We care deeply about your privacy. We treat your data with great care and comply with the provisions of the General Data Protection Regulation (GDPR) and the law governing the protection of personal data.
The controller of the filing system is the company Luka Košir s.p., Šentjošt nad Horjulom 24D, Šentjošt nad Horjulom, 1354 Horjul , registration number 3849848000.
The words “we”, “our”, “us” and “Grič” refer to Luka Košir s.p. (“provider”) and our services, and the words “you”, “your” and similar refer to the individuals that use our reservation system or are guests in Grič restaurant.
The data we collect help us provide a good user experience, provide a booking system in provide our restaurant services.
Luka Košir s.p. uses booking system Superb Experience to collect bookings for the tables. The provider of Superb Experience is the company Superb ApS, Højbro Pl. 101200 Copenhagen, Denmark, VAT Code: DK39478021. Booking a stay at restaurant is not possible without providing personal data as follows: name, last name, country of residence, e-mail address and phone number.
Your personal data is never sold or shared with third parties in any other way.
- Processor of personal data: Processor means the company Luka Košir s.p.,, which determines the purposes and means of the processing of your personal data, gained through a booking via website gric.si, via any external booking systems, via telephone or via email.
- Contractual data processor means a legal or physical person entrusted by the processor with certain tasks concerning the processing of your personal data.
- Personal data: Any data referring to a user of the booking system at Grič restaurant.
- Rules on the protection of personal data is an internal rulebook on the protection of personal data adopted by the processor or contractual processor of personal data.
2. DATA PROTECTION OFFICER
3. THE DATA WE COLLECT
Website visitors who do not use the booking system
The data we collect on website visitors who do not use the booking system is very limited. We log your IP address to be able to address any server problems, compile statistics about the use of our services, and improve the user experience. Regardless of whether your IP address is different every time you visit our site or always the same, it would be very difficult for us to use it to identify you, nor do we attempt that. If you have arrived at our site by clicking a link or advertisement on another site, we log this information. This allows us to better understand the interests of our users and improve the online presence of our services. All the collected data is aggregated and collected in our database, where we analyse them at aggregate level, never for individual users. We also collect data with the analytical tool Google Analytics Solutions.
Users of the booking system
The reservation via www.gric.si can only be confirmed by providing personal data.
- Last name
- Country of residence
- E-mail address
- Phone number
3. CONTRACT-BASED DATA PROCESSING
The company Luka Košir s.p. collects and processes individuals’ personal data in accordance with a concluded contract for reservation of the table at Grič restaurant.
Furthermore, the company Luka Košir s.p. collects and processes individuals’ personal data in accordance with contracts concluded with their business partners. Pursuant to these contracts, the company collects the personal data of those individuals that are in some way necessary for the execution of the contract.
Personal data collected on these grounds are necessary for the purposes of executing the concluded contracts (for the purpose of providing the aforementioned services) and measures prior to the conclusion of the contract. If such personal data is not provided or if the data subject does not agree with the data being processed, it will not be possible to conclude the aforementioned contracts and we will withdraw from the previously concluded contracts.
The following individuals’ personal data is collected and processed by the company Luka Košir s.p., for the purposes of executing the contract for reservation of the table at Grič restaurant: first name, surname, email address, telephone number, country of residence, language settings.
As a general rule, the following personal data is collected by the company Luka Košir s.p. for the purposes of executing contracts with the company’s business partners: first name, surname, email address, telephone number.
The company Luka Košir s.p., does not collect any payment card-related numbers or other data provided by buyers through www.gric.si. Such data is collected exclusively by credit card payment providers.
4. PERSONAL DATA PROTECTION
To ensure the protection of personal data, the company Luka Košir s.p., carries out all the necessary legal, organisational and adequate logistical and technical procedures and measures, either on its own in accordance with the internal rules, or through the company’s contractual partners, by:
- protecting the premises, equipment and system software, including input/output units;
- protecting the application software used for personal data processing;
- preventing unauthorised access to personal data during data transmission, including the transmission using telecommunication means and networks;
- guaranteeing an effective method of blocking, disposing of, erasing and anonymising personal data;
- allowing to subsequently find out when individual items of personal data were used and entered into the database and who this was done by; this can be done for the period during which individual items of data are stored.
