Privacy policy
The purpose of this Privacy Policy is to inform customers, potential customers, or visitors to the websites owned by JATrail d.o.o. about the purposes and legal basis for the processing of personal data by JATrail d.o.o., Mesarska cesta 4f, 1000 Ljubljana, Slovenia (hereinafter referred to as: JATrail/provider).
At JATrail, we value your privacy and always carefully safeguard your data.
This Privacy Policy may be amended or supplemented at any time without prior notice. By using the provider’s websites after such amendments or supplements, individuals confirm their agreement to the changes. By using the website, the user confirms acceptance of the entire content of this Privacy Policy unless additional forms of consent are required in specific cases.
Our activities comply with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR)) and the conventions of the Council of Europe (ETS Nos. 108, 181, 185, 189) as well as national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Official Gazette of the RS, No. 94/07), Electronic Commerce on the Market Act (ZEPT, Official Gazette of the RS, Nos. 96/09 and 19/15), etc.).
Recognizing the importance of your privacy and awareness of how your personal data is processed, we invite you to learn more about individual aspects of data protection by consulting the guidelines of the Information Commissioner, who operates as the competent national authority for data protection oversight in Slovenia.
PERSONAL DATA
Personal data is information that identifies you as an individual: your name, surname, email address, postal address, etc.
For business purposes, JATrail collects the following user data:
– Name and surname,
– Email address,
– Contact phone number,
– Other information you enter into relevant forms on the website.
By registering on the website, you expressly consent to JATrail using the personal data obtained (name, surname, email address, and any other data you provide) for direct marketing purposes via all advertising channels employed by the provider (notifications via phone and SMS, print media, unaddressed and addressed direct mail, email, etc.) and for statistical and market analyses related to direct marketing, marketing profiling, and segmentation. This ensures that you will always be appropriately informed about our current offers and notified only about products that best suit your interests.
You can revoke your consent for direct marketing via email by:
– Sending a reply to a specific email received as part of direct marketing communication from the provider, and/or
– Completing the online form linked in every email sent by the provider during direct marketing campaigns.
You will be informed of the possibility to revoke your consent in every email sent. The provider will honor your revocation request and formally terminate the consent for direct marketing within 15 days, notifying you in writing or by another agreed-upon method within the following 5 days. This process incurs no costs for you.
The provider collects and processes your personal data only when you allow it or consent to it, such as when ordering services, subscribing to newsletters, participating in prize draws, or when there is a legal basis or legitimate interest for data processing.
The provider collects and processes your personal data based on the following legal grounds:
– law and contractual relationships,
– individual consent,
– legitimate interest.
PURPOSES OF DATA PROCESSING
– Contract Execution and Performance: This includes fulfilling your orders (delivery of products and services), communication, payment verification, and meeting other obligations of the provider and/or customer (legitimate interest under Article 6(1)(f) GDPR).
– Customer Notifications: In accordance with the Electronic Communications Act (ZEKom-1), JATrail informs customers about services and content via email or SMS. Customers can opt-out at any time via an unsubscribe link in received messages or by submitting a written request to info@trailrun.si.
– Basic Personalized Communication: Using demographic data (gender, age) and basic behavioral data (e.g., website interactions), we aim to present offers, discounts, and content relevant to you. Aggregated processing is used without automated profiling.
The following data about is used:
– Demographic data (gender, age)
– Simple tracking of behavior on JATrail websites (viewing individual content, which may trigger the sending of tailored messages), without using this data to create user profiles
– Your responses (opening messages, clicking links) to various messages we send you.
We do not use any semi-automated or automated profiling; we only select appropriate recipient groups for individual messages. We never focus on individual data but instead perform aggregated processing of larger groups.
Based on this data, the following may depend:
– The content we present to you, aiming to make it as relevant as possible
– The frequency and communication channels we use to contact you
– You may stop such communication at any time via the unsubscribe link in the received messages or by submitting a written request to info@trailrun.si.
