Right to privacy is one of the most important human rights. In Mison d.o.o., so.p., (hereinafter referred to as Cook Eat Slovenia), we are very well aware of this and we therefore respect the privacy of our customers* and treat their personal data responsibly, carefully and according to the applicable legislation. The access to personal data is permitted only to authorised Cook Eat Slovenia personnel and contracted processors, to the extent and with the purpose strictly necessary for the smooth implementation, assurance and fulfilment of rights and obligations arising from concluded contractual relations.
By taking proper measures, we ensure that unauthorised persons do not access personal data, protect its confidentiality and integrity, and prevent its loss or unintentional destruction throughout the entire time of being processed. We will not be held responsible for any "hacking" into a computer system!
Cook Eat Slovenia and its processors fully respect the general principles regarding the processing of personal data, which are:
- We process user personal data legally, fairly and transparently.
- We collect personal data for purposes that are pre-determined, explicit and legal; we do not process personal data for any other purpose, except in the case of processing for scientific or historical research purposes and for statistical purposes, under certain conditions.
- Personal data is processed to the minimum extent for the purposes for which it is processed.
- We ensure that the personal data we process is accurate and regularly updated; incorrect data is corrected or deleted.
- We store personal data only as long as it is necessary for the purposes for which they are processed.
- We ensure appropriate security of personal data, which includes prevention of unauthorised or unlawful processing and accidental loss, destruction or damage by appropriate technical and organisational measures.
1. Privacy contact
For questions related to the processing and use of personal data, information, corrections, blocking, deletion of personal data or cancellation of notification consent, cancellation of consent, please contact: email@example.com.
2. Which personal data are collected?
- Basic personal data (name and surname);
- communication data (e.g. address, mail, telephone);
- information on communication between Cook Eat Slovenia and you;
- payments data;
- any other data obtained based on the consent.
3. What are the legal bases for processing your personal data
According to the applicable legislation in the field of personal data protection, personal data can be processed:
- if this is necessary for the conclusion and/or fulfilment of a contract
- if required by law;
- if consent is given (which can be cancelled at any time);
- if the processing is necessary for the legitimate interests pursued by Cook Eat Slovenia or a third party.
3.1. Processing based on a concluded contract
Cook Eat Slovenia processes personal data of individuals to fulfil its obligations under a contractual relationship for the organisation of tours, purchased in web store or other services agreed between the contractual parties. In the context of the exercise of rights and the fulfilment of contractual obligations, Cook Eat Slovenia processes personal data of individuals for the following purposes:
- identification of an individual;
- preparation of the offer and conclusion of the contract;
- providing services, whereby Cook Eat Slovenia can give the data to contract partners that will implement an individual service (e.g. a provider of overnight stays, etc.)
- sending notifications to individuals regarding the implementation of the contractual relationship;
- informing about changes in legislation in a particular field or changes in terms of sale;
- invoicing services;
- resolving objections or complaints;
- implementation of any recovery procedures, sale of receivables;
- for other purposes, necessary for the conclusion or implementation of a contractual relationship.
To the extent strictly necessary for authentication and identification of transactions, Cook Eat Slovenia processes data for the purpose of preparing reports and planning further activities.
For the purposes of organising tour services and related services or other services ordered by an individual, Cook Eat Slovenia processes all information needed. This includes in particular, but not exclusively: name, first name, surname, birth date, address, place, country, telephone number, fax, e-mail, etc.
We do not need explicit consent for contractual processing of personal data.
If the individual does not provide all personal data that Cook Eat Slovenia needs to fulfil the contractual relationship, Cook Eat Slovenia cannot execute the individual's order. Hereby, Cook Eat Slovenia always acquires and further processes only the personal data that is needed to fulfil the contractual relationship.
3.2. Processing based on the law
The legal basis means that Cook Eat Slovenia processes personal data of an individual to fulfil the applicable legal obligations imposed by the legislation.
In the Republic of Slovenia, legal obligations to process certain personal data are determined in particular by:
Value Added Tax Act ZDDV-1;
Tax Procedure Act;
Rules on the implementation of the Value Added Tax Act;
Slovenian Accounting Standards.
