SICOM HOTELS d.o.o. (hereinafter referred to as "the Company") respect your privacy and undertake to protect the personal information obtained through the online information system without giving your consent to the third party or for other purposes without your consent. Because there are certain links in the web information system to third parties, we are not responsible for the protection of the data on those web sites, which are not related to the company.
The Company undertakes to do its best to protect the information and privacy of website visitors. In order to prevent unauthorized access to or disclosure of the information obtained, to maintain the accuracy of the personal data and to ensure its proper use, we use appropriate technical and organizational procedures to protect the data we collect.
1. The controller and the authorized person for the protection of personal data
The controller of personal data is SICOM HOTELS d.o.o, Jožeta Jame 12, 1210 Ljubljana - Šentvid.
The company has appointed a Data Protection Officer who can be reached at firstname.lastname@example.org
2. Personal information
Personal information is information that identifies you as a specific or identifiable individual. It is identifiable when it can be determined directly or indirectly, in particular by specifying an identifier such as a name, identification number, location information, web identifier, or by specifying one or more factors specific to an individual's physical, physiological, genetic , mental, economic, cultural or social identity.
The company further details the categories of personal data and the purposes for which it is processed and, in general, the enterprise processes the personal data of individuals for the following purposes:
- the provision of hotel services,
- to keep records and statistics of hotel occupancy and services sold
- to provide services to individuals who wish to be informed about the activities of Sicom Hotels or who have subscribed to any of the events or seminars organized by the company (eg sending news, sending reminders and event announcers, invoices, providing services),
- for direct marketing (sending information and offers),
- for making reservations
- to enforce and defend its own legal claims,
- to inform you of technical or organizational updates of the Sicom Hotel website or business, and
- for other necessary communication of Sicom Hotels with users.
3. List of categories of personal data, purposes of collection and legal basis.
4. Other categories of natural persons whose personal information is collected by the company:
- visitors to the company website,
- external contractors of the company who cooperate with the company on the basis of copyright, venture, student work contracts (referrals) and similar contracts. Within this framework, he or she collects from those individuals the personal information that he or she needs to conclude and execute the contract (in particular, first name, surname, address, IDS, tax number, transaction account number, employment status for the purpose of payment…),
- employees of the company under an employment contract,
- debtors of the company based on the legitimate interest of the company,
- other users of the Company's services who are natural persons.
5. Other categories of personal information collected and processed by businesses:
- the time, date, type and amount of services used, benefits, attendance at events and news coverage,
- archive of communication,
- other personal information voluntarily provided by the natural person to the company,
- information about the use of the company website (dates and times of website visits, pages or URLs visited, retention time per page, number of pages visited, total time of website visit, site settings made).
The Company collects personal information on the basis of the personal consent of individuals, on a contractual basis, legal provisions, in the public interest and on the basis of a legitimate interest.
The Company protects all collected personal data of all users of all services it provides (including the exercise of public authority) in accordance with the regulations in the field of personal data protection applicable in the Republic of Slovenia. The entity receives the personal data it processes from the individuals to whom it relates (eg if the employer registers individuals for an event organized by the company).
If you are only a visitor to a company website, we only collect information about you using cookies.
The aforementioned personal data are processed by the company until the withdrawal of consent, for the duration of the reservation and during the stay at the hotel or contract for the contract or performance of services or until the expiration of the purpose for which they were stored and for 5 years after the end of the purpose for which the personal data relate. (except in case of withdrawal of consent). The company keeps personal data longer than the stated deadline only if it is bound by the regulations in force in the Republic of Slovenia.
6. Contractual processing of personal data
As an individual, you are aware and agree that the Administrator of an individual Task may entrust to your data (contract processors) your data. Contractors may process confidential information solely on behalf of the Manager, within the limits of their authority (in a written contract or other legal act) and for the purposes set out in this privacy police.
The contractors with which the Operator cooperates are:
- Accounting Service; law firms and other legal counsel providers,
- data and analytics providers,
- IT systems maintainers,
- Email providers (such as Mailchimp and others)
- Providers of customer relationship management systems (eg Microsoft),
- Online advertising solution providers (e.g., Google, Facebook),
- contractual partners who are co-organizers of events, if this is necessary for the organization and implementation of the event to which the individual has registered or has been registered by the employer under the employment contract.
Manager will not pass your personal information to third parties. Contractors may process personal data only within the framework of the Chamber's instructions and may not use personal data to pursue any self-interest. The controller and the users of the personal data are not exported to third countries (outside the European Economic Area - EU Member States, Iceland, Norway and Liechtenstein) and to international organizations except the USA - all contractors in the USA are included in the Privacy Shield program.
7. Familiarity with the information we hold about you
An individual who is a natural person may at any time request the business to:
- provide access to the catalog of personal data files,
- confirm whether or not the data relating to him are being processed and allow him to view and copy or copy the personal data contained in the personal data file,
- provide a printout of personal data contained in and relating to the personal data file,
- provide a list of users to whom personal data have been provided, when, on what basis and for what purpose,
- provide information on the sources on which the records contained in the individual's personal data file are based and on the method of processing,
- provide information on the purpose of the processing and the type of personal data being processed and any necessary clarifications in this regard,
- explain the technical or logical-technical decision-making procedures when performing automated decision-making by processing the personal data of an individual.
