Personal data protection
We respect your privacy and take care of the security of your personal data at Terme Dobrna d.d. We are committed to data protection and ensuring security and confidentiality in accordance with applicable laws and regulations, as well as the company's internal general acts governing personal data protection.
The Company's Privacy Policy and Cookie Policy provide you with information about the processing of your personal data.
The information on the processing of personal data is valid as of 30.11.2020.
PRIVACY POLICY
As part of the Privacy Policy, the current page provides you with all the key information on the protection of personal data in the company Terme Dobrna d.d., including the collection, storage, purpose, and processing of personal data collected from users by the controller, as well as your rights and how to exercise them.
PERSONAL DATA COLLECTION CONTROLLER
Your personal data controller is the company Terme Dobrna d.d., Dobrna 50, 3204 Dobrna, registration number: 5053587000, tax number SI 94639272, e-mail: info@terme-dobrna.si.
OBTAINING YOUR PERSONAL DATA
We obtain your personal data during the course of legal business operations, specifically: when you identify yourself when using our services (reservations, contractual, marketing, analytical, payment, and legally harmonised activities related to the provision of core business), when you contact us by e-mail, telephone, in writing, or through social media, when you fill out any entry forms, subscribe to our services, use our website and its functions, or in any other way.
We also use cookies and similar technologies to collect data about how you use our website. More information on how we use these technologies for personal data collection can be found in our COOKIE POLICY.
PERSONAL DATA CATEGORIES AND PURPOSE OF USE
Personal data is only used and processed in accordance with a legal basis, a legitimate interest, and a statement of consent for the specific purpose of collection, as described below.
Personal data categories obtained and processed on the basis of the aforementioned bases, as well as their intended use:
| Personal data category | Purpose |
| Name, surname and contact details (address, e-mail, phone) |
Reservations, contractual, marketing, analytical, payment, and legally harmonised activities related to the provision of core business operations; sending of mail, e-mails, customised offers. |
| Information about your date of birth: | Applications for temporary residence in the event of a stay; verification of age/adolescence. |
Gender, nationality, type and number of identification document |
Registration of temporary residence in the event of a stay; gender data is collected in order to send personalised offers (based on consent). |
| Payment data | Payment and refund arrangements. |
| Data on your reservations, stays, and purchases | Providing services, resolving complaints, and sending personalised offers. |
| Health data | Treatment and rehabilitation of patients in spas and outpatient settings, as well as monitoring the quality and safety of health care |
| Data obtained through prize games or promotional activities | Implementation of such activities. |
Data obtained for direct marketing purposes (or for communication) |
For the purposes of direct marketing, with express consent, and For the purposes of direct marketing, on the basis of legitimate interests, with a clear possibility of objection under Article 21 of the General Regulation. |
DATA PROVIDED BASED ON CONSENT
When we ask you, as an individual, for consent to process personal data for which we do not demonstrate another legal basis, we process your personal data exclusively based on your valid consent for a specifically defined purpose and through the communication channel selected by you:
- Address of residence and email address - e-notification (for the purposes of notification and communication, marketing; the data is obtained when the guest registers at the reception);
- Mobile number - SMS messaging (for the purposes of notification and communication, marketing; the data is obtained when the guest registers at the reception or upon providing consent for SMS messaging on our website). This area, together with ZVOP-2, is also regulated by ZEkom-2;
- Photos, videos, and other content related to the individual (e.g., posting pictures of individuals on the website for the purpose of documenting activities and informing the public about the company's work and events);
- Other purposes for which the individual agrees with consent.
If an individual gives consent for the processing of personal data and at some point, no longer wishes to do so, they can request the cessation of personal data processing by submitting a request or immediate unsubscribe: via email or regular mail to Terme Dobrna d.d. or by direct unsubscribe with each notification, in accordance with the channel through which the notification was received.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Upon receiving the withdrawal or request for deletion, the data will be deleted no later than 15 days. The company may also delete this data before the withdrawal if the purpose of processing the personal data has been achieved or if required by law.
The legal basis for data processing is consent. Data will be processed until the withdrawal or cancellation of consent - unsubscribe or until the purpose of processing is fulfilled. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
STORAGE PERIOD
We retain your data for the duration of the business relationship or for the purposes specified in this Privacy Policy, unless a longer retention period is required or permitted by law, in whole or in part.
Personal data obtained on the basis of a legitimate interest are retained for the duration of the business relationship or purpose, plus 5 years for possible legal claims assertion and defence (such as the general statute of limitations under the Code of Obligations). Personal data on accounting documents must be kept for 10 years from the date of issue due to tax regulations.
The data obtained with consent are kept until the consent is revoked or the purpose expires, at which point the collection or personal data (of the individual) are immediately and effectively deleted.
Data obtained under the Residence Registration Act (during a guest's registration) are kept for one year from the expiration of the last day of the year of deregistration, or for 5 years in the case of claims (during this time the data is not active and is not in use.).
Medical records are kept in accordance with the Health Care Databases Act and are subject to a strict security policy.
In exceptional cases, we may process your personal data for a longer period of time if required by applicable laws in the Republic of Slovenia.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
We handle your personal data with care and responsibility, as we want to maintain your trust in the future.
In general, only our professionally qualified employees within the scope of their responsibilities process your personal data. We only transfer personal data of guests for external processing to contractual processors who process the data solely within the framework of the concluded personal data processing contract.
Personal data files are stored on the premises where the activity occurs, i.e. within the EU, and are not exported to third countries.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
We handle your personal data with care and responsibility, as we want to maintain your trust in the future.
In general, only our professionally qualified employees within the scope of their responsibilities process your personal data. We only transfer personal data of guests for external processing to contractual processors who process the data solely within the framework of the concluded personal data processing contract.
Personal data files are stored on the premises where the activity occurs, i.e. within the EU, and are not exported to third countries.
AUTHORISED PERSON FOR PERSONAL DATA PROTECTION
Terme Dobrna d.d. has designated an authorised person for the protection of personal data, who will assist you with personal data processing and exercising your rights.
You can exercise your rights in the field of personal data protection in the most accessible way possible by using any information channel (oral/written, by telephone, online, by post, or in person at the reception), namely:
- to our address: TERME DOBRNA D.D., DOBRNA 50, 3204 DOBRNA,
- via our e-mail address: info@terme-dobrna.si
- in person at hotel receptions and by phone at 00386 3 7808 110.
USER RIGHTS
When exercising your rights and issues related to your personal data and exercising your rights under the General Regulation on Personal Data Protection, you can contact the designated authorised person for personal data protection at Terme Dobrna d.d.
To ensure fair and transparent processing of personal data, the individual whose personal data is processed may: request access-acquaintance, supplementation/correction, blocking or restricting the processing of personal data related to them, or deletion of personal data related to them.
Individuals have the right to revoke their consent to the processing of their personal data (for one or more specific purposes) at any time, permanently or temporarily, in whole or in part. The individual does so in the most accessible way possible, which can be accomplished through any of the available information channels (orally/in writing, by phone, online, by post, or in person at the reception).
