Privacy policy

Object of this Privacy Policy 

We appreciate your interest in our online presence and the offers on our website.

 The protection of your personal data is of great importance to us. We would therefore like to inform you in detail in this Statement as to which data is collected during your visit to our website and for the use of our offers found there, and how it is processed or utilised by us subsequently. We also describe the accompanying protective actions that we have taken in terms of technical and organisational measures.

As provided for by the GDPR, we shall inform you in accordance with Article 5 and Article 13 of the cited Regulations, pursuant to the transparency requirement, about the nature, scope and purpose of the data processing as well as of the legal basis which legitimises the data processing. Furthermore, we shall indicate the duration of the respective data processing as well as your objection or revocation options, which are linked to the specific data protection-relevant measure in each case. If no right of objection may be granted due to technical reasons (because the processing of the data is absolutely necessary for the technical operation of the website), we assure that no data on your part shall be stored by us.

Your other rights, which you can exercise independently of the specific measure, can be found in the section entitled \’Rights of the data subject\’ at the end of this Privacy Policy. Transparency is also indicated therein—irrespective of the specific measure—because of your option of objection and revocation.

 

Responsible office/service provider 

The responsible office within the meaning of the General Data Protection Regulation (GDPR), ZVOP-1 (Zakon o varovanju osebnih podatkov) is:

Liberty Travel d.o.o.

Dunajska 109, 1000 Ljubljana, Slovenia

Telephone number: 00 386 (0)1 232 11 71

Email: adiatic@liberty-int.com

Website: www.liberty-adriatic.com

 

(See also our Legal Notice.)

 

If you have any questions or comments about this Privacy Policy or about data protection in general, please write to the following email address: Maximilian Wenger-Oehn, dpc@liberty-int.com (Data Protection Coordinator / Representative for Data Protection).

 

Legal basis for the processing of personal data

 

Insofar as we seek the consent of data subjects for the processing operations of personal data, Art. 6 para. 1 lit. a of the GDPR serves as the legal basis for processing of the personal data.

 

As regards the processing of personal data which is necessary for the performance of a contract to which the data subject is a contractual party, Art. 6 para. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary for the performance of pre-contractual measures.

 

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis.

 

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d of the GDPR serves as the legal basis.

 

If processing is required to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh the initial interest, Art. 6 para. 1 lit. f of the GDPR serves as the legal basis for the processing.

 

Data erasure and storage duration

The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage is no longer applicable. Moreover, the data shall be stored if such storage has been designated by the European or national legislator in Union regulations, laws or other provisions to which the responsible body is subject. Unless there is a need for further storage of the data for contract conclusion or contract fulfilment, the data shall be blocked or erased once the storage period prescribed by the indicated standards expires.

 

Processing operations relevant to data protection

Collection and use of your data through visiting our website

 

Description of the nature and scope of the data processing

In general, it is not necessary for you to provide personal data for the informational use of our website. Rather, in this case, we collect and use only that of your data which your Internet browser has transmitted to us automatically, such as:

  • Information about the browser type and the version used
  • Operating system of the user
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites via which the system of the user reaches our website
  • Websites that are accessed by the user\’s system via our website

 

This data is not stored together with other personal data of the user. 

 

The purpose of data processing

If you wish to look at our website, the collection of the above data is technically necessary in order to show you our website, and to ensure stability and security.

 

This also presents our legitimate interest in data processing for this purpose in accordance with Art. 6 para. 1 lit. f of the GDPR.

 

Legal basis

The collection is lawfully carried out in accordance with Art. 6 para. 1 lit. f of the GDPR.

 

Duration of the data processing

The data shall be erased as soon as it is no longer necessary for achieving the purpose of its collection. In case of data collection for website deployment, such is the case if the respective session has ended.

 

Objection and revocation option

The collection of the data for website deployment is compulsory for the operation of the website. There is no option of objection in this respect.

 

Email communication   

 

Description of the nature and scope of the data processing

In the case of email communication via the email address displayed on our website, we collect, process and store personal data such as the surname, first name, title where applicable, postal address, email and IP address of the user, as well as the date and time of registration, in order to provide the respective services, to get in contact, to process your enquiry and in the event that follow-up questions arise.

When making contact via the provided email address, the personal data of the user which is submitted along with the email shall be stored.

There is no disclosure of data to third parties in this context. The data is used exclusively for processing of the conversation.

 

The purpose of data processing

When contact is made via email, the required legitimate interest in data processing is present in this case as well.

 

Legal basis for the data processing

Art. 6 para. 1 lit. f of the GDPR is the legal basis for processing the data which is sent as part of an email. If the email contact is aimed towards the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b of the GDPR.

