We look forward to your visit to our website, where we offer you personalised information about our company and our services. We consider transparency and integrity important issues to consider in the processing of your personal data. We observe data protection regulations, namely the EU General Data Protection Regulation (“GDPR”) and Slovenian national regulations.
In this Privacy Notice, we explain what information (including personal data) we process during your visit and use of our above internet offering (“Website”) and what rights you have over your personal information.
Who is responsible for data processing?
The party responsible (under data protection law) for the processing of personal data is Aviofun d.o.o., Gorče 12a, SI-2372 Libeliče, Slovenia.. Any reference to “we” or “us” in these data protection instructions refers in each case to the aforementioned company.
The Group Data Protection can be reached via the above contact methods, as well as at firstname.lastname@example.org.
If you have questions comments regarding the subject of data protection, please also feel free to contact email@example.com.
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
What principles do we observe?
In compliance with data protection regulations, we process your personal data only if permitted by law or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.
We may also collect information on this website that cannot be used by itself to identify you personally. In certain cases, especially when combined with other data, this information can nonetheless be considered “personal data” as defined by data protection legislation. We may also collect information on this website that does not allow us to identify you, either directly or indirectly; this includes, for example, aggregated information about all users of this website.
What data do we process? For what purposes and on what legal basis does thos processing take place?
You can access our website without providing direct personal information (such as your name, postal address, email address, ...). Again, we do need to collect and store certain information so as to enable you to access our website. We also use certain analytical methods and integrated third-party functionalities on our website. In addition, we offer some functions on our website, for which you must provide personal data.
We collect and process personal data in the following scope:
Log Files: When you visit this website, our web server automatically stores data and information about the device and browser you are using. This information includes the browser type and version used, the operating system, the Internet Service Provider, the IP address of your device, the date and time of access, the website from which you visited our website, and the pages you visited on our website. We process this technical information in the log files of our systems and do not combine them with other personal data about you. We process technical information in order to enable you to access our website, to ensure the functionality of our website and the security of our IT systems, and to optimize our website. The legal basis for this type of processing is Article 6, Section1 (f) of GDPR.
Tracking software collects pseudonymous usage data to be able to clearly identify the browser. Apart from cookies (see above), no other data are stored on your device.
For more information about the cookies and tracking software we use, their purposes, and their legal basis (bases), we have add separate Cookie Information.
What is a Cookie?
We use the following types of cookies on skydivebovec.com
Session cookies which are temporarily stored in your computer’s memory for the duration of your browsing session time. They will become unsuable after the website session has been inactive for a time and will then be deleted once the browser is window has been closed. This happens automatically.
Google Analytics – Track the pages you visit for Google Analytics. This information is annonymous.
Web server tracking – The web server will track visiter IP address where not masked.
What We Will Not Store or Do
Any financial or payment details
Sell or give any of your data to any non-skydiving third party.
What We May Store
If you choose to purchase a product online – your name, contact details, skydiving course type, age, weight, height, specific booking details.
If you request a DVD/brochure – your name, contact details and skydiving course type.
The booking system will also remember where you are within the booking process unless you close the browser window.
What We May Offer You
The option to share pages and posts via social media platforms. For example Facebook, Twitter, etc.
The ability to book online securely and to request a DVD/Brochure package be posted out to you.
Flight or service Booking: We could offer you the option to book our flights or services on our website.
Booking dates: We ask for information required for the processing of your booking (specifically your first and last name, your date of birth, your billing address and other details on the payment method you selected, and, if applicable, passport/visa information). You can give additional information on a voluntary basis (such as your email address or cell phone number). Required information is designated as such on our website; without this information, the completion of your booking is not possible. We process this data for the execution of the contract of carriage with you; the legal basis for this is Article 6, Section 1 (b) of GDPR.
Flight or service Related Mailings: We use your email address for sending flight-related information and offers by email, such as to remind you of check-in or to offer you additional services for your flight (seat, carry-on luggage, meals, best-in-class seat pitch). The legal basis for this is Article 6, Section 1 (f) of GDPR.
Account data: When booking your flight or services, you may be asked to create an account. In this case we keep only salutation, first name, last name, cell phone number, email address, and a password. You can add more data to your account later (see 4 for more information about the account). The legal basis for this is Article 6, Section 1 (f) of GDPR.
