Contact

Privacy Policy

Information about our privacy policy, data processing, and related matters.

1. An overview of data protection

General information

The following information provides an easy overview of what happens with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information, please consult the Data Protection Declaration below.

Data recording on this website

Who is responsible for recording data on this website (the “controller”)?

The data on this website is processed by the operator of the website, whose contact information is available in the section “Information about the responsible party” in this Privacy Policy.

How do we record your data?

We collect data that you share with us, for instance information you enter into our contact form. Other data is recorded automatically or after your consent by our IT systems when you visit the website. This data is primarily technical (e.g., web browser, operating system, time of access).

What do we use your data for?

Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyse how you use the site.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request that this data be corrected or deleted. If you have consented to data processing, you may revoke that consent at any time, affecting all future processing. You also have the right to request that processing of your data be restricted under certain circumstances, and the right to lodge a complaint with the competent supervisory authority.

Please contact us at any time if you have questions about this or any other data protection matter.

Analysis tools and tools from third parties

When you visit this website, your browsing behaviour may be analysed statistically, primarily using analysis programs. Detailed information about these programs is provided in the Data Protection Declaration below.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and handle it in accordance with statutory data protection regulations and this Data Protection Declaration.

When you use this website, various personal data is collected. This declaration explains what data we collect, what we use it for, and how this happens. Please note that data transmitted over the internet (e.g., by email) may have security gaps; complete protection against third-party access is not possible.

Information about the responsible party (the “controller” under the GDPR)

The controller for data processing on this website is:

AKTIVNI PLANET d.o.o.
Industrijska cona 4, 5230 Bovec, Slovenia
+386 40 639 433
info@aktivniplanet.si

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Storage duration

Unless a more specific storage period is stated in this policy, your personal data remains with us until the purpose for processing it no longer applies. If you make a justified request for deletion or revoke your consent, your data will be deleted unless we have other legally permissible grounds for retaining it (e.g., tax or commercial retention periods); in that case, deletion takes place once those grounds cease to apply.

General information on the legal basis for data processing

If you have consented to processing, we process your personal data on the basis of Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR if special categories of data are processed. If your data is required to fulfil a contract or to carry out pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. If processing is required to fulfil a legal obligation, we rely on Art. 6(1)(c) GDPR. Processing may also take place on the basis of our legitimate interest under Art. 6(1)(f) GDPR. The relevant legal basis in each case is stated in the following sections.

Recipients of personal data

In the course of our business, we cooperate with various external parties. In some cases this requires transferring personal data to them. We only disclose personal data to external parties where required to fulfil a contract, where we are legally obliged to do so, where we have a legitimate interest under Art. 6(1)(f) GDPR, or where another legal basis permits it. When using processors, we disclose customer data only on the basis of a valid data processing agreement.

Revocation of your consent to data processing

Many data processing operations are possible only with your express consent. You may revoke consent already given at any time. This does not affect the lawfulness of any data collection that took place before revocation.

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

If data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data on grounds arising from your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process the affected personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for direct advertising, you have the right to object at any time to such processing. If you object, your personal data will no longer be used for direct advertising.

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or place of the alleged breach. This right exists regardless of any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract delivered to you or to a third party in a common, machine-readable format. If you request direct transfer to another controller, this will be done only where technically feasible.

Information, correction, and deletion of data

Within the scope of applicable law, you have the right at any time to receive information about your stored personal data, its origin and recipients, and the purpose of processing, and you may request correction or deletion of this data. Please contact us at any time with questions about personal data.

Right to request restriction of processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time to do so. The right applies where: you contest the accuracy of your data and we need time to verify it; processing was unlawful and you request restriction instead of deletion; we no longer need the data but you need it to assert, exercise, or defend legal claims; or you have objected under Art. 21(1) GDPR and the balancing of interests is still pending.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection when the browser address line switches from “http://” to “https://” and by the lock icon in the browser line. When encryption is active, the data you transmit to us cannot be read by third parties.

Rejection of unsolicited emails

We object to the use of contact data published as part of our mandatory site notice for the purpose of sending promotional or informational material that we have not expressly requested. We reserve the right to take legal action in the event of unsolicited promotional material, such as spam.

