Privacy Policy

1 Data Controller

The controller of your personal data is:

For any questions regarding the protection of your personal data, please contact us at the email address above.

2 Personal Data We Collect

We collect only the personal data strictly necessary to provide our services.

Data You Provide Directly

• First and last name
• Email address
• Phone number
• Reservation date and time
• Number of guests
• Dietary requirements or allergens
• Notes and special requests

Data Collected Automatically

• IP address when visiting the website
• Browser type and operating system
• Pages visited and time of visit
• Traffic source (e.g. search engine, direct visit)

3 Purpose and Legal Basis of Processing

Reservations and Enquiries

We process your data (name, contact details, date, preferences) for the purpose of confirming and managing table reservations and responding to your enquiries. The legal basis is the performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).

Communication and Support

When you contact us, we process your data to communicate with you and resolve your queries. The legal basis is the legitimate interest of the controller (Article 6(1)(f) GDPR).

Legal Obligations

We process certain data because we are required to do so by law (e.g. accounting and tax regulations). The legal basis is compliance with a legal obligation (Article 6(1)(c) GDPR).

Marketing (with consent only)

Where you have given us explicit consent, we send you notifications about special offers, seasonal menus and events. The legal basis is consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time.

4 Data Retention

We retain your personal data only for as long as is strictly necessary for the purpose of collection, or as required by legal obligations:

• Reservation data: 2 years from the date of reservation
• Accounting documents: 10 years in accordance with accounting legislation
• Marketing consent: until consent is withdrawn or 3 years from last contact
• Web server logs: up to 90 days

After the retention period expires, data is securely deleted or anonymised.

5 Sharing Personal Data with Third Parties

We do not sell or share your personal data with third parties for their own purposes. Data may be shared with the following categories of processors:

• IT service providers (hosting, WordPress platform) – solely for the purpose of operating the website
• Forminator / WPMU Dev – for processing reservation forms
• Analytics systems (e.g. Google Analytics) – anonymous visit data with appropriate safeguards
• Public authorities – where required by applicable law or court order

We have data processing agreements in place with all processors, ensuring an appropriate level of protection.

We do not transfer data to third countries outside the EU/EEA without appropriate safeguards (standard contractual clauses, adequacy decision).

6 Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access – you may request confirmation of whether we process your data and a copy of that data.
• Right to rectification – you may request correction of inaccurate or completion of incomplete data.
• Right to erasure – in certain cases you may request deletion of your data (“right to be forgotten”).
• Right to restriction of processing – you may request restriction of processing where you contest the accuracy, lawfulness or purposes of processing.
• Right to data portability – you may request the transfer of your data to another controller in a structured, machine-readable format.
• Right to object – you may object to processing based on legitimate interest or intended for direct marketing.
• Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the supervisory authority for data protection in Slovenia:

7 Cookies

Our website uses cookies — small text files stored in your browser. We distinguish between:

Strictly Necessary Cookies

These ensure the basic functioning of the website (sessions, WordPress security cookies). These cannot be disabled.

Analytics Cookies

We use Google Analytics to understand how visitors use our website. Data is anonymous and aggregated. These cookies are not placed without your consent.

Managing Cookies

You may change your consent for non-essential cookies at any time via the cookie banner or your browser settings. Please note that disabling cookies may affect the functionality of certain features of the website.

8 Personal Data Security

We protect your data with appropriate technical and organisational measures:

• Encrypted connection (SSL/TLS) for data transmission
• Regular software and security patch updates
• Restricted data access (authorised personnel only)
• Regular backups
• Passwords stored in encrypted form

Despite all measures, no method of transmission or storage is 100% secure. In the event of a data breach that endangers your rights, we will notify you in accordance with the GDPR.

9 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legislation or technology. With each change, we will update the “Last updated” date at the top of this page.

For significant changes, we will notify you via the website or directly (where we hold your contact details and you have given consent for this). We recommend reviewing this policy regularly.

10 Contact for Privacy Queries

For all questions, requests or complaints regarding the processing of your personal data, please contact us: