Privacy Policy

Effective Date: 07/14/2025

Last Updated: 07/14/2025

This Privacy Policy describes how Lakercraft d.o.o. (“we”, “our”, “us”) collects, uses, and protects your personal data when you interact with our website barka-ljubljanica.si, operated entirely on the uplevelOne™ platform.

We are committed to complying with the General Data Protection Regulation (EU 2016/679 - GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Data Controller

Lakercraft d.o.o.

Savska cesta 10, 4260 Bled, Slovenia

Email: [email protected]

Designated contact person: Anže Logar

2. What Personal Data We Collect

We collect the following types of personal data:

Full name
Email address
Phone number
IP address & approximate location
Billing information (when purchasing gift cards or services)
Responses to tour questionnaires
Name, email, and phone of gift card recipients
Approximate date of planned visit to Ljubljana

3. How We Collect Your Data

Your data is collected directly through the following methods:

Website contact and survey forms
Online booking systems
SMS communications
Web chat and chatbot tools
Online purchases (gift cards or services)

All collection occurs through uplevelOne™, our internal CRM and communication platform, which operates on secure third-party infrastructure.

4. Why We Collect and Process Your Data

We process your personal data for the following purposes:

Managing and confirming tour bookings
Sending updates, confirmations, and reminders (via email/SMS)
Providing customer support
Processing payments
Marketing and re-engagement campaigns
Internal analysis (e.g., popular tours, time of visits)
Automated tagging to customize communication

We may use basic profiling and automation (e.g., assigning tags, AI replies) to improve your experience. No decisions with legal or significant effects are made solely by automated means.

5. Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

Your consent (e.g., marketing opt-ins, form submissions)
Contract performance (e.g., booking a tour/rental)
Legal obligation (e.g., billing retention requirements)
Legitimate interests (e.g., improving services, sending reminders)

6. Cookies and Tracking Tools

We use a cookie consent banner that allows users to opt in/out of using tracking and ads coockies. Essential cookies are always enabled. You can read more in our Cookie policy.

7. Sharing Your Data with Third Parties

We do not sell your personal data.

We may share it with trusted third-party processors for service provision, analytics, or payment:

uplevelOne™ (CRM, forms, automation – operated on secure third-party infrastructure)
Stripe (payment processing)
Google & Meta (Facebook) (analytics, retargeting)
Embedded scheduling tools (if used)

All partners are either GDPR-compliant or operate under appropriate safeguards if outside the EU/EEA.

8. International Data Transfers

Your data may be processed outside the EU/EEA if our partners (e.g., uplevelOne™ or Stripe) store it on servers abroad. We rely on appropriate legal safeguards, such as Standard Contractual Clauses (SCCs), where necessary.

9. Your Rights Under GDPR

You have the right to:

Access your personal data
Correct inaccurate or outdated data
Delete your data (“right to be forgotten”)
Restrict or object to certain processing
Withdraw consent at any time (without affecting prior lawful processing)
Lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec): www.ip-rs.si