info@soncnopolje.si +386 (0)31 720 200
Reservierung

Privacy policy

The purpose of this Privacy Policy is to inform users (hereinafter also referred to as: the individual or you) of the website www.soncnopolje.si (the “website”) of the purposes and legal basis for the processing of personal data by GREDE Tešanovci d.o.o., Tešanovci 39, 9226 Moravske Toplice (hereinafter: GREDE Tešanovci, the company, we or the controller).

We process, store and protect all personal data in accordance with applicable legislation governing the protection of personal data, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter: ZVOP-2). Please read our Privacy Policy carefully to understand how we protect your privacy.

By providing your personal data, you confirm that you have read our Privacy Policy and are aware of the methods of processing and the legal basis for the processing of personal data. If you do not agree with the methods of processing, please do not provide us with your personal data.

BASIC TERMS

The following describes the basic terms you will encounter when reading our Privacy Policy:

Personal data: personal data is information that identifies an individual as an identified or identifiable natural person. An individual is identifiable when they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

Data subject: means an identified or identifiable natural person whose personal data is processed by a controller who is responsible for the processing.

Processing of personal data: means any operation or set of operations which is performed on personal data, in particular collection, recording, organising, storing, adapting or altering, accessing, using, disclosing by transmission, communicating, disseminating or otherwise making available, aligning or combining, blocking, anonymising, erasing or destroying personal data. Processing may be manual or automated.

Restriction of processing of personal data: means marking stored personal data with the aim of restricting their processing in the future.

Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Automated decision-making: means a decision based solely on automated processing (including profiling) which produces legal effects concerning the data subject or similarly significantly affects the data subject.

Anonymisation: means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable individual.

Data controller: means a natural or legal person, or any other body, authority, agency or other entity, whether public or private, which, alone or jointly with others, determines the purposes and means of the processing of personal data; or a person designated by law which also determines the purposes and means of the processing.

Personal data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient of personal data: means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. Public authorities which may obtain personal data in the course of their enquiries, as provided for by EU or Member State law, are not considered to be recipients; however, their processing of personal data must comply with the applicable rules on the processing of personal data in relation to the purposes of the processing.

Third party: means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who, under the authority of the controller or the processor, are authorised to process personal data.

Consent of the data subject: the consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

DATA CONTROLLER AND DATA PROTECTION OFFICER

The data controller is GREDE Tešanovci d.o.o., Tešanovci 39, 9226 Moravske Toplice, tax number: SI 97877999, registration number: 1683292000, email: info@soncnopolje.si.

Out company does not have a designated data protection officer.

PURPOSE OF PROCESSING, LEGAL BASIS FOR DATA PROCESSING AND RETENTION PERIODS

  1. VISITING THE WEBSITE

    When you visit the website, we store your IP address until the end of the session at the latest. If our system determines that you are not carrying out any activities that could compromise the functioning of our website, this data is automatically deleted.

    If our system detects that you are carrying out activities that are clearly unlawful or clearly aimed at disrupting the functioning of the website, your IP address will be permanently stored and added to our system’s IP blacklist, thereby preventing you from continuing to use the website.

    Legal basis: for the processing of personal data: on the basis of its own legitimate interest (Article 6(1)(f) of the General Data Protection Regulation), the controller also processes personal data for the purpose of website security and the prevention of illegal activities on the website (such as hacking, phishing, etc.).

    Categories of recipients: the website hosting provider and the security solutions provider. These users process personal data exclusively in accordance with the controller’s instructions and under the controller’s supervision.

    Retention period: depends on the cookies set. Further information can be found in the »Obvestilo o piškotkih« section on the company’s website.
  2. SUBSCRIBE TO THE NEWSLETTER

    If you have subscribed to the newsletter on the website using your first name, surname and email address, you consent to us sending you the latest news. You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletters you receive. When completing your booking, you may have consented to us using your booking details to send you personalised news or notifications. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in the emails you receive. We will also process your personal data for the purpose of sending our newsletters and offers if you have booked a service with us and have not opted out of receiving such communications (Article 226(2) of ZEKom-2). You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletter you have received.

