Bederfly d.o.o. complies with the General Data Protection Regulation (GDPR). This means that:
Only the personal data that we need for our purposes is collected. The purpose and type of data is described herein. When we need to process your personal data your permission will be obtained first. Every measure is taken to ensure the safety and security of your personal data in order to meet the requirements of the regulation. Your personal data will never be disclosed to other parties, except when necessary to achieve the purpose for which the data was collected. Your rights will always be respected with regards to your personal data, and you will always be informed of them.
If you fill out a form for us, book a tour, make an enquiry via email, social media, telephone or any other way, or purchase any of our products, we collect data from you directly, as required. Data is also collected when you use our website. We may also collect data from third parties such as partners, agencies, payment processors, advertisers, and/or analytics providers. All your data is stored in a secure platform. Your personal data is only used for processing as outlined below or something similar:
1. Data Usage – Data obtained about the use of our website and services may be processed, which may include IP address, browser type, operating system, geographical location, page views, website navigation paths, frequency and/or pattern of your use of our website. Our analytics tracking systems, such as Google Analytics, are used for this purpose. We use this data in order to analyse how our website is used, to ensure that we only deliver relevant content and advertising to our customers or potential customers, and to understand our website’s users. We only use this data for our legitimate interest, such as monitoring and improving our website, marketing and other services.
2. Customer Data – The following type of user data may be processed by us, such as name, email address, physical address, telephone number, credit card number, language spoken, company name (if applicable), Chamber of Commerce number (if applicable), VAT number (if applicable), age, height etc (in regard to bike size), diet-information (in case you have special wishes/requirements regarding meals) and other relevant data. We need this data in order to supply content, products and/or services to you, and/or to fulfil a travel or tour agreement. We also need it to market other relevant tours and services to you in the future. When you enter into a contract with us for any of our services or products, consent will be obtained from you to process this data in a safe and secure way. Your consent provides us with a legal basis for processing and using this data only for the delivery and realisation of such services and any future offers and correspondence that you agree to receive.
3. User Data – When you subscribe to our email notifications, newsletters and any other free content, we may process any personal information that you provide. Also, any communication data that you send to us, be it through social media, email, post or any other methods, may also be processed in order to communicate with you. This is so that we can effectively deliver relevant marketing content either through our website, email, or post. The legal basis for this is to help grow our business, and also keep records which may be needed to pursue or defend a legal action.
We will never share your data with unrelated third parties. Your information may be disclosed to relevant partners who need it in order to carry out their part of the work on your behalf, such as third parties who carry out parts of the tour or travel arrangements for your booking, payment service providers, marketing and administrative providers, business advisors etc. Also, if in the future we sell or transfer parts of our company the buyer will receive any data that is relevant to this purchase. However, all third parties are also bound by the laws and regulations of GDPR and will keep it secure, respect your privacy and use it in full compliance with the GDPR regulation.
Personal data is only transferred to third parties who have completed a processing agreement, in which we ensure the safety and privacy of your data is adhered to. No data will be transferred to third parties without your written consent, unless there is a legal obligation.
Processing of the personal data of a minor (under 16 years old) will only be done with the written consent of a parent, legal guardian or legal representative
Data retention period
All personal data will only be retained for as long as necessary in order to fulfil the purpose for which it was obtained, or to satisfy a legal or accounting purpose. In some cases your data may be retained anonymously for the purpose of research for an indefinite period. If your personal data no longer meets any of the above criteria it will be deleted or disposed of in a safe and secure manner. If your personal data needs to be retained for any other reason, such as for delivery of newsletters or offers etc, it will be kept for as long as you give consent. At any time you can personally contact us and request that your data be deleted or disposed of and we will comply, unless there is a legal basis for keeping it, such as a legal dispute, etc.
Data security and breach response
Appropriate technical and organizational measures have been made to protect your personal data against unlawful processing, unauthorised access, misuse, or disclosure. Among other things, we have taken the following precautions:
– Every person that is able to access your personal data on behalf of Bederfly d.o.o. does so under a strict duty of care and has also agreed never to disclose your information to anyone other than described above, in accordance with GDPR.
– Our computer systems are fully protected with User-ID’s and strong passwords.
– We encrypt personal data and make it anonymous if necessary.
– All online bookings are made through a secured connection.
– IP-addresses are registered and saved temporarily, but they cannot be traced back to you.
– We securely back up personal data in order to restore files in case of physical or technical problems.
– We regularly evaluate and test our measures.
– Our employees are fully aware of the importance of privacy-protection and comply with them at all times.
– In the unlikely event of a breach of personal data, we have procedures in place to deal with it. The breach will be identified, the scope will be determined, and we will write a full report and/or notification if we are legally required to do so.
You acknowledge that despite all our security methods, the personal information you share with us voluntarily could be accessed or tampered with by an unauthorised third party. You also agree that we cannot be held responsible for any information obtained and/or shared through our website or social media channels without our knowledge or permission. Additionally, you release us from any and all claims arising out of or related to the use of any such information obtained in an unauthorised manner. You also agree to notify us of any breach of security or unauthorized use of your information.
Your rights to privacy
Your rights under data protection laws include the right to access, correct, restrict, erase and/or object to our use and processing of your personal data, as well as the right to portability of the data. You have the right to confirm and consent as to how and where we process your data. To the extent that the legal basis for our processing allows, you have the right to withdraw at any time. We may ask you to identify yourself before we can meet the above requests.
If you have a complaint about the processing of your personal data, we ask that you please contact us immediately. We will do everything possible to resolve the problem. You have the right to submit your complaint to the Slovenian governmental data protection supervising authority.