Show menu

Protection of personal data

At Sava Turizem d.d. we are committed to respecting your privacy and to providing security of your personal data.

Privacy Protection

Information about privacy protection, written below, unites all key information about personal data protection at Sava Turizem d.d. in one place – what type of personal data is collected and why it is processed, who we send it to, what are your rights connected to personal data and how you may realise them.

The effective date of these rules about privacy is 25 May 2018.

Last change: 23 November 2018

Operator of your personal data is Sava Turizem d.d., Dunajska 152, 1000 Ljubljana, registration number: 5301971, tax ID number: SI53667409, e-mail: dpo@sava.si.

How do we collect your personal data?

What kind of personal data is used and for what purpose?

Your data is only processed in the context of legal bases and selected purposes. The following table provides a detailed presentation on how we process individual data and why.

Your first name, last name, and contact data (address, e-mail, telephone)

Used for:	Why? On what legal basis?
Preparation of offers and conclusion of a contract; Direct communication with you related to your purchases of our services and demands that we receive from you.	So that we may carry out obligations from our mutual contract and send you an offer, confirmation of offer, the ordered product (e.g. gift voucher) and to contact you for everything connected to the execution of purchase or using services. Without this data we cannot conclude or carry out our contract with you or offer you items or services that you demanded. The legal basis is the Accommodation or Services Use Agreement - Article 6/I (b) of the General Data Protection Regulation.
Sending an e-mail before and after your stay	To remind you about your reserved accommodation and to let you know about reservation details before your arrival, whereas after your stay we check if you were satisfied with the carried out service. The legal basis is the legal interest of Sava Tourism aimed to provide a complete service to our guests, to present other services that you can use during your stay and to appropriately respond in cases when you are not satisfied with our services - 6/I (f) of the General Data Protection Regulation.
Sending mail, e-mail or SMS with current offers and news.	So that you may receive all updates about our offer. In accordance with the applicable legislation, we occasionally send mail and e-mail to all existing customers, whereas we only send an SMS in case of your consent. You can turn down use of your data for this purpose at any time. The legal basis is Article 72/II of ZVOP-1 (ordinary mail and calls), Article 158/II of ZEKom-1 (e-mail), consent (SMS).
Sending adjusted offers (by mail, e-mail or SMS) on the basis of your expressed interests or past purchases/using our services.	To receive a limited number of offers, which are the most relevant for you – this is only done in case you have given us your consent, which can be withdraw at any time, or you are a member of our loyalty programme. The legal basis is the consent - Article 6/I (a) of the General Data Protection Regulation. For the members of the loyalty programme, the legal basis is the implementation of the Agreement under Article 6/I (b) of the General Data Protection Regulation, whereby the members may object at any time (our ambassadors are separately informed thereof).

Information about your birth date

Used for:	Why? On what legal basis?
Registration of temporary residence in case of your stay with us; verification of age/age of majority.	So that we may carry out our mandatory daily reporting about guests and stays to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services) for the purpose of additional protection and limitation of use in case of minors. The legal basis is the Residence Registration Act in connection with Article 6/I (c) of the General Data Protection Regulation.

Gender, nationality, type and number of ID document

Used for:	Why? On what legal basis?
Registration of temporary residence in case of staying with us	So that we may carry out our mandatory daily reporting about guests and stays to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services). The legal basis is the Residence Registration Act in connection with Article 6/I (c) of the General Data Protection Regulation.So that we may carry out our mandatory daily reporting about guests and stays to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services).
Information about your gender can be used for sending adjusted offers, e.g. on special holidays (International Women’s Day, etc.)	To receive a limited number of offers, which are the most relevant for you – this is only done in case you have given us your consent, which may be withdrawn at any time, or you are a member of our loyalty programme. The legal basis is the consent - Article 6/I (a) of the General Data Protection Regulation and the membership in the loyalty club - Article 6/I (b) of the General Data Protection Regulation (whereby the members of the loyalty club have the possibility to object). Our ambassadors are separately informed thereof.

Payment Data

This includes data about your credit cardin case you provide it to us.