    Legal basis: individual consent pursuant to Article 6(1)(a) of the GDPR; in the case of a customer, legitimate interest (Article 6(1)(f) of the GDPR, in conjunction with Section 226(2) of ZEKom-2).

    Kategorije uporabnikov: ponudnik gostovanja spletne strani, ponudnik pošiljanja e-poštnih sporočil, s katerimi imamo sklenjeno ustrezno pogodbo skladno z 28. členom GDPR.

    Retention period: until further notice.
  3. BOOKING SERVICES ON THE WEBSITE

    If you book a specific service on our website, we will require your personal data, such as: first name and surname, address, telephone number, email address, payment details, and date of birth. We require this information to process your booking, issue an invoice, send you booking details, and resolve any complaints. You will receive a copy of your booking via email, in accordance with General terms and conditions. We require your telephone number so that we can quickly resolve any issues and communicate with you regarding your booking. We also require this information in the event that you fail to settle your outstanding balance. All this information is therefore necessary to complete the booking. To help us improve our services in the future, we may occasionally ask you via email to provide your feedback on the service you have booked. If you do not wish to provide us with your details, we will not be able to process your booking via our website.

    If you make a booking via online booking platforms (e.g. Booking.com), we receive your personal data from these platforms for the purpose of providing the accommodation service. The booking platforms act as independent controllers of personal data.

    Legal basis: performance of a contract (Article 6(1)(b) of the GDPR), legal obligation (to comply with obligations arising from tax legislation); in accordance with the applicable legislation of the Republic of Slovenia, we are obliged to submit guests’ personal data to the eTurizem system (AJPES) for the purpose of guest registration and deregistration and the calculation of tourist tax).

    Categories of recipients: website providers, booking platform providers for the purpose of processing bookings, with whom we have concluded appropriate contracts in accordance with Article 28 of the GDPR, and government authorities (FURS, AJPES).

    Retention period: We store this data for 5 years from the completion of the purchase or the settlement of all obligations; for tax purposes, for 10 years.
  4. COMPLETING THE CONTACT FORM

    We process your personal data, such as your first name, surname and email address, for the purpose of communicating with you. If you do not wish to provide your personal data on the form, we will not be able to answer your questions.

    Legal basis: performance of a contract in the case of a booking enquiry (Article 6(1)(b) of the GDPR), legitimate interest (communication with the general public) – Article 6(1)(f) of the GDPR.

    Categories of recipients: the website hosting provider with whom we have concluded an appropriate contract in accordance with Article 28 of the GDPR.

    Retention period: until the end of the communication; however, you may request the erasure of personal data at any time prior to this.

CONSENT OF MINORS

We are committed to protecting children’s online privacy and internet safety. We do not offer products or services to children, nor do we knowingly collect or request personal data from children under the age of 15.

Kakršne koli komunikacije, za katere bomo utemeljeno in razumno menili, da prihajajo s strani otroka, mlajšega od 15 let, ne bomo hranili. Starše ali skrbnike otrok, mlajših od 15 let, spodbujamo, da redno preverjajo in spremljajo, ali otroci uporabljajo elektronsko pošto in druge dejavnosti na spletu.

We use all available technology and endeavour to verify whether the person with parental responsibility for the child has given or approved consent.

AUTOMATED DECISION-MAKING AND PROFILING

An individual’s personal data is not subject to automated decision-making, nor is it subject to profiling.

DATA PROTECTION

We are committed to protecting your personal data, which is why we implement appropriate technical and organisational measures to ensure a high level of data protection (some of the measures we implement include: the use of firewalls and data encryption, control of physical access – securing premises and IT equipment, and control of access authorisations to information via a password-based system for user authorisation and identification).

We restrict access to personal data to our employees, service providers and agents who need to know it in order to develop or improve our services.

Please note that our website contains links to other websites which are not owned and/or operated by us. Your use of these third-party services is entirely optional. We are not responsible for the content and/or practices of third parties.

