Privacy policy

1. Purpose
The Privacy Policy (hereinafter: the Policy) was adopted in order to acquaint users with the legal basis, types and purposes of personal data and the rights of individuals in the field of personal data protection, which the company ATLANTIKUM Gostinsko podjetje d.o.o. obtains from the individuals.
This Privacy Policy, together with all applicable terms of use of the website and cookie policy, sets out how ATLANTIKUM Gostinsko podjetje d.o.o. uses personal data collected by the company from an individual user online, as well as personal data provided to ATLANTIKUM Gostinsko podjetje d.o.o. by alternative means such as telephone, e-mail or other correspondence.
Personal data provided to the company are used and processed when necessary for the preparation and conclusion of the accommodation contract (hotel or other reservations). These include demand, negotiations, preparation of an offer, conclusion of a contract, notification of changes in sales conditions, changes in contractual relations, for billing services, for resolving complaints, for informing about a contractual relationship. The company manages personal data with the utmost care, taking into account applicable legislation and the highest standards of their processing.
The company ensures that it implements appropriate technical and organizational measures in such a way that the processing of personal data meets all the requirements of personal data protection regulations and also ensures the protection of the rights of the data subject and that in processing personal data applicable law.
At the same time, this Privacy Policy further clarifies the consent given by the individual to the processing of personal data.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, the Privacy Policy “General Data Protection Regulation”), the following information is covered:
contact information of the company,
purposes, legal bases and definitions of the type of processing of different types of personal data of individuals,
retention time of individual types of personal data,
the rights of individuals with regard to the processing of personal data.
In order to ensure the security of personal data, the controller has taken appropriate organizational measures, work procedures and advanced technological solutions with external experts in order to protect your personal data as effectively as possible. We use an appropriate level of protection and reasonable physical, electronic and administrative measures to protect the data collected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or unauthorized access to personal data transferred, stored or otherwise. processed.

2. Types of personal data
The company collects information about website visitors only by using cookies.
In some cases, we may automatically (without a registration process) collect technical information about your visit to our website, which we cannot use for personal identification. Examples of such data collection are the identification of the web browser you are using, the identification of the computer operating system you are using, and the address of the website from which you linked to our website.

When you visit one of our websites, we may store certain information on your computer, which is archived in the form of “cookies” or other similar files and can help us in several different ways. Cookies allow us to tailor our website to your wishes and preferences. Most Internet browsers allow you to delete cookies from your computer’s hard drive, prevent such files from being saved, or warn you before saving. For more detailed instructions on how to use these features, read the user guide for your web browser or the help page provided by your browser.
Other personal data necessary for the provision of services are also collected about service users or service subscribers. This personal information is:
name and surname
contact phone
credit card
If for any reason you contact the company, the company ATLANTIKUM Gostinsko podjetje d.o.o. saves a record of this correspondence.

3. Personal data controller
The controller of personal data processed in accordance with these Rules is ATLANTIKUM Gostinsko podjetje d.o.o., Bevkov trg 6, 5000 Nova Gorica, Slovenia. To verify the authenticity and execution of transactions, ATLANTIKUM Gostinsko podjetje d.o.o. processes and transmits certain personal data to third parties: banks and business partners.
ATLANTIKUM Gostinsko podjetje d.o.o. is not responsible for any misuse or disclosure of your personal information as a result of improper conduct on your part.

4. Categories of individuals whose personal data are processed
This policy is intended for all those who have subscribed to and / or used our services, are recipients of e-news, as well as those who visit our website.

5. Purposes of processing and legal basis for data processing
We collect your information when you make a reservation, send an inquiry, subscribe to our newsletter, respond to a survey or fill out a form. When booking or registering on our website, you may need to enter your name, e-mail address, telephone number, credit card, where applicable. However, you can be anonymous when visiting our website.
Any information we receive from you may be used for the following purposes:
– Adapting the offer to your wishes (your information helps us to better respond to your individual wishes)
– Improving our website (based on the information and feedback we receive from you, we are constantly striving to improve our websites and offerings);
– Improving services (your information helps us respond more effectively to your requests and needs);
– Occasional emailing. Your Email address provides order processing and can be used to send information and changes to your booking, in addition to which we occasionally send news and offers related to new products, special offers, etc.