8. Data processing rights of the individual
To ensure fair and transparent processing, you, as an individual, have the following rights:
- Right of withdrawal of consent: If you, as an individual, have consented to the processing of your personal data (for one or more specified purposes), you have the right to revoke that consent at any time without prejudice to the lawfulness of the data processing that is based on exercised its consent until its revocation.
- Consent can be withdrawn by a written statement sent to the Manager at: email@example.com
- Withdrawal of consent to the processing of personal data for an individual has no negative consequences or sanctions. However, it is possible for the Manager to individually by Withdrawal of consent to the processing of personal data may no longer be able to provide one or more of its services in the case of services that cannot be provided without personal data (eg notification).
- Right of access to personal data: as an individual, you have the right to obtain from the Controller whether personal data are processed in relation to you and, where applicable, access to personal data and certain information (about the purposes of processing, the types of personal data, about the users, the retention periods or criteria for determining the periods, the existence of the right to rectify or delete the data, the right to restrict and object to the processing and the right to complain to the supervisory authority, the source of the data if no data were collected from you, the existence automated decision-making, including the creation of profiles, the reasons for them, the importance and consequences of such processing for you, and other information in accordance with Article 15 GDPR).
- Right to rectify personal data: As an individual, you have the right to have the controller correct inaccurate personal information concerning you without undue delay. As an individual, you have the right to complete incomplete information, including the submission of a supplementary statement, having regard to the purposes of the processing.
Right to erasure of personal data (the "right to be forgotten"): as an individual, you have the right to have the controller erase personal data concerning you without undue delay, and the controller must delete the data without undue delay when one of the following reasons exists:
the data are no longer needed for the purposes for which they were collected or otherwise treated,
if you withdraw the consent and there is no other legal basis for processing,
if you object to processing and there are no overriding legitimate reasons for processing,
the data were processed illegally,
the data must be deleted in order to fulfill legal obligations under EU or Member State law applicable to the controller.
However, as an individual, in the specific cases described in paragraph 3 of Article 17 of the GDPR, you do not have the right to delete the data.
- Right to limit processing: As an individual, you have the right to have the controller limit processing when there is one of the following situations:
- if you dispute the accuracy of the data for a period enabling the controller to verify the accuracy of the data,
- processing is illegal and you are opposed to deleting the data and instead requesting a restriction on its use,
- the data controller no longer needs it for processing purposes, but you need it to enforce, execute and defend legal claims,
- You have filed a processing complaint until it is verified that the legitimate reasons of the Manager outweigh your reasons.
- Right to data portability: as an individual, you have the right to receive personal information regarding you which you have provided to the Manager in a structured, commonly used and machine-readable form, and you have the right to pass that information to another controller without the controller who provided the personal data obstructed you when:
- processing is based on consent or on a contract, and e-processing is performed by automated means.
- As an individual, you have the right to transfer personal data directly from one controller (provider) to another, where technically feasible, in the exercise of that transferability right.
- Right to object to processing: as an individual, on grounds relating to your particular situation, you have the right at any time to object to the processing of personal data necessary for the performance of tasks in the public interest or in the exercise of public authority conferred on the controller (point (e)) Article 6 (1) GDPR) or is necessary because of the legitimate interests pursued by the Manager or a third party (Article F (f))
- 6 (1) GDPR), including the creation of profiles based on the aforementioned treatments; The controller shall cease processing personal data unless it demonstrates compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or for the enforcement, enforcement or defense of legal claims.
Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles insofar as such direct marketing is concerned; when an individual objects to processing for direct marketing purposes, the data are no longer processed for that purpose.
Where data are processed for scientific, historical, research or statistical purposes, the individual has the right to object to the processing of data relating to him / her for reasons related to his / her particular situation, unless the processing is necessary to perform the task being performed. for reasons of public interest.
Right to lodge a complaint with the supervisory authority: Without prejudice to any other (administrative or other) remedy, you have the right, as an individual, to file a complaint with the supervisory authority, especially in the country in which you have your habitual residence, or in which the alleged infringement occurred (in Slovenia it is the Information Commissioner) if you believe that the processing of personal data concerning you violates the rules on personal data protection.
Without prejudice to any other (administrative or extrajudicial) remedy, as an individual, you have the right to an effective remedy against a legally binding decision of the supervisory authority in relation to it, as well as in cases where your supervisor does not hear or appeal you. it shall not inform the State of the matter or the decision on the appeal for three months. The courts of the Member State where the supervisory authority is domiciled shall have jurisdiction over the proceedings against the supervisory authority.
An individual may submit all requests concerning the exercise of rights regarding personal data, addresses, in writing, to the Manager at firstname.lastname@example.org
For the purpose of reliable identification in case of assertion of rights related to personal data, the controller may request additional information from the individual, and can only refuse to act if it proves that it cannot reliably identify the individual.
At the request of the data subject, the controller must reply without undue delay and at the latest within one month of receiving the request.
9. Notification to the supervisory authority of a breach of personal data protection
In case of breach of personal data protection, the controller is obliged to inform the competent supervisory authority thereof, unless it is likely that the breach did not endanger the rights and freedoms of individuals. When a violation is suspected of having committed a crime, the operator is obliged to inform the police and / or the competent prosecutor's office of the violation.
In the case of an infringement which may cause a great risk to the rights and freedoms of individuals, the Operator is obliged to immediately or irregularly violate it. where this is not possible, inform the data subjects without undue delay. The notice to the individual must be made in a clear and clear language.
SICOM HOTELI D.O.O.