3. Recording of data on this website

Cookies

This website uses cookies, which are small data packages that do not harm your device. They are stored either temporarily for a session (session cookies) or permanently on your device (permanent cookies). Session cookies are deleted automatically when you end your visit; permanent cookies remain until you delete them or your browser removes them.

Cookies can be set by us (first-party cookies) or by third parties (third-party cookies). Some cookies are technically essential, as certain website functions would not work without them. Other cookies may be used to analyse user behaviour or for promotional purposes.

Essential cookies are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is stated. Where your consent has been requested for the storage of cookies and similar technologies, processing takes place exclusively on the basis of that consent (Art. 6(1)(a) GDPR), which may be revoked at any time.

You can set your browser to notify you when cookies are set and to allow cookies only in specific cases, to exclude them in certain cases or generally, and to delete cookies automatically when the browser closes. Disabling cookies may limit the functions of this website. The cookies and services used on this website can be found in the consent declaration managed by our cookie banner.

Consent management with Real Cookie Banner

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents, we use the consent tool “Real Cookie Banner.” Details on how it works are available at https://devowl.io/rcb/data-processing/.

The legal basis for processing in this context is Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents. Providing this data is neither contractually required nor necessary to conclude a contract; if you do not provide it, we will not be able to manage your consents.

Server log files

The provider of this website automatically collects and stores information in server log files that your browser transmits to us automatically. This information comprises: the type and version of browser used, the operating system, the referrer URL, the hostname of the accessing computer, the time of the server request, and the IP address. This data is not merged with other data sources. It is recorded on the basis of Art. 6(1)(f) GDPR; we have a legitimate interest in the technically error-free presentation and optimisation of our website.

Contact form

If you send us enquiries via our contact form, the details you provide, including your contact information, are stored so we can handle your enquiry and any follow-up questions. We do not share this information without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR if your request relates to a contract or pre-contractual measures. Otherwise, processing is based on our legitimate interest in handling enquiries effectively (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) where it has been requested; consent may be revoked at any time. The data you enter remains with us until you ask us to delete it, revoke your consent, or the purpose for storage ceases, subject to mandatory legal retention periods.

Enquiries by email, telephone, or WhatsApp

If you contact us by email, telephone, or WhatsApp, your enquiry and all related personal data (name, request) are stored and processed to handle your request. We do not pass this data on without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR if your enquiry relates to a contract or pre-contractual measures. Otherwise, processing is based on our legitimate interest in handling enquiries effectively (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) where it has been requested; consent may be revoked at any time. This data remains with us until you ask us to delete it, revoke your consent, or the purpose for storage ceases, subject to mandatory legal retention periods.

Communication via WhatsApp

For communication with customers and other third parties, we use the messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is encrypted end-to-end, which prevents WhatsApp or other third parties from accessing the content. However, WhatsApp does gain access to metadata created during communication (for example, sender, recipient, and time). WhatsApp has stated that it shares personal data of its users with its US parent company, Meta.

The use of WhatsApp is based on our legitimate interest in communicating quickly and effectively with customers and partners (Art. 6(1)(f) GDPR). Where consent has been requested, processing is based exclusively on that consent, which may be revoked at any time. The communication content remains with us until you ask us to delete it, revoke your consent, or the purpose for storage ceases, subject to mandatory retention periods.

WhatsApp’s parent company is certified under the EU-US Data Privacy Framework (DPF). Further details: https://www.whatsapp.com/legal/#privacy-policy.

4. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that lets us integrate tracking and statistical tools and other technologies on our website. Tag Manager itself does not create user profiles, store cookies, or carry out independent analyses; it only manages and runs the tools integrated through it. However, it does collect your IP address, which may also be transferred to Google’s parent company in the United States.

Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. Where appropriate consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR insofar as the consent covers the storage of cookies or access to information on your device. This consent can be revoked at any time. Google is certified under the EU-US Data Privacy Framework (DPF).

Google Analytics

This website uses the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors, including pages accessed, time on page, operating system used, and visitor origin. Google Analytics uses technologies that allow the recognition of users for analysing behaviour (e.g., cookies or device fingerprinting). The information recorded is generally transferred to a Google server in the United States and stored there.