If Cook Eat Slovenia processes personal data of an individual who has made an online purchase or service order, it keeps the invoice for 10 years (as well as individual's/buyer's data on the account).
3.3. Processing based on legitimate interest
Cook Eat Slovenia may process data on the basis of a legitimate interest which Cook Eat Slovenia or a third party pursues, except when such interests are prevailed by the interests or fundamental rights and freedoms of an individual, to whom the data that requires the protection of personal data is related, in particular when the data relates to a child. In the case of further use of collected data on an individual, Cook Eat Slovenia implements the assessment according to the General Data Protection Regulation. Such further use of data in a pseudonymised or aggregated form, for example, represents the lawful use of data for marketing and other business or technical analyses of Cook Eat Slovenia.
According to the General Data Protection Regulation, direct marketing also belongs to legitimate interests. For the purposes of direct marketing, Cook Eat Slovenia may create individual profiles without any consent on the basis of basic information on selected services, such as e.g. the type or specific characteristics of the selected service, time of selection or past marketing contacts with the individual, in particular with respect to the expressed interest or lack of interest in certain services. Such basic profiling shall never include sensitive data. An individual may object to the processing according to the right to the restriction (item 7.4).
Based on legitimate interest, Cook Eat Slovenia may contact the individual to improve the service or determine his satisfaction with the services, even when this is not strictly necessary for the implementation of the contract. Due to the individuals' interest, Cook Eat Slovenia does not contact those individuals who have objected to this.
Cook Eat Slovenia has a legitimate interest to keep and further use data for analyses and research for marketing, business planning and similar until the expiration of the legally prescribed retention period.
3.4. Processing based on the consent to process personal data
Explicit consent is the basis for personal data processing for which Cook Eat Slovenia does not have a legal or contractual legal basis. For example, consent may relate to:
- informing about other Cook Eat Slovenia offers and services, which is implemented exclusively through the communication channel selected by the individual;
- photographing and recording a tour or workshop for the purpose of presenting Cook Eat Slovenia activities and publishing photos, videos and sound recordings on the Cook Eat Slovenia website and on Facebook, Twiter, YouTube and Instagram profiles.
The consent is given by the individual for himself, and in the case of a child, this consent is given by one of the parents or a legal representative.
In these cases, the processing of personal data is implemented to the extend and for purposes allowed by the individual's statement and through agreed communication channels, until cancellation.
If the individual does not consent to the personal data collection and processing for one or more purposes specified in an individual consent, this does not have any consequences for the data the processing of which is implemented based on other legal basis.
Personal data collected on the basis of a consent will be processed only within the framework and for the purpose of the given consent and will not be transmitted to third parties, unless this is explicitly stated in the consent and the individual agrees that personal data may be transmitted to the processor specified in the consent.
The consent to process personal data can be cancelled by the individual at any time by contacting our data protection point (item 8). The consent can be cancelled by an e-mail sent to the e-mail address firstname.lastname@example.org.
4. How long is personal data kept
Personal data shall be stored in accordance with the applicable regulations governing the protection of personal data. It shall be stored only as long as necessary for the purposes for which it is processed or according to the law. We store personal data, that we process on the basis of personal consent of the individual, permanently, until cancellation. Personal data, which we process on the basis of the law or contractual relationship, is kept for as long as the law determines.
If the data is processed on the basis of an individual's consent due to the marketing of Cook Eat Slovenia, the data may be processed to the necessary extent for as long as necessary for such marketing or services.
After the expiry of the retention period, the personal data is effectively and permanently deleted or anonymised so that it can no longer be linked to an individual.
5. How do we protect personal data
We use technical and organisational security measures to protect personal data against unlawful or unauthorised access or use and also against unintentional loss or impairment of their integrity. We have designed these measures with regard to our IT infrastructure, possible impact on individual's privacy and costs and according to current industry standards and practices. Our contractual processors shall process your personal data only if they comply with these technical and organisational security measures.