Used for:	Why? On what legal basis?
Payment and refund management	So that we may carry out obligations from our mutual contract. Without this data we cannot conclude or carry out our contract with you or offer you items or services that you demanded. The legal basis is the Accommodation or Services Use Agreement - Article 6/I (b) of the General Data Protection Regulation. We also need to keep personal data for the needs of the invoice pursuant to the Value Added Tax Act, Payment Services, Services of Issuing Electronic Money and Payment Systems Act and the Tax Procedure Act - 6/I (c) of the General Data Protection Regulation.

History of your contact with us

Content of what you communicated to us, e.g. in a phone call (without recordings of telephone calls), personally to our employees, or in written form.

Used for:	Why? On what legal basis?
Providing optimal services and support	So that we may carry out desired services, because you only expect the best from us. Thus we record your wishes about room type, floor, view or any other special preferences, as well as potential negative experience. . Without this data we cannot conclude or carry out our contract with you or offer you items or services that you demanded. The legal basis is the Accommodation or Services Use Agreement - Article 6/I (b) of the General Data Protection Regulation. Your assessments that serve to improve our services are further processed as a legal interest (6/I (f) of the General Data Protection Regulation).

Information about your reservations, stays and purchases

Used for:	Why? On what legal basis?
Complete performance of using services or purchase	So that we may carry out obligations from our mutual contract – to provide you with adequate performance of ordered services, supply of the right product or to provide you with selected accommodation. Without this data we cannot conclude or carry out our contract with you or offer you items or services that you demanded. The legal basis is the Accommodation or Services Use Agreement - Article 6/I (b) of the General Data Protection Regulation.
To handle complaints	In order to be able to check circumstances and details about the statements in your complaint and to be able to resolve it effectively. The legal basis is the legal interest of Sava Tourism and third parties aimed to prevent the occurrence of material damage and misuse of payment and credit cards - Article 6/I (f) of the General Data Protection Regulation.
Sending adjusted offers (by mail, e-mail or SMS) on the basis of your expressed interests or past purchases/using our services.	To receive a limited number of offers, which are the most relevant for you – this is only done in case you have given us your consent or you are a member of our loyalty programme. The legal basis is the consent - Article 6/I (a) of the General Data Protection Regulation and the loyalty club membership agreement - Article 6/I (b) of the General Data Protection Regulation. You may withdraw your consent at any time. The members of the loyalty will receive the offer within the implementation of the Agreement (Article 6/I (b) of the General Data Protection Regulation), to which the members may object at any time (our ambassadors are separately informed thereof).
(Anonymised) analyses of purchases and used services*	In order to better understand wishes and needs of our customers and guests and to adapt our services and offers in accordance with that. The legal basis is the legal interest of Sava Tourism to optimise its operations and continually improve its services - Article 6/I (f) of the General Data Protection Regulation.

*in such manner that the identity of individual persons cannot be detected or recognised.

Healthcare data

This includes data that we obtain from you in the context of using healthcare services and treatments from healthcare personnel. This data is treated as a special type of personal data, therefore it is stored with higher protection. Only people for whom the legal obligation of protecting professional secrecies applies access this type of data.

Used for:	Why? On what legal basis?
Performance of healthcare services and adequate treatment by healthcare personnel.	To provide healthcare treatments and services and carry them out with the highest possible rate of professionalism. The legal basis for the implementation of health services is the law (primarily the Health Care Act, the Patient Rights Act, the Medical Practitioners Act, the Medicinal Products Act, the Medical Devices Act, the Healthcare Databases Act and other Acts (secondary) that refer to treatment - depending on the type and method of treatment - 6/I (c) of the General Data Protection Regulation. Furthermore, data on the implementation of treatment and services are needed in order to analyse and improve our services (e.g. provision of services at the highest level, prevention of any adverse effects of treatment - the legal basis for this part is the legal interest of Sava Tourism - Article 6/I (f) of the General Data Protection Regulation.

