: SI71695532. Registration ID No.: 5680727.
The company is registered with the District Court of Maribor under reg. No. 1/06953/00.
Status: May 2018