Maintaining data security means protecting the confidentiality, integrity and availability of personal data:
- confidentiality and integrity: individuals' personal data shall be protected against unauthorised or illegal processing and against unintentional loss, destruction or injury;
- availability: we shall ensure that authorised processors can access personal data only when necessary.
Our security procedures include: access security, backup copies, monitoring, revision and maintenance, security incident management, etc.
6. Who processes personal data
Depending on the purposes for which we process individuals' personal data, we can disclose this data to the following categories of processors:
a) within Cook Eat Slovenia:
- Špela Vodovcb) Our business partners of which we demand to comply with the applicable laws and personal data protection policy and to pay great attention to the confidentiality of the personal data:
- advertising, marketing and promotional agencies and providers, e.g. MailChimp, Google (Google - only cookie identifier for remarketing, e-mail address for displaying ads in Google AdWords, cookie identifier for analysis in Google Analytics; Facebook - only cookie identifier for remarketing, e-mail address for displaying ads in Facebook Custom Audiences), that help us implement and analyse the effectiveness of our campaigns and promotions.
- companies that perform services for Cook Eat Slovenia, i.e. accounting service provider ZEUS d.o.o., Letališka cesta 33e, 1000 Ljubljana, Slovenia
- natural and legal entities who are our contractual partners and provide individual services for Cook Eat Slovenia with the purpose of executing a contractual relationship between Cook Eat Slovenia and an individual (e.g. partner agencies, hotels, airlines, carriers, etc.);
When required by law or legally required for the protection of:
- Cook Eat Slovenia (compliance with laws, authority requirements, court orders, legal procedures, reporting obligations and obligations to inform the authorities, etc.), verification or enforcement of compliance with Cook Eat Slovenia policy and agreements;
- rights, property or security of Cook Eat Slovenia and/or its clients in relation to corporate transactions: in the context of transfer or disposal of all or part of its business or otherwise in connection with mergers, consolidations, changes of control, reorganisation of Cook Eat Slovenia.
Our business partners listed above under item b), may only process individuals' personal data in the framework of our instructions and may not use personal data to pursue any of their own interests. Each individual must bear in mind that the processors listed in items b) and c) above, in particular service providers that offer services within the framework of applications and/or through their own channels, may separately collect your personal data. In this case, they are solely responsible for its control and their cooperation with individuals must take place according to their terms.
7. Your possibilities and rights regarding your personal data
Cook Eat Slovenia ensures that individuals exercise their rights without undue delay, but in any case, no later than one month after receiving the request. Cook Eat Slovenia may extend the deadline for exercising the rights of the individual for a maximum of two months, considering the complexity and number of requests. If extending the deadline, Cook Eat Slovenia shall notify the individual about the extension within one month of receipt of the request, stating the reasons for the delay.
When the individual, to whom the personal data is related, sends the request by e-mail, the information shall, when possible, be provided by electronic means, unless the individual requests otherwise.
7.1. Right to access data
Each individual can contact us to the email address email@example.com to find out which personal data we process. Each individual has the right to access personal data and additional information concerning the processing of personal data, including:
- the purpose of the processing;
- the categories of personal data;
- users and categories of users to whom personal data have been or will be disclosed;
- when possible, the estimated retention period of personal data or, if that is not possible, the criteria used to determine the retention period;
- the existence of the right to require from the administrator to correct or delete personal data or to restrict personal data in relation to the individual, to whom the personal data relates, or the existence of the right to object to such processing;
- the right to lodge a complaint with a supervisory body;
- when personal data is not collected from an individual, all available information related to its source.
7.2. Right of rectification
If an individual finds any error in his personal data or if he finds it incomplete or wrong, he may request Cook Eat Slovenia to correct or supplement inaccurate or incomplete personal data without undue delay.
7.3. Right of deletion
An individual may request to delete his personal data without undue delay. Cook Eat Slovenia is obliged to delete personal data without undue delay:
- when personal data is no longer required for the purposes for which it was collected or otherwise processed;
- if the individual cancels the consent that is the basis for the processing of personal data and if there is no other legal basis for the processing;
- if the individual objects to the processing on the basis of the legitimate interest of Cook Eat Slovenia, while there are no prevailing legal reasons for the processing of personal data;
- if the individual objects to the processing for direct marketing purposes;
- when personal data should be deleted for the fulfilment of a legal obligation according to EU law or the Slovenian legal order;
- in the case of data incorrectly collected from a minor for the use of information society, who, according to the applicable law, cannot provide such data.
