Privacy Policy

This information on the processing of personal data is intended for individuals who visit the website hotel-lipa.si.

Purpose of processing and types of personal data

The controller processes your personal data you visit spiroteh.com to monitor and ensure the operation and security of the website.

During your visit, the following data is processed:

• Time of access to the website
• Your IP address
• The address of the (sub)page visited
• Browser settings and information about the operating system of your device
• The content you access on the website

The processing of this personal data is necessary for website functionality and involves essential cookies. You can obtain more information on the cookies we use in our Cookie Policy.

Legal basis for the processing of personal data

This processing is carried out on the basis of the controller’s legitimate interest (Article 6(1)(f) of the General Data Protection Regulation (GDPR)).

Explanation of legitimate interests

The controller may process the personal data of individuals visiting the website for the following reasons:

Ensuring Information Security

The controller processes personal data to ensure the security and operation of information systems, prevent unauthorized access, and respond to security threats. This includes technical maintenance of the website and related services, which may involve personal data of customers and visitors.

Preventing and Detecting Abuse

In cases of suspected abuse or criminal conduct, the controller may process user data to identify and prevent potential fraud or abuse (e.g., maintaining a blacklist) and may share this information with relevant authorities if necessary.

Categories of Recipients of Personal Data

The controller may share personal data of website visitors with:

• External IT service providers
• State authorities, upon request or in cases of suspected criminal conduct

We have established appropriate processing agreements with these processors, requiring them to ensure the security of personal data in accordance with applicable laws.

Period of Personal Data Storage

Data regarding individual activity on the website (such as IP address) will be processed and stored only for the duration specified in the Cookie Policy, unless incidents or violations occur. Data collected during identified abuse may be retained permanently.

Rights of the Data Subject

Individuals may request access to their personal data, its rectification, erasure (except for blacklisted individuals), restriction of processing, and the right to object to processing based on legitimate interest. To exercise your rights, please contact us at PERKOLIČ, d.o.o., Kranjska Gora, Koroška ulica 14, 4280 Kranjska Gora, or via email at info@hotel-lipa.si.

Right to Lodge a Complaint with the Supervisory Authority

We strive to process your personal data lawfully and to protect it with appropriate measures. If you believe your personal data is processed in violation of applicable regulations, you have the right to file a complaint with the Information Commissioner of the Republic of Slovenia (Dunajska cesta 22, 1000 Ljubljana; email: gp.ip@ip-rs.si; phone: 012309730; website: www.ip-rs.si).

For more information on analytical and advertising cookies, please also follow the link to the Cookie Policy which is an integral part of this Privacy Policy.

This information is intended for individuals who make a reservation or check in at Hotel Lipa.

Purpose of Processing and Type of Personal Data

The primary purpose of processing personal data is the conclusion and execution of the contract that an individual enters into with the controller. This includes the following actions:

• submitting an inquiry via online booking portals, email, or phone,
• preparing an accommodation offer,
• carrying out the accommodation within the selected package;

For the conclusion and execution of the contract, the Controller’s General Terms and Conditions apply. The data the controller obtains from the individual when making a reservation are:

• first and last name,
• address,
• email address,
• phone number,
• reservation details (arrival date and time, number of persons, number of rooms, room type, special requests (optional), price),
• payment method, payment provider details, credit card information, information on successful/unsuccessful transaction execution;

The mentioned personal data are collected directly from the individual. Providing this data is the individual’s contractual obligation. Providing the data, except for those marked as “optional,” is necessary for the completion of the reservation in our hotel. If the individual does not provide the data, they will not be able to complete the reservation. Personal data will be used to contact the individual — invitation to complete the reservation, coordination of the reservation, and other communication related to the reservation.