5.1. Processing based on individual consent
ATLANTIKUM Gostinsko podjetje d.o.o. reminds all individuals when collecting their personal data that the company will use this data for a specific purpose. ATLANTIKUM Gostinsko podjetje d.o.o. collects data for:
a) purpose of direct marketing – sending e-news
If the individual agrees and wants to receive free news about news, promotions, other offers of goods and services of the company ATLANTIKUM Gostinsko podjetje d.o.o. he must give his explicit consent by e-mail or mobile phone (SMS) to agree that the company uses his address for direct marketing purposes.
In this case, the company stores and processes the data exclusively for the purposes of direct marketing.
We may store and process your information in order to better understand your needs and determine how we can further improve our products and services. The operator or other legal entities acting on our behalf for promotional and advertising purposes may use this information to contact you, and we may also provide aggregate (non-individual) information about visitors and / or users of our websites to third parties. We do not intend to sell, lend or market your personal data to third parties in the future.

5.2. Processing on a contractual or pre-contractual stage
If the processing is necessary for the preparation and conclusion of an accommodation contract (hotel or other) to which the data applies, or for the implementation of measures at the request of the individual before the conclusion of the contract (b point I. para. 6 of Article 5 of the General Regulation on Personal Data Protection), the company processes personal data of the individual for the following purposes: identification of the individual, preparation of the offer, conclusion of the contract, provision of ordered services, notification of any changes, additional details and instructions for the use of services and for other purposes necessary for the performance or conclusion of a contractual relationship between the company and the individual.
When billing for services, based on tax regulations, we obtain and process your address for the correct issuance of the invoice.
5.3. Processing on the basis of a legitimate interest
If the processing of personal data is necessary to fulfill a legal obligation (c point I paragraph 6 of Article 6 of the General Regulation on Personal Data Protection) the company may process and use personal data of the individual to detect and prevent fraudulent use and misuse of services, in case of suspected abuse process data on individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, where appropriate, pass this information on to other service providers, business partners, the police, the public prosecutor’s office or other competent authorities.
In order to prevent future abuses or fraud, data on the history of identified abuses or fraud in connection with the individual, which includes data on the subscription relationship and, for example, IP address, may be stored for five years after the termination of the business relationship.
Furthermore, in the framework of ensuring the stable and secure operation of our system and services, as well as for the purposes of implementing information security measures, meeting the requirements related to the quality of services and detecting technical failures of systems and services.

6. Transfer of personal data to third parties / contractual processors
In the event that the company provides personal data to selected external processors, they will enter into a contract with the company for the processing of personal data or substantially the same agreement or other binding document, which will commit in advance to comply with the same standards and all standards of personal data processing provided by applicable law. External processors will only have access to the data needed to achieve a specific purpose. External processors are contractually bound by the company to respect the confidentiality of your personal information.
On the basis of a reasoned request, companies also provide personal data to the competent state authorities, which have a legal basis for this. ATLANTIKUM Gostinsko podjetje d.o.o. will e.g. respond to requests from courts, law enforcement and other national authorities, which may include national authorities from another EU Member State.

7. Retention of personal data
The retention period is determined by the category of the individual data. The company keeps the data for as long as necessary to achieve the purpose for which they were collected or further processed, or until the expiration of the statute of limitations for the fulfillment of obligations or the statutory retention period.
Accounting data and related contact data on individuals may be kept for the purpose of fulfilling contractual obligations until the full payment of the service or until the expiration of the statute of limitations in relation to an individual claim, which may amount to one to five years. Invoices are kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other information obtained by the company with the consent of the individual is kept until revoked.
At the end of the retention period, the data shall be deleted, destroyed, blocked or anonymised, unless otherwise provided by law for each type of data.

8. Individual rights regarding the processing of personal data
The rights of the data subject are:
1. the right of access to personal data
2. right to correction
3. right to erasure (“right to be forgotten”)
4. the right to limit processing
5. the right to data portability
6. right to contract
7. right of appeal
An application relating to the exercise of any of the above rights may be made by an individual:
– to the e – mail address or
– by post to the address ATLANTIKUM Gostinsko podjetje d.o.o., Bevkov trg 6, 5000 Nova Gorica.
The company will process the request without undue delay and decide on it within 30 days of receiving the request. In case of complexity, the time limit for reply may be extended by a maximum of three months, of which the individual must be specifically informed.
Where there is a legitimate doubt as to the identity of the data subject, we may request the provision of additional information necessary to confirm the identity of the data subject.
If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, the company may:
charge a reasonable fee, taking into account the administrative costs of providing the information or communication or implementing the required action, or refuse to act on the request.

