Cart

Privacy Policy

1. Introductory provisions

Vabo d.o.o. takes special care of the security of your personal data. All personal data provided is treated as confidential and is used only for the purpose for which it was obtained or provided. We manage your personal data with the utmost care, in compliance with applicable legislation and the highest standards for its handling. Among other measures, we safeguard the security of your personal data through appropriate organisational measures, working procedures and advanced technological solutions, as well as external experts, in order to protect your personal data as effectively as possible. In doing so, we apply an appropriate level of protection and reasonable physical, electronic and administrative measures with which we protect the collected data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data or unauthorised access to personal data that has been transmitted, stored or otherwise processed.

This personal data protection statement sets out how the KOPE ski resort processes the personal data that you provide to us directly or indirectly, or that we obtain through our website, as well as the rights to which you are entitled in connection with the processing of personal data.

In this Personal Data Protection Statement, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the "General Data Protection Regulation, GDPR"), we include the following information:

  • contact information of the controller of personal data,
  • the purposes, legal bases and types of processing of various kinds of personal data,
  • the retention period of individual types of personal data,
  • the rights of individuals in connection with the processing of personal data,
  • the right to lodge a complaint in connection with the processing of personal data,
  • the validity of the personal data protection statement.

2. Basic information about the controller

Company name: Vabo d.o.o. podjetje za turizem, trgovino, gostinstvo in logistiko d.o.o.

Registered office: Glavni trg 43, 2380 Slovenj Gradec

Abbreviated name: Vabo d.o.o.

Company registration number: 2191393000

Company VAT number: SI28847261

Activity code: I55.100 – activities of hotels and similar accommodation establishments

Registration: District Court in Slovenj Gradec, entry number: 11001800, dated 03.04.2006

Business accounts:

  • 0400 1004 9185 197 Nova KBM d.d.
  • 1010 0003 9321 758 Banka Intesa San Paolo d.d.
  • 6100 0000 5013 210 Delavska hranilnica d.d.

Company share capital: 2.100.000 EUR

Legal representatives: Boštjan Paradiž (director), Primož Kotnik (executive director), Ingrid Meh (procurator)

3. Which personal data we process

What is personal data?

Personal data is any data relating to an identified or identifiable individual, such as: first and last name, home address, location (a phone may transmit location), online identifier (IP address), email address, telephone number, and the like.

What does the processing of personal data mean and when may personal data be processed?

The processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data may be processed only if so provided by law or if there is an appropriate legal basis.

Among other data, we process the following personal data about an individual:

  • identification data about the individual (first name, last name, address, temporary address, email address, date of birth, tax number, mobile telephone number, your photograph, credit card number).

On each visit to the websites managed by Vabo, a web server log file is automatically stored on the web server (e.g. the IP number – a number that identifies a particular computer or other device on the internet; browser version, the subpage visited, the time and duration of the visit, the page from which the file was requested, the date and time of the request, the time spent on the website, the amount of data transferred, the access status – whether the file was transferred or was not found, and the like). The contractual processor (the web server hosting provider) processes personal data only for the purpose of providing the service of maintaining the website at the company's web address.

Within these purposes, the websites use cookies, the nature of which is presented in more detail in the Cookie Policy. This data is processed for the purpose of keeping statistics of visits to our website, for improving the operation of the websites and for ensuring the security of information systems.

Vabo establishes contact with individuals and the wider public through the digital social networks Facebook, Instagram and Youtube, which is why it is important that individuals also familiarise themselves with the rules of these networks, that is, with their privacy policies and privacy settings.

When you access a Facebook account or Kope's online services through digital social networks, or connect to a service via a digital social network, the data about you may also include the user identification and/or user name associated with the particular digital social network, all data or content that you allow the digital social network to share with us, such as a displayed photograph, email address or list of friends, and all data that you have publicly published in connection with the particular social network.