Advance Passenger Information (API): An increasing number of destination countries (in the future to include member states of the European Union) require us as an airline to provide data about passengers entering or leaving the country, in some cases even when flying over the country in question. Applicable legal provisions typically stipulate the provision of data about the identity and travel documents (passport, visa) of the passengers and crew members on board. Not all of these data are collected by us at the time of booking; in many cases, the collection of this information takes place shortly before departure, potentially via the “machine-readable area” of recent travel documents. We process these data exclusively for provision to the authorities of the respective destination country in fulfilment of our legal obligations; the legal basis for this is Article 6, Section 1 (c) of GDPR.
Contact Persons: In accordance with Regulation (EU) 996/2010 on the investigation and prevention of civil aviation accidents and incidents, we offer each client the option of using a call centre contact person to be contacted if needed. This information is linked to the booking, is used exclusively to meet the requirements of the above regulation, and is deleted 48 hours after the last flight of the booking. The legal basis for processing this data is Article 6, Section 1 (c) of GDPR.
Partner programs: When booking a service, you can earn reward from our partner’s programmes. For this, we require the corresponding programme number. Furthermore, we also ask for information required to process your booking. We transfer to our partners the specified programme number as well as your first and last name and booking details so that the bonus can be credited to the respective programme. The legal basis for this is Article 6 (1) b) GDPR.
Partner Offers: Based on your booked service, we could offer you partner services in the areas of car rental, rail transport, hotel business, and travel insurance during the booking of your service. If you accept the corresponding offers, we will transmit the necessary data to our partner company. The legal basis for this is Article 6, Section 1 (b) of GDP
Registration/My Account: On our website, we offer you the opportunity to register and to apply for an account. For this, we ask for your first and last names, your cell phone number, your email address, and a self-determined password. Once you have registered, you can also enter additional information (such as additional details for future bookings, flight booking preferences, or payment details) in your account, and view other information such as the services you have booked. To access your account, we may request that you enter data collected during your registration (especially for your identification). We process the data to your account in order to provide you with this functionality. The legal basis for this is Article 6, Section 1 (b) of GDPR.
Information via Email: If you have subscribed to our email newsletter, we will, based on your consent, process your email address and any information recorded in your account to provide you with information tailored to your interests, such as services, offers, and promotions, in addition to the services of Aviofun d.o.o., credit cards, and selected partner companies in the areas of travel and mobility (e.g. package tours, hotels, car rental, insurance, events, tours, and activities). In addition, we evaluate data generated from the delivery and retrieval of our emails in aggregated form (delivery rate, open rate, click-through rates, conversion rate, unsubscribe rate, bounce rate) in order to analyse the success and use of our emails. On the other hand, we also evaluate data generated by the retrieval and use of these emails (open times, clicked hyperlinks, downloaded documents) in order to provide you with individualized information in future emails that reflects your interests and takes your needs into account as effectively as possible. On our website, movement data such as specific service search, , cancellation of a service (basket cancel, retargeting, etc.) is used to personalize the newsletter.
Your personal data will not be shared with third parties, and we process your data solely for the selection of individualized content and distribution of the newsletter within the scope of the consent you have given. The legal basis for this is Article 6, Section 1 (a) of GDPR.
Contact: You can communicate with us via our contact form or by email, as well as using the form for investigation of a compensation claim pursuant to Article 7 of Regulation (EC) No. 261/04. We collect all the information you provide and keep it only as long as is necessary for the processing of your request. After processing is complete, the data could be kept longer for reasons of evidence. The legal basis for this is Article 6, Section 1 (a) (b) as well as (f) of GDPR.
Webchat: If you use our online chat support, we process only the data you have directly provided. The provision of name and address is voluntary. We save this data only for the duration of the chat session. The legal basis for this is Article 6, Section 1 (a) and (f) of GDPR.
Participation in Sweepstakes: If you participate in our sweepstakes, we save your contact information, as well as booking code and winning code if necessary, in order to operate the competition and contact the winners. The legal basis for this is Article 6, Section 1 (b) of GDPR.
Statistical Evaluations: If necessary, we may evaluate your personal information in order to evaluate your preferences, for the purposes of interest-based marketing, an individualized approach, and the continuous optimization of our business processes. We do this in order to gain a better understanding of what our customers expect from us and to be able to provide you with personalized communications. In addition, these evaluations help us detect fraud, audit our records, and ensure security; we therefore perform this type of processing to safeguard our legitimate interests. The legal basis for this is Article 6, Section 1 (f) of GDPR.