(except in some cases, for example to prove the transaction or if required by law).
7.4. Right to restriction
Each individual may request a restriction of the processing of his personal data when:
- he challenges the correctness of the data, for the period which enables Cook Eat Slovenia to verify the correctness of the personal data;
- the processing is unlawful and the individual objects to the deletion of the personal data and instead requests their use to be limited;
- Cook Eat Slovenia no longer needs the personal data for the purposes of the processing, but the individual, to whom the personal data relates, needs it to exercise, implement or defend legal requests;
- the individual has filed an objection regarding the processing, until it is verified whether legitimate reasons of Cook Eat Slovenia prevail over the individual's reasons.
7.5. Right to transferability of data
Under certain conditions, each individual has the right to receive the extract of the personal data provided to Cook Eat Slovenia in a generally used, structured machine-readable form and for sending personal data to any third party of your choice.
7.6. Right to object
On the basis of reasons related to their special circumstances, each individual has the right to object at any time to the processing of their personal data based on the legal interests pursued by Cook Eat Slovenia or a third person. In this case, Cook Eat Slovenia ceases to process personal data, unless it proves necessary processing reasons that prevail over the individual's interests, rights and freedoms, or for the enforcement or defence of legal claims. When personal data is processed for the purpose of direct marketing, each individual has the right to object at any time to the processing of personal data related to him for the purposes of such marketing, including profiling, if it relates to such direct marketing. If direct marketing is based on consent, the right to object can be exercised by cancelling the given consent.
8. Who can I contact if I have questions regarding my personal data
We have organised a contact point that will address your questions or requirements regarding your personal data (and their processing) and the exercise of your rights. You can send us an e-mail: firstname.lastname@example.org.
For the purposes of reliable identification when exercising the rights connected to personal data, we may require additional data from you and we can deny action only if we can prove that we cannot identify you reliably.
9. Right to file the complaint related to processing of personal data
Everyone has the right to file the complaint related to processing of personal data Complaints should be sent to the e-mail address: email@example.com. You also have the right to file a complaint directly to the Information Commissioner if you believe that the processing of personal data related to you violates Slovenian or EU regulations on the protection of personal data. If you have exercised the right to access the data and, after receiving the decision, you believe that the personal data that you have received is not the personal data you requested or that you did not receive all the personal data required, you can lodge a reasoned complaint to Cook Eat Slovenia within 15 days, before submitting a complaint to the Information Commissioner. Cook Eat Slovenia will decide on the complaint as on a new request, within five working days of receipt.
10.1. What is a Cookie?
Our website can store the so-called cookie in the browser on your computer. Cookies are small text files which provide usagee data on how many times the individual visits our site and what he or she is interested in during those visits. Cookies themselves contain no data which would enable personal identification, but if you provide that information yourself, for example during registration, they can be associated with the data stored in the cookie.
10.3. Disabling cookies
You can decide whether you want cookies set on your computer, but the site works optimally with all cookies enabled. Your cookie settings can be controlled and changed within your web browser preferences. Most browsers automatically accept cookies, but you are able to change the settings so that the computer declines the cookie or that a warning appears before the cookie is stored.
If you do deactivate cookies it may mean some of the website features become disabled. Even with all cookies disabled, a tiny amount of information will continue to be retrieved from your web browser. This information is necessary for the basic functioning of our website.
Instructions for managing cookies in your browser:
Types of cookies used on this website:
Source: Google Analytics
Cookie: __utma, __utmb,__utmc, __utmx, __utmxx, __utmz
Used for: Web page Analytics
Used for: Features for sharing via Facebook. Does not set a cookie by itself, but if one is present it will read it.
The Personal Data Protection Policy and Cookies Policy shall apply from 25th May 2018 onward.