In providing booking portals, we collaborate with the providers Booking.com and Stardekk CV (Cubilis), who act as our processors, partly also as independent controllers of personal data. Additional information on how the aforementioned portals process your personal data can be obtained from their privacy policies:

• Booking Privacy Statement;
• Stardekk NV (Cubilis) Privacy Policy;

Upon arrival, in accordance with the requirements of Article 39 of the Residence Registration Act, we will collect the following personal data from guests:

• date of birth,
• gender,
• nationality,
• type and number of personal identification document;

The aforementioned data, along with personal details such as name, address, and arrival and departure dates, will be forwarded to Agency of the Republic of Slovenia for Public Legal Records and Related Services for fulfilling the obligation of reporting on guests and overnight stays.

The controller may also use the individual’s email address, obtained during the reservation process, for the purpose of direct marketing of its services.

The personal data of an individual may also be processed for the purpose of preventing and identifying abuses and conduct that may have signs of of criminal conduct, to the extent necessary to achieve these objectives. 

Legal basis for the processing of personal data

The legal basis for the processing of personal data in the reservation and accommodation process at the hotel, is the performance of a contract to which the data subject is a party or the performance of an activity at the request of an individual before the conclusion of the contract (point (b) of Article 6 (1) of the GDPR).

The personal data of an individual who makes an online reservation for an overnight stay may also be processed on the basis of legitimate interests pursued by the controller pursuant to point (f) of Article 6 (1) of the GDPR or pursuant to paragraph 2 of Article 226 of Electronic Communications Act (ZEKom-2) and are explained in the following section.

Explanation of legitimate interests

The controller may process the personal data of an individual who makes a reservation or checks in the hotel also for the following reasons:

Implementation of direct marketing

For reasons of pursuing business objectives, the controller may process the personal data of the guests for the purpose of sending advertising electronic messages (paragraph 2 of Article 226 of ZEKom-2) or physical mail (legitimate interest). In this case the controller is entitled to process the individual’s past or unfinished bookings and perform basic segmentation, so he will be able to prepare a relevant message for the individual. Such processing may be objected to by the individual at any time in accordance with the procedure described below. Controller is also entitled to send its messages and correspondence that include marketing content.

For the purpose of preventing fraud and abuse

In its operations, the controller establishes and maintains a list of persons for whom, on the basis of past experience, it assesses that the conclusion of business relations with them is not appropriate. These are guests who have not settled their bill upon departure, who have damaged hotel property or the property of other guests, or who have been aggressive towards other guests and hotel staff.

Categories of Personal Data Recipients

The controller may share the personal data of an individual who makes a reservation and checks in with the hotel with the following entities:

• external IT service providers (website operation, technical maintenance, direct marketing),
• internal reception portal Hotelinco,
• Cubilis and Booking.com portals,
• accounting service (booking of issued invoices),
• payment transaction service providers (transaction execution),
• the Agency of the Republic of Slovenia for Public Legal Records and Services (AJPES), indirectly also to the Police, the Statistical Office, and municipalities,
• state authorities upon their request or in cases of suspected criminal activities,
• state authorities in accordance with their legal powers (e.g. the Financial Administration of the Republic of Slovenia – FURS);

Where applicable the controller has concluded appropriate agreements with the processors in accordance with Article 28 of the GDPR.

Information on transfers of personal data to a third country

Data from email communications, where we use services provided by Microsoft Corporation (USA) or when using Booking Holdings Inc., may be transferred to third countries. These providers process data within the EU-US Data Privacy Framework (DPF) and have appropriate contractual clauses embedded in their general terms and conditions.

Period of Personal Data Retention

Data related to completed contracts will be retained for 10 years from the date of fulfillment. If necessary for legal proceedings, data may be retained longer. Data on blacklists is kept permanently. Personal data for direct marketing will be processed as long as there is a legitimate interest or until you object by unsubscribing.

Rights of the data subject

You may request access, correction, restriction, or transfer of your personal data.

You can exercise your rights by submitting a written request to PERKOLIČ, d.o.o., Kranjska Gora, Koroška ulica 14, 4280 Kranjska Gora, Slovenia, or via email at info@hotel-lipa.si.