8.1. Right of access to data
An individual may request that the company informs him or her whether personal data are being processed in relation to him or her and, if so, access to personal data and the following information:
processing purposes,
the types of personal data processed,
users or categories of users to whom personal data have been or will be disclosed,
the envisaged retention period of personal data or, if that is not possible, the criteria used to determine that period,
the existence of a right to require the controller to correct or delete personal data or to restrict the processing of your personal data, or the existence of a right to object to such processing,
the right to lodge a complaint with the supervisory authority,
where personal data is not collected from you, all available information regarding their source.

8.2. Right of rectification (Article 16 of the General Regulation on Personal Data Protection)
The individual has the right to have the controller correct inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, the right to supplement incomplete personal data, including the submission of a supplementary statement.
8.3. Right to erasure (“right to be forgotten” – Article 17 of the General Regulation on Personal Data Protection)
The individual has the right to have the controller delete the individual’s personal data without undue delay when one of the following reasons applies:
where personal data are no longer needed for the purposes for which they were collected or otherwise processed,
however, where the individual revokes the consent on the basis of which the processing takes place, there is no other legal basis for the processing,
where an individual objects to the processing of data and there are no overriding legitimate reasons for processing them,
where personal data have been processed unlawfully,
when personal data must be deleted in order to fulfill a legal obligation in accordance with EU law or the Slovenian legal order.

8.4. Right to limit processing (Article 18 of the General Regulation on Personal Data Protection)
An individual has the right to have the controller restrict the processing of his personal data when one of the following cases applies:
the individual disputes the accuracy of the data, for a period that allows the controller to verify the accuracy of personal data,
the processing is illegal and the individual opposes the deletion of personal data and instead requests that their use be restricted,
the controller no longer needs personal data for the purposes of processing, but the individual needs them to assert, enforce or defend legal claims,
if the data subject has lodged an objection to the processing based on the legitimate interests of the company, until it is verified that the legitimate reasons of the controller outweigh the reasons of the individual.
Where the processing of personal data of an individual has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with the consent of the individual, either to assert, enforce or defend legal claims.
Prior to the lifting of the restriction on the processing of personal data, the controller is obliged to inform the individual.

8.5. Right to data transferability (Article 20 of the General Regulation on Personal Data Protection)
The individual has the right to receive personal data concerning him, which he provided to the controller, in a structured, commonly used and machine-readable form, and the right to transfer this data to another controller without ATLANTIKUM Gostinsko podjetje d.o.o. an obstacle where the processing is based on the consent of the individual and the processing is carried out by automated means. At the request of an individual, where technically feasible, personal data may be transferred directly to another controller.

8.6. Right to object (Article 21 of the General Regulation on Personal Data Protection)
When the company ATLANTIKUM Gostinsko podjetje d.o.o. processes the data on the basis of a legitimate interest for marketing purposes, such processing may be objected to by the individual at any time.
ATLANTIKUM Gostinsko podjetje d.o.o. it shall cease to process the personal data of the individual, unless it proves compelling reasons for processing that outweigh the interests, rights and freedoms of the individual, or for asserting, enforcing or defending legal claims.

8.7. The right to lodge a complaint regarding the processing of personal data
An individual has the right to file a complaint with the Information Commissioner if he / she considers that the processing of his / her personal data violates Slovenian or EU regulations in the field of personal data protection.
If the individual exercises the right of access to data and, after receiving the decision, considers that the personal data he received is not the personal data he requested or did not receive all the requested personal data, he may file a reasoned complaint with the Information Commissioner. company ATLANTIKUM Gostinsko podjetje doo within 15 days. Your complaint will be decided by the company as a new request within five business days.

9. Final provisions
For issues not regulated by these Rules, the applicable legislation shall apply.
ATLANTIKUM Gostinsko podjetje d.o.o. reserves the right to change these Rules. Any changes to the Rules will be published on the website

10. Validity of the Privacy Policy
The rules are published on the website of the company ATLANTIKUM Gostinsko podjetje d.o.o. and enters into force on 15 May 2020.
ATLANTIKUM Gostinsko podjetje d.o.o.
Bevkov trg 6
5000 Nova Gorica