Further Legitimate Interests: To the extent necessary, we process your data beyond the above purposes for the protection of our legitimate interests or the interests of third parties; this is done on the basis of Article 6, Section 1 (f) of GDPR. Our legitimate interests include:
the assertion of legal claims and the defence of legal disputes;
the prevention and investigation of criminal offences; and
the management and further development of our business activities, including risk management.
Am I required to provide data?
The information required for service booking, registration of account, and registration for email communications are marked as mandatory in the appropriate sections of the website (e.g. online form); if you do not provide the mandatory information, we cannot allow you to use the given functionality.
In addition, if we collect personal information from you, we will tell you at the time we collect it whether the provision of that information is required by law or is required to execute a contract. In doing so, we generally identify any information that is provided on a voluntary basis and not according to any of the above obligations or not required to execute a contract.
Who receives my data?
Your personal data is generally processed within our company. Depending on the type of personal information, only certain departments/organizational units have access to your personal information. These include, in particular, the specialist departments involved in the provision of our services and our IT department. A role and authorization concept limits access within our organization to those functions and to the extent required for the particular purpose of the processing.
We may also transfer your personal information to third parties outside our company to the extent permitted by law. In particular, these external receivers may include the following:
affiliates to whom we transfer personal information for internal management purposes within the Aviofun d.o.o. subsidiaries ;
third parties we use to provide our services (such as the operation of our services), only to the extent the transmission is necessary to fulfil contracts executed with us, such as providers of ground handling services at the airports we serve;
the service providers we engage (for example in the areas of transport, marketing, IT, or payment processing) who provide services for us on an independent contractual basis, which may also include the processing of personal data, as well as subcontractors of our service providers who are involved with our consent;
non-public and public entities, in cases where we are required by law to provide your personal data.
I there automated decision making?
In general we do not use any automated decision making (including profiling) in connection with users of our website, as per Article 22 of GDPR. If we use such procedures in individual cases, we will inform you separately about this to the legally required extent.
Will data be transmitted to countries outside of the EU/EAA?
In principle, the processing of your personal data takes place within the EU or the European Economic Area.
In certain cases, information may be transmitted to recipients in so-called “third countries”. “Third countries” are countries outside of the European Union or the European Economic Area, for which it is not possible to assume a level of data protection comparable to that of the European Union.
How long will my data be saved?
In principle, we store your personal data as long as we have a legitimate interest in its storage, and we do not consider our importance to outweigh your interests in the non-continuation of the storage.
Even without a legitimate interest, we can continue to store the data if we are legally obligated to do so (for example, to fulfil record-keeping obligations). We also delete your personal data without your involvement as soon as its retention is no longer necessary to fulfil the purpose for which it was processed, or in cases where storing your data is otherwise legally inadmissible.
log data is deleted within thirty days, unless further storage is required for lawful purposes such as the detection of misuse and the detection and removal of technical malfunctions;
the data processed in connection with a service booking is deleted no later than after expiration of legal retention periods; and
any data processed in connection with the registration of an account is deleted in the process of deleting the customer account.
Any personal data we need to keep in order to fulfil our retention obligations will be kept until the end of the respective retention obligation. Any personal data kept solely for the purpose of fulfilling retention requirements are generally blocked so that they can only be accessed if necessary with respect to the purpose of the retention obligation.
What rights do I have?
Right to object, according to Article 21 of GDPR
You have the right, at any time, to object to the processing of personal data concerning you pursuant to Article 6, Section 1 (e) or (f) of GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. In the event of your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing is for the purpose of asserting, exercising, or defending legal claims.
If we process the personal data relating to you for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
Regardless of Directive 2002/58/EG, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Revocation of Consent
If you have given us consent (for example, in connection with information by email, you may revoke such consent at any time with future effect. In our email communications, we generally provide a corresponding link in every one of our newsletters. You can also contact us via other methods, e.g. by post, fax, or email using any of the contact methods listed on the first page of this Privacy Notice.
As the affected person, you have the right:
to information about what personal data has been collected and saved, according to Article 15 of GDPR;
to correction of incorrect or incomplete data, according to Article 16 of GDPR;
to the deletion of personal data, according to Article 17 of GDPR;
to the restriction of processing, according to Article 18 of GDPR, and
to data portability, according to Article 20 of GDPR
If you have any questions about the processing of your data, you can also contact our data protection officer.
You are also entitled to file a complaint with a competent data protection supervisory authority, according to Article 77 of GDPR.