5. PERSONAL DATA RETENTION PERIOD
The personal data retention period depends on the processing basis and the purpose of processing a particular category of personal data. Personal data is stored only for the period required to achieve the purpose for which it was collected or processed further. Unless there is another lawful basis or if this is necessary for the enforcement, execution or defence of legal claims, personal data shall, after the purpose of processing has been accomplished, be erased, disposed of, blocked or anonymised.
Personal data processed under the contract will be retained for the duration of the period necessary to execute the contract and for a further 5 years after its termination, except in cases when a contract-related dispute arises between us and the individual the personal data relates to (the data subject); in such a case, the data is retained for another 5 years after the finality of a judicial or arbitration decision or settlement, or if there was no judicial dispute, for 5 years from the date of consensual dispute resolution. Invoices are archived for 10 years after the end of the year an invoice relates to in compliance with the act governing value added tax.
6. INDIVIDUALS' RIGHTS
If individuals wish to obtain information about all the purposes for which the company Luka Košir s.p., uses their personal data, they may request this by exercising the right of access. Luka Košir s.p., will provide them with a detailed list of all the processing of their personal data and related lawful bases.
Company Luka Košir s.p., provides individuals whose personal data it processed with the option of exercising their rights, in particular the right of access to personal data, the right to rectification, the right to erasure and the right to object. An individual can file a request in a way that allows their identification. A copy of the personal data processed and the requested data shall be provided to an individual free of charge. A reasonable fee can be charged for additional copies requested by an individual, taking into account administrative costs. In the event requests by a data subject are clearly unfounded or excessive, in particular because they are recurrent, we reserve the right to charge a reasonable fee or refuse to act on the request.
In accordance with the applicable legislation, you may assert the following rights concerning the processing of personal data:
- Right to access data: The data subject has the right to receive confirmation from the provider as to whether their personal data is processed and, when this is the case, access the personal data and additional information concerning the processing of personal data. You may request access to data by sending us an email at email@example.com
- Right to rectification: The data subject has the right to have their inaccurate personal data rectified without undue delay. The individual has the right to have their incomplete personal data completed, taking into account the purposes of the data processing.
- Right to delete data: The data subject has the right to have their personal data erased without undue delay in the following cases:
- the personal data is no longer needed for the purposes for which it has been collected or otherwise processed,
- the data subject has revoked the consent for the processing and there is no other lawful basis for data processing,
- the data subject opposes the data processing and there are no overriding legal grounds for it,
- the personal data has been processed unlawfully,
- when this is stipulated by the law (the right to erasure).
- Right to restriction of processing: The data subject has the right to restrict the processing of their personal data when one of the following cases applies:
- the individual consents the accuracy of the data, specifically for a period that allows the data accuracy to be verified,
- the data processing is unlawful and the individual opposes the erasure of personal data, requesting a restriction of its use instead,
- personal data is no longer needed for processing purposes, however, the individual needs them to enforce, execute or defend legal claims,
- the individual has lodged an objection concerning the data processing, until it is verified whether the controller’s legal reasons override the individual’s reasons (the right to restriction of processing). Where the processing of personal data has been restricted in accordance with the above, such personal data, with the exception of their storage, shall be processed only with the data subject’s consent, or for the enforcement, execution or defence of legal claims, or for the protection of rights of another natural or legal person. The individual will be notified before a processing restriction is revoked.
- The right to lodge a complaint concerning the processing of personal data: The data subject has the right to lodge a complaint concerning the processing of personal data. You may lodge such a complaint by email at firstname.lastname@example.org or with registered mail sent to the registered seat of the organization.
- Right to lodge a complaint with the Information Commissioner: Every data subject also has the right to lodge a complaint with the Information Commissioner if they consider that the processing of personal data related to them infringes the legislative provisions on the protection of personal data.
The Policy came into effect on 30 January 2023 and is published on the website www.gric.si.