Use of Facebook Advertising Tool – Facebook Custom Audiences
At JATrail, based on our legitimate interest in online advertising, we also use the Facebook Custom Audiences service, either as part of basic personalized communication based on our legitimate interest or under acquired consent for personalized offers and content based on the user’s profile.
This service works as follows:
– Your email address, which we obtained during your purchase or voluntary input, is uploaded to Facebook.
– Facebook matches your email address with its user database to determine if you are a Facebook user.
– If you are not a Facebook user, your email address is not processed further, and Facebook does not perform any activities with it.
– If you are a Facebook user, Facebook adds you to a newly created Custom Audience list that allows us to display personalized ads to this user group on Facebook.
– Based on this, you may see more targeted and personalized ads on Facebook, including additional discounts.
You may stop this processing at any time by submitting a written request to info@trailrun.si.
PROCESSING BASED ON YOUR CONSENT
The provider collects and processes (uses) your personal data for the following purposes when you give consent:
– Preparing and sending personalized newsletters, if you subscribed
– Sending commercial offers and other content via email, SMS, phone calls, or social networks (Facebook, Instagram) when no other legal basis applies, and you have consented
– Any other purposes explicitly agreed upon when collaborating with the provider
CONTRACTUAL PROCESSING OF PERSONAL DATA
You, as an individual, are informed and agree that the provider may entrust certain tasks related to your data to other parties (contracted processors). Contracted processors may only process entrusted data on behalf of the provider, within the provider’s authorization (defined in a written contract or other legal acts), and in line with the purposes outlined in this privacy policy.
Contracted processors working with the provider include:
– Accounting services; legal offices, and other providers of legal advice
– Data processing and analytics providers
– IT system maintenance providers
– Email message sending service providers
– Payment system providers
– Online advertising solution providers
– The provider will not disclose your personal data to unauthorized third parties.
Contracted processors may only process personal data according to the controller’s instructions and cannot use personal data for any purposes other than those specified.
The controller and users of personal data do not transfer data to third countries.
RETENTION OF PERSONAL DATA
The provider will retain your personal data only as long as necessary to achieve the purpose for which it was collected and processed. Data processed based on the law will be stored for the period prescribed by law. Data processed due to a contractual relationship will be stored for the duration of the contract and for 5 years after its termination, unless a dispute arises between you and the provider regarding the contract; in such cases, the data will be retained for 5 years after the final court or arbitration decision, or if there was no legal dispute, 5 years from the amicable resolution of the dispute.
Data processed based on your consent or legitimate interest will be stored indefinitely until you revoke consent or request the cessation of processing. The provider will delete such data even before the withdrawal of consent if the purpose of processing personal data has been achieved or if required by law.
After the retention period expires, the controller will effectively and permanently delete the personal data, making it impossible to associate it with any specific individual.
FREEDOM OF CHOICE
You control the information you provide about yourself. If you choose not to provide your data, you may not be able to access certain sections or functions of the website.
MINORS
The provider strongly encourages all parents and guardians to teach their children and wards safe and responsible handling of personal data online. Minors should not transfer any personal data to websites without parental or guardian permission. The provider will never knowingly collect personal data from individuals known to be minors.
INDIVIDUAL RIGHTS REGARDING DATA PROCESSING
In relation to your personal data, you have various rights. These include the right to access, review, delete, restrict processing, transfer, object, and file a complaint.
Right to Information: You have the right to know what data we collect about you, the purposes of its collection, its retention duration, the sources of your data, to whom it is disclosed, who processes it besides us, and what other rights you have regarding the processing of your personal data. You can find all this information in the “Privacy Policy” section. If you have additional questions, feel free to contact us at info@trailrun.si.