 

Duration of the storage

The data shall be erased as soon as it is no longer necessary for achieving the purpose of its collection. In terms of personal data that has been sent via email, such is the case if the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant issues have finally been clarified. The personal data additionally collected during the sending process shall be erased after a period of seven days at the latest.

 

Objection and revocation option

If the user gets in contact with us by email, he/she can object to the storage of his/her personal data at any time. In such a case, the conversation can no longer continue. All personal data that has been stored over the course of making contact shall be erased in such a case.

 

Security notice

With regard to making contacting by email, we would like to note that data transfer over the Internet presents issues with security holes in email communication and cannot be completely protected against access by third parties. Personal data in the framework of email communication shall usually be transmitted from your computer via an unsecured connection over the Internet. Information that you send unencrypted by email could be read, stored and misappropriated by third parties along the way. We would therefore like to point out that no confidential information should be sent to us without the use of an encryption program.

 

Use of cookies

 

Nature and scope of the data processing

Our website uses cookies. Cookies are text files that are saved in the Internet browser or by the Internet browser on the computer system of the user. When a user visits a website, a cookie may be stored on the operating system of the user. This cookie contains a characteristic string which enables a clear identification of the browser when re-visiting the website.

 

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser is identifiable even after a page break.

 

The purpose of the processing

The purpose of using technically necessary cookies is to simplify the use of website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page break. This presents our legitimate interest in data processing.

 

The user data collected through technically necessary cookies shall not be used to create user profiles.

 

Legal basis for the processing

Upon consent, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f of the GDPR.

 

Duration of the storage, revocation and withdrawal option

Cookies are stored on the computer of the user and transmitted thereby onto our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of the cookies. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, there is a possibility that not all website functions shall be fully usable.

 

Use of Google Analytics

 

Nature and scope of the data processing

This website uses Google Analytics, a web analytics service provided by Google Inc. (\’Google\’). Google Analytics uses so-called \’cookies\’ – text files that are stored on your computer and that allow an analysis of the website use through you. The information generated by the cookie through your use of this website shall usually be transferred to a Google server in the United States and stored there. In case of activation of IP anonymisation on this website, your Google IP address shall however be truncated beforehand within the member states of the European Union or within the other contracting states to the Agreement on the European Economic Area. Only in exceptional cases shall the full IP address be sent to a Google server in the US and truncated there. Google shall use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activities, and to provide other services associated with the website and internet usage to the website operator.

The IP address transmitted by your browser within the context of Google Analytics shall not be merged with other data from Google.

This website uses Google Analytics with the extension \’_anonymizeIp()\’. IP addresses shall therefore be processed further in a truncated manner; direct personal references can thus be excluded. If there is a personal reference in the data collected about you, this shall be excluded immediately and the personal data promptly erased.

 

Purpose

We use Google Analytics in order to analyse the use of our website and to be able to improve upon it regularly. We can improve our offer and make it more attractive for you as a user through the statistics obtained. This presents our legitimate interests. For the exceptional cases wherein personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: http://www.google.com/analytics/terms/de.html

Overview on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html as well as the Data Protection Statement: http://www.google.de/intl/de/policies/privacy.

 

Legal basis

The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f of the GDPR.

 

Objection and revocation option

You can prevent the storage of cookies through a corresponding setting of your browser software. However, please note that if you do this, you may not be able to use all the functions of this website to the fullest possible extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

 

Social plug-ins

 

Nature and scope of the data collection

We currently use the following social media plug-ins: Facebook, Google+, Twitter, YouTube, LinkedIn and Instagram. We also use the so-called two-click solution. This means that when you visit our site, generally no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only once you click on the marked field thereby activating it, shall the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the following data is transmitted:

  • IP address
  • The date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • The transmitted amount of data in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

 

In the case of Facebook, according to the statement of the respective provider in Slovenia, the IP address shall be anonymised immediately after collection. By activating the plug-in, personal information about you shall be transmitted to the respective plug-in provider and stored there (in the USA in the case of US providers). Because the plug-in provider carries out data collection via cookies in particular, we recommend that you delete all cookies before clicking on the greyed-out boxes via the security settings of your browser.

 

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purpose of the processing or the retention periods. Moreover, we have no information on the erasure of the data collected by the plug-in provider.

 

Purpose of the data collection

The plug-in provider stores the data collected about you as usage profiles and applies this for purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (including for users who are not logged in) for the presentation of needs-based advertising and in order to inform other social network users about your activities on our website. In terms of the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more attractive for you as a user.

 

The data transfer takes place regardless of whether or not you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us shall be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for instance, link the page, the plug-in provider shall also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, especially so before activating the button in order to avoid any association of your profile by the plug-in provider.