Data provided by you in the context of contests or special promotional activities

Used for:	Why? On what legal basis?
Implementation of contests and promotional activities	In order to check, whether you meet the requirements to participate at the contest or at the promotional activity and to be able to contact you regarding the contest or the promotion – and in case you agree, also for sending further messages with promotional content of our company. In accordance with General terms and rules of an individual contest, personal data of winners is also processed with the purpose of fulfilling mutual rights and obligations from the contest. The legal basis is the consent - Article 6/I (a) of the General Data Protection Regulation and, in the case of tax ID number the Tax Procedure Act - Article 6/I (c) of the General Data Protection Regulation. In the case of your consent regarding the receipt of our offers, the legal basis is the consent - 6/I (a) of the General Data Protection Regulation, which can be withdrawn at any time (see the section on direct marketing).

Explicit consent for data use for the purpose of direct marketing

In various online and/or physical forms of Sava Turizem you have the possibility to choose from one or several types of consent for using your data for the purpose of direct marketing:

1. Consent (6/I (a) of the General Data Protection Regulation in conjunction with Article 158 of ZEKom-1) for general informing about news and special offers by Sava Turizem (by mail, e-mail, SMS, MMS or push notifications)

In this case we process and use merely the data you provided us within the framework of consent for the purpose of informing.

2. Consent (6/I (a) of the General Data Protection Regulation in conjunction with Article 158 of ZEKom-1) for adjusted informing about offers by Sava Turizem regarding your previously used services, consumer behaviour, or expressed interests

Thus, by further processing your personal data, we evaluate personal aspects, such as predicting your interests, behaviour, and personal taste (segmentation and/or profiling) and that way shape an adjusted offer which meets your wants, expressed interest, and personal profile as much as possible.

If you do not write down any date on the form, the date of receipt of your consent at Sava Turizem or the date of entry of the consent into the IT system of Sava Turizem is deemed valid.

Regardless of statements, connected with explicit consent, your personal data, obtained in the framework of legal activities (first name, address of permanent or temporary residence, e-mail address and data you published yourself without any obvious purpose to restrict its additional processing), can also be used in accordance with Article 72 of ZVOP-1 for the purposes of offering similar products and services that you used at Sava Turizem d.d. or expressed active interest in them (e.g. sent a demand). By that we can only use your electronic address after we offer you clear and explicit possibility to reject, simply and without any charges, such use of your electronic address at the time we had obtained it from you.

If you want to cancel your consent or receiving of our marketing messages, you may do so by completing a special form, which is available at all our reception desks and on the website (here) and submit it in one of the specified manners. You may at any time “unsubscribe” from receiving messages through the communication medium, to which you received certain commercial message. Link to unsubscribing or information on how to unsubscribe is stated in each message from Sava Turizem. Your change of consent or selected channels of communication will be recorded in our system in 15 days’ time and we will start to enforce it immediately or in 15 days’ time after the receipt at the latest.

If we do not receive your completely filled in form of consent, it will be deemed that you did not give consent for the purpose of such marketing. Consent is given for the purposes described in the consent and is valid until cancelled. When you partially or completely cancel your consent, Sava Turizem d.d. will no longer use your data for the purposes you provided cancellation, with the withdrawal of the consent shall not affect the legality of the processing until the withdrawal.

Submitting personal data to third persons

We want to deserve and keep your trust; therefore we handle your data with the highest possible level of care. Your personal data is generally processed only by our employees, who are committed to confidentiality and receive regular education and training for safe data handling.

In some cases your data is processed by our outsourcers in our name and in accordance with our instructions. We always conclude an appropriate contract about data processing with our outsourcers, by which we commit them to the same or higher level of security of your data. Outsourcers do not process your personal data for their own purposes. We always choose outsourcers inside the European Union (EU). Whenever personal data processing is not carried out by an operator inside the EU, we provide adequate protective measures.
In particular, outsourcers carry out the following services for us:

postal services and providing e-communication tools;
providing online services and other IT services for our undisturbed operation (website hosting, providers of professional hotel information systems, online advertising agencies, etc.);
professional data analysis in order to better understand wishes and needs of our customers and guests and to adapt our services and offers in accordance with that.Your personal data is generally not submitted to anyone, unless the law demands or if you give us explicit consent or if you authorise a third person to whom we submit your data.

