Personal data protection
Which personal data do we collect?
Based on individual consent, Astoria collects and processes the following personal data:
- Email address,
- data included in certain cookies. You can read more about cookies and how to manage them on the website Cookies.
Astoria only collects the personal data that is strictly necessary to achieve a particular purpose.
Purposes of the processing of personal data
Astoria processes the data based on your consent with the purpose for which the consent was given. The data subject can at any point withdraw the given consent for each purpose separately in a simply and easily accessible way. Astoria uses the personal data for:
- sending electronic messages about news on the website,
- sending electronic invites to events,
- sending e-publications,
- analysis of reading and clicking on the electronic messages,
- online advertising and social media,
- personal communication with individuals,
- other purposes you specifically agree to in cooperating with Astoria.
We use web tools such as Google Analytics, Facebook, and MailChimp, etc. to analyse data and send electronic messages, which ensure compliance with the rules of the General Data Protection Regulation (GDPR) in their General Conditions of Use and confirm that they have acquired EU-U.S. Privacy Shield Framework certification. We don’t use personal data in the Google Analytics tool, but only anonymous data and masked IP addresses. We also process personal data if we are required to do so by the law. An example of such processing is the processing of your personal data for the purposes of legal or administrative proceedings.
We store the personal data you have entrusted us based on your personal and explicit consent and the data you have provided us when registering, subscribing to e-news, downloading e-publications or submitting a request until withdrawal. You can withdraw your consent to collect and process your personal information at any time. Withdrawal of consent does not affect the legality of data collection and processing prior to the withdrawal. We store all other personal data related to contractual cooperation in accordance with the applicable legislation. We store personal data in digital form. Our computer systems are protected by technical and organisational measures that prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data. The data we collect is stored on safe servers and kept until your withdrawal but no longer than the maximum storage period.
We would be happy to inform you of your rights as a “subject” of the General Regulation (GDPR). According to the GDPR, you as a subject have the following rights concerning personal data protection, listed bellow:
- Right of access to data (1st and 2nd paragraph of Art 15 of the GDPR),
- Right to rectification (Art 16 of the GDPR) and right to erasure (Art 17 of the GDPR),
- Right to restriction of processing (Art 18 of the GDPR),
- Right to data portability (Art 20 of the GDPR),
- Right to object (Art 21 of the GDPR),
- Right to withdraw (Art 7 para 3 of the GDPR),
- Right to lodge a complaint with a supervisory authority (Art 77 of the GDPR),
- Right of access to data.
You have the right to obtain confirmation as to whether or not Astoria is processing your personal data and where that is the case, access to the personal data and the following information:ž
- the purposes of the processing,
- the categories of personal data concerned,
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
- where possible, the envisaged period for which the personal data will be stored,
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing,
- the right to lodge a complaint with a supervisory authority,
- where the personal data are not collected from the data subject, any available information as to their source,
- the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Upon your request, Astoria will provide one free copy of your personal data undergoing processing. For any further copies requested you might request, Astoria will charge a reasonable fee based on administrative costs.
Right to rectification
You have the right to obtain from Astoria without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from Astoria the erasure of personal data concerning you without undue delay and Astoria shall have the obligation to erase your personal data without undue delay where one of the following grounds apply:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- If you withdraw consent on which the processing is based and where there is no other legal ground for the processing.
- If you object to the processing based on a legitimate interest of the controller and there are no overriding legitimate grounds.
- If you object to the processing for direct marketing purposes.
- If erasure of personal data is required for compliance with legal obligation under EU or Slovenian law.
- If Astoria in accordance with the Policy has published the personal data, it shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of.
Right to restriction of processing
You have the right to obtain from Astoria restriction of processing where one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data,
- if the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead,
- if Astoria no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
- if you have objected to processing pending the verification whether the legitimate grounds of the controller override your own.
Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance where:
- the processing is based on consent or on a contract,
- the processing is carried out by automated means.
Right to object and withdraw
On grounds relating to your particular situation, you have the right to at any time object to processing of your personal data if that is based on legitimate interests pursued by Astoria or a third party. Astoria will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing If direct marketing is based on consent, the right to object can be exercised by withdrawing the given consent.
You can exercise any right under the General Data Protection Regulation in writing at any time. For the purposes of reliable identification should you choose to exercise your rights connected to personal data, Astoria may request additional data required to confirm your identity, and action in accordance with this section may be refused only if Astoria proves that you can not be reliably identified.
If your requests related to this chapter are manifestly unfounded or excessive, in particular because of their repetitive character, Astoria may:
- charge a reasonable fee based on the administrative costs of providing information or messages or performance of the required measures, or refuse to act on the request
- refuse to act on the request
You can send your requests to the email address firstname.lastname@example.org or to Astoria Hotel Bled, Presernova 44, SI-4260 Bled.
Right to lodge a complaint in respect of the processing of personal data
You may send any complaints related to the processing of your personal data to the email address email@example.com or to Astoria Hotel Bled, Presernova 44, SI-4260 Bled.
If you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection, you also have the right to lodge a complaint directly with the information commissioner. The Personal data protection policy can be changed or amended at any time.