Thermana pools and wellness

Privacy policy

The right to privacy is one of the most important human rights. At Thermana dd (hereinafter referred to as Thermana dd) we are aware of the importance of handling personal data, so we handle your data in accordance with current legislation in the field of personal data protection.

The transparency of our operations and our relationship with you are very important to our company, which is why below we provide you with all the relevant information that enables you to be informed about the protection of your personal data.

Privacy protection

The information on privacy protection written below combines key information on the protection of personal data at Thermana dd in one place. Which of your personal data do we collect and why do we process it, to whom do we pass it on, what are your rights related to personal data and how can you exercise them.

The provisions of the legislation in force in the Republic of Slovenia apply to everything that is not specifically specified in this General Information or in the contract concluded between Thermana dd and an individual.

Date of entry into force of information on the protection of personal data: 25/05/2018

Last change: 1/2/2023

Personal data controller

The administrator of your personal data is Thermana dd, Zdraviliška cesta 6, 3270 Laško, tax number SI 98372157, registration number 1185462, e-mail address:

The operator enables individuals to be aware of all relevant information relating to their personal data.  

Authorized person for data protection

At Thermana dd, based on Article 37 of the General Regulation on the Protection of Personal Data, we have an appointed authorized person ('Data protection officer' or 'DPO'), who is properly and timely involved in all matters related to the protection of personal data and advises us on our obligations regarding the processing of personal data, monitors the compliance of the processing with applicable regulations, cooperates with the supervisory authority if necessary, and also acts as a contact point for individuals regarding the processing of personal data.

For all questions and assistance in asserting your rights in the field of personal data protection, the authorized personal data protection officer is available at the e-mail address:

How we obtain your personal data

We obtain your personal data in the process of legal business, namely when you provide it to us yourself, when you use or order one of our services, when you fill in any input forms, when you contact us directly by e-mail, telephone, in writing or via social networks or provide us with personal data in any other way.

We also collect information about your use of our website with cookies and similar technologies. More information about how we use these technologies to collect information about you can be found at the link Cookie settings.

In some locations or parts of locations, we also carry out video surveillance of areas and premises, which is indicated on the location itself or in front of the premises. You can see more about video surveillance at the web link Video surveillance notice.

Which of your data do we use and for what purpose

We collect and process your data only within the framework of legal legal bases and selected purposes of providing services within the scope of the company's activities. We thus collect the following types of data about you:

Personal information, which include basic information about individuals including first and last name, date of birth, gender, citizenship, type and number of personal document, address, ZZZS number for users of our services in the healthcare system, date of arrival and departure, contact information such as your e - the mailing address you provided us, your phone number, etc.

Preference data we monitor to understand what your guests prefer. In this part, we monitor information about your reservations, stays, including the type and category of room, view, culinary offer, wellness services or any other special preferences, as well as any negative experiences. We track your purchases, with information about how you use our website (which pages you viewed, the time you viewed them, what you clicked...). In the tourism segment, fulfilling your wishes and interests is standard. This is the only way we can provide you with a suitable experience.

Transaction data, which are collected at points of sale such as our website and our call center, in the reservation system or in services that enable payment, but may also include bank and credit card information. Without this information, we cannot enter into or perform a contract with you or offer you the products or services you have requested.

In order to be able to provide medical treatments and services and perform them with the highest possible degree of professionalism, we also collect special types of personal data (sensitive personal data) and accordingly keep them with higher protection. Only persons subject to a legal obligation to protect professional secrecy have access to them. We process the data in the healthcare system and it includes data that we obtain from you in the context of using healthcare services and treatment by healthcare personnel. We use them for the purposes of diagnosis, treatment and health improvement.

When collecting personal data, we follow the principle of the minimum amount of data provided by legislation and collect only those data that are necessary to fulfill the purposes for which we process them.

