Last updated: [DATE]
This Privacy Policy describes how Soča Base Camp, Saša Kovačič s.p. (“we”, “us”, “our”) collects, uses and protects personal data when you visit our website at socabasecamp.com or book one of our activities. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Slovenian Personal Data Protection Act (ZVOP-2).
1. Data controller
Soča Base Camp, Saša Kovačič s.p.
Žagarjeva 7, 5220 Tolmin, Slovenia
Email: socabasecamp@gmail.com
2. What data we collect
When you book an activity we collect:
First and last name
Email address
Phone number (optional)
Country
Activity, date and number of guests
Any notes or special requirements you choose to share
Your IP address and browser type, automatically
Timestamp of your consent to this policy and to the River Pass requirement
Payment card information is never stored on our servers — it is handled directly by our payment provider, SumUp, on their PCI-DSS compliant infrastructure.
3. Why we process your data — legal basis
Contract performance (Art. 6(1)(b) GDPR): to confirm and deliver your booking, send confirmation emails, contact you about scheduling.
Legal obligation (Art. 6(1)(c) GDPR): to keep accounting records as required by Slovenian tax law.
Legitimate interest (Art. 6(1)(f) GDPR): to improve our services, prevent fraud, and respond to inquiries.
Consent (Art. 6(1)(a) GDPR): for any optional newsletter you sign up for, and for non-essential cookies (see Cookie Policy).
4. Who we share your data with
We share data only with the following processors, each bound by a Data Processing Agreement:
SumUp Payments Ltd (Ireland) — payment processing
[YOUR HOSTING PROVIDER] — website hosting (servers in [LOCATION])
Google LLC — analytics (only if you accept analytics cookies)
Slovenian tax authorities — only when legally required
We do not sell or rent your personal data to third parties.
5. How long we keep your data
Booking records: 10 years (Slovenian accounting requirement)
Email correspondence: 3 years
Newsletter subscribers: until you unsubscribe
Server logs: 30 days
6. Your rights
Under the GDPR you have the right to:
Access the personal data we hold about you
Request correction or completion of inaccurate data
Request deletion (“right to be forgotten”) — subject to legal retention requirements
Restrict or object to processing
Data portability — receive your data in a machine-readable format
Withdraw consent at any time, where consent is the legal basis
Lodge a complaint with the Slovenian Information Commissioner (www.ip-rs.si)
To exercise any of these rights, contact us at socabasecamp@gmail.com. We will respond within 30 days.
7. International transfers
Some of our processors (e.g. Google) may transfer data outside the EU/EEA. Such transfers are protected by Standard Contractual Clauses approved by the European Commission.
8. Security
Our website uses HTTPS encryption. Booking data is stored in a secured database with restricted access. Payment details never reach our servers — SumUp handles all card data on their certified PCI-DSS infrastructure.
9. Changes to this policy
We may update this Privacy Policy. The “Last updated” date at the top will reflect changes. Material changes will be communicated by email to active customers.
10. Contact
Questions about this policy or your data? Email socabasecamp@gmail.com or write to:
Soča Base Camp, Saša Kovačič s.p.
Žagarjeva 7
5220 Tolmin
Slovenia