 

Further information on the purpose and scope of the data collection and its processing by plug-in providers can be found in the data protection statements of these providers as listed below. There you can also find more information about your related rights and configuration options for the protection of your privacy.

 

Addresses of the respective plug-in providers and URL with their data protection notices:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

d) YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai USA, https://policies.google.com/privacy?hl=de&gl=de

e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

f) Instagram LLC, represented by Kevin Systrom and Mike Krieger, 1601 Willow Rd, Menlo Park CA 94025, USA, https://help.instagram.com/155833707900388/?helpref=hc_fnav&bc[0]=Instagram-Hilfe&bc[1]=Datenschutz%20und%20Sicherheitsbereich

 

Legal basis for the data collection

The legal basis for the use of plug-ins is Art. 6 para. 1 sentence 1 lit. f of the GDPR.

 

Objection and revocation option

You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.

We recommend that you log out regularly after using a social network, especially so before activating the button in order to avoid any association of your profile by the plug-in provider.

 

Transfer of data to third parties

 

Your personal data shall be passed on, where applicable, to supporting service providers which have been carefully selected by us. These may be technical service providers, service providers supporting us in distribution or third-party companies involved in data processing (so-called outsourced data processing, external data processors). If we use external data processors, they are contractually obligated—under observance of the data protection regulations and according to our instructions—to handle your personal data with care, and neither to use it for their own purposes nor to pass it on to third parties.

Otherwise, your data shall be transferred to other third parties by us only if we are legally obliged to do so. Due to legal requirements, we are obliged to pass on your personal data to third parties in certain cases. Such is the case, for instance, if there is suspicion of a crime or misuse of this website. We are then required to disclose your personal data to the competent law enforcement authorities. Upon an order by the competent authorities, we may therefore provide information on this data in individual cases to the extent that this is necessary for the purposes of law enforcement, danger prevention, the fulfilment of statutory duties of constitutional protection authorities or the military counter-intelligence, or for the enforcement of intellectual property rights.

 

Duration of the storage

Your personal data shall only be stored for as long as it is necessary for the required purpose. The personal data shall be erased as soon as it is no longer necessary to fulfil the purpose of the storage.

 

Rights of the data subject

 

Should any personal data be processed about you, you are considered to be the data subject in the sense of the GDPR and you are entitled to the following rights with respect to the responsible body:

 

The right to information

 

You may request confirmation from the responsible body as to whether any personal data relating to you has been processed by us.

 

Should any such processing have been carried out, you may request information on the following details from the responsible body:

  • the purposes for which the personal data is processed;
  • the personal data categories that are being processed;
  • the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  • the planned duration of storage of the personal data relating to you or, if specific information is not available in this respect, the criteria for determining the duration of storage;
  • the existence of a right to the rectification or erasure of the personal data relating to you, a right to the restriction of processing by the responsible body or a right to object to such processing;
  • the existence of a right of complaint to a supervisory authority;
  • all available information on the origin of the data, if the personal data is not collected from the data subject;
  • the existence of automated decision-making including profiling under Art. 22 para. 1 and 4 of the GDPR and—at least in these cases—meaningful information about the logic involved as well as the consequences and the intended impact of such processing on the data subject.

You have the right to request information about whether any personal data relating to you is being transferred to a third country or to an international organisation. In this context, you may request to be notified about the applicable guarantees under Art. 46 of the GDPR in connection with the transfer.

 

The right to rectification

 

You have a right to rectification and/or completion with respect to the responsible body, provided that the processed personal data relating to you is inaccurate or incomplete. The responsible body must implement the rectification without delay.

 

The right to restriction of processing

 

You may request to restrict the processing of the personal data relating to you under the following conditions:

  • if you dispute the accuracy of the personal data relating to you for a duration which would allow the responsible body to verify the accuracy of the personal data;
  • the processing is unlawful and you decline the erasure of the personal data, and instead request the restriction of the use of the personal data;
  • the responsible body no longer needs the personal data for processing purposes, however you need it to assert, exercise or defend legal claims; or
  • if you have objected to the processing pursuant to Art. 21 para. 1 of the GDPR, and it has not yet been determined as to whether the legitimate reasons of the responsible body outweigh your own reasons.

If the processing of the personal data relating to you has been restricted, such data may—apart from its storage— be processed solely with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal entity, or for reasons of significant public interest of the Union or of a Member State.

If the restriction of the processing was implemented in accordance with the above-mentioned conditions, you shall be notified by the responsible body before the restriction is lifted.

