PRIVACY POLICY

We handle your personal data lawfully, fairly, securely, and transparently. We are aware of the responsibility you entrust us with when sharing your personal information. Below you will find all key information regarding data processing, our obligations, and your rights.

DATA CONTROLLER

The data controller is the company GOSTILNA "PRI KOVAČU" SVETEK ANTON, s.p.
Cesta II. grupe odredov 82, 1261 LJUBLJANA-DOBRUNJE
Phone: 01 5429 577
Email: info@gostilna-pri-kovacu.si

PURPOSES OF DATA PROCESSING

We process personal data for the following purposes and in accordance with one of the six possible legal bases (consent, conclusion or performance of a contract, legal obligations, protection of vital interests, tasks in the public interest, legitimate interests of the controller or third parties) and for the specific period when necessary.

Purpose of processing	Legal basis for processing	Processing period
Inquiries about products and services Inquiries, additional information, service orders	Conclusion or performance of a contract	entire duration of the contractual relationship and 10 years after its end

TYPES OF PERSONAL DATA

To provide you with favorable contract conclusion and execution, we process various types of personal data.

Type of data	Source of data
Customer data Identification and contact details, preferences, requests, consents, inquiries, data on purchases, rentals, packages, data from written, phone or personal interactions	individual publicly available sources our own records

RECIPIENTS OF PERSONAL DATA

We use personal data within our company as the controller and, in certain cases, share it with our contractual processors who are bound to strict data protection. If you choose to participate in one of our prize draws or communication campaigns, we will share your personal data with a selected partner in that prize draw or campaign (suppliers of various goods).

TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Personal data may be transferred to countries outside the European Union, but only to companies listed under the Privacy Shield framework, ensuring adequate data protection and rights as per Article 49 of the Regulation.

AUTOMATED DECISION-MAKING

Our company operates fully digitally; however, all decisions regarding contractual relationships and other legally significant matters are made by our employees with appropriate IT support.

YOUR RIGHTS

The Constitution of the Republic of Slovenia, as well as applicable EU and national legislation, provide you with a number of privacy and data protection rights, including the following:

• Right to be informed about the processing of your personal data (this text serves as part of that right);
• Right of access means you have the right to obtain confirmation from us, as the controller, as to whether or not personal data concerning you is being processed, and access to such personal data and additional information (purposes of processing, types of data, data recipients, retention period, existence of rights and complaint options, data sources, any automated decision-making or profiling);
• Right to rectification means you have the right to have inaccurate personal data concerning you corrected without undue delay. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement;
• Right to erasure, also known as the "right to be forgotten", means you have the right to have personal data concerning you erased without undue delay, provided that the prescribed conditions are met (processing is no longer necessary, consent is withdrawn with no other legal basis, justified objection, unlawful processing, deletion required by law, etc.);

• Right to restrict processing means you have the right to have the controller limit the processing of your data if you contest the accuracy of the data, have objected to the processing, if the processing is unlawful, or if the data is no longer needed by the controller but required for the establishment, exercise, or defense of legal claims;

• Right to data portability means you have the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance (applies to data processed automatically based on consent or contract);
• Right to object means you may object to certain types of data processing (public interest, legitimate interest of the controller, marketing purposes) at any time. We must then prove legitimate grounds for processing or cease processing (always in case of marketing);
• Rights related to automated processing and profiling means you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects, unless it is necessary, prescribed, or you have explicitly consented.
• For the exercise of your rights, or if you need additional information or clarification, we will gladly assist you via email: info@gostilna-pri-kovacu.si

If you believe your rights or data protection regulations have been violated, you can file a complaint with the competent national authority. In Slovenia, this is the Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, Phone: 01 230 97 30, Fax: 01 230 97 78, Email: gp.ip@ip-rs.si).