You can object to direct marketing processing based on Article 226 of ZEKom-2. This does not affect the legality of prior processing. To unsubscribe, follow the link in marketing emails or contact us.

We will respond to your requests within one month, with the possibility of a two-month extension under certain conditions. If extended, we will inform you within one month of your request.

Right to Lodge a Complaint

We strive to process your data legally and protect it with appropriate measures. If you believe your data is processed unlawfully, you can file a complaint with the Information Commissioner of the Republic of Slovenia (Dunajska cesta 22, 1000 Ljubljana, email: gp.ip@ip-rs.si, phone: 012309730, website: www.ip-rs.si).

This information about the processing of personal data is intended for individuals who contact us via email at info@hotel-lipa.si, by phone, or through social media platforms Facebook and Instagram.

Purpose of Processing and Type of Personal Data

The controller processes the personal data you provide in your email, phone, or via the social media channels, to respond to your inquiries.

Legal Basis for the Processing of Personal Data

This processing is carried out on the basis of the controller’s legitimate interest (point (f) of Article 6 (1) of the General Data Protection Regulation (GDPR)).

The information you provide when contacting us is:

• contact details (name, surname, country, email address, phone number, other information from the social media profile, etc.),
• the content of your message (description of request, inquiry, or reservation), or
• reaction (like, comment, share of a post, tag, etc.)

The controller processes the data for the purpose of communication when you express such a request. Personal data from the contact forms are not used for other purposes. Providing the requested personal data is essential for us to respond to your inquiry.

Categories of Personal Data Recipients

The controller, together with Meta Platforms, Inc., acts as a joint controller in the processing of personal data on social media platforms Facebook and Instagram, as well as in the use of the WhatsApp application. More information about the processing of personal data by Meta Platforms, Inc. can be obtained in their data center via the link “Privacy Center.”

The controller collaborates with processors on technical aspects of electronic communication. Appropriate Data Processing Agreements (DPAs) have been established with service providers.

Information on Transfers of Personal Data to a Third Country

Data from online communication may be transferred to the USA, as the controller utilizes Microsoft Corporation’s email services (One Microsoft Way, Redmond, WA, USA).

Data is transferred outside the EU also within the use of services provided by the joint controller, Meta Platforms, Inc.

Both providers process data under the EU and US Data Privacy Framework and have relevant contractual clauses in place.

Period of Retention of Personal Data

The controller will process personal data from the contact forms until the purpose of their processing is fulfilled, i.e., the completion of communication. If the communication pertains to a contract, data will be retained in accordance with the section “Fulfilling contractual obligations or pre-contractual measures”. The retention period of personal data on social media platforms is determined by the provider, Meta Platforms, Inc.

Rights of the data subject

Individuals may exercise their rights to access, rectify, restrict processing, delete, or object to the processing of their personal data by contacting us at PERKOLIČ, d.o.o., Kranjska Gora, Koroška ulica 14, 4280 Kranjska Gora, Slovenia, or via email at info@hotel-lipa.si.

We will ensure the exercise of your rights within one month of receiving your request. This period may be extended by two months under certain conditions. If an extension is necessary, we will inform you of this and the reasons for it within one month of your request.

The individual to whom the personal data relates has the right to request access to personal data and the correction or deletion of personal data, or restriction of processing concerning them, as well as the right to object to processing and the right to data portability, even in relation to the processing of personal data on social media platforms. These rights can be exercised directly with the provider, Meta Platforms, Inc.

Right to Lodge a Complaint with the Supervisory Authority

We strive to process your personal data lawfully and to protect it with appropriate measures. If you believe your personal data is processed in violation of applicable regulations, you have the right to file a complaint with the Information Commissioner of the Republic of Slovenia (Dunajska cesta 22, 1000 Ljubljana; email: gp.ip@ip-rs.si; phone: 012309730; website: www.ip-rs.si).

In Kranjska Gora, 15. 2. 2025