You can obtain more detailed information about the purposes and scope of the processing of personal data by providers of digital content directly from the providers of these services, the operators of these social digital networks, or directly within these digital social networks. Vabo d.o.o. assumes no responsibility for the protection of your personal data within the aforementioned social networks, online services and all the websites belonging to them.

Within the framework of scientific research, in addition to the above, we may process additional personal data for each piece of research or study. The type and scope of personal data may differ in such cases; additional information about this will accompany the research or study in question.

4. For what purposes do we process your personal data?

The personal data of individuals is processed for the following purposes:

  • the operation of the company,
  • providing information regarding the implementation of programmes and activities, informing about benefits and news;
  • creating and distributing publications;
  • informing about current events and sending newsletters, invitations to participate, information about prize draws;
  • sampling, surveying, statistical and market analyses;
  • segmentation of users.

The personal data we obtain from visitors on our websites is processed for the following purposes:

  • to prepare statistical data about users,
  • to promote security and improve our websites, and
  • to improve our services.

5. What is the legal basis for the processing of personal data?

In order for us to process your personal data, there must be a legal basis for doing so, as set out in the General Data Protection Regulation, GDPR. Processing is lawful only if and to the extent that at least one of the following conditions is met:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of such data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

At Vabo d.o.o., the legal basis depends on the type of personal data, that is, whether the processing is for the performance of a contract or contractual relationship, processing for the fulfilment of a legal obligation, processing for the pursuit of a legitimate interest, or processing on the basis of your consent.

a. Processing for the performance of a contract or contractual relationship

Within the framework of exercising the contractual and obligational rights and obligations of Vabo d.o.o. towards individuals.

b. Processing for the fulfilment of legal obligations

We must process certain data about individuals on the basis of legislation, such as the Occupational Safety and Health Act, the Act on the Protection of Documentary and Archival Material and Archives, and others.

c. Processing for the pursuit of a legitimate interest

On the basis of a balancing of interests, we may carry out the processing of your personal data for the purpose of protecting the legitimate interests of ourselves or of third parties. In any case, the processing of data is carried out in the following cases for the protection of legitimate interests:

  • measures for the management and further development of our services and products;
  • keeping records of the personal data of users in order to improve services for all users;
  • measures to protect against unlawful conduct;
  • within the framework of legal proceedings.

This means that we process your data for purposes such as the following:

  • providing, maintaining and improving our services to meet users' needs,
  • developing new services useful to visitors,
  • understanding how individual users use our services, so that we can ensure and improve the operating efficiency of our services.

d. Processing of personal data on the basis of consent

If none of the previously mentioned legal bases for the processing of personal data applies, we will ask you for your consent to the processing of certain personal data.

You may withdraw your consent at any time.

  • Unsubscribing from postal newsletters: send an email to the email address rezervacije@kope.si.
  • Unsubscribing from e-newsletters: in the e-newsletters that you receive by email, an "Unsubscribe" link is published in the footer of the message; click on it and follow the unsubscribe procedure.

At events organised by Vabo d.o.o., image recording is occasionally carried out, which includes photographing participants or video recording of the event. When recording images at events, the company reserves the right to photograph participants even without their express consent, where this involves the image recording of a larger number of participants, in which the individual is not the central subject of the image, and it therefore cannot be claimed that the photograph constitutes their personal data.

The company carries out video surveillance. Every visitor who enters a video surveillance area is informed of this through notices about the carrying out of video surveillance. Video surveillance recordings are retained for up to 60 days.

6. Retention period of personal data

The retention period of data is determined according to the category of the individual personal data. We retain data for no longer than is necessary to achieve the purpose for which it was collected or further processed, or until the expiry of the limitation periods for the fulfilment of obligations or the legally prescribed retention period.

  • Web server log files: 30 days;
  • First and last name, address, temporary address, date of birth, tax number: permanently, or until withdrawal, or for the period determined by the relevant legislation (e.g. tax legislation);
  • Telephone number: permanently, or until withdrawal by its holder;
  • Email address: permanently, or until withdrawal by its holder;
  • Credit card number: not retained;
  • Photograph: 2 years after the last activity.