Due to legal obligation some data about your overnight stays is submitted to AJPES and on the basis of reasoned written demand also to other state bodies, which demand this from us for the purpose of conducting certain procedures.

We do not transfer your personal data to third countries except to the Marketo tool, which processes personal data in the United States. Marketo Inc., a tool provider, is included in the Privacy Shield (Commission Implementation Decision (EU) 2016/1250), which has concluded the contract under GDPR with Sava Tourism. The transfer to Marketo is otherwise implemented in encrypted form and based on standard contractual clauses.

How long do we keep your personal data?

Technical and organisational measures for data protection

Your rights regarding your personal data

Regarding your personal data, Sava Turizem provides the following:

the right to introduction to your own personal data: you may get to know all your personal data that was collected in relation to you and its processing, you may also check the legality;
the right to correct or to supplement personal data: without delay we will correct the inaccurate personal data about you;
the right to delete personal data: without hesitation we will delete your personal data related to you in range, which is allowed by the applicable legislation (the data, which we need to carry out the contract you concluded with us and data, which we need to carry out our legal obligations, will not be able to be deleted despite your request);
the right to restrict personal data: you may demand that we limit the processing of your personal data (whenever you dispute the accurateness of your personal data, whenever processing is illegal and in cases Sava Turizem no longer needs your data for processing, but you need it for exercising, carrying out or defending your legal claims);
the right of transferability: if you request so, we may send you our personal data, which you submitted to Sava Turizem, i.e. in CSV format or other structured, generally used and machine readable form or forward it to another operator that you may choose yourself (only in case the latter is technically workable) – you may exercise this right only in the cases where you have provided us your personal data with personal consent or through a contract;
the right to object: whenever you object processing of your personal data or whenever it is carried out for fulfilling legal interests of Sava Turizem d.d. or the third party. You may at any time object to processing your personal data if it is processed for the purpose of direct marketing, including creating profiles if this is connected with such direct marketing.

Every time you exercise any of your rights, you must send us your name and adequate information, which enable us to undoubtedly recognise you in relation to exercising the right (e.g. if you requested us to send you information about your stay with us, we will send you this information (if we still have it) to your home address or e-mail which you provided us during your stay. If you want to receive data to any other address, we will ask you to identify yourself with a personal identity document).

The rights concerning your personal data may only be exercised by you personally, whereas another person may do so in your name only on the basis of your written authorisation.

The request for realisation of individual right may be filed with a completed form, which is available at all reception desks at Sava Hotels & Resorts destinations. Your claim will be processed at Sava Turizem and you will receive our answer without unnecessary delay or in one month’s time at the latest.

More information and help in exercising the stated rights can be found at the Personal Data Protection hyperlink. In case of questions about personal data protection at Sava Turizem you may also contact our authorised person for personal data protection at Sava Turizem.

If you think that Sava Turizem did not adequately address your request, you may file a complaint in 15 days’ time from receiving the answer. You have the right to file a complaint at the supervisory authority, i.e. the Information Commissioner for the area of the Republic of Slovenia, whose contact data is available here.

For additional information about your rights regarding your personal data, including certain restrictions that apply for some of these rights, we recommend reading Articles 12 – 23 of the EU General Data Protection Regulation (the so-called GDPR), which is available here.

Authorised person for protection of personal data

General

The Individual's Rights

SSava Turizem d.d. has appointed a person authorized for personal data protection who can be contacted for all matters relating to your personal data and to the exercise of your rights under the General Data Protection Regulation.

Please feel free to submit any requests you have in connection with your rights in the field of personal data protection, as well as complaints or questions in this area:

To our address: Sava Turizem d.d., Dunajska cesta 152, 1000 Ljubljana, Slovenia,
To our e-mail address: dpo@sava.si,
Personally at the hotel reception,
At our telephone number: +386 4 206 51 38.

Pursuant to the General Regulation, your request must be complete and comprehensible; therefore, we have prepared the following forms, which might be of help in exercising your rights:

In order to avoid unauthorized access to your personal data and to ensure the accuracy of the data, please identify yourself upon the submission of the request (for example with a personal document).