The use of Google Analytics is based on your consent under Art. 6(1)(a) GDPR. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses of the European Commission. Google is certified under the EU-US Data Privacy Framework (DPF). You can prevent the recording of your data by Google Analytics by installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

We have concluded a data processing agreement with Google for the use of Google Analytics.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta.

Hotjar is used to analyse your behaviour on this website. It can record your mouse and scroll movements and clicks, and compile heatmaps showing which parts of the website visitors view most. It can also show how long you stayed on a page, when you left, and where you stopped completing a contact form. Hotjar uses technologies that allow recognition of users for analysing behaviour (e.g., cookies or device fingerprinting).

Where your consent has been obtained, the use of Hotjar is based on Art. 6(1)(a) GDPR; such consent may be revoked at any time. To deactivate the recording of data by Hotjar, follow the instructions at https://www.hotjar.com/policies/do-not-track/ (this must be done separately for each browser and device). Further details: https://www.hotjar.com/privacy. We have concluded a data processing agreement for the use of Hotjar.

Google Ads

We use Google Ads, an online promotional program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites when a user enters certain search terms, and to place targeted ads based on user data Google holds (e.g., location and interests). We can analyse this data quantitatively, for instance which search terms led to our ads being displayed and how many ads led to clicks.

The use of Google Ads is based on your consent under Art. 6(1)(a) GDPR. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses of the European Commission. Google is certified under the EU-US Data Privacy Framework (DPF).

5. Plugins and tools

YouTube with extended data protection

This website embeds videos from YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page with an embedded YouTube video, a connection to YouTube’s servers is established, telling YouTube which of our pages you visited. If you are logged into your YouTube account, YouTube can assign your browsing behaviour to your personal profile; you can prevent this by logging out.

We use YouTube in extended data protection mode. According to YouTube, this mode does not store cookies; instead, local storage elements containing data similar to cookies are stored in your browser and can be used for recognition. Details: https://support.google.com/youtube/answer/171780.

The use of YouTube is based on our legitimate interest in presenting our content attractively (Art. 6(1)(f) GDPR). Where appropriate consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR insofar as the consent covers the storage of cookies or access to information on your device. Google is certified under the EU-US Data Privacy Framework (DPF). Further details: https://policies.google.com/privacy?hl=en.

Adobe Fonts (Typekit)

To ensure the uniform display of fonts, this website uses web fonts provided by Adobe Fonts (Typekit). The provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.

To display these fonts, your browser establishes a connection to Adobe’s servers, which operate from the United States. This means Adobe receives the information that our website has been accessed from your IP address. Adobe Fonts does not set cookies, but the connection necessary to deliver the fonts transmits your IP address to Adobe.

Where your consent has been obtained, the use of Adobe Fonts is based on Art. 6(1)(a) GDPR; this consent may be revoked at any time. Otherwise, the use is based on our legitimate interest in the uniform and appealing presentation of our website (Art. 6(1)(f) GDPR). Adobe is certified under the EU-US Data Privacy Framework (DPF). Further details: https://www.adobe.com/privacy/policies/adobe-fonts.html.

Font Awesome (local embedding)

This website uses Font Awesome to ensure the uniform display of icons. Font Awesome is installed locally, so no connection to the servers of Fonticons, Inc. is established when it is used. Further information: https://fontawesome.com/privacy.

Google Maps

This website uses the mapping service Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use the Google Maps features, your IP address must be stored. This information is generally transferred to a Google server in the United States and stored there. The operator of this website has no control over this transfer. When Google Maps is active, Google may use Google Fonts to display fonts uniformly; your browser then loads the required web fonts into its cache.

We use Google Maps to present our content attractively and to make the locations on our website easy to find (Art. 6(1)(f) GDPR). Where appropriate consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR insofar as the consent covers the storage of cookies or access to information on your device. Data transmission to the US is based on the Standard Contractual Clauses of the European Commission. Google is certified under the EU-US Data Privacy Framework (DPF). Further details: https://policies.google.com/privacy?hl=en.