How long we keep your personal data

We keep personal data for as long as it is necessary to achieve the individual purpose for which we collected or further processed it. The retention period depends on the basis for which we processed the data and the purpose of the processing. In exceptional cases, we process your personal data for longer, if this is required by the regulations in force in the Republic of Slovenia.

Users of personal data

Your personal data is processed and used by our professionally trained employees within the scope of their competences, who are bound by confidentiality. In some cases, your data is also processed by contractual processors (such as IT system maintainers, software providers, etc.) on our behalf and according to our instructions. These are trustworthy companies with whom we conclude an appropriate data processing agreement, with which they are committed to respecting and protecting the personal data of individuals. External contractors do not process your personal data for their own purposes. Users access data in accordance with authorizations and assigned data access rights.

We do not pass on your personal data to anyone, unless we are required to do so by law or if you expressly allow us to do so or if you authorize a third party to pass on your data to them. Due to a legal obligation, we pass on some data about your overnight stay to AJPES and, based on a reasoned written request, also to other state authorities who require this from us for the purposes of conducting specific procedures (e.g. Financial Administration of the Republic of Slovenia, courts, police, etc.).

Technical and organizational measures for securing data

The protection of collected personal data includes organizational, technical and logistic-technical procedures and measures with which we protect your personal data, prevents accidental or intentional unauthorized destruction of data, their change or loss, and unauthorized processing.

When processing, we follow the principle of minimum data volume and processing on an anonymized basis whenever possible. We train our employees on the importance of confidentiality and maintaining the privacy and security of your data, and we carefully and responsibly select our contract processors.

Regarding security, we implement the following measures, among others:

You can do a lot yourself to ensure the security of your personal data by:

Warning: the transmission of information (including personal data) over the Internet is not always completely secure. If you provide us with your personal data or other information over the Internet (by e-mail, through our website or in any other way), you do so at your own risk. We cannot be responsible for any costs, expenses, loss of profits, damage to reputation, liability or any other form of loss or damage suffered by you as a result of your transmission of data over the Internet.

Your rights in relation to your personal data and how you can exercise them

To ensure fair and transparent processing of personal data, you can request information from us about whether, and if so, what data, on what legal basis and for what purpose are processed in relation to you, and exercise rights such as:

In accordance with the provisions of Article 23 of the General Regulation, these rights may be limited if this is necessary for the protection of important interests, such as national security, defense, public safety, prevention of criminal acts, protection of the rights and freedoms of other persons, etc.

When we process your data on the basis of consent, you also have the right to cancel it at any time, without this affecting the legality of the data processing that was carried out on the basis of consent until its cancellation.

When asserting and realizing your rights and questions related to your personal data based on the General Regulation on the Protection of Personal Data, the appointed authorized person for the protection of personal data in Thermana dd is available to you

You can submit a request for the realization of an individual right with a completed form, which is available at all receptions of Thermana dd and on the website here, and we would like to emphasize that only you personally can exercise your rights in relation to your personal data, and another person on your behalf only on the basis of your written authorization. The request for consideration of your rights must be made in such a way that your identification is possible.

We will handle each request received individually in accordance with the provisions of the General Regulation, as the exercise of the rights mentioned below depends on the legal basis on which we process personal data and we will respond to you without undue delay or within one month at the latest. 

For further information about your rights in relation to your personal data, including certain limitations that apply to some of these rights, we recommend reading Articles 12 to 23 of the General Data Protection Regulation (EU) (the GDPR).

Current offer

More Offers

Dear guests,

we inform you that s on Monday 20 May 2024 we are starting to replace the gates at the entrance to the Zdravilišče Laško facility. The works will probably last until June.

Due to the construction works, it will go through the lock towards the Laško Spa facility IMPORTATION DISABLED FROM THE MAIN ROAD SIDE. There will be access ENABLED AT THE THERMANA PARK LAŠKO HOTEL parallel to the main road. The route will be marked.

Access to the Zdraviliški Park parking lot remains uninterrupted.

Thank you for your understanding.

Thermane team

This will close in 20 seconds