Blog
Gallery
Discounts for our guestContact us

Privacy Statement

By this Privacy Statement MYSA d.o.o., Kranjska Gora, Borovška 71, registration No.: 9347020000, VAT ID: SI 84287845, (hereinafter: MYSA or the Data controller) establishes rules of conduct in relation to personal data protection pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), the Act on Enforcement of the General Data Protection Regulation (NN 42/2018) and other applicable legal regulations.

1. Definitions

Personal data/Data means any information relating to an identified or identifiable natural person.

Data subject is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations that is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. General

We take Personal data protection seriously. We process Personal data legally, fairly and transparently. This means that Data is collected only to the necessary extent, we regularly update our databases and stop processing Data when it is no longer necessary, or when we no longer have the consent of the Data subjects.

As Data controller, we implement organizational, technical and administrative measures ensuring that the Data aren’t unauthorizedly or illegally processed, accidentally lost, destructed or damaged.

3. When we process data

MYSA can process the Personal data in further cases:

-  Data of persons who contact us by e-mail, phone, via booking engine or otherwise – name, last name, e-mail, telephone number;

-  Data of persons who book their stay at MYSA accommodation – first name, last name, date of birth, gender, citizenship, type of document, document number, and information on whether the person may be exempt from paying the fee according to applicable laws (e.g. children, persons with disabilities, refugees, police officers on duty, disaster relief volunteers, etc.).

4. How long we store data for

In case of persons who just contact us, we store data for as long it's necessary to resolve their query.

In case of guests of MYSA accommodation, we store the data during their stay and afterwards, until all mutual relations have been resolved. However, in accordance with the relevant regulations, data must be retained for the current and previous season, and once any other mutual obligations have been fulfilled, the data will be deleted.

Personal data stated within the invoices are kept during the required preiod in accordance with the accounting laws and regulations.

We process certain data based on a legitimate interest (name and surname, e-mail address, telephone number, etc.), for offering our services.

5. Whom we share personal data with

We sometimes need to share personal information with third parties in order to provide our services.

Our accommodation is managed by a Slovenian property management agency with whom we share customer data under a confidentiality agreement.

With our other external associates, for example, tourist agencies, providers of accounting services, IT infrastructure providers, and other service providers, we have concluded appropriate agreements, to which they are subject to the obligation of confidentiality and lawful handling of Personal data. When external associates act as data processors, we conclude appropriate data processing agreements with them.

We are obliged to disclose some information to the competent authorities when we are obliged in accordance with applicable regulations, e.g. Agency of the Republic of Slovenia for Public Legal Records and Related Services (AJPES), Ministry of internal affairs (Police Administration) and Municipal Administration of Kranjska Gora.

In some cases, we will disclose the information if necessary to protect our interests or interests of some other persons and when legally justified, e.g. for the purpose of legal proceedings.

We use services of an EU-based third-party-provider BENTRAL to manage your bookings that operates under the following rules Privacy Policy - BENTRAL.

Our accommodation can be also booked via platforms Booking and Airbnb and if you choose to book our services via those platforms, you accept their terms of use and their privacy policies linked here: Booking Privacy Policy / Airbnb Privacy Policy

6. How we protect personal data

In our work, we implement technical, physical and administrative measures to ensure that Personal data is protected from loss, misuse, unauthorized access, disclosure and alteration.

7. Data subjects rights

1. Right of access (GDPR Art. 15) – you have the right to be informed about Data we collected, for what purpose, period of processing and to whom we transfer it, how processing can be limited, etc.;

2. Right to correction (GDPR Art. 16) - in relation to incomplete or inaccurate Data;

3. The right to erasure and to be forgotten (GDPR Art. 17) - in case we no longer need the Data or you withdraw consent;

4. The right to limit processing (GDPR Art. 18) - if you dispute the accuracy of the Data, if the processing is illegal, if you have objected to the processing, etc.;

5. Right to be informed (GDPR Article 19) – within this Privacy Statement and also on your request, you can obtain information on our identity, contact data, the purposes of the processing and the legal basis for the processing of Data, recipients, Data transfer to third countries, storage period, ability to withdraw consent, etc.

6. Right to Data portability (GDPR Art. 20 - you have the right to receive your Personal data in a structured form and in a commonly used and machine-readable format as well as to transfer this Data to another controller if the processing is carried out automatically and based on consent or contract;

7. Right to object (GDPR Art. 21) - if your Data is processed for the purpose of performing tasks of public interest or in the exercise of official authority, on the basis of legitimate interest or for the purposes of direct marketing, you can object to such processing;

8. Right regarding automated individual decision-making, including profiling (GDPR Art. 22) - you have the right to express your opinion, challenge the decision and seek the involvement of a person in the process to clarify the decision made by the computer algorithm.

For all questions and requests regarding Personal data, please contact us at info@mysa.si

For all complaints, you can also contact the competent supervisory authority in the Republic of Slovenia Information Commissioner | GOV.SI Dunajska cesta 22, 1000 Ljubljana, +386 1 230 97 30 / gp.ip@ip-rs.si / www.ip-rs.si.

8. Changes to this Privacy Statement

MYSA may from time to time, without notice, amend this Privacy Statement and such changes will take effect on the day of publication. You will be informed about this in an appropriate way through our official website.

Published in November 2024

Get in touch

If you have any question feel free to contact us!
Contact usBook now
+386 51 886 007info@mysa.siPrivacy PolicyMysa 2025, All rights reserved
Mysa logo white
Our blogGalleryPrivacy policyInstagram
Book nowDiscounts for our guest