 

The right to erasure

 

Obligation to erase

You may request from the responsible body that the personal data relating to you be erased immediately. The responsible body is then obliged to erase this data immediately, provided that any of the following applies:

  • The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent to the processing in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 para. 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 of the GDPR.
  • The personal data relating to you has been processed unlawfully.
  • The erasure of the personal data relating to you is required to fulfil a legal obligation under Union law or the law of the Member States to which the responsible body is subject.
  • The personal data relating to you was collected based on the offered services of the information society pursuant to Art.8 para. 1 of the GDPR.

 

Information to third parties

If the responsible body has publicly disclosed the personal data relating to you and has an obligation to the erasure of such pursuant to Art. 17 para. 1 of the GDPR, it shall—taking into account the available technology and the implementation costs—take the appropriate measures, including those of a technical nature, to inform the responsible body who processes the personal data that you, as a data subject, have requested of them the deletion of all links to this personal data, or copies or replications of this personal data.

 

Exceptions

There is no right to erasure if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation which requires the processing under the law of the Union or of the Member States to which the responsible body is subject, or arises for the performance of a task which is in the public interest or in the exercise of official authority, which has been assigned to the responsible body;
  • for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 of the GDPR;
  • for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 para. 1 of the GDPR, provided that the right mentioned under section a) prospectively renders impossible or seriously impairs the realisation of the objectives of this processing; or
  • for the assertion, exercise or defence of legal claims.

 

The right to information

 

If you have asserted the right to rectification, erasure or restriction of processing with respect to the responsible body, the latter is obliged to communicate this rectification or erasure of data or the restriction of processing to all recipients to whom the personal data relating to you has been disclosed, unless this proves to be impossible or involves disproportionate effort.

You are entitled to the right, with respect to the responsible body, to be notified about these recipients.

 

The right to data portability

 

You have the right to obtain the personal data relating to you, which you have provided to the responsible body, in a structured, commonplace and machine-readable format. Moreover, you have the right to transfer this data to another responsible body without interference by the responsible body to whom the personal data had been provided, as long as

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR, or on a contract pursuant to Art. 6 para. 1 lit. b of the GDPR, and
  • the processing is executed using automated procedures.

In exercising this right, you also have the right to issue that the personal data relating to you is transferred directly from one responsible body to another responsible body, provided that this is technically feasible. The freedoms and rights of other persons may not be affected thereby.

The right to data portability does not apply to the processing of personal data which is required for the performance of a task that is in the public interest or arises in the exercise of official authority, which has been transferred to the responsible body.

 

The right of objection

You have the right to object at any time—for reasons that arise from your particular situation—to the processing of personal data relating to you, which is carried out on the basis of Art. 6 para. 1 lit. e or f of the GDPR. This also applies to profiling based on these provisions. Please direct your objection to our data protection officers.

The responsible body shall no longer process the personal data relating to you, unless it can prove compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If the personal data relating to you is processed in order to engage in direct advertising, you have the right to object to the processing of the personal data relating to you at any time for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Should you object to the processing for direct marketing purposes, your personal data shall no longer be processed for these purposes.

You have the option, in connection with the use of services of the information society and notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures, whereby technical specifications are used.

 

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. By revoking the consent, the legality of the processing carried out on the basis of consent shall not be affected up until the revocation.

 

Automated decision on an individual basis including profiling

 

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that impact you or which significantly affects you in a similar manner. This does not apply if the decision

  • is required for the conclusion or performance of a contract between you and the responsible body;
  • is permissible on the basis of Union or Member State legislation to which the responsible body is subject, and this legislation contains appropriate measures for safeguarding your rights and freedoms as well as your legitimate interests; or
  • is made with your express consent.

However, these decisions may not be based on special personal data categories pursuant to Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 lit. a or g applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

As regards the first and third exceptions, the responsible body shall take appropriate measures to uphold the rights and freedoms as well as your legitimate interests, which involves at least the right to obtain the intervention of a person on the part of the responsible body, upon the statement of its own position and upon the challenge to the decision.

 

The right to complain to a supervisory authority

 

Without prejudice to any other regulatory or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of work or place of alleged infringement, if you believe that the processing of the personal data relating to you violates the GDPR.

The supervisory authority, to which the complaint was lodged, shall inform the complainant on the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

Data protection for hyperlinks to external websites 

We take no responsibility for the confidential handling of your data should you find hyperlinks on our website that take you directly onto the website of another provider (e.g. recognisable by the change of URL). Such is the case since we have no control over the compliance with data protection regulations by these companies. Please refer to the websites directly to find out about the handling of your personal data by these companies.

Data security

We use technical and organisational security measures to protect incoming or collected personal data about you, in particular against accidental or intentional manipulation, loss, destruction and against attacks by unauthorised persons. Our security measures are continuously improving in line with technological developments. 

Scroll to Top