Right to Withdraw Consent: If you have given consent for the processing of your personal data (for one or more specific purposes), you have the right to withdraw that consent at any time, without affecting the legality of data processing conducted based on consent before its withdrawal. Consent can be withdrawn by submitting a written statement to info@trailrun.si. Withdrawal of consent does not have any negative consequences or penalties for you. However, it is possible that we may no longer be able to provide certain services if they require personal data to function.
Right of Access to Personal Data: You have the right to obtain confirmation from the provider (data controller) regarding whether personal data about you is being processed, and if so, access to the personal data along with specific information (about the purposes of processing, types of personal data, users, retention periods or criteria for determining them, the existence of the right to rectify or delete data, the right to restrict or object to processing, the right to file a complaint with a supervisory authority, the source of the data if it was not collected directly from you, the existence of automated decision-making, including profiling, and its consequences for you, among others, as outlined in Article 15 of GDPR).
Right to Change of Personal Data: You have the right to request that the provider promptly correct inaccurate personal data about you. Considering the purposes of processing, you also have the right to complete incomplete data, including by providing a supplementary statement.
Right to Deletion of Personal Data: You have the right to request that the provider promptly delete your personal data, and the provider is obliged to do so without undue delay if one of the following applies:
– The data is no longer needed for the purposes it was collected or processed for.
– You withdraw consent, and no other legal basis for processing exists.
– You object to processing, and there are no overriding legitimate reasons for processing.
– The data was processed unlawfully.
– The data must be erased to comply with legal obligations under EU law or the laws of a member state applicable to the provider.
– The data was collected in connection with the offer of information society services.
However, in certain situations, as described in Article 17(3) of GDPR, the right to erasure does not apply.
Right to Restriction of Processing: You have the right to request that the provider restrict the processing of your data if:
– You contest the accuracy of the data, for a period enabling the provider to verify it.
– The processing is unlawful, and you oppose erasure and request restriction instead.
– The provider no longer needs the data for processing, but you need it for legal claims.
– You have objected to processing, pending verification of whether the provider’s legitimate interests override your own.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller without obstruction, provided:
– The processing is based on consent or a contract.
– The processing is carried out by automated means.
– You also have the right to request the direct transfer of data from one provider to another where technically feasible.
Right to Object to Processing: You have the right, based on reasons related to your specific situation, to object at any time to the processing of your personal data:
– If the processing is necessary for public interest tasks or the exercise of official authority assigned to the provider.
– If processing is based on the legitimate interests of the provider or a third party, including profiling.
The provider will cease processing your data unless they demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If data is processed for direct marketing purposes, you have the right to object to such processing at any time, including profiling related to such marketing.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, place of work, or where an alleged infringement occurred (in Slovenia, this is the Information Commissioner). This applies if you believe that the processing of your data violates data protection regulations. If the supervisory authority fails to address your complaint or does not inform you of the status or decision within three months, you also have the right to an effective judicial remedy.
You can submit requests related to your personal data rights in writing to the data controller at info@trailrun.si. To ensure reliable identification, the controller may request additional information. The controller must respond to your request without undue delay, no later than one month after receipt.
In case of a data breach, the provider must notify the competent supervisory authority unless it is unlikely to result in risks to individual rights and freedoms. If the breach is suspected to involve a criminal offense, the provider must also notify the police and/or the competent prosecutor. For breaches posing significant risks to individuals, the provider must promptly notify the affected individuals in clear and understandable language.
PUBLICATION OF CHANGES
Any updates to our privacy policy will be published on this website.
CONSENT
By using the website, you confirm that you accept and agree with the entire content of this privacy policy.
By registering for a running competition organized by JATrail d.o.o., participants consent to the processing of their registration data in databases related to the European Trail Cup, Archipelago Trail Run, Julian Alps Trail Run by UTMB, Soča Outdoor Festival, Kočevsko Outdoor Festival, Tour de Hvar, and Ultra Trail Vipava Valley.
Individuals may request changes or deletion of their personal data at any time by contacting info@trailrun.si. Data will be deleted promptly.