1. General provisions
PDC, d.o.o. is a company registered in Slovenia as PDC, kolesarstvo in dogodki, d.o.o., Cesta na polju 4, 1360 Vrhnika (from now on: we). We understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website and want you to be confident that any personal information collected from this website will continue to be used in accordance with our obligations and your rights under the relevant laws such as Personal Data Protection Act and the EU Regulation GDPR. This Privacy Policy explains what information of yours will be collected, how the information will be used, and how you can control the collection, correction and/or deletion of information. We will not use or share your information with anyone except as described in this Privacy Policy.
By visiting our website www.polkadot.si you accept and consent to the practices described in this Privacy Policy. If you do not accept and agree with this Privacy Policy, you must stop using our website immediately.
This Privacy Policy applies only to your use of our website and our services. Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

2. What personal data do we collect?
We collect information from you when you visit our websites or premises, purchase something from us, enquire in person about our services, contact us by telephone, e-mail or other means, or respond to a communication from us.
Our website will only collect and use personal data in ways that are described in this Privacy Policy, and in a manner that is consistent with our obligations and your rights under the applicable law. When you use our website you are providing some personal information about who you are and how you use our services. The information collected is the data you provide us with, including but not limited to, your name and surname, address and e-mail address.
Through the reservation process, we collect your name and surname, address, e-mail address, phone number and credit card information. Depending on the reservation, we may also ask for your gender, nationality, ID or passport number, date and place of birth and the same information from the guests that are traveling with you.
Furthermore, when you visit our website, we automatically receive and save information from your computer and browser through »cookies«, including your IP address, operating system, browser type, software and hardware information, requested page, language settings and the date and time of access to the website.

3. Why do we use your personal data?
We use your personal data:
• for the needs of carrying out our services according to the contract and applicable general terms and conditions;
• for the purpose of direct marketing, market research, customer segmentation, statistical processing,
• for website analysis,
• to provide you with updates,
• to invite you to our events,
• to manage any promotions that you have chosen to participate in,
• to communicate with you about products, services, offers, promotions,
• to monitor the technical performance of our services,
• to offer better services for the next visitors,
• to safeguard our premises and property.

4. What is the legal background for us to collect your personal data?
We collect and retain your personal information on several legal bases:
• Contractual obligation: whenever the treatment of your personal data is necessary for the execution, implementation, and management of the contract executed with us.
• Legal obligation: in some cases, it is required by the law to collect and store your personal information.
• Legitimate interest: for some data, we have good and fair reason to use it in such ways that do not hurt your interests and rights.
• Consent: when you deliberately enter your information (for example your e-mail address), you should expect that this information will be stored and used by our systems according to this Privacy Policy

5. How do we ensure the security of your personal data?
We understand that the security of your personal information is especially important and that is why we take a variety of security measures to protect your personal data.
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your personal data under the Personal Data Protection Act and the EU Regulation GDPR at all times.
Our use of your personal data will always have a lawful basis as previously mentioned above.
Only authorized personnel are permitted to access your personal data.
In case personal information is compromised as a result of a breach of security, we will promptly notify those persons whose personal information has been compromised, following Personal Data Protection Act and the EU Regulation GDPR or as otherwise required by applicable law.
As we develop our business, we may buy or sell assets or business offerings. Customer and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
We do not rent or sell your personal data to others.

6. Disclosure to third parties
We might share your personal data with the relevant third parties.
For example, when you use a credit card to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution to handle this payment.
We might also need to disclose your personal data with Competent authorities, to law enforcement authorities as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts or fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or the rights of our business partners.
We may transfer data to trusted third-party providers (such as management companies or mailing houses) for them to provide services to us, and help develop our website, marketing activities, or business.
Moreover, we may also share your personal data with relevant third parties such as bike providers, accommodations or other stakeholders involved in tour organisation. The primary purpose is to process your bicycle or tour reservation, share your data relevant for your trip, or validate the correctness (for example e-mail address you provided during the reservation).
Any third-party service providers are bound by confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by us. Only personal data that is necessary to fulfill the purposes stated above will be provided to these third-party providers.

7. Transferring your information outside of Europe
As part of the services offered to you through our website, the information you give to us may be transferred to countries outside the European Union and we are therefore unable to provide the same level of security as provided under the regulation of the EU and its Member States.

8. How long and where do we store your personal data?
We only keep your personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it. Some of your personal data will be stored as long as required by different laws we need to comply with.
After the completion of the service, we will only store and use the e-mail address for the needs of communication for purposes mentioned in Article III of this policy. All other personal data will be deleted.

9. What are your »data rights«?
Under the EU Regulation GDPR you have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold. If you wish to exercise any of the rights you may at any time, contact us. The exercise of these rights is free of charge, except if your request is »manifestly unfounded or excessive« (for example, if you make repetitive requests). In this case, a fee may be charged to cover our administrative costs in responding.
a. The right of access
If you want to know whether or not your personal data are being processed and what personal data we have about you, you can ask us for details of it and a copy of it. You can request an overview of your personal data by emailing us on info@polkadot.si. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
b. The right of rectification
You can always inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details.
When exercising this right, we kindly ask you to be as specific as possible.
c. The right to erasure (»right to be forgotten«)
This means the right to ask us to delete, block, restrict, or otherwise dispose of any of your personal data we have in the following situations:
• if personal data is no longer necessary for the purpose for which it was collected or treated,
• if the consent on which the data treatment is based is withdrawn and there is no other legal basis for it,
• if the personal data has been unlawfully treated,
• if the personal data has to be erased as a result of a legal obligation.
Please keep in mind that we may not be in a position to erase your personal data, if for example we need to comply with a legal obligation or exercise or defend legal claims.
d. The right to restriction of processing
You have the right to ask us to restrict the processing of your personal data. This right applies where our processing of your personal data is necessary for our legitimate interest.
e. The right to object
You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on a legitimate interest.
f. The right to data portability
This means the right to obtain a copy of your personal data to re-use with another service or organization.
If you request access to personal data about you that you have provided to us, and if the personal data is being processed automatically and in accordance with a contract between you and us, you may request that the personal data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller if this is technically feasible.
If you exercise this right, you should specify the type of information you would like to receive where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or our contract with you and when the processing is carried out by automated means.
g. The right to withdraw your consent
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you decide to withdraw your consent, we will stop processing your personal data for that purpose. Your withdrawal of your consent will not impact any of our processing up to that point.
h. The right to avoid automated decision-making
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

10. Changes to our Privacy Policy
We may change this Privacy Policy from time to time. Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our website following the alterations. However, we will not make changes that result in significant additional uses or disclosures of your personal information without notifying you of such changes via your e-mail address at least 30 days before such changes would apply. If any non-significant changes to this Privacy Policy are unacceptable to you, you must contact us immediately and until the issue is resolved, stop using our website or any services we provide.
We kindly recommend that you check this page regularly to keep up-to-date.
This Privacy Policy was last updated in 1st January 2024.

Contact information
To contact us about anything to do with your personal data and data protection please use the following details:

Company: PDC, d.o.o.
E-mail address: info@polkadot.si
Telephone number: +386 51 28 28 40
Postal address: Cesta na polju 4, 1360 Vrhnika, Slovenia.