INFORMATION ON INDIVIDUALS’ RIGHTS

With regard to your personal data that we process, you have the right to:

  • to withdraw your consent to the processing of personal data at any time (withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to its withdrawal). If you simply wish to update your personal data, you may contact us at the email address: info@soncnopolje.si.
  • to be informed, i.e. to obtain confirmation as to whether we are processing your personal data;
  • to access your personal data and obtain a copy of this information, as well as information regarding the purposes of processing, the categories of personal data, whether personal data is transferred to a third country or an international organisation, etc.;
  • to have inaccurate personal data relating to you rectified without undue delay, and the right to have personal data completed;
  • to erasure (the right to be forgotten), which means that personal data relating to you may be erased in certain cases where processing is no longer necessary for the purposes for which the personal data were collected or otherwise processed, and in cases where we have collected personal data on the basis of consent and you withdraw your consent to the processing of personal data, etc.;
  • restriction of processing in certain cases, such as where you contest the accuracy of the personal data, etc.;
  • data portability, which means you have the right to receive your personal data in a structured, commonly used and machine-readable format, and the right to transmit your personal data to another controller in certain cases;
  • to object at any time to the processing of personal data concerning you on the basis of our legitimate interest, the right to object to direct marketing and profiling where it is related to direct marketing;
  • to object to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning you or similarly significantly affects you. If the decision is necessary for the conclusion or performance of a contract between you and us or is based on your explicit consent, we will implement appropriate measures to safeguard your rights and freedoms and your legitimate interests, and ensure at least the right to obtain human intervention from the controller, to express your point of view and to contest the decision;
  • the right to lodge a complaint with a supervisory authority, independently of the rights listed above, if you believe that the processing of your personal data constitutes a breach of applicable legislation or the EU General Data Protection Regulation. You may lodge a complaint with the Information Commissioner, Dunajska 22, 1000 Ljubljana, Email: gp.ip@ip-rs.si, Telephone: +386 1 230 97 30, website: www.ip-rs.si.

Regarding your rights, you may contact us at any time by email at: info@soncnopolje.si or by telephone on: +386 (0)2 123 45 67.

We will ensure that your request is dealt with within one (1) month at the latest. You will receive the requested personal data in a structured, machine-readable and commonly used format. The first copy of your personal data, whether in electronic or physical form, is free of charge; any additional copies are subject to a fee.

RETENTION PERIOD FOR PERSONAL DATA

We will retain an individual’s personal data for as long as is necessary to fulfil the purpose for which the personal data was collected and further processed.

We process and store personal data on the basis of consent until such consent is withdrawn.

In some cases, we retain anonymised data for longer, but always in a manner and format that prevents the data from being traced back to you and consequently identifying or profiling you.

We store data processed on the basis of a legitimate interest for a maximum of five (5) years.

Where applicable sector-specific legislation (e.g. tax legislation) stipulates mandatory retention periods for personal data, we will delete personal data upon expiry of the statutory retention period.

TRANSFER OF DATA TO THIRD COUNTRIES

In certain cases, personal data may be transferred to third countries (e.g. if we use IT service providers or email marketing providers based outside the EU). Such transfers are carried out exclusively with the use of appropriate safeguards, such as the European Commission’s standard contractual clauses or other mechanisms that ensure an adequate level of protection of personal data.

LINKS TO OTHER WEBSITES

The website may contain links to third-party websites which are not owned and/or operated by us. These websites have their own privacy policies, which you should review yourself, as the operator accepts no responsibility for them.

Links to social media:

Our website contains links to social media platforms (social media plugins); we have integrated links to Facebook and Instagram, which, when clicked, redirect you to those social media platforms. The processing of personal data obtained by social media platforms when you click on a social media plugin and are redirected to the social media platform is carried out by those platforms in accordance with their privacy and cookie policies.

List of all social networks:

CHANGES TO THE PRIVACY POLICY

We reserve the right, at our sole discretion, to update, amend or replace any part of this Privacy Policy by posting the updated or amended version on the website without prior notice. Any changes will take effect from the date of publication of the amended Privacy Policy on our website.

Published on: 27.03.2026