After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymised, unless the law provides otherwise for the particular type of data.

7. Rights of the individual in connection with the processing of personal data

We ensure the exercise of your rights in connection with the processing of your personal data without undue delay. We will decide on your request within one month of receiving your request. In the event of complexity and a large number of requests, we may extend this period by a maximum of two additional months. If we extend the period, we will inform you of any such extension within one month of receiving the request, together with the reasons for the delay.

You may send requests in connection with the exercise of your rights via the email address rezervacije@kope.si or by post to our address.

Where you submit a request by electronic means, we will, where possible, provide the information by electronic means, unless you request otherwise.

Where there is reasonable doubt concerning the identity of the individual who submits a request in connection with any of their rights, we may request the provision of additional information necessary to confirm the identity of the data subject.

We enable you to exercise the following rights in connection with the processing of your personal data:

  • (i) the right of access to data
  • (ii) the right to rectification
  • (iii) the right to erasure ("right to be forgotten")
  • (iv) the right to restriction of processing
  • (v) the right to data portability
  • (vi) the right to object

(i) The right of access to data

You always have the right to be informed whether personal data concerning you is being processed and, if so, to access the personal data and the following information:

  • the purposes of the processing,
  • the types of personal data being processed,
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed,
  • the envisaged retention period of the personal data, or, if this is not possible, the criteria used to determine that period,
  • the existence of the right to request from the controller the rectification or erasure of personal data or the restriction of the processing of your personal data, or the existence of the right to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where the personal data is not collected from you, any available information regarding its source.

(ii) The right to rectification

You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(iii) The right to erasure ("right to be forgotten")

You have the right to obtain, without undue delay, the erasure of your personal data where one of the following grounds applies:

  • where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
  • where you withdraw the consent on which the processing is based, and there is no other legal basis for the processing,
  • where you object to the processing of the data and there are no overriding legitimate grounds for its processing,
  • where the personal data has been processed unlawfully,
  • where the personal data has to be erased for compliance with a legal obligation under EU law or the Slovenian legal order.

(iv) The right to restriction of processing

You have the right to obtain the restriction of the processing of your personal data where one of the following applies:

  • where you contest the accuracy of the data, for a period enabling us to verify the accuracy of the personal data,
  • the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of its use,
  • we no longer need your personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims,
  • where you have lodged an objection in connection with processing based on the legitimate interests of the company, pending the verification of whether our legitimate grounds override your grounds.

Where the processing of your personal data has been restricted in accordance with the previous paragraph, such personal data, with the exception of its storage, is processed only with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person.

Before the restriction of the processing of your personal data is lifted, we are obliged to inform you of this.

(v) The right to data portability

You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller without hindrance from the original controller, where the processing is based on your consent and the processing is carried out by automated means. At your request, where this is technically feasible, the personal data may be transmitted directly to another controller.

(vi) The right to object

Where we process your personal data on the basis of a legitimate interest and use it for marketing purposes, you may object to such processing at any time.

We will cease processing your personal data, unless we demonstrate compelling grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

8. The right to lodge a complaint in connection with the processing of personal data

You may send any complaint in connection with the processing of your personal data via the email address rezervacije@kope.si or by post to our address.

In the event that we do not decide on your request within the statutory period or we reject your request, you have the option of lodging a complaint with the Information Commissioner.

You also have the right to lodge a complaint directly with the Information Commissioner if you consider that the processing of your personal data infringes Slovenian regulations or EU regulations in the field of personal data protection.

If you have exercised the right of access to data and, after receiving the decision, you consider that the personal data you received is not the personal data you requested, or that you did not receive all the requested personal data, you may, before lodging a complaint with the Information Commissioner, lodge a reasoned complaint with the company within 15 days. We must decide on your complaint as on a new request within eight working days.

9. Final provisions

For all matters not set out in this Personal Data Protection Statement, the applicable legislation shall apply.

10. Data Protection Officer

The Data Protection Officer at Vabo d.o.o.